6. Program history
Version 1.0
Released on 23th November 2009
First official version of Buster Sandbox Analyzer
Version 1.01
Released on 28th November 2009
Added backdoor and keylogger detection capabilities
Added Event and Service creation detection capabilities
Added malware analyzer detection capabilities
Added the option of visualizing report files directly from the tool
Fixed a bug related to the creation of port differences
Version 1.02
Released on 04th December 2009
Added MD5, SHA1 and SHA256 hashing
Added custom registry entry checking
Added a feature to check for updates
Fixed a few bugs in Buster Sandbox Analyzer
Fixed a bug in LOG_API library
Version 1.03
Released on 07th December 2009
Updated BSA.DAT with new registry AutoStart locations
Added a feature to save user settings
Added a feature to include in Report.TXT the hashes of created files
Improved Report.TXT information
Updated LOG_API library
Fixed a few bugs in Buster Sandbox Analyzer
Version 1.04
Released on 09th December 2009
Added support for network shares
Added a feature to allow wildcards in BSA.DAT
Added a feature to ignore when sandbox folder is not empty
Added a feature to check for updates on start
Updated LOG_API library
Version 1.05
Released on 13th December 2009
Added "Assorted suspicious actions"
Fixed several bugs in Buster Sandbox Analyzer
Updated LOG_API library
Version 1.06
Released on 01th January 2010
Added Sandboxie hidden capabilities
Improved BSA.DAT (thanks to nick s)
Fixed a bug in Buster Sandbox Analyzer
LOG_API library completely rewritten
Version 1.07
Released on 12th January 2010
Added detection of new malicious activities
Updated BSA.DAT
Updated LOG_API library
Version 1.08
Released on 23th January 2010
Added a packet sniffer
Updated BSA.DAT
Updated LOG_API library
Version 1.09
Released on 28th January 2010
Added File Signatures feature
Updated LOG_API library
Version 1.10
Released on 04th February 2010
Added File Hash, File Strings and some other features
Version 1.11
Released on 09th February 2010
Added File Hex Editor feature
Version 1.12
Released on 13th February 2010
Added File Scanner feature
Version 1.13
Released on 25th February 2010
Added Process Explorer feature
Fixed bugs in Buster Sandbox Analyzer and LOG_API library
Version 1.14
Released on 01st March 2010
Added PE Explorer feature
Added File Disassembler feature
Version 1.15
Released on 09th March 2010
Added Memory Explorer feature
Updated BSA.DAT
Updated LOG_API library
Updated Buster Sandbox Analyzer
Fixed a bug in Buster Sandbox Analyzer
Version 1.16
Released on 16th March 2010
Added RegHive Explorer feature
Updated LOG_API library
Version 1.17
Released on 22th March 2010
Improved File Hash and RegHive Explorer features
Fixed bugs in Buster Sandbox Analyzer, File Hash and RegHive Explorer features
Version 1.18
Released on 24th March 2010
Fixed a problem with memory usage
Version 1.19
Released on 22th April 2010
Added Pcap Explorer feature
Improved the packet sniffer
Updated LOG_API library
Version 1.20
Released on 06th May 2010
Added Capture-BAT Log Analyzer feature
Fixed bugs in Buster Sandbox Analyzer
Updated LOG_API library
Version 1.21
Released on 13th May 2010
Added a time limit for analysis
Changes in BSA.DAT:
Added [Custom_Folder_Entries] section
Upated [File_Types_Modified] section to [File_Types_Created_Modified]
Updated Capture-BAT Log Analyzer feature
Updated malware analysis in Buster Sandbox Analyzer
Version 1.22
Released on 30 May 2010
Added automatic malware analysis
Added digital signature checking
Removed "Check Ports" feature
Updated LOG_API library
Version 1.23
Released on 01 June 2010
Fixed a bug in Buster Sandbox Analyzer
Version 1.24
Released on 16 November 2010
Fixed a bug in Buster Sandbox Analyzer
Version 1.25
Released on 16 January 2011
Included an utility to load DLL files
Fixed a bug in Buster Sandbox Analyzer
Version 1.26
Released on 06 March 2011
Added new entry to BSA.DAT
BSA will remember last used Sandbox folder
Improved the method to detect Sandboxie´s presence
Fixed some bugs
Version 1.27
Released on 15 March 2011
Added an option to remember last position on screen
Added a feature to include file entropy information of Win32 files
Added a feature to include file type information on new created files
Version 1.28
Released on 28 March 2011
Included two versions of LOG_API.DLL: One of them will not show file/registry operations so BSA will run faster
Invalid Win32 PE files will be reported
Added a feature to include Digital Signature information for dropped files
Added a feature to rename automatically processed files to their proper extension
Added a feature to do not process unknown file types
Added a feature that allows to adjust the time limit in minutes or seconds
Added a feature to take screenshots of sandboxed windows when running
