Into malware? Time to play in the Cuckoo Sandbox

Have a taste for tearing apart malware? Then you have probable played with Cuckoo Sandbox. If not, it is really time to take a poke at it. This is an open source malware analysis toolset. You can drop a suspicious file (or even one that is somewhat shifty in nature) into it and it will run tests. In no time at all it will spit out a report as to the nature of the file and what it tried to do all from the relative safety of a virtualized environment.

Last month the developers posted the latest iteration of their application, version 1.1. To get an idea of the changes that have been introduced in this iteration have a look at the change log.


Following is the CHANGELOG for this version:

- Added imphash to static PE analysis - Added search for URLs in the web interface - Added search for PE Imphash in the web interface - Added possibility in web interface to queue to all machines - Added filtering by behavior category in Django web interface - Added analyzer log to Django web interface - Added REST API to retrieve screenshots associated with a task - Added REST API to retrieve the PCAP associated with a task - Added database migration utility - Added remote submission to utility - Added small stats utility (utils/ - Added analysis package for PowerShell scripts - Added overlay configuration for signatures (data/signatures_overlay.json) - Fixed bug in MAEC report - Fixed package selection for Office documents and CPL scripts - Fixed issue with tcpdump filters - Fixed unhandled exception when uploading files to the analysis machines - Fixed issues in CuckooMon that resulted in Internet Explorer crashes - Fixed bug in CuckooMon that caused mutexes to be resolved as file paths - Fixed bug in behavior processing module that resulted in a trailing backslash in summary's registry keys - Multiple minor bug fixes

Not only is this a wonderful tool it is also the underlying software that drives the malware analysis website

If you have any interest in malware analysis at all, these are a couple of tools that you should absolutely try out.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags cybercrimemalwarelegal

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Dave Lewis

Latest Videos

More videos

Blog Posts