VirusTotal has announced the availability of sandbox execution for OS X apps, including DMG files, Mach-O executables, and ZIP files containing a Mac app.
Users may submit files via the website, OS X uploader app or API, but reports now contain a “Behavioural information” tab which lists details like the processes launched, DNS queries made, and any files opened, read or written.
Check out the “Behavioural information” details on a few example reports to see how this works: DMG 1, DMG 2, Mach-O 1, Mach-O 2, Zip 1, Zip 2.
There’s nothing new about the core idea. It doesn’t get as much attention as it should, but VirusTotal already offers similar sandbox execution for Android APKs and Windows executables.
Android reports are particularly interesting as you often get a detailed look at permission changes, URLs accessed, and potentially important API calls.
The Windows reports are also frequently useful, and if you’re ever any queries about a file it’s a very good idea to click “Behavioural Information” and find out more.
Your Comments & Opinion