VirusTotal starts sandbox-testing, shares behavioral information
Posted on 25.07.2012
Developer Emiliano Martinez has recently confirmed what many users of VirusTotal have already noticed: that the online file scanning service has added behavioral information in its reports.


"The idea behind this is that the samples submitted to VirusTotal get executed automatically in a controlled (sandboxed) environment and the actions performed are recorded in order to give the analyst a high level overview of what the sample is doing," Martinez explained in a blog post.

The results of this analysis are displayed in a new "Behavioural information" tag that can be accessed at the bottom of the report.

The report contains information about the actions and events that were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.

Users are then able to see which files were opened, read, written, copied and/or deleted; which processes were created and/or injected with code; which registry keys were set; which application windows were searched, which services and service managers were opened; what requests were sent; and many other things.

"Currently we are just processing new samples that are Portable Executables and are below 8MB in size," Martinez notes. "The execution is still a best effort operation and it is completely asynchronous, hence, do not expect the VirusTotal reports to have any fancy Ajax informing about the progress of the behavioral data extraction."

What he means is that the behavioral information will not appear at the same time as the virus analysis results, and may, for the time being, not appear at all for some files. Users who have submitted files will have to bookmark the results page and return to it at a later time to view the missing information.

The sandbox VirusTotal is using for this new offering is open source automated malware analysis system Cuckoo Sandbox.






Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //