Skip navigation.
Home

A new bird in the malware research sky

Dear OffensiveComputing community,
I take the chance of this blog post to inform you of the release of Cuckoo 0.1.0-beta.
Cuckoo is a very simple automated malware analysis sandbox which makes use of Microsoft Detours, AutoIt3 and Python for analyzing malwares in a VirtualBox based environment.
At this point it is able to analyze Windows binaries and PDF files, but can be easily extended.
Here are some basic features:

  • Retrieve files from remote URLs and analyze them.
  • Trace relevant API calls for behavioral analysis.
  • Recursively monitor newly spawned processes.
  • Dump generated network traffic.
  • Run concurrent analysis on multiple machines.
  • Support custom analysis package based on AutoIt3 scripting.
  • Intercept downloaded and deleted files.
  • Take screenshots during runtime.

You can get more informations at:
http://www.cuckoobox.org

Hope you enjoy.

hmm

intresting

sounds interesting

but isn't detours can be detect easily ?

detours' hooks can be as

detours' hooks can be as easily detected as any other inline hooks.
the only +1 annoying thing is the detoured.dll being loaded (http://coderrr.wordpress.com/2008/08/27/how-to-get-rid-of-microsoft-detours-detoureddll/), but never encountered anything really checking for that.