VxStream Sandbox - Automated Malware Analysis System
is an innovative and fully automated malware analysis
system that includes the unique
technology. It is available as a
software package that is automatically deployed within your local infrastructure and operates without an external dependency or callback mechanism. It is
possible to execute files on any Windows guest image (e.g. a copy of your local workstation) and has a variety of integration and interface capabilities.
Alternatively, we also offer a limited
that is operated from our servers in Germany.
The feature set of VxStream Sandbox is very extensive (see a full list of system features below) with hundreds of generic indicators at its core that haven proven to detect unknown threats independent of Anti-Virus signatures. Empowered by 2047296476, not only the runtime behavior of the sample, but the entire process memory is analyzed using multiple timed snapshots. This allows extraction of a lot more indicators (Strings/API calls) regardless of execution. The benefit of this approach is not only the analysis of dormant code and evasive conditions, but also the extraction of more valuable IOCs than comparable systems offer.
With a wide range of configuration options, an open architecture, the ability to import and use any guest machine image for analysis, specialized features such as human-simulating action script(s), worldwide leading anti-VM evasive technology, an intuitive user-centered design as well as various machine-parsable output formats and interface support, VxStream Sandbox is a high-tech malware analysis framework that can be integrated into any incident response workflow or security stack.
What makes VxStream Sandbox different to others?
Check out this video to understand why VxStream Sandbox leads the sandbox market today:
Follow up with the key features and more information on our products and services.
- Support for any Windows (XP, Vista, 7, 8, 10) and any bitness (32 or 64)
- Use any Windows image for analysis (e.g. a copy of your workstations)
- Input any significant file type (PE, Office files, PDF, VBS, JS, PS1, HTA, etc.)
- Support for analyzing Linux malware (ELF 32 or 64, Bash, Python, Perl)
- Support for VirtualBox and VMWare
- Analyze files on multiple different environments for true targeted attack detection
- Webservice with unlimited user- and client-management
Unique Hybrid Analysis technology that analyzes process memory dumps
Kernelmode Monitor technology that leaves the malware process untampered
Leading anti-evasion technology that bypasses all Pafish checks (including RDTSC, CPUID)
- Data intelligence using an advanced search engine that can combine multiple terms
- AV independent Threat Score (based purely on static/dynamic malicious artifacts)
- Adaptable framework that is highly configurable (e.g. custom YARA rules, memory snapshots)
- REST API for automated integration into your workflow (HTTP/S)
- VirusTotal integration (e.g. cross-reference IP checks, whitelisting)
- Online and on-site Metadefender (OPSWAT) integration including pro-active file submission
- Malware indicator sharing using MAEC 4.1, STIX 1.1, OpenIOC 1.1 and MISP XML/JSON exports
- AlienVault OTX reputation, pulse and community hashtags
- SIEM system integration using CEF syslog feedbacks (e.g. HP ArcSight, IBM QRadar)
- Offline PCAP analysis using Suricata and e.g. ETOpen/ETPro rules
- Extensive bootstrap scripts to automatically deploy the host in less than 45 minutes
- Quick Start guide for a one-click deployment of a simple web installer
- Perform automated offline upgrades in less than 15 minutes
- Automatically scale out the guest VM landscape (only VirtualBox)
- Remote assisted installations and workshops (optional)
- Simulate human behavior with âaction scriptsâ to bypass evasive malware
- Extract embedded Office files and deobfuscate VBA macros, VBE, JSE files
- Parse URL references (also from compressed PDF files) and pull in referenced online files
- Extract .NET IL and Java bytecode for even more artifact (IPs/URLs) detection
- Route network traffic via TOR (selective, optional) to disguise the origin of analysis
- Support for a wide range of archive formats (ace, arj, 7z, bzip2, gzip2, iso, rar, rev, tar, wim, xz and zip)
Please take a look at the following datasheet for a high-level overview of VxStream Sandbox's capabilities and to get a better understanding of our philosophy and ease of implementation.
Choosing the right automated malware analysis system is an important decision. We know what "enterprise grade" means and have won dozens of call for bids against the biggest players in the market. There is a reason many S&P 100, Fortune 500, Governments and CERTs trust in VxStream Sandbox. We recommend downloading the following buyer's guide that will clasify security use cases and finishes with an evaluation checklist.
VxStream Sandbox is a high-end malware analysis framework with a very agile architecture. It can be implemented as a large-scale system processing thousands of files automatically or as a webservice for incident response and forensics. Due to its simple interface and numerous integration capabilities with other technology providers, it seamlessly enriches a SOCs incident response workflow and security stack. VxStream Sandbox is trusted by SOCs, CERTs, DFIR teams, IT-security forensic labs, researchers and threat intelligence service providers all around the world. Multiple S&P 100, Fortune 500 and U.S. government agencies are using VxStream Sandbox every day. Got your interest? Feel free to try out our sandbox technology for free malware analysis at sampling or www.reverse.it.
Want to see some sample reports? Take a look at our up-to-date collection of demo reports or request a demo webservice account. Please 845-987-8163 for pricing information, hardware requirements, evaluation accounts, technical presentations or to request a quote.
How does VxStream Sandbox compare? Check out this VxStream Feature Comparison overview (PDF).