Interested in, curious about, or just want to have some fun with malware analysis in the lab?
Cuckoo Sandbox is an automated malware analysis system. Its intended goal is to provide a way to automatically analyze files and collect results describing what files do while executed inside an isolated environment. It’s typically used to analyze Windows executables, DLL files, PDF documents, Office documents, PHP scripts, Python scripts, but can produce useful intell from Internet URLs and almost anything else you can imagine.
Some of the results that Cuckoo generates are:
- Trace of performed relevant win32 API calls
- Dump of network traffic generated during analysis
- Creation of screenshots taken during analysis
- Dump of files created, deleted and downloaded by the malware during analysis
- Trace of assembly instructions executed by malware process
Cuckoo also allows you to:
- Automate submission of analysis tasks
- Create analysis packages to define custom operations and procedures for performing an analysis
- Run multiple virtual machines concurrently
- Script the process and correlation of analysis results data
- Script and automate the generation of reports in the format you prefer
Looks pretty interesting. I’ve pulled in the latest download. Hope you do the same, and if you find it useful, consider a donation to the author so that he can continue to do good work.