Support for more zip file formats (multipart mode)
- Support for more archive file formats in multipart mode analysis [see https://www.7-zip.org/]
- Detection engine improved
- Bugs fix
- Powershell tls/ssl
- File format detection
- Zip extraction
- Graphical user interface stop button
- Analysis date when error happens in some cases
- ...
- Patch anti-vm
- Documentation
P2A v7.5 (2023-06-13)
Added support for EML files
- Support for EML files (multipart analysis : urls and attachments).
- Support for files named with non ascii characters.
- Bugs fix.
- Note : for mutlipart analyses, the subparts results are available in the resulting json under de key subparts={analysis_id1 : result_url1, ...}
P2A v7.4 (2023-04-23)
- Malicious File Detection available in API
- Improved performance and stability
- Enabled Datalake domain reputation integration
- Updated Firefox (111) and Chrome (95)
- Add OneNote support
P2A v7.3 (2023-02-20)
system upgrade
- Ubuntu upgrade (from bionic to focal).
- Kernel upgrade (kvm + qemu).
- Security enhancement (front-end/back-end data encryption ...).
- Bugs fix (tor, rescan, nitro -6 ...).
- Web api improvement (submitting files, urls, online files and Hash).
- NOTE (api): sync mode is deprecated and will be removed next release.
P2A v7.2 (2022-10-26)
Malware configs extraction
- Added new section : Extract of Malware Configuration(visible whenever configs are extracted). Malware configs are also present in the results json file (key = mwcfg).
- Bugs fix
- Web api will be updated in the next release, p2a python client will be provided and curl commands will have little changes.
P2A v7.1 (2022-06-16)
Static analysis of submitted sample
- Yara analysis of submitted file
- Large files submission through python-API ( size > 50Mo )
- The reason of maintenance is now shown
- Improvement : users can now disable all hooks with one option
- Windows templates updated
- Added the possibility to download PDF report through WEB-API
- Bugs fixing
- Some server improvement
- Anti-VM techniques improvement
P2A v7.0 (2022-04-13)
Custom command line and fixes
- Fixed an issue that caused analysis graphical overflow with too long URL
- Fixed "search by hash" feature that crashed in some rare cases
- Fixed some documentation issues
- Fixed an issue with admin feature to switch from normal to okta user
- Fixed some graphical issues on the GUI
- Added support page and new support email for technical bugs
- Added .pptm files support
- Added "public share" feature that allows sharing an analysis with unauthenticated users
- Added the possibility for admins to change users email address
- Added a new feature that allows specifying custom command line when running an analysis (Advanced tab)
- Added a feature that allows admins to delete submitted samples
- Added the possibility to submit an analysis through API directly in "shared" mode
P2A v6.2 (2022-02-15)
Increased URL max size
- Fixed an issue with web API that caused bad result on "Dangerous" match
- Increased URL max size from 256 to 2048
- General optimization
- Minor bug fixes
P2A v6.1 (2022-01-26)
Analyze by hash and command line arguments
- Several bug fixes including a bug that caused webserver crash when a user went over their daily quota.
