6. Program history



Version 1.0

Released on 23th November 2009


First official version of Buster Sandbox Analyzer



Version 1.01

Released on 28th November 2009


Added backdoor and keylogger detection capabilities

Added Event and Service creation detection capabilities

Added malware analyzer detection capabilities

Added the option of visualizing report files directly from the tool

Fixed a bug related to the creation of port differences



Version 1.02

Released on 04th December 2009


Added MD5, SHA1 and SHA256 hashing

Added custom registry entry checking

Added a feature to check for updates

Fixed a few bugs in Buster Sandbox Analyzer

Fixed a bug in LOG_API library



Version 1.03

Released on 07th December 2009


Updated BSA.DAT with new registry AutoStart locations

Added a feature to save user settings

Added a feature to include in Report.TXT the hashes of created files

Improved Report.TXT information

Updated LOG_API library

Fixed a few bugs in Buster Sandbox Analyzer



Version 1.04

Released on 09th December 2009


Added support for network shares

Added a feature to allow wildcards in BSA.DAT

Added a feature to ignore when sandbox folder is not empty

Added a feature to check for updates on start

Updated LOG_API library



Version 1.05

Released on 13th December 2009


Added "Assorted suspicious actions"

Fixed several bugs in Buster Sandbox Analyzer

Updated LOG_API library



Version 1.06

Released on 01th January 2010


Added Sandboxie hidden capabilities

Improved BSA.DAT (thanks to nick s)

Fixed a bug in Buster Sandbox Analyzer

LOG_API library completely rewritten



Version 1.07

Released on 12th January 2010


Added detection of new malicious activities

Updated BSA.DAT

Updated LOG_API library



Version 1.08

Released on 23th January 2010


Added a packet sniffer

Updated BSA.DAT

Updated LOG_API library



Version 1.09

Released on 28th January 2010


Added File Signatures feature

Updated LOG_API library



Version 1.10

Released on 04th February 2010


Added File Hash, File Strings and some other features



Version 1.11

Released on 09th February 2010


Added File Hex Editor feature



Version 1.12

Released on 13th February 2010


Added File Scanner feature



Version 1.13

Released on 25th February 2010


Added Process Explorer feature

Fixed bugs in Buster Sandbox Analyzer and LOG_API library



Version 1.14

Released on 01st March 2010


Added PE Explorer feature

Added File Disassembler feature



Version 1.15

Released on 09th March 2010


Added Memory Explorer feature

Updated BSA.DAT

Updated LOG_API library

Updated Buster Sandbox Analyzer

Fixed a bug in Buster Sandbox Analyzer



Version 1.16

Released on 16th March 2010


Added RegHive Explorer feature

Updated LOG_API library



Version 1.17

Released on 22th March 2010

Improved File Hash and RegHive Explorer features

Fixed bugs in Buster Sandbox Analyzer, File Hash and RegHive Explorer features



Version 1.18

Released on 24th March 2010


Fixed a problem with memory usage



Version 1.19

Released on 22th April 2010


Added Pcap Explorer feature

Improved the packet sniffer

Updated LOG_API library



Version 1.20

Released on 06th May 2010


Added Capture-BAT Log Analyzer feature

Fixed bugs in Buster Sandbox Analyzer

Updated LOG_API library



Version 1.21

Released on 13th May 2010


Added a time limit for analysis

Changes in BSA.DAT:

Added [Custom_Folder_Entries] section

Upated [File_Types_Modified] section to [File_Types_Created_Modified]

Updated Capture-BAT Log Analyzer feature

Updated malware analysis in Buster Sandbox Analyzer



Version 1.22

Released on 30 May 2010


Added automatic malware analysis

Added digital signature checking

Removed "Check Ports" feature

Updated LOG_API library



Version 1.23

Released on 01 June 2010


Fixed a bug in Buster Sandbox Analyzer



Version 1.24

Released on 16 November 2010


Fixed a bug in Buster Sandbox Analyzer



Version 1.25

Released on 16 January 2011


Included an utility to load DLL files

Fixed a bug in Buster Sandbox Analyzer



Version 1.26

Released on 06 March 2011


Added new entry to BSA.DAT

BSA will remember last used Sandbox folder

Improved the method to detect Sandboxie´s presence

Fixed some bugs



Version 1.27

Released on 15 March 2011


Added an option to remember last position on screen

Added a feature to include file entropy information of Win32 files

Added a feature to include file type information on new created files



Version 1.28

Released on 28 March 2011


Included two versions of LOG_API.DLL: One of them will not show file/registry operations so BSA will run faster

Invalid Win32 PE files will be reported

Added a feature to include Digital Signature information for dropped files

Added a feature to rename automatically processed files to their proper extension

