Clik here to view.
Sandbox Overloading with GetSystemTimeAdjustment
Lately we came across an interesting sample (MD5: b4f310f5cc7b9cd68d919d50a8415974) we would like to share with you. An initial analysis spotted:To summarize the sample seems to be not showing any...
View ArticleClik here to view.
Happy New Year!
The Joe Security team wishes you success, satisfaction and many pleasant moments in 2014!
View ArticleClik here to view.
Introducing Joe Sandbox Class
Introduction As you may know Joe Sandbox is a very extensive analysis system. Hybrid Code Analysis Technology, a key part of Joe Sandbox, enables to analyze executed and non-executed code paths -...
View ArticleClik here to view.
Analyzing Android/SpyBanker
Today we will take a look at an Android malware that is generally labeled as "Android/SpyBanker" (part of the Android.Gepew family). The sample we will be look at has the MD5...
View ArticleClik here to view.
Detecting Malware by using the Application Icon
Have you ever wondered how many malicious applications use an application icon from a legit application?We did the same and thought about implementing a cool signature to detect if a potential...
View ArticleClik here to view.
The Power of Cookbooks - generic HTTPS Analysis
Besides Hybrid Code Analysis, one of the top features of Joe Sandbox is the Cookbook technology. Cookbooks? Sounds like cooking. That is correct, Cookbooks lets one "cook" the malware. To be more...
View ArticleClik here to view.
Joe Sandbox aware Malware? Certainly not! But surely!
During the weekend we have been notified by one of our Joe Sandbox Cloud customers that they have found an interesting sample (MD5: D80E956259C858EACCB53C1AFFAF8141) which shows much malicious behavior...
View ArticleClik here to view.
Joe Sandbox 10: Analysing unpacked PE Files and Memory Dumps with IDA
As you know the current Joe Sandbox version is 9.0.0 which we released in the end of March 2014. Since then we have implemented a set of very cool new features which we are going to release soon with...
View ArticleClik here to view.
Joe Sandbox X: Automated Dynamic Malware Analysis on Mac OS X
We are proud to present today Joe Sandbox X - the first automated dynamic malware analysis system for Mac OS X. As with all of our products, Joe Sandbox X executes files in a controlled environment...
View ArticleClik here to view.
Generic Keylogger Detection with Joe Sandbox X
In our last blog postwe have demonstrated some of the features of our new product Joe Sandbox Xby analyzing the recent malware "xslcmd" (MD5: 60242ad3e1b6c4d417d4dfeb8fb464a1). It has been extensively...
View ArticleClik here to view.
Analysis of Code4HK with Joe Sandbox Mobile
As the media and several tech companies already outlined a fake smartphone app is being used to remotely monitor pro-democracy protesters in Hong Kong. We came accross the corresponding malware via our...
View ArticleClik here to view.
Finding a DGA in less than one Minute
Recently, we stumbled upon a malware sample (MD5: 177b75910ae8c0091bafef4950c0b224) that obviously employs a domain generation algorithm (DGA). We analyzed the sample with Joe Sandbox 10.5 which will...
View ArticleClik here to view.
New Sandbox Evasion Tricks spot with Joe Sandbox 10.5
Recently we came accross an interesting sample equipped with new tricks to evade sandboxes and other dynamic analysis systems: In pseude code:The sample sleeps until there is a mouse and foreground...
View ArticleClik here to view.
Happy New Year!
The Joe Security team wishes you success, satisfaction and many pleasant moments in 2015!
View ArticleClik here to view.
Introduction Yara Rule Generator
A couple of months ago we started to work on a new feature for Joe Sandbox we call Yara Rule Generator. Yara is a well known pattern matching engine built for the purpose of writing simple malware...
View ArticleClik here to view.
The Power of Execution Graphs Part 1/3
IntroductionWe have been quite busy and will soon release Joe Sandbox 12. It is so far one of the biggest releases we have made and includes several new features such as:Execution graphsYara rule...
View ArticleClik here to view.
Dynamically Analyze Offices Macros by instrumenting VBE
Introduction As you all know, Microsoft Office documents have become a new attack vector. They allow to easily transfer exploit or dropper code by e-mail to victims by embedding macro code. Since...
View ArticleClik here to view.
The Power of Execution Graphs 2/3
Introduction This is the second part of our three-part “Power of Execution Graph” blog series. The first part which introduces Execution Graphs can be found at here.As you may recall, Execution Graphs...
View ArticleClik here to view.
Hacking Team inspired Anti-VM Trick spot in the Wild
Two days we came across an interesting sample (MD5: 9437eabf2fe5d32101e3fbf9f6027880, source: ThreatWave). The sample has been unknown at this time and also did not look interesting from a dynamic...
View ArticleClik here to view.
Meet Joe Security at IT-SA Security Expo 6. - 9. October in Nürnberg
This year Joe Security is going to show its products and technologies at IT-SA Security Expo in Nürnberg, Germany. IT-SA is one of the biggest Security Expos and Conferences in Europa with over 390...
View Article