- New feature: analyze files by simply providing their hash
- New feature: provide command line parameters for all types of files in "Advanced" tab
- Improvement: users are now informed when they are visualizing an empty analysis (missing stream.bin file)
- Fixed documentation issues for API
- Fixed an issue that prevented giving extra arguments to DLLs
P2A v6.0 (2021-11-22)
Bug fixes and improvements
- Improved admin panel
- Disabled email change feature for Okta users
- UI Menu fixes
- Improved modules management based on installation system
- Vulnerability fix: restricted sample download-by-hash feature to admins
- Fixed configuration issues
- Fixed other minor bugs
P2A v5.5 (2021-11-02)
API search by date and documentation fixes
- New feature in API search endpoint: possibility to specify starting and ending date (see API documentation)
- Fixed many documentation mistakes
- Adjusted all errors and descriptions in English language
- Added support of .ppam files
- Changed Internal Login button title for clarity
- Deleted PFAV and P2M buttons
- Upgraded maintenance page by adding more information
- Minor bug fixes
P2A v5.4 (2021-10-25)
Several improvements and new API endpoints
- Changed /api-web endpoint to /api/submit but /api-web still works as legacy endpoint
- Improved history API endpoint to work with current session (in addition to API login)
- Added new API endpoint that allows downloading samples associated to an analysis ID
- Added new API endpoint that allows searching for analysis: filter by filename, hash, author, signature
- Added new section to API result containing all network connections including: source IP, destination IP and destination port
- Fixed a rare bug that caused a crash through API when no memory dump was generated
- Fixed few timeout issues worker-side
- Fixed a collision issue on local and okta accounts
- Fixed bad syntax on documentation and general improvement
- Enabled internal login button on login page
P2A v5.3 (2021-10-12)
UI Fixes
- Added the possibility for users to prevent auto-upload of their files on Multi-Upload page: the option can be changed in user parameters
- Added a favicon to P2A website
- Fixed colors of some error/warning messages and buttons
P2A v5.2 (2021-10-07)
Okta authentication system
- Added new authentication system to P2A: OpenID connect through Okta
- The new authentication system will be used for all internal users but local authentication is still supported for external users
- Adding a new button on login page: "Internal login" in order to use the Okta system: the button is disabled for now
P2A v5.1 (2021-09-27)
Hash addition and bug fixes
- Fixed an issue that prevented submission for TDC users
- Fixed an issue related to domains display that caused the web server crash in special cases
- Added md5 and sha1 hashes to submitted samples: those values are now displayed on web and API result
P2A v5.0 (2021-09-14)
Bug fixes, datalake implementation and new api endpoint
- Improved analysis share system: added share button even on public analysis
- Added a new API endpoint to fetch last analysis list
- Fixed an issue that caused crash when submitting a DLL without any export
- Fixed an issue that caused crash when submitting to Free Mode without any extension
- Added domain name reputation scores (from Datalake) to analysis result page
P2A v4.5 (2021-09-02)
Major fixes
- Fixed an issue that displayed the file size instead of hash in web API result
- Removed flash support for the P2A multi-upload page
- Removed returned webserver verbose information
- Fixed self-XSS on submit page
- Fixed issues related to user permissions
P2A v4.4 (2021-08-26)
Analysis sharing system
- Addition of a "Share" button on analysis result page allowing to generate a URL with a unique token allowing to share a private analysis with a connected user
- Possibility to withdraw or regenerate the sharing token at any time
P2A v4.3 (2021-08-20)
Global improvements and important bug fixes
- Fixed inetsim according to new Perl version
- Fixed an issue preventing submission of URLs containing unicode characters
- Deactivated experimental AI engine by default
- Fixed a temporary issue that prevented analysis deletion
- Overall stabilization
P2A v4.2 (2021-07-05)
Improvements of Vital submission
- Replaced VITAL submission filename with its hash SHA256
- Removed a debug message when submitting to VITAL
- Fixed VITAL submission to adapt to the new API syntax
- Several minor fixes
P2A v4.1 (2021-06-10)
Important bug fixes
- Fixed a bug in PFAV and VITAL implementations that prevented getting the correct result in some cases
- Fixed some unclear parts of the documentation
- Fixed an issue with P2A rulesets not being updated after server reboot
- Fixed several typographical
- Fixed other minor bugs
- Introduction of the IA detection engine
P2A v4.0 (2021-02-17)
Tor submission mode
- Added a new network submission mode that allows routing network traffic through tor choosing a specific exit node country
- Fixed a bug that prevented downloading files containing "%20" space character
- Minor bug fixes
