Joe Sandbox Filter is directly added as an input processor to Joe Sandbox Desktop, Complete or Light and integrated via the cookbook chaining technology.
In a first step Joe Sandbox Filter performs an extensive static analysis. It includes PE structure, data and code extraction. All information is stored to a report which is available in HTML, XML and JSON format. Signatures are then applied to select and rate benign artifacts.
As result Joe Sandbox Filters determines if a file is benign or not. The detection algorithm has been tuned to detect benign files with a high confident level and with a high filter ratio >50% meaning that half of the benign input files are note analyzed with costly dynamic analysis.
Joe Sandbox Filter has been designed to have low false positive / negative rates as well as a high filter ratio. Extensive tests have shown that the average processing time per file is below 30 seconds.
Contact Joe Security to schedule a technical presentation.
Rather than detecting the malicious behavior of software, Joe Sandbox Filter focuses on the identification of benign artifacts. To do so it uses innovative heuristics such as entry point analysis or packing detection to classify benign codes. Joe Sandbox Filter includes over 30 signatures to detect benign characteristics.
Joe Sandbox Filter consists of an extensive PE file parser which extracts fields and flags from PE file structures. It executes many additional forensic analyses such as entry point disassembly, XOR and x86 function searches on several file parts.
Joe Sandbox Filter is optimized for large-scale analysis with an average processing time of 30 seconds per sample. The filter is very precise. False negative and positive rates have been optimized to be less than 1%. In several tests Joe Sandbox Filter has selected over 50% of all benign samples successfully.
Joe Sandbox Filter has been designed to easily process large volumes of files. It can be easily integrated in Joe Sandbox Desktop, Complete or Light to prevent costly dynamic analysis.
Joe Sandbox Filter allows to use Yara Rules for advanced malware detection. Joe Sandbox Filter forwards all samples to Yara.
Contact Joe Security to schedule a technical presentation.