... stuff and the autostart. Just a recent update: Tested in "ALL" online sandbox, you name it, are all crashed. Cuckoo also crashed, only one VM survived this (the MS one *smile*) Sysinternals stuff is causing ...

... Apphelp.dll VERSION.dll Forget it if you want to run sample in Cuckoo or sandbox: https://lh4.googleusercontent.com/-qiQsW6y88oE/UfamtV0ABCI/AAAAAAAANMk/BU3WmhfQL40/s422/012.jpg ...

And it's not even working, I successfully infected myself on my vmware machine without doing any modifications on the anti-* stuff. The malware performs successfully also on cuckoo sandbox ; so this is a big piece of crap.

... Jump to quick reversing on binary, finding the highlights as below which is not written in VT behavior analysis. For the rest of analysis pls see Cuckoo result on VT behavior analysis at the above URL, is accurate enough: Temporary file(bot logic) used: tmp (calling environment temp) %s%08x.%s ...

@ EP_X0FF Well my idea was to use a VM with BSA in order to have a snapshot if things went wrong. I tried cuckoo also however I like the reporting from BSA a lot more then cuckoo. @ Buster_BSA You are most likely right, I am going to check this with procmon in order to see how ...

BTW, can anyone recommend software to run own sandbox (something like ZeroWine or Cuckoo sandbox)?

Cuckoo Sandbox has an signature to detect anti sniffer and its like this: import re from lib.cuckoo.common.abstracts import ...

... the guys behind malware.lu dbs. Presentation Malwasm is a tool based on Cuckoo Sandbox available here. Malwasm was designed to help people that do reverse engineering. Malwasm ...

Take a report generated by BSA and using it make other report in a more organized and categorized way. Then show me both so I can get an idea of what you would like to see.

Why use BSA and not Cuckoo? That´s something you must decide after trying both.

Could you please tell me why use BSA and not Cuckoo sandbox (under VirtualBox which doesn't have detection in malware yet AFAIK) ? I have actually tried ...