This article discusses the common questions asked about DDI’s Virtual Analyzer.
Listed are the questions encountered about DDI virtual analyzer:
Does DDI have static analysis features for unknown malwares such as PE configuration analysis, linker analysis, packer analysis, and operation analysis?
No. DDI has no detection module that can do this kind of analysis. However, you can see some static analysis for documents (PDF, SWF, Office files) for possible exploits in File Analysis Results.
Can DDI analyze malwares that pervert Windows auto-run feature?
Yes, Virtual Analyzer can log the auto-run modification behaviors of the sample in the File Analysis Results.
Does DDI have exclusive analysis feature for .NET malwares?
Yes, as long as .net framework is installed in sandbox.
Can DDI log FQDNs/URLs that are referred by malwares in reports?
Yes, sample FQDNs/URLs and visited FQDNs/URLs can be logged.
Can DDI log information where malwares tried to connect even if that destination doesn't exist in reports?
No. DDI only logs detection of real monitored traffic.