Norman

The SandBox Analyzer helps security professionals automate their malware analysis process. A complete analysis of the samples are available in a variety of formats giving the user the freedom to see the information they prefer to see. The most useful outputs are the SandBox summary, available in both text or XML formats, and the API log of system calls. The Analyzer also offers the ability to extract dropped files, memory dumps, and URL content from the SandBox environment. The graphical interface, used for help desk and quick behavioral analysis situations, provides other information windows including anti-virus engine signature scanning, statistics, lists of dropped files, network connections, and IRC servers found in the batch of suspicious files analyzed. SandBox Analyzer for Linux gives customers an important option to the popular Windows version of the SandBox Analyzer.

SandBox Analyzer Pro provides deep forensic analysis of executable code. Analyzer Pro is a complete reverse engineering environment developed on the stability of the powerful SandBox platform. Analyzer Pro combines the capabilities of many other reverse engineering tools into one product. The user has full control over the SandBox environment and the execution of the sample being analyzed. Registers, memory, disassembled code, virtual hard disk, and network activity can all be closely monitored and manipulated in order to understand the full potential of the suspicious code. Analyzer Pro includes many advanced debugging features like the ability to take snapshots, simulate execution in reverse, search and dump memory contents, log and save network packets, and many others. The user is able to see and work with code both at the application and kernel levels to see rootkit and exploit code behavior. The ability to connect to the live internet allows analysts to quickly analyze and monitor botnets, network worms, downloaders, and other network reliant code.