While antivirus scanners and online tools like VirusTotal can give you assessment is file a known malware, they do nothing for unknown one. Running software in sandboxed environment is best way to get details on actions program performs. Still setting up properly secured sandbox with relevant tools is not something common.
CWSandbox is online service that runs file you submit through automated sandbox analysis.
What it does
CWSandbox allows to submit files (up to 16MB) and ZIP archives (with up to 50 files) through simple browser upload. After that it queues submission and later runs it through series of tests.
After analysis is done you can proceed to results page on site or wait until link is mailed to you. Analysis runs for two minutes and during that time all file, registry and network activity that comes from app is logged.
- much safer than own sandbox;
- thorough analysis;
- report in multiply formats.
While report is nothing that can’t be achieved with right tools (like Process Monitor) CWSandbox has great advantage of remote system that takes away risk of executing dangerous stuff.
It may be not as definitive in determining malware but provides invaluable details on what software actually tries to do when run.