Cuckoo Sandbox is an open source software for automating analysis of suspicious files.
It can be used to analyse the following file types:
- Generic Windows executables
- DLL files
- PDF documents
- Microsoft Office documents
- URLs and HTML files
- PHP scripts
- CPL files
- Visual Basic (VB) scripts
- ZIP files
- Java JAR
- Python files
- Almost anything else...
It can retrieve the following type of results:
- Traces of calls performed by all processes spawned by the malware.
- Files being created, deleted and downloaded by the malware during its execution.
- Memory dumps of the malware processes.
- Network traffic trace in PCAP format.
- Screenshots taken during the execution of the malware.
- Full memory dumps of the machines.
It's extreme modular design allows you to use it both as a standalone application as well as an integrated in larger frameworks. And, if you can make use of it's powerful scripting capabilities, then there will be no limit to what you can achieve.
You might also like:
Comments
Post a Comment