Sandboxie immediately reacted that an app is requesting administrator privileges on the computer:
To additionally make sure that users are protected, we have tried to use an infected setup of a patch that contains a Trojan named MSIL: Tyupkin. During the boot scan Avast discovered a corrupt archive of a driver which was downloaded from a suspicious site, but nothing related to Locky and no new malicious files or registries and what so ever were discovered on the user PC: Avast currently detects Locky ransomware as “Win32:Locky-”. The result was that Locky started mimicking rundll32.exe process after it was executed, but nothing happened and the antivirus software did not react:Īfter this situation happened and Locky briefly ran and shut down, we decided to do a boot scan with Avast Free Antivirus twice to see whether or not the ransomware has created any files on the user PC. Locky is malware which encrypts the files on the user’s PC asking ransom money to decrypt them.
We have decided to test the sandbox app with live malware using an executable from a notorious malware, called Locky Ransomware, provided by theZoo – a project which is essentially an updated “repository of live malware”.
When the app is opened, the user is presented with a simple interface showing his sandboxed applications:Īfter a program, called Active Presenter which is relatively resource demanding was tested in and out of Sandbox, the results were satisfying: In addition to that, the application supports other programs such as the web browsers Google Chrome, Mozilla Firefox, Cyberfox, Opera Browser and Internet Explorer from version 6 to 11. The program starts with tutorial on how the sandboxing technology for Windows works:įurthermore, Sandboxie is compatible with all versions of 64 and 32 bit Windows from XP above. After installing the 8.1 MB application, it was established that its total size in the %Program Files% folder was 5.48 MB in total.
0 kommentar(er)
