True Bare Metal (TBMTM) Cloud Sandbox
Many automated malware analysis sandboxes exist on the market today, but they all suffer from the fundamental flaw of being based on virtualization or emulation. Because they differ from ordinary computers, malware can detect their presence and change their behavior. Some solutions go to great lengths to attempt to hide the fact that they are not real computers, but they cannot be perfect and are often playing a game of catch-up to keep up with the latest evasion techniques. With Binary Guard's TBMTM Sandboxes, there is nothing to hide because our sandboxes are real computers.
It only takes one sophisticated malware to sneak past your defenses to wreak havoc. Don't settle for false negatives. Add TBMTM Cloud Sandbox to your malware analysis arsenal.
Ease of use
TBMTM Cloud Sandbox is very easy to use. Simply log in to our web portal and upload your sample to be analyzed. A report will be ready within minutes.
Need to automate? We've got you covered. Our REST API allows you to submit samples for processing and retrieve the same data seen in the interactive reports (see below) in easily parsed JSON.
Features
- Absolute immunity to all known and unknown anti-VM and anti-emulation techniques
- Easy to use: Just upload a sample via the web portal or REST API
- Fast: Reports are available within minutes
- Efficient: bare-metal analysis without rebuilding your sandbox between each analysis
- Support for numerous file types:
- Windows executables
- Microsoft Office (Word, Excel, PowerPoint, Access, Outlook, etc...)
- PDFs
- JARs
- VBEs
- Media files (images, audio, videos)
- HTML
- JScript
- URLs
- and more!
- Advanced options let you fine-tune your analysis session (session duration, applications launched, etc...)
- Custom Windows sandbox images to match your target environment
- Interactive web reports (see below for more details)
- Survives system reboots
Interactive Reports
TBMTM Cloud Sandbox's comprehensive, interactive reports provide the most important information up front so you don't have to dig through pages of data to find the data you are looking for. But detail is important too, so we made very detailed data easily accessible through interactive expansions and searches. Here are some highlights from our reports.
Indicators
Our large and growing database of indicators contains signatures of suspicious and malicious behaviors that we automatically detect, score, and categorize into a single view for quick triage. We add new indicators almost daily.
API Hooks
Zero in on API hooks down to the trampoline and detour. You can even download the injected code and load it right into your favorite disassembler.
Processes
We include process information based on both dynamic and static analysis. Interactive process trees allow you to navigate through all processes that ran during the analysis session. See threads created, registry accesses, DLLs loaded, and files accessed without having to jump into another view.
Files
See a list of every file accessed during the session. Files can be downloaded and viewed. For PEs created by the sample, we also provide YARA and static analyses.
Registry
View and search all registry accesses and modifications.
Screenshots
We take screenshots so you can see if the malware did anything visible to the user.
Network
A high-level network activity report includes a list of URLs visited, hosts/domains contacted, and a list of all connections and open ports. Network indicators highlight especially suspicious activity like downloads of executables and use of Domain Generation Algorithms (DGAs). If you want even more detail, download a PCAP file of the analysis session.
Static
Each report also includes static analysis to provide a well-rounded analysis of the sample.
File Explorer
View or download every file created or deleted by the sample. Download other ancillary files such as PCAPs.
Devices
See all device drivers loaded in one view.
A Version for Every Use Case
Whether you are a hobbyist researcher, a Managed Security Service Provider (MSSP), or something in between, there is a version of TBM Cloud Sandbox for you.| Feature | TBM Basic BETA | TBM Pro | TBM Corporate |
|---|---|---|---|
| Analyze files (executables, documents, etc.) | Yes | Yes | Yes |
| Support for compressed/passworded files | Yes | Yes | Yes |
| Analyze URLs for drive-by attacks | Yes | Yes | Yes |
| Easy-to-understand Indicators | Limited | Yes | Yes |
| Video of session | Yes | Yes | Yes |
| Screenshots | Yes | Yes | Yes |
| Interactive tree of sample-related processes | Yes | Yes | Yes |
| Static analysis on the sample analyzed | Yes | Yes | Yes |
| Network activity report | Yes | Yes | Yes |
| Machine-learning maliciousness score | - | Yes | Yes |
| Private submissions | - | Yes | Yes |
| Configurable analysis duration | - | Yes | Yes |
| Download/view dropped/deleted files | - | Yes | Yes |
| Static analysis on dropped/deleted files | - | Yes | Yes |
| List of running processes | - | Yes | Yes |
| Process injection report | - | Yes | Yes |
| Mutant report | - | Yes | Yes |
| Network ports opened | - | Yes | Yes |
| Downloadable PCAP | - | Yes | Yes |
| Searchable/sortable list of all registry actions | - | Yes | Yes |
| Searchable/sortable list of all filesystem actions | - | Yes | Yes |
| Device driver report | - | Yes | Yes |
| Change or disable Internet connectivity | - | Yes | Yes |
| REST API | - | - | Yes |
| Custom OS images | - | - | Yes |
| Multiple user accounts | - | - | Yes |
| Customizable interface branding | - | - | Yes |
| Terms of Service | Non-commercial use only | Conditional commercial use1 | Unlimited commercial use |
| Support | Priority Phone/Email | ||
| Pricing | Free (register now) | Contact us or request free trial |
Contact us or request free trial |
Get started!
Register for a free TBM Basic account now or request a trial of TBM Pro or TBM Corporate.
info@binaryguard.com 
12850 Middlebrook Rd. Germantown, MD 20874 © 2014-2016 | Binary Guard | All rights reserved.
