Operation

 

TXSandbox operation is super easy. You can upload malware samples, file or URL, through its portal web interface or restful API, select the analyzer profile, and let TXSandbox do its analysis job. The analyzer profile is created by administrator, defining how your sample code is executed. For example, you may want to get your analysis result as fast as possible, then you can create a profile as returning the result if it's detected by static scanner. If you definitely want to see its behavior result, you may create a profile to forece the sample file sent to sandbox VM for execution, no matter it's detected by static scanner or not. You can also create a profile to delay the sample execution once the sample gets inside sandbox VM, or extend closure time in sandbox VM even when the sample file completed its execution so that you can see malware infection after execution. TXSandbox also allow you to customize the sandbox execution environment, such as install particular applications, a particular version or patch of OS, different configurations, etc. It also supports the environment for your cloud applications deployment so that you can see how your cloud application reacts to malware infection.