What is JOE SANDBOX?
In a nutshell Joe Sandbox is a fully automated malware analysis system which monitors the behavior of malicious software
such as rootkits, viruses, trojans and other threats. Joe Sandbox executes malicious samples in a controlled environment (sandbox)
and observes the behavior of the program being executed, a technique called dynamic analysis.
Joe Sandbox creates detailed reports of the behavior monitored. The report includes how the malware installs (e.g. which files and registry
have been created), how it
communicates with the internet (e.g. HTTP GET and POST) and how it hides it presence (e.g. EAT, IAT and INLINE hooks).
To make the understanding of the behavior easy Joe Sandbox identifies and summarizes malicious activities
with the help of its extensible behavior signature engine.
Joe Sandbox also captures additional data such as memory dumps, dropped files, screenshots and more for further investigations.
Have a look to the following reports which Joe Sandbox generated: Zeus
SpyEye ZeroAccess (Max++) Hodprod Morto Mebromi IRC Bot