A new bird in the malware research sky
Submitted by nex on Sat, 2011-02-05 02:09.
tools
Dear OffensiveComputing community,
I take the chance of this blog post to inform you of the release of Cuckoo 0.1.0-beta.
Cuckoo is a very simple automated malware analysis sandbox which makes use of Microsoft Detours, AutoIt3 and Python for analyzing malwares in a VirtualBox based environment.
At this point it is able to analyze Windows binaries and PDF files, but can be easily extended.
Here are some basic features:
- Retrieve files from remote URLs and analyze them.
- Trace relevant API calls for behavioral analysis.
- Recursively monitor newly spawned processes.
- Dump generated network traffic.
- Run concurrent analysis on multiple machines.
- Support custom analysis package based on AutoIt3 scripting.
- Intercept downloaded and deleted files.
- Take screenshots during runtime.
You can get more informations at:
http://www.cuckoobox.org
Hope you enjoy.
» nex's blog | login to post comments
sounds interesting
Submitted by udishamir on Wed, 2011-04-06 02:36.
but isn't detours can be detect easily ?
» login to post comments
detours' hooks can be as
Submitted by nex on Tue, 2011-04-26 22:54.
detours' hooks can be as easily detected as any other inline hooks.
the only +1 annoying thing is the detoured.dll being loaded (http://coderrr.wordpress.com/2008/08/27/how-to-get-rid-of-microsoft-detours-detoureddll/), but never encountered anything really checking for that.
» login to post comments
hmm
intresting