Thursday, February 24, 2011

The Honeynet Project Releases New Tool: Cuckoo

Here is another cool tool release from The Honeynet Project: Cuckoo Box by Claudio Guarnieri. Cuckoo is a binary analysis sandbox, designed and developed with the general purpose of automating the analysis of malware. Read more about the tool here, grab the tool here – but please read detailed setup guide here (make sure to read it!). BTW, this tool is really well-documented, so make use of it before deploying it.

Cuckoo is a lightweight solution that performs automated dynamic analysis of provided Windows binaries. It is able to return comprehensive reports on key API calls and network activity. Current features are:

  • Retrieve files from remote URLs and analyze them.
  • Trace relevant API calls for behavioral analysis.
  • Recursively monitor newly spawned processes.
  • Dump generated network traffic.
  • Run concurrent analysis on multiple machines.
  • Support custom analysis package based on AutoIt3 scripting.
  • Intercept downloaded and deleted files.
  • Take screenshots during runtime.

Please try the tool and send the feedback to the author – or sign up for a mailing list devoted to this tool here.

Possibly related posts:

Dr Anton Chuvakin