Explanation

The chart is a summary of the analysis of binaries through our sandboxing system. The different fields in the report are as follows:

Programs Processed - How many binaries went through the system

  1. Programs Skipped - Using different hashing methodologies we are able to identify common polymorphistic files and skip the processing
  2. Programs Analyzed - How many binaries actually were submitted to the Sandbox system and analyized
    • Completed Analysis Runs - How many of the submitted binaries completed successfully and had some sort of results
    • Failed Analysis Runs - Binaries that would not run and create a valid report
    • Programs Retried - How many binaries were re-run. All binaries that initially fail will be re-run for more attempts to properly execute and gain an analysis of that program
    • Invalid Binaries - How many program that would not execute or were not proper Windows binaries
  3. Network Traffic Statistics - Of the programs that were processed and had output, which had network based traffic and the breakdown of the different types of network traffic seen for the binaries
  4. Anti-Analysis Techniques - Many of the different malware programs will take defensive measures to prevent analysis and reverse engineering. These are the different forms and results that we are able to determine from the successfully tested programs
  5. Malicious Activity - What activity local to the system will the programs take

↑ Contents

Updates

The chart is updated once every four hours and is for the last rolling ten days and 30 days of statistics.

↑ Contents

Sandbox Processing

FTP Results

HTTP Results

IRC Results

P2P Results

SMTP Results

↑ Contents

Sandbox Statistics (10-Day Rolling Report)

---------------------------------------------  ----------  ----------
Sandbox Results                                    Totals     Percent
---------------------------------------------  ----------  ----------
Programs Processed                                570,190            
  Programs Skipped                                215,036       37.7%
  Programs Analyzed                               355,154       62.3%
    Completed Analysis Runs                       254,242       71.6%
    Failed Analysis Runs                           13,244        3.7%
    Programs Retried                               87,668       24.7%
    Invalid Binaries                                    0        0.0%
                                                                     
---------------------------------------------  ----------  ----------
Network Traffic Statistics                         Totals     Percent
---------------------------------------------  ----------  ----------
Programs that sent TCP data                       171,787       67.6%
  Programs using HTTP                             114,476       66.6%
    URLs captured                                 168,671            
  Programs using FTP                                  249        0.1%
  Programs using SMTP                                 212        0.1%
  Programs using IRC                                  476        0.3%
Programs that sent UDP data                       171,708       67.5%
  Programs that made DNS requests                 171,708      100.0%
Programs that made P2P connections                     23        0.0%
    Programs using bittorrent                           5       21.7%
    Programs using edonkey                              1        4.3%
    Programs using gnutella                            17       73.9%
    Programs using winmx                                0        0.0%
                                                                     
---------------------------------------------  ----------  ----------
Anti-Analysis Techniques                           Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made debugger checks                 16,421        6.5%
Programs that made VMWare registry checks              10        0.0%
Programs that made SoftICE checks                     432        0.2%
Programs that made Wine checks                        673        0.3%
Programs that made Time checks                          0        0.0%
Programs that supress Compatibility Warnings      181,783       71.5%
                                                                     
---------------------------------------------  ----------  ----------
Malicious Activity                                 Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made Windows Firewall Updates            17        0.0%
Programs that installed a Rootkit                       0        0.0%
Programs that installed a startup entry           154,259       60.7%
Programs that accessed user's Firefox profile           0        0.0%
Programs that accessed the Pstore                     452        0.2%
Programs that called taskkill                           0        0.0%

↑ Contents

Sandbox Statistics (30-Day Rolling Report)

---------------------------------------------  ----------  ----------
Sandbox Results                                    Totals     Percent
---------------------------------------------  ----------  ----------
Programs Processed                              1,931,829            
  Programs Skipped                                690,651       35.8%
  Programs Analyzed                             1,241,178       64.2%
    Completed Analysis Runs                       983,162       79.2%
    Failed Analysis Runs                           18,165        1.5%
    Programs Retried                              239,851       19.3%
    Invalid Binaries                                    0        0.0%
                                                                     
---------------------------------------------  ----------  ----------
Network Traffic Statistics                         Totals     Percent
---------------------------------------------  ----------  ----------
Programs that sent TCP data                       666,629       67.8%
  Programs using HTTP                             512,376       76.9%
    URLs captured                                 772,300            
  Programs using FTP                                  561        0.1%
  Programs using SMTP                                 534        0.1%
  Programs using IRC                               24,988        3.7%
Programs that sent UDP data                       666,761       67.8%
  Programs that made DNS requests                 666,761      100.0%
Programs that made P2P connections                     54        0.0%
    Programs using bittorrent                          12       22.2%
    Programs using edonkey                              1        1.9%
    Programs using gnutella                            41       75.9%
    Programs using winmx                                0        0.0%
                                                                     
---------------------------------------------  ----------  ----------
Anti-Analysis Techniques                           Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made debugger checks                 27,162        2.8%
Programs that made VMWare registry checks              18        0.0%
Programs that made SoftICE checks                   1,074        0.1%
Programs that made Wine checks                      1,713        0.2%
Programs that made Time checks                         23        0.0%
Programs that supress Compatibility Warnings      741,676       75.4%
                                                                     
---------------------------------------------  ----------  ----------
Malicious Activity                                 Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made Windows Firewall Updates            56        0.0%
Programs that installed a Rootkit                      29        0.0%
Programs that installed a startup entry           540,489       55.0%
Programs that accessed user's Firefox profile           0        0.0%
Programs that accessed the Pstore                   1,180        0.1%
Programs that called taskkill                           0        0.0%

↑ Contents

Sandbox Statistics (60-Day Rolling Report)

---------------------------------------------  ----------  ----------
Sandbox Results                                    Totals     Percent
---------------------------------------------  ----------  ----------
Programs Processed                              3,766,444            
  Programs Skipped                              1,684,631       44.7%
  Programs Analyzed                             2,081,813       55.3%
    Completed Analysis Runs                     1,666,697       80.1%
    Failed Analysis Runs                           25,845        1.2%
    Programs Retried                              389,271       18.7%
    Invalid Binaries                                    0        0.0%
                                                                     
---------------------------------------------  ----------  ----------
Network Traffic Statistics                         Totals     Percent
---------------------------------------------  ----------  ----------
Programs that sent TCP data                       822,694       49.4%
  Programs using HTTP                             638,659       77.6%
    URLs captured                               1,082,013            
  Programs using FTP                                1,045        0.1%
  Programs using SMTP                               1,269        0.2%
  Programs using IRC                               30,503        3.7%
Programs that sent UDP data                       822,229       49.3%
  Programs that made DNS requests                 822,229      100.0%
Programs that made P2P connections                    104        0.0%
    Programs using bittorrent                          26       25.0%
    Programs using edonkey                              2        1.9%
    Programs using gnutella                            75       72.1%
    Programs using winmx                                1        1.0%
                                                                     
---------------------------------------------  ----------  ----------
Anti-Analysis Techniques                           Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made debugger checks                 43,446        2.6%
Programs that made VMWare registry checks             190        0.0%
Programs that made SoftICE checks                   2,626        0.2%
Programs that made Wine checks                      3,979        0.2%
Programs that made Time checks                        148        0.0%
Programs that supress Compatibility Warnings    1,066,657       64.0%
                                                                     
---------------------------------------------  ----------  ----------
Malicious Activity                                 Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made Windows Firewall Updates           119        0.0%
Programs that installed a Rootkit                     311        0.0%
Programs that installed a startup entry           723,871       43.4%
Programs that accessed user's Firefox profile           0        0.0%
Programs that accessed the Pstore                   2,382        0.1%
Programs that called taskkill                           0        0.0%

↑ Contents

Sandbox Statistics (90-Day Rolling Report)

---------------------------------------------  ----------  ----------
Sandbox Results                                    Totals     Percent
---------------------------------------------  ----------  ----------
Programs Processed                              6,041,787            
  Programs Skipped                              2,942,766       48.7%
  Programs Analyzed                             3,099,021       51.3%
    Completed Analysis Runs                     2,447,509       79.0%
    Failed Analysis Runs                           36,902        1.2%
    Programs Retried                              614,610       19.8%
    Invalid Binaries                                    0        0.0%
                                                                     