in automatic mode
When a non PE file is processed the file being processed will appear at report and the application that launched it too
Version 1.29
Released on 09 April 2011
Added a feature to resume automatic mode analysis
Added a feature to close certain window messages when running in automatic mode
Version 1.30
Released on 20 April 2011
Added a feature to automate setups when running in automatic mode
Added a feature to run a custom command after an automatic analysis finishes
BSA will report the creation of hidden folders
Fixed a cosmetic bug
Version 1.31
Released on 25 April 2011
Improved malware behaviour detections
Updated LOG_API library (normal and verbose)
Added a feature to delete sandbox folder contents
Fixed some bugs
Version 1.32
Released on 09 May 2011
Added a feature to include av identifications from VirusTotal on reports
Improved "Automated Setup" feature
Version 1.33
Released on 21 May 2011
Added a feature to run BSA from command line in automatic mode
Added Exeinfo support
Updated BSA.DAT
Updated LOG_API
Added extra information of dropped files
Fixed a bug
Version 1.34
Released on 25 May 2011
Added a feature to copy/move processed files in automatic mode
Added a feature to export RegHive to .REG format
Updated LOG_API
Removed HideDriver
Fixed a bug
Version 1.35
Released on 17 June 2011
Added HideDriver again
Added LOG_API version for 64 bit systems
Fixed several bugs
Version 1.36
Released on 24 June 2011
Added support for ssdeep
Improved the support for DLL files
Report informations can be selected individually
Updated BSA.DAT
Fixed several bugs
Version 1.37
Released on 17 July 2011
Added a feature to include the version and date of creation in reports
Improved hiding feature
Updated BSA.DAT
Removed evaluation risk feature
Fixed several bugs
Version 1.38
Released on 28 July 2011
Added risk evaluation module
Added several improvements
Fixed several bugs
Version 1.39
Released on 10 August 2011
Fixed several bugs
Version 1.40
Released on 17 August 2011
Usability improvement in File Hash, File Scanner, File Signature and automatic analysis features: last used folder will be remembered
Usability improvement in File Hash, File Scanner and File Signature features: added drag and drop support
Added Exeinfo support to File Signature feature
Improved File Hash feature: all hashes can be checked at VirusTotal at once, VirusTotal reports can be saved to disk
Version 1.41
Released on 24 August 2011
Usability improvement: hashes (MD5, SHA1, SHA256) showed in reports can be selected individually
In automatic mode, when "Keep Sandbox files" is enabled, empty folders and files will be removed
Added an option to include information for modified files in reports
Fixed several bugs
Version 1.42
Released on 05 September 2011
Added a feature to capture screen in video (VLC installation required)
Added a feature to report direct disk writing attempts (Sandboxie 3.59.01 or newer version required)
Fixed a bug
Version 1.43
Released on 18 September 2011
Replaced Buster Sandbox Analyzer with a custom logo. (thanks Antoni)
Maintenance release: minor changes
Version 1.44
Released on 06 November 2011
Changed the feature to do not show UDP packets. Now the feature will ignore UDP packets from PCAP captures and reports
Added a feature to minimize BSA when the feature to do video capture is enabled
Added a feature to compress to ZIP sandbox folder contents when "Keep Sandbox Files" is enabled
Added information related to date of submission in VirusTotal reports
Added several improvements
Updated LOG_API
Version 1.45
Released on 17 November 2011
Added a feature to produce reports in PDF format
Added support for new malware behaviours: get volume information, alternate data stream creation
Updated LOG_API
Version 1.46
Released on 24 November 2011
Added a feature to include information from reports into a SQL database
Added a custom manager for BSA´s SQL Database
Added a feature to load and save settings from file on demand
Added a feature to set a number of retries if connection to VirusTotal fails
Added a feature to launch automatically Explorer.exe in automatic mode
Added a feature to skip already processed files in automatic mode
Fixed several bugs
Version 1.47
Released on 03 December 2011
Added a feature to run BSA in automatic mode monitorizing a folder for new files to analyze
Added a feature to avoid processing files from a whitelist
Improved analysis cancel event
Fixed several bugs
Version 1.48
Released on 10 December 2011
Added support for a new malware behaviour: get computer name
Added PDF statistics feature
Updated LOG_API
Fixed several bugs
Version 1.49
Released on 16 January 2012
Added support for XML reports
Added support for TLS hooks detection
Improved PDF Statistics