Added a feature to do not process unknown file types

Added a feature that allows to adjust the time limit in minutes or seconds

Added a feature to take screenshots of sandboxed windows when running

in automatic mode

When a non PE file is processed the file being processed will appear at report and the application that launched it too



Version 1.29

Released on 09 April 2011


Added a feature to resume automatic mode analysis

Added a feature to close certain window messages when running in automatic mode



Version 1.30

Released on 20 April 2011


Added a feature to automate setups when running in automatic mode

Added a feature to run a custom command after an automatic analysis finishes

BSA will report the creation of hidden folders

Fixed a cosmetic bug



Version 1.31

Released on 25 April 2011


Improved malware behaviour detections

Updated LOG_API library (normal and verbose)

Added a feature to delete sandbox folder contents

Fixed some bugs



Version 1.32

Released on 09 May 2011


Added a feature to include av identifications from VirusTotal on reports

Improved "Automated Setup" feature



Version 1.33

Released on 21 May 2011


Added a feature to run BSA from command line in automatic mode

Added Exeinfo support

Updated BSA.DAT

Updated LOG_API

Added extra information of dropped files

Fixed a bug



Version 1.34

Released on 25 May 2011


Added a feature to copy/move processed files in automatic mode

Added a feature to export RegHive to .REG format

Updated LOG_API

Removed HideDriver

Fixed a bug



Version 1.35

Released on 17 June 2011


Added HideDriver again

Added LOG_API version for 64 bit systems

Fixed several bugs



Version 1.36

Released on 24 June 2011


Added support for ssdeep

Improved the support for DLL files

Report informations can be selected individually

Updated BSA.DAT

Fixed several bugs



Version 1.37

Released on 17 July 2011


Added a feature to include the version and date of creation in reports

Improved hiding feature

Updated BSA.DAT

Removed evaluation risk feature

Fixed several bugs



Version 1.38

Released on 28 July 2011


Added risk evaluation module

Added several improvements

Fixed several bugs



Version 1.39

Released on 10 August 2011


Fixed several bugs



Version 1.40

Released on 17 August 2011


Usability improvement in File Hash, File Scanner, File Signature and automatic analysis features: last used folder will be remembered

Usability improvement in File Hash, File Scanner and File Signature features: added drag and drop support

Added Exeinfo support to File Signature feature

Improved File Hash feature: all hashes can be checked at VirusTotal at once, VirusTotal reports can be saved to disk



Version 1.41

Released on 24 August 2011


Usability improvement: hashes (MD5, SHA1, SHA256) showed in reports can be selected individually

In automatic mode, when "Keep Sandbox files" is enabled, empty folders and files will be removed

Added an option to include information for modified files in reports

Fixed several bugs



Version 1.42

Released on 05 September 2011


Added a feature to capture screen in video (VLC installation required)

Added a feature to report direct disk writing attempts (Sandboxie 3.59.01 or newer version required)

Fixed a bug



Version 1.43

Released on 18 September 2011


Replaced Buster Sandbox Analyzer with a custom logo. (thanks Antoni)

Maintenance release: minor changes



Version 1.44

Released on 06 November 2011


Changed the feature to do not show UDP packets. Now the feature will ignore UDP packets from PCAP captures and reports

Added a feature to minimize BSA when the feature to do video capture is enabled

Added a feature to compress to ZIP sandbox folder contents when "Keep Sandbox Files" is enabled

Added information related to date of submission in VirusTotal reports

Added several improvements

Updated LOG_API



Version 1.45

Released on 17 November 2011


Added a feature to produce reports in PDF format

Added support for new malware behaviours: get volume information, alternate data stream creation

Updated LOG_API



Version 1.46

Released on 24 November 2011


Added a feature to include information from reports into a SQL database

Added a custom manager for BSA´s SQL Database

Added a feature to load and save settings from file on demand

Added a feature to set a number of retries if connection to VirusTotal fails

Added a feature to launch automatically Explorer.exe in automatic mode

Added a feature to skip already processed files in automatic mode

Fixed several bugs



Version 1.47

Released on 03 December 2011


Added a feature to run BSA in automatic mode monitorizing a folder for new files to analyze

Added a feature to avoid processing files from a whitelist

Improved analysis cancel event

Fixed several bugs



Version 1.48

Released on 10 December 2011


Added support for a new malware behaviour: get computer name

Added PDF statistics feature

Updated LOG_API

Fixed several bugs



Version 1.49

Released on 16 January 2012


Added support for XML reports

Added support for TLS hooks detection

Improved PDF Statistics

Updated LOG_API verbose versions to include FindFirst/NextFile support

Updated support for new VirusTotal web service

Fixed several bugs



Version 1.50

Released on 10 February 2012


Added multi-language support

Updated LOG_API

Fixed several bugs



Version 1.51

Released on 06 March 2012


Added custom driver to hide Sandboxie´s processes

Removed Hide Driver from package

Included new malware behaviour

Added File Renamer to utilities section

Updated LOG_API



Version 1.52

Released on 25 March 2012


Added support for HTML reports

Added a feature to remove sandbox folder contents automatically in manual mode

Included new malware behaviour

Updated LOG_API

Fixed several bugs



Version 1.53

Released on 29 March 2012


Added a new entry section to BSA.DAT: [Process_Code_Injection]

