What is it? @.@

Here is the place where I record some tactics about wargame, systems, and other security issues.


Sandboxes and Multi-AV Scanners


Public "Antivirus" Scanners:
  1. [Name] : VIRUSTOTAL
  2. [URL] : http://www.virustotal.com/
  3. [Description] : So far, I think this is the most complete one. Except the scanning result of multiple AVs, there are also some additional information of the file generated by ssdeep, TrID, ExifTool, pefile, SigCheck, PEiD, PDFiD, etc.
  1. [Name] : JOTTI
  2. [URL] : http://virusscan.jotti.org/
  3. [Description] : A normal free online scan service.
  2. [URL] : http://vscan.novirusthanks.org/
  3. [Description] : Another normal free online scan service. However, it provides an option of "Do not distribute the sample" for users.
  1. [Name] : VIRSCAN
  2. [URL] : http://r.virscan.org/
  3. [Description] : A normal free online scan service.

Public "Sandbox" Analysis:
  1. [Name] : THREATEXPERT
  2. [URL] : http://www.threatexpert.com/submit.aspx
  3. [Description] : I think threatexpert is the most detailed sandbox service. They provide a very good  analysis report. They execute files in a virtual environment and report the change made to the file system, registry, memory, and network.
  1. [Name] : GFI SANDBOX (formerly CWSANDBOX)
  2. [URL] : http://www.threattrack.com/
  3. [Description] : It is an industry leading dynamic malware analysis tool. It provides detailed report and has a very nice and friendly control panel. It works by injecting DLLs into newly created processes. The DLLs hook Windows API functions in order to spy on the malware's behavior as it executes.
  1. [Name] : ANUBIS
  2. [URL] : http://anubis.iseclab.org/
  3. [Description] : It focus on system information. You can submit Windows executable or Android APK to it.
  1. [Name] : COMODO
  2. [URL] : http://camas.comodo.com/cgi-bin/submit
  3. [Description] : Another normal free online sandbox service.
  1. [Name] : MALWR.COM
  2. [URL] : http://malwr.com/
  3. [Description] : Another normal free online sandbox service based on Cuckoo Sandbox.

*By the way, if you want to build your own sandbox environment, I think "cuckoosandbox" is a nice choice. Cuckoo is the leading open source automated malware analysis system.

No comments:

Post a Comment