Dynamic Analysis

Adaptive Sandbox dynamic analysis features

Step #1 - Open /home/sandbox/sandbox/transform.cfg in a text editor

Step #2 - Modify the configuration by adding or modifying the properties on this page

Step #3 - Save the file and restart the sandbox service

Phishing Detection

transform.cfg
Copy
Property NameDefault ValueDescription
runAnesidoraWebForURLToFileSubmissionstrueSwitch to enable / disable phishing detection
runAnesidoraWebLookupTimeoutMs1 minuteExecution timeout

Script Emulation

Enable JScript, VBScript, HTA/MSHTA and Powershell script emulation

Bash
Copy
Property NameDefault ValueDescription
runVBADecoderForOfficeFilestrueSwitch to enable / disable Office file emulation
runVBADecoderForPdfFilestrueSwitch to enable / disable PDF file emulation
runVBADecoderForScriptFilestrueSwitch to enable / disable script file emulation
runVBADecoderForEmbeddedScriptFilesMinimumByteSize256 byteLimit: minimum file size for script file emulation
runVBADecoderForHtmlFilestrueSwitch to enable / disable HTML file emulation
runVBADecoderForExtractedFilestrueEmulate extracted files
runVBADecoderForDownloadedFilestrueEmulate downloaded files
anesidoraVBAExecutionTimeout90 secondsExecution timeout
anesidoraVBAPerformDeepStaticAnalysisForExtractedFilestrueExecute static analysis on extracted files detected during emulation
anesidoraVBAPerformDeepStaticAnalysisForExtractedFilesMax10Limit: the max number of files execute static analysis on
anesidoraVBAPerformDeepStaticAnalysisForExtractedFilesMaxSizeInKb1 MBLimit: the max size of files execute static analysis on

PE Emulation

Enable Portable Executable emulation

This is an experimental feature

transform.cfg
Copy
Property NameDefault ValueDescription
runPortExEmulatorfalseSwitch to enable / disable PE emulation
portExEmuExecutionTimeout90 secondsExecution timeout
portExEmuPerformDeepStaticAnalysisForExtractedFilestrueExecute emulation on extracted files
portExEmuPerformDeepStaticAnalysisForExtractedFilesMax10Limit: max number of extracted files to emulate
portExEmuPerformDeepStaticAnalysisForExtractedFilesMaxSizeInKb5 MBLimit: max file size for static analysis of files detected during PE emulation
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard