Cuckoo sandbox

Cuckoo sandbox is a modular, open source automated malware analysis system. By default it is able to:

  • Analyse many different malicious files (executables, office documents, pdf files, emails, etc.) as well as malicious websites under Windows, Linux, Mac OS X, and Android virtualised environments.
  • Trace API calls and general behaviour of the file and distil this into high level information and signatures comprehensible by anyone.
  • Dump and analyse network traffic, even when encrypted with SSL/TLS. With native network routing support to drop all traffic or route it through InetSIM, a network interface, or a VPN.
  • Perform advanced memory analysis of the infected virtualised system through Volatility as well as on a process memory granularity using YARA.