Joebox
Analyse your Malware on Windows simply and quickly
Please notice the following report files were generated with the prototype of Joebox. Also the format is out-of-date.
Backdoor.Rustock.A
WORM/Sdbot.59356
W32/Parite
WORMRbot.399360
Basic keylogger
Analysis file
Basic DLL injection
Analysis file
Hooked Functions
Testing some old Backdoors
Because currently there doesnt't exist any interesting malware for Windows Vista, I took some old binarys and run them on Joebox. The joeboxsniffer reports will be added as sone as possible. This module is still in development. You are able to find some analysis report files below.Backdoor.Rustock.A
WORM/Sdbot.59356
W32/Parite
WORMRbot.399360
Testing some own implementations
Testing and evaluating a sandbox is very difficult. One possiblity is to program some example application and compare the analysis file aganist the implementation. Another possiblity may be debugging the target process including the sandbox process. Whenever that the target process does call an API function the sandbox application should handle the call correctly. But there will never be a perfect testing technique because we can't ensure that the target process do not attempt to bypass our hooks. So I decided to test joebox with some own implementations.Basic keylogger
Analysis file
Basic DLL injection
Analysis file
Hooked API Functions
To see which functions joeboxhooker is currently logging, please have a look to the following list:Hooked Functions