FAQs

Home / Resources  / FAQs

Product

Q: What does SecondWrite do and who uses SecondWrite?

A: SecondWrite has developed an innovative automated malware analysis solution for detecting advanced malware including APTs, targeted attacks and zero-day evasions that defeat other solutions. Our technology automates traditionally manual reverse-engineering techniques to analyze and detect malware at scale.

Currently, SecondWrite is being used by several network security vendors, endpoint security vendors, threat intelligence and Incidence-response vendors, SOCs, and MSSPs to improve their malware detection capability.

Q: What makes SecondWrite different from other sandbox based solutions for detecting malware?

A: SecondWrite eliminates blind spots prevalent in existing automated malware analysis solutions. Other automated malware solutions are only based on monitoring the interaction of malware with its “external” environment, primarily the operating system’s resources on the computer. In addition, such tools are specialized to certain known evasion types.

Our sandbox is based on deep introspection and complete code exploration of malware using founding team’s ten years of research background in deep analysis of software and malware, and our patented technologies. This enables our sandbox to detect malware based on internal code behavior and  overcome any evasion type, including zero-day evasions that are unknown to us.

Q: What is the input and output of your sandbox?

A: The input to our sandbox is a file or a URL submitted by the customer or security partner. The output is a report, available in both JSON and HTML formats. The report contains a score indicating how likely the file is malicious, and several details about its behavior.

Q: What input file types does your sandbox support?

A: Currently the file types supported are:

  • Windows executables.
  • Windows DLLs
  • .NET executables
  • PDF
  • MS Word (.DOC and .DOCX)
  • MS PPT (.PPT and .PPTX)
  • MS Excel (XLS and XLSX)
  • HTML
  • URLs
  • Archives (.zip, .rar, 7z, .iso, .tar, .gz,.bz2)

Q: What Operating Systems are supported?

A: SecondWrite sandbox current supports Windows OS. The support for other Operating System will be rolled out in next few months.

Q: What deployments are supported?

A: The SecondWrite sandbox is hosted on our cloud platform. Our cloud can be accessed via a web-portal or via APIs provided. Both mechanisms are easy to use. The cloud offers great ease of use with no installation needed, malware information sharing among customers, and Tier 1 support by SecondWrite.

Q: What features does the web-portal contain?

The web-portal can be used for several functions: users can get a summary of your submissions so far, account information, links to their most recent submissions and a web interface to submit files. It is user friendly and easy to use.

TECHNOLOGY

Q: What does your report contain?

A: Our report contains a wealth of information on the file’s static and dynamic behavior, including at least the following:

  • A score indicating how confident we are that the file is malicious.
  • File header information.
  • List of suspicious behaviors found, including the severity level of each.
  • A classification of the malware (e.g., ransomware, spyware, Trojan, adware, phishing etc.)
  • The IP addresses the malware attempts to connect to.
  • A world map indicating the countries in which the connected-to IP addresses reside.
  • Process graph showing what processes this file creates or interacts with.
  • Files it reads, writes to, moves, and deletes.
  • PCAP files containing the network traffic generated by this file.
  • OS calls made by each process, along with arguments.
  • Yara rules matched.

Q: What kinds of evasion does your tool handle?

A: Unlike competitor tools that are specialized to certain known evasion types, our sandbox can overcome any evasion type, including zero-day evasions that are unknown to us.

Licensing

Q:  What types of licenses are available?

A:  There are three license types for SecondWrite malware sandbox.

  1. Free license:  This allows users to submit up to 20 samples per month for free.
  2. Basic license:  The starting Basic Account allows users to submit up to 200 samples per day (Other Basic accounts allow for more submissions per day). Note there is NO API Access with this account type.
  3. Enterprise license:  The starting Enterprise Account allows users to submit up to 500 samples per day (Other Enterprise accounts allow for more submissions per day). NOTE the enterprise license does have API Access with this account type.

Please refer to the pricing page to get more details about these licenses.

Q:  What is the duration of a license?

A:  Free license is currently valid forever. We reserve the right to cancel the terms of this license anytime.

Basic and enterprise license are valid for 1 year after purchase and can be renewed online. The default is set to auto-renew your subscription after 1 year please contact us at support@secondwrite.com  to change this.

Q:  What features do I get in a free version?

A: Free license allows users to submit 20 samples per month, with additional limit of 10 samples of each file type. Customers get a complete report in HTML format however there is only 1 day submission history.

Please refer to our page for detailed features included with free license.

Q:  What additional features do I get in a basic version?

A:  There are four Basic Sandbox versions allowing users purchase submission levels of 200, 500, 1,000 or 2,000 samples per day. In addition to features available in free version, the basic version allows users to have a complete submission history, PCAP download and access to technical support. NOTE: The basic version does NOT have API Access.

Please refer to our page for the different Basic Subscription options and detailed features included with each Basic license.

Q:  What additional features do I get in an enterprise version?

A:  There are three Enterprise Sandbox versions allowing users purchase submission levels of 500, 1,000 or 2,000 samples per day. In addition to features available in basic version, the enterprise version allows users to access to a programmable API which allows automatic submission of samples to SecondWrite sandbox and enables automated workflows. Also included is reports in JSON Format and training support. Finally enterprise customers can contact us via email to purchase paid subscriptions manually, or purchase subscriptions with a higher file quota than available.

Please refer to our page for the different Enterprise Subscription options and detailed features included with each Enterprise license.

Q:  Can I upgrade from free version to a paid version?

A:  Yes, users can always upgrade from free to any paid version.

Q:  Can I downgrade from paid version to a free version?

A:  No you cannot downgrade during your 1 year license period.  The license terms are valid for one year and cannot be cancelled before the end of the term.

Q:  Can I upgrade to a more expensive paid plan part way through my 1 year license period?

A:  Yes, users on a paid plan can upgrade to a more expensive license during the 1 year period with a pro-rated coupon code. Please contact us at support@secondwrite.com  to obtain a pro-rated coupon code for checkout.

Q:  Is there any restriction on how I can use the output of SecondWrite?

A:  As per EULA, users are only allowed to use the output of SecondWrite for their internal analysis and are not allowed to use it as OEM or part of their product. In you need to integrate SecondWrite as part of your product or services, please contact us for OEM licensing details.

Q:  Is my SecondWrite Store”My Account” login email and password I used to purchase my plan, the same as my SecondWrite Sandbox Platform email and password?

A:  NO, they are not the same, your SecondWrite Store”My Account” password is different then your Sandbox Platform password. You should have received an email after you purchased a plan with this information you will need to login to the SecondWrite Sandbox Account. The link to this account is found when you login to your My Account Page.