TXSandbox provides behavior analysis on unknown file and URL objects in order to detect zero-day malware. It runs in a Linux docker container without requiring Windows licenses, resulting in lower cost of ownership. It is compatible with all type of VMs. The TXSandbox can be deployed in a private cloud, or a public cloud, or on premises. It has Restful APIs for easy integration with other security products. It has no system API hooks to indicate a sandbox environment. It has enhanced shell code analysis and dual-dynamic engine for URL analysis for higher detection rate.