Here is another cool tool release from The Honeynet Project: Cuckoo Box by Claudio Guarnieri. Cuckoo is a binary analysis sandbox, designed and developed with the general purpose of automating the analysis of malware. Read more about the tool here, grab the tool here – but please read detailed setup guide here (make sure to read it!). BTW, this tool is really well-documented, so make use of it before deploying it.
Cuckoo is a lightweight solution that performs automated dynamic analysis of provided Windows binaries. It is able to return comprehensive reports on key API calls and network activity. Current features are:
•Retrieve files from remote URLs and analyze them.
•Trace relevant API calls for behavioral analysis.
•Recursively monitor newly spawned processes.
•Dump generated network traffic.
•Run concurrent analysis on multiple machines.
•Support custom analysis package based on AutoIt3 scripting.
•Intercept downloaded and deleted files.
•Take screenshots during runtime.
Please try the tool and send the feedback to the author – or sign up for a mailing list devoted to this tool here.
http://chuvakin.blogspot.com/2011/02/ho ... ol_24.html
CISSP, MCSE, CSTA, Security+ SME