Years ago, if your antivirus detected a virus, chances are you'd find a pretty complete description of that threat in any number of virus encyclopedias. Today, however, with a few tens of thousands of malware being dissected each day, it's very rare to find a meaningful virus description. Fortunately, if you need specific details on what a particular bit of malware does, there are several online virus sandboxes that can give you a quick answer - sometimes in only a few minutes. Following are a few of my favorites.
Developed by PC Tools and acquired by Symantec, ThreatExpert provides a contextual explanation for the system modifications made by the submitted malware. For example, the report will not only list the registry changes that were made, it will also tell you what those particular changes will cause. Support for file types is limited.
CWSandbox uses API hooking to dynamically analyze the malware. While the report won't be as contextually easy to understand as the reports provided by ThreatExpert, the CWSandbox report contains more of the (sometimes extraneous) modifications made by the malware. CWSandbox supports more filetypes than ThreatExpert, with new types constantly being added.
Joebox also uses API hooking and supports script as well as dynamic link library (DLL) file and executables. A script and binary can be packaged together during the upload so that the interaction between the two is observed.
Wepawet is a research project of ISECLabs, deigned to decrypt/deobfuscate javascripts and analyze their intented actions. In addition to javascript, Webpawet also analyzes PDF and Flash files.
No hay comentarios:
Publicar un comentario