---------------------------------------------  ----------  ----------
Network Traffic Statistics                         Totals     Percent
---------------------------------------------  ----------  ----------
Programs that sent TCP data                     1,243,656       50.8%
  Programs using HTTP                             974,712       78.4%
    URLs captured                               2,212,613            
  Programs using FTP                                1,333        0.1%
  Programs using SMTP                               1,593        0.1%
  Programs using IRC                               32,206        2.6%
Programs that sent UDP data                     1,244,634       50.9%
  Programs that made DNS requests               1,244,634      100.0%
Programs that made P2P connections                    117        0.0%
    Programs using bittorrent                          31       26.5%
    Programs using edonkey                              2        1.7%
    Programs using gnutella                            83       70.9%
    Programs using winmx                                1        0.9%
                                                                     
---------------------------------------------  ----------  ----------
Anti-Analysis Techniques                           Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made debugger checks                 51,206        2.1%
Programs that made VMWare registry checks             205        0.0%
Programs that made SoftICE checks                   3,123        0.1%
Programs that made Wine checks                      4,846        0.2%
Programs that made Time checks                        152        0.0%
Programs that supress Compatibility Warnings    1,563,563       63.9%
                                                                     
---------------------------------------------  ----------  ----------
Malicious Activity                                 Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made Windows Firewall Updates           145        0.0%
Programs that installed a Rootkit                     311        0.0%
Programs that installed a startup entry         1,050,766       42.9%
Programs that accessed user's Firefox profile           0        0.0%
Programs that accessed the Pstore                   3,011        0.1%
Programs that called taskkill                           0        0.0%

↑ Contents

Sandbox Statistics (180-Day Rolling Report)

---------------------------------------------  ----------  ----------
Sandbox Results                                    Totals     Percent
---------------------------------------------  ----------  ----------
Programs Processed                             14,398,258            
  Programs Skipped                              5,174,351       35.9%
  Programs Analyzed                             9,223,907       64.1%
    Completed Analysis Runs                     7,494,922       81.3%
    Failed Analysis Runs                           66,341        0.7%
    Programs Retried                            1,662,644       18.0%
    Invalid Binaries                                    0        0.0%
                                                                     
---------------------------------------------  ----------  ----------
Network Traffic Statistics                         Totals     Percent
---------------------------------------------  ----------  ----------
Programs that sent TCP data                     4,177,321       55.7%
  Programs using HTTP                           3,317,728       79.4%
    URLs captured                               7,904,139            
  Programs using FTP                                4,326        0.1%
  Programs using SMTP                               4,324        0.1%
  Programs using IRC                               42,753        1.0%
Programs that sent UDP data                     4,312,429       57.5%
  Programs that made DNS requests               4,312,429      100.0%
Programs that made P2P connections                    319        0.0%
    Programs using bittorrent                         101       31.7%
    Programs using edonkey                             12        3.8%
    Programs using gnutella                           201       63.0%
    Programs using winmx                                5        1.6%
                                                                     
---------------------------------------------  ----------  ----------
Anti-Analysis Techniques                           Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made debugger checks                113,066        1.5%
Programs that made VMWare registry checks             308        0.0%
Programs that made SoftICE checks                   7,519        0.1%
Programs that made Wine checks                     10,598        0.1%
Programs that made Time checks                        163        0.0%
Programs that supress Compatibility Warnings    5,175,831       69.1%
                                                                     
---------------------------------------------  ----------  ----------
Malicious Activity                                 Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made Windows Firewall Updates           363        0.0%
Programs that installed a Rootkit                     312        0.0%
Programs that installed a startup entry         3,994,464       53.3%
Programs that accessed user's Firefox profile           0        0.0%
Programs that accessed the Pstore                 326,918        4.4%
Programs that called taskkill                           0        0.0%

↑ Contents

Sandbox Statistics (One-Year Rolling Report)

---------------------------------------------  ----------  ----------
Sandbox Results                                    Totals     Percent
---------------------------------------------  ----------  ----------
Programs Processed                             26,475,254            
  Programs Skipped                             13,038,995       49.2%
  Programs Analyzed                            13,436,259       50.8%
    Completed Analysis Runs                    10,660,399       79.3%
    Failed Analysis Runs                          163,919        1.2%
    Programs Retried                            2,611,941       19.4%
    Invalid Binaries                                    0        0.0%
                                                                     
