Joe Sandbox 5.0.0
After a long time of development we released today version 5.0.0 of Joe Sandbox. Among lot of small improvements and enhancements the major change is a brand new usermode hooking engine which is...
View ArticleJoe Sandbox & FireAMP
We are proud to release that FireAMP, a new security product developed by Sourcefire is using Joe Sandbox as its malware analysis engine. FireAMP is new advanced malware protection solution which...
View Articlex64
After three months of coding and lot of debugging we finally finished the port of our analysis engine to Windows 7 x64. This was not an easy task since lot of things have changed in the Windows Kernel....
View ArticleClik here to view.
Joe Sandbox 6.0.0
We are happy to release officially Joe Sandbox Version 6.0.0. Among a complete rewrite and redesign of the Joe Sandbox Web interface we added support for malware analysis on Windows 7 x64. In addition...
View ArticleClik here to view.
Operation High Roller - How to block SpyEye and Zeus
Recently McAfee detected together with Guardian Analytics a massive online bank fraud. According to the analysis report (Dissecing Operation High Roller) published by McAfee, modified Zeus and SpyEye...
View ArticleClik here to view.
VM and Sandbox Detections become more professional
Recently we have been informed by a customer about the following malware analysis (sample MD5 27aa08d113034eae5565fe2e8813a01e):One of our behavior signatures detected that the malware has tried to...
View ArticleClik here to view.
Anti Sandbox / MAS - Nice Trick
Today we have been notify by a Joe Sandbox user about a sample which does not show any suspicious activities:http://www.joesecurity.org/reports/report-20be4f07f9a12c35463361a7212ca5ff.html What is...
View ArticleClik here to view.
Hidden malicious code injection - the macro way
Some times ago we stumbled across the following Joe Sandbox analysis report:New Password.exe 1eb4cd066eb69b63e74387a82443d998Some striking facts:New Password.exe is dropping a PE file to...
View ArticleClik here to view.
Preview: Analysing DirtJumper with Joe Sandbox 7.0.0
Since 3 months we are working hard on Joe Sandbox 7.0.0. Among small extensions the biggest improvement is the integration of a static code analysis engine (Joe Sandbox SCAE).SCAE analyses dynamically...
View ArticleClik here to view.
Defeating Sleeping Malware
During some large scale analysis test to optimize our signature sets we detect a sample showing the following behavior:Joe Sandbox Analysis Report: report-8ebd97ee5f259cb2f1b38da1f1040cf0The sample has...
View ArticleClik here to view.
Preview: Analyzing Office Exploits with Joe Sandbox 7.0.0
Lately we have seen an interesting word document (Original Name: Problem Feedback.doc, Virustotal Result 6/44, Date 15.11.2012)Â been analyzed with Joe Sandbox 7.0.0 in our cloud service Joe Sandbox...
View ArticleClik here to view.
Happy New Year!
The Joe Security team wishes you success, satisfaction and many pleasant moments in 2013!
View ArticleClik here to view.
CVE-2013-0422, java 0-day: Technical Payload Analysis
Some days ago a new java 0-day (CVE-2013-0422) has been spotted in the wild (thanks to Kafeine). The exploit targets Java 7 including the latest Java 7 Update 10 release. For protection disable any...
View ArticleClik here to view.
Quick "Visaform Turkey.pdf" PDF Zero Day Analysis
Two days ago FireEye has detected a malicious PDF exploiting all major PDF readers from Adobe (FireEye, In Turn, It's PDF TimeFireEye, Number of the beast).We got the sample (MD5:...
View ArticleClik here to view.
Detect Generically Ransomware With Joe Sandbox 7.4.0
Malware which blocks your computer in order to demand a ransom has become extremely popular. Most of them are delivered via exploit kits. Recently even some of our friends and relatives got infected by...
View ArticleClik here to view.
Overloading Sandboxes - new generic Techniques to hinder Dynamic Analysis...
Some days ago we received notice by a Joe Sandbox Cloud customer (credits to Rafal Rajs) about an interesting sample (MD5: 3eebf8a3de8fbb1a92aeae7b22f81e23) which did not show its real functionality...
View ArticleClik here to view.
Explore Joe Sandbox with File, APK, Document and URL Analyzer
Some months ago we started developing four free services to analyze malicious samples. File Analyzer performs hybrid code analysis (HCA) of PE files on Windows XP SP3 and Windoes 7. APK Analyzer...
View ArticleClik here to view.
Anti-VM gone wrong :)
On a weekly bases we check for VM-aware and dynamic analysis system aware malware samples at Joe Security. Lately we came across an interesting sample (MD5: cc9fab2465a279b9424da3a09df7c8d5):The...
View ArticleClik here to view.
SetupDiGetDeviceRegistryProperty
On a daily business we check analyses which somehow look suspicious. Laltely we checked a sample (MD5: 9FAC72A50A7F756D0D3319C686850516) we got from www.file-analyzer.net:As the page outlines the...
View ArticleClik here to view.
Time-Aware Malware
Recently we came across an interesting sample (MD5: 9f68ae8267182bf1be4e5bb6c75022b8). According to one of our customers it did not run on a virtual machine but showed some malicious activities on a...
View Article