Added a new feature to dump executable processes in automatic mode

Added a feature that allows the user to select what behaviours must appear

in the analysis report

Updated "Risk Evaluation Ratings"

Included new malware behaviour

Updated LOG_API



Version 1.54

Released on 03 April 2012


Added a new entry section to BSA.DAT: [File_Strings]

Added a feature to search for defined strings inside analyzed file

Improved "Dump Executable Processes" feature

Included new malware behaviour

Updated LOG_API

Added portuguese (Brazil) language translation (thanks to Paulo Guzman)



Version 1.55

Released on 05 April 2012


Added Adobe Malware Classifier information

Included new malware behaviour at "Risk Evaluation Ratings"



Version 1.56

Released on 11 April 2012


Added the ability to run multiple analyses at the same time

Added new malware behaviours

Updated LOG_API

Included new malware behaviour at "Risk Evaluation Ratings"

Added russian language translation (thanks to gjf)



Version 1.57

Released on 16 April 2012


Added a feature to extract used APIs from dumped files

Added a feature to extract strings from dumped files

Added new malware behaviour

Fixed a bug



Version 1.58

Released on 19 April 2012


Added new malware behaviours

Added a feature to analyze automatically a file from shell menu

Added a feature to generate additional information from analyzed executable files

Added the option of deleting analyzed file at "Manage Processed file" feature

Included new malware behaviour at "Risk Evaluation Ratings"

Included Signsrch tool by Luigi Auriemma

Updated LOG_API

Updated Exeinfo to version 0.0.3.0

Fixed several bugs



Version 1.59

Released on 21 April 2012


Updated LOG_API

Updated PEiD's USERDB.TXT

Fixed several bugs



Version 1.60

Released on 04 May 2012


Added a feature to analyze URLs

Added an option at "SQL > Report Manager" feature to import records from an external database

Added support for JSON reports

Added a feature to avoid screensaver activation while an analysis is being performed

Updated LOG_API

Fixed several bugs



Version 1.61

Released on 05 May 2012


Added a feature at "Risk Evaluation Ratings" to show hints related to malware behaviours

Modified the layout to show separately the file being processed from the number of files left to be processed

Added new malware behaviours

Included new malware behaviour at "Risk Evaluation Ratings"

Updated LOG_API

Fixed several bugs



Version 1.62

Released on 07 May 2012


Added a feature to patch LOG_API automatically

Updated LOG_API

Fixed several bugs



Version 1.63

Released on 13 May 2012


Added "Aggressive Window Closer" feature

Added a feature to restore display settings if changed while analysis

Added new malware behaviours

Improved "Additional Information" feature

Improved multiple malware analyses feature

Improved "Automate Setups" feature

Improved the speed processing certain files

Included new malware behaviours at "Risk Evaluation Ratings"

Fixed several bugs



Version 1.64

Released on 28 May 2012


Added new malware behaviours

Improved "Hide Driver " manager

Improved anti anti-Sandboxie capabilities

Included new malware behaviours at "Risk Evaluation Ratings"

Updated LOG_API

Fixed several bugs



Version 1.65

Released on 30 May 2012


Improved "Additional Information" feature

Fixed several bugs



Version 1.66

Released on 03 June 2012


Added new malware behaviours

Included new malware behaviours at "Risk Evaluation Ratings"

Improved "Dump Executable Processes" feature

Updated BSA.DAT

Updated LOG_API

Fixed several bugs



Version 1.67

Released on 08 June 2012


Improved "[File_Strings]" section at BSA.DAT

Added "[Custom_LogAPI_Entries"] section to BSA.DAT

Added support for wildcards in RegistryExclude.TXT

Added support for Hexacorn´s HexDive tool

Added new malware behaviours

Included new malware behaviours at "Risk Evaluation Ratings"

Added LOG_API support for 64-bit applications



Version 1.68

Released on 15 June 2012


Added support to analyze URLs from command line

Added support for FakeNet

Updated ssdeep tool to version 2.8

Updated BSA.DAT

Updated LOG_API

Fixed several bugs



Version 1.69

Released on 17 June 2012


Added a feature to generate statistics

Updated "Report Manager" feature

Updated LOG_API

Fixed several bugs



Version 1.70

Released on 23 June 2012


Added new malware behaviours

Improved "Additional Information" feature

Included new malware behaviours at "Risk Evaluation Ratings"

