Our latest release of VMRay Analyzer, V.1.8 is available as an on-premise downloadable install or now also as a cloud malware analysis subscription service. The full list of changes and enhancements are in the release notes of course. Here are the highlights:
We blogged earlier here about how malware used COM for sandbox evasion and how VMRay prevents evasion and fully monitors COM object activity. This functionality is now included by default in this release.
VMRay’s Severity Index has been expanded and enhanced, particularly for scoring malicious behavior by infected PDF and MS Office documents. We’ve also improved the presentation of the severity index in the analysis reports and provided more detail. The Severity Index of an analysis can also be queried through the API.
We continue to expand what is already one of the broadest ranges of supported operating systems by adding Windows 10.
New VM hardware device configuration and randomization options are included to thwart VM detection. Additionally, analysts can fake the number of CPU cores and thwart CPU timing detection. We’ll have a follow up blog posting explaining in more detail VM detection and VMRay’s approach and results.
There’s added configuration options for simulating user interaction to interact automatically with malware that only acts on user interaction.
We’ve added support for analyzing browser exploits, Java and Flash. A URL can now be provided as an input. The browser will visit the destination and user interaction automation will accept any prompts presented. In this release we have limited supported browser/OS combinations. Contact us for more details.
There’s a small laundry list of changes we’ve made to improve both performance and the UI experience.
Contact us for a trial, we think you’ll like what you see.