Step #1 - Open /home/sandbox/sandbox/transform.cfg in a text editor
Step #2 - Modify the configuration by adding or modifying the properties on this page
Step #3 - Save the file and restart the sandbox service
Enable domain resolver, IP stack Geolocation and Hexillion WHOIS domain lookups
| Property name | Default value | Description |
|---|
| runDomainResolver | true | Switch to enable / disable domain resolving |
| domainResolveMaxResolves | 20 | Domain resolver limit, '0' means no limit |
| runDomainResolveDistributedTimeoutMs | 1 minute | Execution timeout |
| Property Name | Default Value | Description |
|---|
| runWhoisRecordLookups | true | Switch to enable / disable WHOIS lookups |
| runHexillionLookupTimeoutMs | 30 seconds | Execution timeout |
| runHexillionLookupMaxLookups | 30 | Lookup limit, '0' means no limit |
| hexillionUrl | https://hexillion.com/rf/xml/1.0/whois/?query=$domain | API URL |
| hexillionUsername | | API username |
| hexillionPassword | | API password |
Enable static analysis for Microsoft Office documents
| Property name | Default value | Description |
|---|
| runContentParser | true | Switch to enable / disable Office document static analysis |
| runContentParserDirectTimeoutMs | 10 seconds | Execution timeout |
Enable parsing OLE files
| Property name | Default value | Description |
|---|
| runOledumpOnOLEFiles | true | Switch to enable / disable OLE parsing |
| runOledumpBiffOnXLSFiles | true | Enable or disable parsing of BIFF records |
| oledumpExecutionTimeout | 30 seconds | Execution timeout |
| oledumpMaxFileSizeInKb | 1 MB | File size limit |
Enable executable file parsing, unpacking and disassembly
| Property name | Default value | Description |
|---|
| runUpxUnpacker | true | Switch to enable / disable UPX unpacking |
| Property name | Default value | Description |
|---|
| runUnipackerOnPEFiles | true | Switch to enable / disable unpacking |
| unipackerExecutionTimeout | 50 seconds | Execution timeout |
| unipackerIgnorePackers | delphi,nullsoft | Comma separated list of ignored unpackers |
| unipackerMaxFileSizeInKb | 2 MB | File size limit |
| Property name | Default value | Description |
|---|
| runAutoItRipper | true | Switch to enable / disable AutoItRipper, extraction of compiled AutoIt scripts |
| Property name | Default value | Description |
|---|
| runPythonUnpacker | true | Switch to enable / disable Python unpacking |
| pythonUnpackerTimeout | 30 seconds | Switch to enable / disable Python unpacking, extraction of compiled Python scripts |
| Property name | Default value | Description |
|---|
| extractDisassemblySections | true | Switch to enable / disable disassembly |
| extractDisassemblySectionsLimit | 200 | Limit: the number of disassembled sections |
| extractDisassemblySectionsInstructionLimit | 10000 | Limit: the number of disassembled instructions |
| Property name | Default value | Description |
|---|
| runDe4DotForNetFiles | true | Switch to enable / disable .NET unpacking |
| de4dotExecutionTimeout | 30 seconds | Execution timeout |
| Property name | Default value | Description |
|---|
| enableDetectItEasy | true | Switch to enable / disable DetectItEasy, file type and attribute detection |
| enableDetectItEasyForExtractedFiles | true | Enable DetectItEasy on extracted files |
| detectItEasyTimeout | 3 seconds | Execution timeout |
Enable Android APK parsing
| Property name | Default value | Description |
|---|
| runAPKToolForAndroidFiles | true | Switch to enable / disable APK parsing |
| apkToolExecutionTimeout | 60 seconds | Execution timeout |
| apkToolParseMaxFolderDepth | 10 | Limit: APK archive folder dept |
| apkToolCheckMaxFiles | 10000 | Limit: APK archive file count |
| apkToolParseMaxFiles | 1000 | Limit: Smali file count |
Enable Java decompilation
| Property name | Default value | Description |
|---|
| runCFRForJavaFiles | true | Switch to enable / disable Java decompilation |
| cfrExecutionTimeout | 30 seconds | Execution timeout |
