«
»

New Sandbox

Additionally to well known sandboxes like norman or CWsandbox there is a new one
out: Zero Wine. A Python written malware analyzing tool, doing: ”
1. Report: The complete raw report of all the APIs called by the malware. Hard to follow and hard to understand (a 10mb report is not uncommon).
2. Strings: Just the output of the typical unix command “strings”.
3. File headers: All the information gathered from the PE using the library PEFile.
4. Signature: The signature report is an extract of the full raw report with the most interesting calls.
It is an open sourceforge-project, so you might want to look at it. I personally like the output of cwsandbox a lot more.. 🙂

Tags:

This entry was posted on Monday, December 29th, 2008 at 15:36 and is filed under Allgemein. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.