Cuckoo is a lightweight solution that performs automated dynamic analysis of provided Windows binaries. It is able to return comprehensive reports on key API calls and network activity. It was started as a project during Google Summer of Code 2010 and has been recently released for public scrutiny. It is a Open Source product, released under GPL, allowing anyone to customize it as much as possible allowing it to be made distributable. It was programmed with an idea that analyze any kind of malicious file and get the best behavioral analysis out of it.
Current features are:
- Retrieve files from remote URLs and analyze them.
- Trace relevant API calls for behavioral analysis.
- Recursively monitor newly spawned processes.
- Dump generated network traffic.
- Run concurrent analysis on multiple machines.
- Support custom analysis package based on AutoIt3 scripting.
- Intercept downloaded and deleted files.
- Take screenshots during runtime.
Download Cuckoo v0.1.0-beta (cuckoo-0.1.0-beta.tar.gz) here.
Searches leading to this post:
malware analysis sandbox, malware sandbox, sandbox malware analysis, cuckoo sandbox
Comments on this entry are closed.