New Sandbox

Additionally to well known sandboxes like norman or CWsandbox there is a new one
out: Zero Wine. A Python written malware analyzing tool, doing: ”
1. Report: The complete raw report of all the APIs called by the malware. Hard to follow and hard to understand (a 10mb report is not uncommon).
2. Strings: Just the output of the typical unix command “strings”.
3. File headers: All the information gathered from the PE using the library PEFile.
4. Signature: The signature report is an extract of the full raw report with the most interesting calls.

It is an open sourceforge-project, so you might want to look at it. I personally like the output of cwsandbox a lot more.. 🙂

Tags:

Leave a Reply

You must be logged in to post a comment.