Updated LOG_API verbose versions to include FindFirst/NextFile support
Updated support for new VirusTotal web service
Fixed several bugs
Version 1.50
Released on 10 February 2012
Added multi-language support
Updated LOG_API
Fixed several bugs
Version 1.51
Released on 06 March 2012
Added custom driver to hide Sandboxie´s processes
Removed Hide Driver from package
Included new malware behaviour
Added File Renamer to utilities section
Updated LOG_API
Version 1.52
Released on 25 March 2012
Added support for HTML reports
Added a feature to remove sandbox folder contents automatically in manual mode
Included new malware behaviour
Updated LOG_API
Fixed several bugs
Version 1.53
Released on 29 March 2012
Added a new entry section to BSA.DAT: [Process_Code_Injection]
Added a new feature to dump executable processes in automatic mode
Added a feature that allows the user to select what behaviours must appear
in the analysis report
Updated "Risk Evaluation Ratings"
Included new malware behaviour
Updated LOG_API
Version 1.54
Released on 03 April 2012
Added a new entry section to BSA.DAT: [File_Strings]
Added a feature to search for defined strings inside analyzed file
Improved "Dump Executable Processes" feature
Included new malware behaviour
Updated LOG_API
Added portuguese (Brazil) language translation (thanks to Paulo Guzman)
Version 1.55
Released on 05 April 2012
Added Adobe Malware Classifier information
Included new malware behaviour at "Risk Evaluation Ratings"
Version 1.56
Released on 11 April 2012
Added the ability to run multiple analyses at the same time
Added new malware behaviours
Updated LOG_API
Included new malware behaviour at "Risk Evaluation Ratings"
Added russian language translation (thanks to gjf)
Version 1.57
Released on 16 April 2012
Added a feature to extract used APIs from dumped files
Added a feature to extract strings from dumped files
Added new malware behaviour
Fixed a bug
Version 1.58
Released on 19 April 2012
Added new malware behaviours
Added a feature to analyze automatically a file from shell menu
Added a feature to generate additional information from analyzed executable files
Added the option of deleting analyzed file at "Manage Processed file" feature
Included new malware behaviour at "Risk Evaluation Ratings"
Included Signsrch tool by Luigi Auriemma
Updated LOG_API
Updated Exeinfo to version 0.0.3.0
Fixed several bugs
Version 1.59
Released on 21 April 2012
Updated LOG_API
Updated PEiD's USERDB.TXT
Fixed several bugs
Version 1.60
Released on 04 May 2012
Added a feature to analyze URLs
Added an option at "SQL > Report Manager" feature to import records from an external database
Added support for JSON reports
Added a feature to avoid screensaver activation while an analysis is being performed
Updated LOG_API
Fixed several bugs
Version 1.61
Released on 05 May 2012
Added a feature at "Risk Evaluation Ratings" to show hints related to malware behaviours
Modified the layout to show separately the file being processed from the number of files left to be processed
Added new malware behaviours
Included new malware behaviour at "Risk Evaluation Ratings"
Updated LOG_API
Fixed several bugs
Version 1.62
Released on 07 May 2012
Added a feature to patch LOG_API automatically
Updated LOG_API
Fixed several bugs
Version 1.63
Released on 13 May 2012
Added "Aggressive Window Closer" feature
Added a feature to restore display settings if changed while analysis
Added new malware behaviours
Improved "Additional Information" feature
Improved multiple malware analyses feature
Improved "Automate Setups" feature
Improved the speed processing certain files
Included new malware behaviours at "Risk Evaluation Ratings"
Fixed several bugs
Version 1.64
Released on 28 May 2012
Added new malware behaviours
Improved "Hide Driver " manager
Improved anti anti-Sandboxie capabilities
Included new malware behaviours at "Risk Evaluation Ratings"
Updated LOG_API
Fixed several bugs
Version 1.65
Released on 30 May 2012
Improved "Additional Information" feature
Fixed several bugs
Version 1.66
Released on 03 June 2012
Added new malware behaviours
Included new malware behaviours at "Risk Evaluation Ratings"
Improved "Dump Executable Processes" feature
Updated BSA.DAT
Updated LOG_API
Fixed several bugs
Version 1.67
Released on 08 June 2012
Improved "[File_Strings]" section at BSA.DAT
Added "[Custom_LogAPI_Entries"] section to BSA.DAT
Added support for wildcards in RegistryExclude.TXT
Added support for Hexacorn´s HexDive tool
Added new malware behaviours
Included new malware behaviours at "Risk Evaluation Ratings"
Added LOG_API support for 64-bit applications
Version 1.68
Released on 15 June 2012
Added support to analyze URLs from command line
Added support for FakeNet
Updated ssdeep tool to version 2.8
Updated BSA.DAT
Updated LOG_API
Fixed several bugs
Version 1.69
