Dynamic Analysis
Adaptive Sandbox dynamic analysis features
Step #1 - Open /home/sandbox/sandbox/transform.cfg in a text editor
Step #2 - Modify the configuration by adding or modifying the properties on this page
Step #3 - Save the file and restart the sandbox service
Phishing Detection
runAnesidoraWebForURLToFileSubmissions=truerunAnesidoraWebLookupTimeoutMs=60000| Property Name | Default Value | Description |
|---|---|---|
| runAnesidoraWebForURLToFileSubmissions | true | Switch to enable / disable phishing detection |
| runAnesidoraWebLookupTimeoutMs | 1 minute | Execution timeout |
Script Emulation
Enable JScript, VBScript, HTA/MSHTA and Powershell script emulation
runVBADecoderForOfficeFiles=truerunVBADecoderForPdfFiles=truerunVBADecoderForScriptFiles=truerunVBADecoderForHtmlFiles=truerunVBADecoderForExtractedFiles=truerunVBADecoderForDownloadedFiles=trueanesidoraVBAPerformDeepStaticAnalysisForExtractedFiles=trueanesidoraVBAPerformDeepStaticAnalysisForExtractedFilesMax=10anesidoraVBAPerformDeepStaticAnalysisForExtractedFilesMaxSizeInKb=1024anesidoraVBAExecutionTimeout=90| Property Name | Default Value | Description |
|---|---|---|
| runVBADecoderForOfficeFiles | true | Switch to enable / disable Office file emulation |
| runVBADecoderForPdfFiles | true | Switch to enable / disable PDF file emulation |
| runVBADecoderForScriptFiles | true | Switch to enable / disable script file emulation |
| runVBADecoderForHtmlFiles | true | Switch to enable / disable HTML file emulation |
| runVBADecoderForExtractedFiles | true | Emulate extracted files |
| runVBADecoderForDownloadedFiles | true | Emulate downloaded files |
| anesidoraVBAExecutionTimeout | 90 seconds | Execution timeout |
| anesidoraVBAPerformDeepStaticAnalysisForExtractedFiles | true | Execute static analysis on extracted files detected during emulation |
| anesidoraVBAPerformDeepStaticAnalysisForExtractedFilesMax | 10 | Limit: the max number of files execute static analysis on |
| anesidoraVBAPerformDeepStaticAnalysisForExtractedFilesMaxSizeInKb | 1 MB | Limit: the max size of files execute static analysis on |
PE Emulation
Enable Portable Executable emulation
This is an experimental feature
runPEEmulator=falsepeEmuEmulatePEFiles=truepeEmuEmulateRawShellcode=truepEEmuExecutionTimeout=90pEEmuPerformDeepStaticAnalysisForExtractedFiles=truepEEmuPerformDeepStaticAnalysisForExtractedFilesMax=10pEEmuIgnoreClueTypes=SessionStarted,EmulationEnd,Exception,UnhandledAPIpEEmuConfigFile.Unix=| Property Name | Default Value | Description |
|---|---|---|
| runPEEmulator | true | Main switch to enable / disable PE emulation |
| peEmuEmulatePEFiles | true | Switch to enable / disable PE emulation for PE files |
| peEmuEmulateRawShellcode | true | Switch to enable / disable PE emulation for raw shellcode |
| pEEmuExecutionTimeout | 90 seconds | Execution timeout |
| pEEmuPerformDeepStaticAnalysisForExtractedFiles | true | Execute emulation on extracted files |
| pEEmuPerformDeepStaticAnalysisForExtractedFilesMax | 10 | Limit: max number of extracted files to emulate |
| pEEmuIgnoreClueTypes | SessionStarted, EmulationEnd, Exception, UnhandledAPI | Emulation events to be ignored by the sandbox |
| pEEmuConfigFile.Unix | Use the specific config file to modify API tracing filter and other PE emulator parameters |
Was this page helpful?
