Sandboxes and Multi-AV Scanners

Introduction:

• Online sandboxes and multi-AV scanners can provide a quick and easy first impression of unknown files. Below is a summary that can make our experience with sandboxes and muli-AV scanners even better.
• Something we should understand is that the files we submit to public sites may be automatically shared with other vendors and third parties. 
• Reference : http://www.amazon.com/Malware-Analysts-Cookbook-DVD-Techniques/dp/0470613033
• Reference : http://cleanbytes.net/malware-online-scanners
• Reference : http://www.selectrealsecurity.com/malware-analysis

Public "Antivirus" Scanners:

1. [Name] : VIRUSTOTAL
2. [URL] : http://www.virustotal.com/
3. [Description] : So far, I think this is the most complete one. Except the scanning result of multiple AVs, there are also some additional information of the file generated by ssdeep, TrID, ExifTool, pefile, SigCheck, PEiD, PDFiD, etc.

1. [Name] : JOTTI
2. [URL] : http://virusscan.jotti.org/
3. [Description] : A normal free online scan service.

1. [Name] : NOVIRUSTHANKS
2. [URL] : http://vscan.novirusthanks.org/
3. [Description] : Another normal free online scan service. However, it provides an option of "Do not distribute the sample" for users.

1. [Name] : VIRSCAN
2. [URL] : http://r.virscan.org/
3. [Description] : A normal free online scan service.

Public "Sandbox" Analysis:

1. [Name] : THREATEXPERT
2. [URL] : http://www.threatexpert.com/submit.aspx
3. [Description] : I think threatexpert is the most detailed sandbox service. They provide a very good  analysis report. They execute files in a virtual environment and report the change made to the file system, registry, memory, and network.

1. [Name] : GFI SANDBOX (formerly CWSANDBOX)
2. [URL] : http://www.threattrack.com/
3. [Description] : It is an industry leading dynamic malware analysis tool. It provides detailed report and has a very nice and friendly control panel. It works by injecting DLLs into newly created processes. The DLLs hook Windows API functions in order to spy on the malware's behavior as it executes.

1. [Name] : ANUBIS
2. [URL] : http://anubis.iseclab.org/
3. [Description] : It focus on system information. You can submit Windows executable or Android APK to it.

1. [Name] : COMODO
2. [URL] : http://camas.comodo.com/cgi-bin/submit
3. [Description] : Another normal free online sandbox service.

1. [Name] : MALWR.COM
2. [URL] : http://malwr.com/
3. [Description] : Another normal free online sandbox service based on Cuckoo Sandbox.

*By the way, if you want to build your own sandbox environment, I think "cuckoosandbox" is a nice choice. Cuckoo is the leading open source automated malware analysis system.