Joebox
Analyse your Malware on Windows simply and quickly
Joebox's vision is to generate a basic report file which contains a high level of information such as
called functions, network data captures and binary specific details. This information represents the
behaviour of the analysed malware and is used as input for secondary applications.
Mainly three applications are possible. Below each program is explained in detail:
Threat analysis
To evaluate the threat based on the analysed malware the custom application is able to generate a detailed report about threats and is able to specify these. It is also possible that security experts can evaluate the generated output if the abstraction level is high enough.
The evaluation of threats through basic information as provided by the Joebox's report file can be managed with the help of fuzzy logics.
Removal tool generation
To minimize the time gap between the detection of new malware and the patch generation an application is needed to build automatically a removal tool. With the input of a Joebox's report file a program is able to manage this task easily. It detects system modifications and uses single removal components to reverse them. All these components are assembled to a complete tool which will be distributed to users.
Behaviour signature generation
It is extremely difficult to recognise code pattern in binaries which are obfuscated cryptographically. Therefore it is fundamentally not only to scan for known malware pattern but also to block suspicious behaviour. To build a behaviour signature file an application analyses the joebox report file extracts the relevant parts and finally converts and compromises this information to a signature file which will be used as further input for behaviour blocking engines.
Conclusion
If in future all the described tools are implemented and work as expected they build an extensive analysis environment which can be used in many different areas. Furthermore it is a necessary infrastructure for all companies which need a complete system to fight against malicious software.
Mainly three applications are possible. Below each program is explained in detail:
Threat analysis
To evaluate the threat based on the analysed malware the custom application is able to generate a detailed report about threats and is able to specify these. It is also possible that security experts can evaluate the generated output if the abstraction level is high enough.
The evaluation of threats through basic information as provided by the Joebox's report file can be managed with the help of fuzzy logics.
Removal tool generation
To minimize the time gap between the detection of new malware and the patch generation an application is needed to build automatically a removal tool. With the input of a Joebox's report file a program is able to manage this task easily. It detects system modifications and uses single removal components to reverse them. All these components are assembled to a complete tool which will be distributed to users.
Behaviour signature generation
It is extremely difficult to recognise code pattern in binaries which are obfuscated cryptographically. Therefore it is fundamentally not only to scan for known malware pattern but also to block suspicious behaviour. To build a behaviour signature file an application analyses the joebox report file extracts the relevant parts and finally converts and compromises this information to a signature file which will be used as further input for behaviour blocking engines.
Conclusion
If in future all the described tools are implemented and work as expected they build an extensive analysis environment which can be used in many different areas. Furthermore it is a necessary infrastructure for all companies which need a complete system to fight against malicious software.