P2A v3.6 (2020-12-22)
Better detection and bug fixes
- Bug fixes related to detection of msiexec malicious process run
- Added zerologon hooks
- Fixed a bug related to deactivated user accounts
- Added a maintenance mode
P2A v3.5 (2020-10-14)
Vital integration and API improvements
- API result improvement: added domain and IP list
- VITAL results integrated in web analysis result for each memory dump
- PFAV result bug fixes (csrf exempt request)
P2A v3.4 (2020-09-21)
WEB-API improvements
- Addition of a "sync" parameter in the WEB API submission options (WEB API is now asynch by default)
- Improved WEB API operation routes
- Redesign of the WEB API documentation
- Minor bug fixes
P2A v3.3 (2020-09-04)
Datalake and minor improvements
- Better handling of APK files
- Sending IOC of public malicious detection to Datalake
- Improvements of events display (added reason)
P2A v2.1 (2020-06-23)
Better privacy settings and stability improvement
- Deleted email address in web result for privacy reasons
- Improved overall stability
- Bug fixes in ajax return process
P2A v3.2 (2020-08-03)
Hooks management system and vulnerability fixes
- Fixed CSRF vulnerability on some formulas
- Fixed an issue that prevented email modification
- Improved hooks management system
P2A v3.1 (2020-07-23)
Several bug fixes and adjustements
- Fixed several bugs in free mode (zip upload,
- Improved the waiting template
- Disallowed using no vnc option with free mode
P2A v3.0 (2020-07-16)
Free mode option
- Added a new submission mode: free mode (Options general tab)
- Possibility to submit multiple files in a zip
- Possibility to setup the virtual machine 10 minutes before analysis start
- Possibility to choose which specific processes to analyze (Advanced tab)
- Fixed minor bugs in introspection engine
- Several front-end bug fixes leading to global stability improvement
P2A v2.0 (2020-06-16)
Simulated internet mode and improved detection
- Released new network mode: simulated internet
- Fixed minor bugs
- Added detection process for malicious msiexec processes
- Added new events in order to improve dynamic detection
- Added a fake browser that triggers malware start process
P2A v1.2 (2020-04-04)
WEB-API and improved web results
- Improved web analysis results
- Fixed user api bugs (race condition)
- Released a new API based on web endpoint (see documentation in API submenu)
- Fixed other minor bugs
P2A v1.1 (2020-02-27)
Global improvements and bug fixes
- Fixed display issues in event list (command_line tag)
- Fixed bugs in introspection engine
- Fixed word dumps issue
- Added new logs for the introspection engine (new processes)
- Improved documentation
P2A v1.0 (2020-01-02)
Added detection processes and stability improvement
- Added a way to detect malicious programs running through msiexec client call.
- Improved global stability of the platform
- Several bug fixes
P2A v0.5 (2019-05-29)
Improvement of the browser support
- Added a submission parameter to choose the browser between IE, Firefox and Chrome
- Addition of export buttons in PNG and PDF in the results page (Analysis menu in the menu bar)
- Added a password parameter to be used to decrypt the sample if it is an encrypted ZIP archive
- Adding detection rules
- All the added parameters can be configured in the user preferences in the "Preferences" menu
P2A v0.4 (2019-05-24)
Support of resource hooks
- Addition of hooks on the windows API concerning PE resources
- Improved disconnected antivirus scanning system
- Fixed some web interface bugs
- Adding detection rules
P2A v0.3 (2019-05-24)
Antivirus scan via PFAV added to P2A results
- The memory artifacts recovered during the analysis are transferred to the anti virus of PFAV for analysis
- Antivirus scans are done in offline mode, no information is transmitted to anti-virus publishers
- By default only the first three memory artifacts are sent, the user can choose to send them all by clicking on the corresponding button
- If the analysis is too old, the user can also choose to resubmit the dumps to benefit from signature updates
- A bug has been fixed when submitting file URLs for download
- Support for PPT and PPTX files has been added (launch in powerpoint)
- The samples page has been updated
P2A v0.2 (2019-05-24)
New extensions support and bug fixes
- HTML files are now run from the default browser. The error displayed in case of bad file extension is more intuitive.
- New rulesets for several malware families
- The user can now access all the files submitted through web or API in Samples pages
- Bug fixes for the introspection module, the web client is more stable and displays more elements even in case of errors.
P2A v0.1 (2019-02-05)
Initial changelog
Extension support:
- Microsoft Word:
- hta
- mshtml
- Microsoft Excel:
- csv
Web Interface:
- Choice of virtual machine language
- Displaying events by page (500/page)
- All events are displayed by default
- New event types: Mutex, Semaphores, NamedPipes, Events, DebugStrings, HookModifyData
- Possibility to download stream.bin of the analysis
Analysis:
- Improvement of the automatic mouse moving function