Released on 17 June 2012
Added a feature to generate statistics
Updated "Report Manager" feature
Updated LOG_API
Fixed several bugs
Version 1.70
Released on 23 June 2012
Added new malware behaviours
Improved "Additional Information" feature
Included new malware behaviours at "Risk Evaluation Ratings"
Added deutsch language translation (thanks to AV-Comparatives)
Updated BSA.DAT
Updated LOG_API
Updated HexDive
Updated SIGNSRCH.SIG
Version 1.71
Released on 05 July 2012
Added new malware behaviours
Added BSA_USER.DAT feature
Improved "Dump Executable Processes" feature
Included new malware behaviours at "Risk Evaluation Ratings"
Updated BSA.DAT
Updated LOG_API
Updated Exeinfo
Fixed several bugs
Version 1.72
Released on 15 July 2012
Added wildcard support for FileExclude.TXT and APIExclude.TXT
Updated Exeinfo
Fixed several bugs
Version 1.73
Released on 31 July 2012
Added "Launch Internet Explorer" feature
Added new malware behaviours
Improved "Report Manager" feature
Updated BSA.DAT
Updated LOG_API
Fixed several bugs
Version 1.74
Released on 16 August 2012
Added functionalities to locate bugs
Added analysis duration information to reports
Removed the option to include version information
Fixed several bugs
Version 1.75
Released on 22 August 2012
Updated HexDive to version 0.4
Removed functionalities to locate bugs
Fixed several bugs
Version 1.76
Released on 27 August 2012
Added a feature to check for API hooks
Added "Launch Custom Applications" feature
Added new malware behaviours
Included new malware behaviours at "Risk Evaluation Ratings"
Removed "Launch Internet Explorer" and "Launch Windows Explorer" features
Fixed several bugs
Version 1.77
Released on 30 August 2012
Fixed several bugs
Version 1.78
Released on 17 September 2012
Added a feature to specify report folder in automatic mode
Improved "URL Analyzer" feature
Improved command line feature
Removed "Save Settings on Exit" feature
Fixed several bugs
Version 1.79
Released on 24 September 2012
Added "Edit BSA_USER.DAT" feature
Improved typical error problem checkings
Udated BSA.DAT
Updated LOG_API
Updated malware behaviors
Fixed several bugs
Version 1.80
Released on 12 October 2012
Included new malware behaviours at "Risk Evaluation Ratings"
Updated "URL Analyzer" feature
Updated BSA.DAT
Updated LOG_API
Updated malware behaviors
Updated HexDive
Fixed several bugs
Version 1.81
Released on 13 October 2012
Updated LOG_API
Updated "URL Analyzer" feature
Updated "Check for Updates" feature
Fixed several bugs
Version 1.82
Released on 27 November 2012
Added a feature to analyze Android applications
Added new malware behaviours
Included new malware behaviours at "Risk Evaluation Ratings"
Improved "Run Custom Command On Finish" feature
Updated LOG_API
Updated HexDive to version 0.6
Updated ExeInfo to version 0.0.3.2
Fixed several bugs
Version 1.83
Released on 02 December 2012
Added new malware behaviours
Added the possibility of including comments in BSA.DAT
Included new malware behaviours at "Risk Evaluation Ratings"
Optimized file string search
Updated BSA.DAT
Fixed several bugs
Version 1.84
Released on 16 December 2012
Added "[Custom_File_Entries]" section to BSA.DAT
Added a feature to extract files from PCap files in automatic mode
Added new malware behaviors
Included new malware behaviours at "Risk Evaluation Ratings"
GUI has been redesigned
Updated BSA.DAT
Updated LOG_API
Fixed several bugs
Version 1.85
Released on 04 January 2013
Added a feature to run silently setups if possible in automatic mode
Added a feature to view malware analysis on finish in manual mode
Added a feature to save connection information to CSV file in "Pcap Explorer" feature
Added a feature to refresh BSA window
Removed several program dependencies (REG.EXE, STRINGS.EXE, ...)
DAT files moved to "DATA" folder
Improved "File Strings" feature
Updated BSA.DAT
Updated LOG_API
Fixed several bugs
Version 1.86
Released on 27 January 2013
LOG_API completely rewritten and improved
Added "Use Deep Dump Method" feature
Added "Send a Return Every 10 seconds" feature
Added a feature to show all logged APIs
Added a feature to save connection information to HTML file in "Pcap Explorer" feature
Added new malware behaviors
Included new malware behaviours at "Risk Evaluation Ratings"
Updated "Process Explorer" feature
Updated BSA.DAT
Updated PeID´s USERDB.TXT
Updated Exeinfo´s Ext_Detector.DLL
Fixed several bugs
Version 1.87
Released on 11 February 2013
Added new malware behaviors
Included new malware behaviours at "Risk Evaluation Ratings"
Improved "Include VirusTotal Malware Information of Dropped Files" feature
Updated XML and Json format schemas
Updated LOG_API
Updated BSA.DAT
Fixed several bugs
Version 1.88 - Final Release
Released on 21 April 2013
Added support for MAEC 3.0 reports
Fixed VirusTotal report information