Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deepviz - automated malware analysis


  • Please log in to reply
14 replies to this topic

#1 deepvizsbx

deepvizsbx

    Authorized Deepviz Rep


  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 PM

Posted 06 May 2015 - 06:29 AM

Hello members of Bleepingcomputer, 
 
I'm new on this board and I wanted to share with you a new free service for automated malware analysis we have recently set up. It is a free service you can use to sandbox and analyze suspicious PE files, looking for specific malicious behaviours. 
 
This is an example of a Zeus/Zbot analysis report
 
Also we've just released a tool, Threat Research Manager, which will allows researchers to keep track their infection runs and automatically sandboxes dropped binaries. It can be downloaded at this link
 
You can try submitting files for analysis and testing here: https://www.deepviz.com
 
It is still in beta so any feedback will be appreciated - hopefully this could be useful for your malware research activities!
 
Best regards.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 06 May 2015 - 06:55 AM

I honestly like the layout of the report, better to read than some other online analysis services. Is it possible to download samples, or will it be an option added in the future?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 deepvizsbx

deepvizsbx

    Authorized Deepviz Rep

  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 PM

Posted 06 May 2015 - 07:03 AM

It will be one of the next features but yes, it is on the roadmap! Thanks for your feedback, it is really appreciated! :)



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 06 May 2015 - 07:25 AM

No problem :) As soon as I get new, fresh malware samples, I'll give Deepviz a try and post the analysis results here. Also, any VirusTotal integration? Always nice to have the number of detections for a sample on VirusTotal and a link to get to the results (like herdProtect and Hybrid-Analysis).

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:33 PM

Posted 06 May 2015 - 08:15 AM

Hello deepvizsbx and :welcome: to BleepingComputer.

Thank you for taking the time to visit us and explain your product in more detail.

Since you appear to be an Authorized Company Representative (Author, Developer), please read the information I have just sent via PM to your inbox.

Authorized Reps and software developers are permitted to create a topic on BleepingComputer to present their product to our members....see these pinned announcement: Announcement: Product Topics and how to create them. However, it is required they contact Grinler first in order to get his authorization to post a new topic.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 deepvizsbx

deepvizsbx

    Authorized Deepviz Rep

  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 PM

Posted 23 June 2015 - 11:45 AM

Hello folks,

 

just a quick update to let you know we've just released our Cloudalyzer system startup scan (it's still in beta). You can have a look at it here: Deepviz Cloudalyzer

 

Also, we've just opened to download samples (20/month) after free account registration :)

 

Again, it would be awesome if you can provide us with feedback/suggestions/bug reports.

 

Thanks! :)



#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 23 June 2015 - 12:02 PM

It looks good :) Did you guys prepare a small video showing it in action or?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 deepvizsbx

deepvizsbx

    Authorized Deepviz Rep

  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 PM

Posted 23 June 2015 - 12:28 PM

Hey Aura,,

 

thanks for your feedback! As you see, we followed up your suggestion with the option to download samples :) Thanks for your valuable inputs!

 

We are preparing a short video to show how to use the tool, however it's really straightforward. It's scanning system startup files, checking them against our sandbox and upload/analyze unknown files, providing the end user with a  final score and the final analysis.

 

Please let us know whether you have any question!

 

Cheers :)


Edited by deepvizsbx, 23 June 2015 - 12:29 PM.


#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 23 June 2015 - 12:37 PM

Oh yes I remember I suggested that! Glad to see what it was implemented! :) And it looks good, I'll be checking the video as soon as you guys post it! Even thought the tool is pretty straight-forward, it's always nice to see how the product is, works, when you cannot test it for whatever reason there is :P

Edited by Aura., 23 June 2015 - 12:38 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 deepvizsbx

deepvizsbx

    Authorized Deepviz Rep

  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 PM

Posted 23 June 2015 - 12:42 PM

Oh yes I remember I suggested that! Glad to see what it was implemented! :) And it looks good, I'll be checking the video as soon as you guys post it! Even thought the tool is pretty straight-forward, it's always nice to see how the product is, works, when you cannot test it for whatever reason there is :P

 

Forsure! :)



#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 13 April 2016 - 02:32 PM

Hi deepvizsbx :)

I tried to submit the following executable today on deepviz, and it failed saying that it wasn't recognized, and recommended me to upload another file. Any idea what went wrong? I still have the file if you want me to send you it.

[WRONG LINK SEE LATEST POST FOR IT]

Edited by Aura, 14 April 2016 - 07:35 AM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:33 PM

Posted 13 April 2016 - 03:51 PM

@Aura Your file is not a PE file, it's a 11-byte long ASCII file.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 13 April 2016 - 03:56 PM

Just realized that it's the wrong VirusTotal link. Once I get home tonight, I'll download the file I tried to upload (this is another one related to the one I'm talking about), reupload it on VirusTotal and post the URL here. Thanks Didier.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 14 April 2016 - 07:35 AM

Here's the sample I was talking about.

https://www.virustotal.com/en/file/e0b80a76a75f5842b0074dbd1a0936f9cd5510a39a1729cca6a1d8df12a2cba1/analysis/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 08 February 2017 - 07:48 PM

Congratulations by the way! :D

https://www.bleepingcomputer.com/forums/t/639366/malwarebytes-acquires-saferbytes-deepviz/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users