VxStream Sandbox - Automated Malware Analysis System
VxStream Sandbox is an innovative and fully automated malware analysis system that includes Hybrid Analysis technology. It is available as a standalone software package and can be installed at a local site including a webservice and API. It works with VMWare ESX, VirtualBox and Windows XP up to Windows 8.1. The feature set is extensive and reaches from JSON/XML/HTML report formats to over 250+ generic behavior signatures. What makes it innovative is Hybrid Analysis (see our blogpost), which is implemented as a high-performance engine called StaticStream. Using Hybrid Analysis, it is possible to detect and analyze dormant code, shellcode or dropped files and extract valuable artifacts and threat indicators. In general, this leads to a lot more significant behavior data that can be used to better understand and adapt to threats. Offering a wide range of configuration options, an open Python based signature interface, an intuitive user-centered design and machine-parsable output formats, you have a high-tech forensics tool at hand to integrate into your IT-security product or security lifecycle. The system comes with a load balancing controller that makes sure VM parallelization scales efficiently allowing you to process data on a large scale, if necessary.
Do you want to automatically scan your E-Mail attachments? Then checkout our brand new VxStream Bridge add-on.
Where is VxStream Sandbox situated in the value added chain?
Today, modern IT security has accepted that it is not possible to prevent targeted attacks or threats breaching security boundaries that relies on pattern matching or other rule-based systems. Instead, we need to take a closer look at potential threats and make an intelligent decision based on a file's behavior, analyzing also dormant code locations, rather than patterns and rules. Why? Because malware variants are growing daily. On our malware analysis service we come accross samples that have a detection rate of 0/57 on VirusTotal, but our behavior signatures trigger and detect all kind of malicious behavior. The ability to detect unknown threats is what makes VxStream Sandbox so strong. The following diagram outlines where Payload Security is situated in the value added chain.
With VxStream Sandbox you can run your own large-scale system to analyze and extract intelligence. Either as a webservice or as a standalone system that interacts with your own IT-security product interfaces. VxStream Sandbox is a high-end, fully automated malware analysis system for CERTs, DFIR teams, IT-security forensic labs, researchers or vendors with their own IT-security products (e.g. SIEM systems or network carriers) that want to understand threats in-depth and extract intelligence within less than 10 minutes. Feel free to try out our free malware analysis service at hybrid-analysis.com.
Download VxStream Feature Comparison (PDF, 49 KB)
More on 'Anti-VM' technology: Blogpost #1 and Blogpost #2
More on our new 'Stealthy Mode' kernelmode component: Blogpost