Added deutsch language translation (thanks to AV-Comparatives)

Updated BSA.DAT

Updated LOG_API

Updated HexDive

Updated SIGNSRCH.SIG



Version 1.71

Released on 05 July 2012


Added new malware behaviours

Added BSA_USER.DAT feature

Improved "Dump Executable Processes" feature

Included new malware behaviours at "Risk Evaluation Ratings"

Updated BSA.DAT

Updated LOG_API

Updated Exeinfo

Fixed several bugs



Version 1.72

Released on 15 July 2012


Added wildcard support for FileExclude.TXT and APIExclude.TXT

Updated Exeinfo

Fixed several bugs



Version 1.73

Released on 31 July 2012


Added "Launch Internet Explorer" feature

Added new malware behaviours

Improved "Report Manager" feature

Updated BSA.DAT

Updated LOG_API

Fixed several bugs



Version 1.74

Released on 16 August 2012


Added functionalities to locate bugs

Added analysis duration information to reports

Removed the option to include version information

Fixed several bugs



Version 1.75

Released on 22 August 2012


Updated HexDive to version 0.4

Removed functionalities to locate bugs

Fixed several bugs



Version 1.76

Released on 27 August 2012


Added a feature to check for API hooks

Added "Launch Custom Applications" feature

Added new malware behaviours

Included new malware behaviours at "Risk Evaluation Ratings"

Removed "Launch Internet Explorer" and "Launch Windows Explorer" features

Fixed several bugs



Version 1.77

Released on 30 August 2012


Fixed several bugs



Version 1.78

Released on 17 September 2012


Added a feature to specify report folder in automatic mode

Improved "URL Analyzer" feature

Improved command line feature

Removed "Save Settings on Exit" feature

Fixed several bugs



Version 1.79

Released on 24 September 2012


Added "Edit BSA_USER.DAT" feature

Improved typical error problem checkings

Udated BSA.DAT

Updated LOG_API

Updated malware behaviors

Fixed several bugs




Version 1.80

Released on 12 October 2012


Included new malware behaviours at "Risk Evaluation Ratings"

Updated "URL Analyzer" feature

Updated BSA.DAT

Updated LOG_API

Updated malware behaviors

Updated HexDive

Fixed several bugs




Version 1.81

Released on 13 October 2012


Updated LOG_API

Updated "URL Analyzer" feature

Updated "Check for Updates" feature

Fixed several bugs




Version 1.82

Released on 27 November 2012


Added a feature to analyze Android applications

Added new malware behaviours

Included new malware behaviours at "Risk Evaluation Ratings"

Improved "Run Custom Command On Finish" feature

Updated LOG_API

Updated HexDive to version 0.6

Updated ExeInfo to version 0.0.3.2

Fixed several bugs




Version 1.83

Released on 02 December 2012


Added new malware behaviours

Added the possibility of including comments in BSA.DAT

Included new malware behaviours at "Risk Evaluation Ratings"

Optimized file string search

Updated BSA.DAT

Fixed several bugs



Version 1.84

Released on 16 December 2012


Added "[Custom_File_Entries]" section to BSA.DAT

Added a feature to extract files from PCap files in automatic mode

Added new malware behaviors

Included new malware behaviours at "Risk Evaluation Ratings"

GUI has been redesigned

Updated BSA.DAT

Updated LOG_API

Fixed several bugs



Version 1.85

Released on 04 January 2013


Added a feature to run silently setups if possible in automatic mode

Added a feature to view malware analysis on finish in manual mode

Added a feature to save connection information to CSV file in "Pcap Explorer" feature

Added a feature to refresh BSA window

Removed several program dependencies (REG.EXE, STRINGS.EXE, ...)

DAT files moved to "DATA" folder

Improved "File Strings" feature

Updated BSA.DAT

Updated LOG_API

Fixed several bugs



Version 1.86

Released on 27 January 2013


LOG_API completely rewritten and improved

Added "Use Deep Dump Method" feature

Added "Send a Return Every 10 seconds" feature

Added a feature to show all logged APIs

Added a feature to save connection information to HTML file in "Pcap Explorer" feature

Added new malware behaviors

Included new malware behaviours at "Risk Evaluation Ratings"

Updated "Process Explorer" feature

Updated BSA.DAT

Updated PeID´s USERDB.TXT

Updated Exeinfo´s Ext_Detector.DLL

Fixed several bugs



Version 1.87

Released on 11 February 2013


Added new malware behaviors

Included new malware behaviours at "Risk Evaluation Ratings"

Improved "Include VirusTotal Malware Information of Dropped Files" feature

Updated XML and Json format schemas

Updated LOG_API

Updated BSA.DAT

Fixed several bugs



Version 1.88 - Final Release

Released on 21 April 2013


Added support for MAEC 3.0 reports

Fixed VirusTotal report information