Provides highly accurate, static and behavioral analysis on unknown files and URLs, in order to detect zero-day threats


TXSandbox is a next-generation sandbox that features multiple classifiers for increased accuracy, lower false positives and more adaptable PE/NonPE file coverage.   It runs in a Linux docker container, or in any type of VM and can be deployed on-premise, or in private and public clouds, such as AWS. It doesn’t require Microsoft Windows licenses which can save considerable costs for large deployments. Access is via a Web GUI or Restful API for integration with existing products, such as IPS/IDS, FW and WAF.


  • Dual analytic engine to ensure highest detection rates for URL analysis
  • High accuracy and low false positive rates
  • Automatically filters out malicious URL links and malicious file attachments embedded in emails
  • Runs static analysis on injected code
  • Runs static analysis on embedded shell code inside of Non-PE files to detect zero-day exploits
  • Runs in Linux docker container
  • Manages and scales easily
  • Analyzes PE files without requiring Windows license fee


  • OnPremise/Private Cloud/Public Cloud
  • Prepare a physical or VMware Server with a minimum of 16 cores, 32G RAM, 2T HD, 1x1G NIC
  • Download iso image from TriagingX support
  • Install and configure the TXSandbox
  • Provide IP address, username, and password
  • Installs all needed modules automatically


  • Launch internet browsers, such as IE, Firefox or Chrome, and type in the URL for the TXSandbox’s server address
  • Click upload sample button to load file(s) for behavior analysis
  • Sit back and wait for the analysis process complete
  • Go to TXSandbox’s dashboard to view the final report
  • Generate the analysis report in optional PDF file format
  • Alternatively, use restful API to upload the sample file/URL and retrieve the analysis results


Target System: Windows XP, Windows 7, Windows 8/10
Sandbox Server: Physical, VMWare Server
Interface: Rest API
Report Format: PDF