---------------------------------------------  ----------  ----------
Network Traffic Statistics                         Totals     Percent
---------------------------------------------  ----------  ----------
Programs that sent TCP data                     4,819,535       45.2%
  Programs using HTTP                           3,860,671       80.1%
    URLs captured                              12,181,292            
  Programs using FTP                                6,276        0.1%
  Programs using SMTP                               8,094        0.2%
  Programs using IRC                               51,930        1.1%
Programs that sent UDP data                     4,963,778       46.6%
  Programs that made DNS requests               4,963,778      100.0%
Programs that made P2P connections                    422        0.0%
    Programs using bittorrent                         143       33.9%
    Programs using edonkey                             19        4.5%
    Programs using gnutella                           253       60.0%
    Programs using winmx                                7        1.7%
                                                                     
---------------------------------------------  ----------  ----------
Anti-Analysis Techniques                           Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made debugger checks                159,699        1.5%
Programs that made VMWare registry checks             668        0.0%
Programs that made SoftICE checks                   8,944        0.1%
Programs that made Wine checks                     13,108        0.1%
Programs that made Time checks                      5,258        0.0%
Programs that supress Compatibility Warnings    6,558,787       61.5%
                                                                     
---------------------------------------------  ----------  ----------
Malicious Activity                                 Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made Windows Firewall Updates           578        0.0%
Programs that installed a Rootkit                   3,207        0.0%
Programs that installed a startup entry         4,515,103       42.4%
Programs that accessed user's Firefox profile           0        0.0%
Programs that accessed the Pstore                 403,158        3.8%
Programs that called taskkill                           0        0.0%

Sandbox Statistics (Two-Year Rolling Report)

---------------------------------------------  ----------  ----------
Sandbox Results                                    Totals     Percent
---------------------------------------------  ----------  ----------
Programs Processed                             52,188,425            
  Programs Skipped                             27,677,160       53.0%
  Programs Analyzed                            24,511,265       47.0%
    Completed Analysis Runs                    20,342,485       83.0%
    Failed Analysis Runs                          225,438        0.9%
    Programs Retried                            3,943,342       16.1%
    Invalid Binaries                                    0        0.0%
                                                                     
---------------------------------------------  ----------  ----------
Network Traffic Statistics                         Totals     Percent
---------------------------------------------  ----------  ----------
Programs that sent TCP data                     5,425,513       26.7%
  Programs using HTTP                           4,327,421       79.8%
    URLs captured                              13,624,369            
  Programs using FTP                                9,383        0.2%
  Programs using SMTP                              18,955        0.3%
  Programs using IRC                               97,903        1.8%
Programs that sent UDP data                     9,587,842       47.1%
  Programs that made DNS requests               9,587,842      100.0%
Programs that made P2P connections                    701        0.0%
    Programs using bittorrent                         193       27.5%
    Programs using edonkey                             34        4.9%
    Programs using gnutella                           463       66.0%
    Programs using winmx                               11        1.6%
                                                                     
---------------------------------------------  ----------  ----------
Anti-Analysis Techniques                           Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made debugger checks                250,767        1.2%
Programs that made VMWare registry checks           1,157        0.0%
Programs that made SoftICE checks                  14,619        0.1%
Programs that made Wine checks                     20,700        0.1%
Programs that made Time checks                      5,902        0.0%
Programs that supress Compatibility Warnings   14,263,962       70.1%
                                                                     
---------------------------------------------  ----------  ----------
Malicious Activity                                 Totals     Percent
---------------------------------------------  ----------  ----------
Programs that made Windows Firewall Updates           722        0.0%
Programs that installed a Rootkit                   3,222        0.0%
Programs that installed a startup entry         7,541,845       37.1%
Programs that accessed user's Firefox profile           0        0.0%
Programs that accessed the Pstore                 422,528        2.1%
Programs that called taskkill                           0        0.0%

↑ Contents

<< Malware | Statistics | Sandbox Graphs >>