There are a few popular online service which I am sure you have heard of such as VirusTotal, an online virus scanner that scans the file you upload with multiple (40+) antivirus and ThreatExpert, an online automated threat analysis which analyzes the file that you upload on check on what it does when it is ran on the computer. I personally use ThreatExpert a lot because I prefer to know what the file is doing rather than putting my full trust on the antivirus which sometimes gives us false detection. Other than ThreatExpert, I have previously mentioned CWSandbox, Anubis, Sunbelt Sandbox, Norman Sandbox and Comodo Instant Malware Analysis.

Here is another another online sandbox called Joebox to add in to the list of file behavior analyzers. JoeBox has been around since early 2008 and it is updated and improved periodically. 3 days ago JoeBox has been updated to 1.5.5 that fixes bug on big html files, added file written and key value queried section, increased HTML layout and fixed virtual machine guest time update bug.


The good thing about Joebox is you can set the file that you want to run in which version of Windows. By default Joebox runs the malware in XP SP3 but you can select to also run it on Vista SP2 and Windows 7 at the same time. Other than that, you can enable Joebox to get the network data (PCAP) and then open it with Wireshark to analyze the captured traffic.

joebox analyze file behavior

You will need to enter a working email address because the analyzed report will be sent there. The report is generated in a HTML file and frankly speaking, the report might not be easy to interpret for non savvy computer users.

Joebox HTML analysis report

You may ask why do you need Joebox when there are other online file analyzers which provides report that is easier to understand? Joebox is a good alternative to other online sandbox because there are tools that can make a malware un-analyzable in online sandbox because of the “anti” features. Since Joebox is not the popular ones, chances of it getting blocked is low.

Make sure you only submit the binary file itself and not in compressed archive such as ZIP, RAR, 7z and etc. However if you are afraid that you might accidentally run the malware on your computer, you can submit the file without any extension and Joebox is able to automatically detect it as an executable file. A binary file means files with extension such as exe, dll, sys, doc, pdf…

[ Analyze File Behavior with Joebox ]

Related posts:

  • Analyze Suspicious EXE Files with Comodo Instant Malware Analysis
  • OSAM a Powerful and Reliable Autorun Manager with Online Malware Scanner
  • How To Easily Analyze and Get Detailed Report of Suspicious Files
  • Battle of the 6 Online Malware File Scanners
  • BEST Rated Firewall Online Armor Premium v3 Genuine License Key for FREE