Skip to content
Modified edition of cuckoo
Branch: master
Clone or download
Pull request Compare This branch is 431 commits behind spender-sandbox:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
agent
analyzer/windows
conf
data
docs
extra
lib
modules
tests
utils
web
.gitignore
.travis.yml
README.md
cuckoo.py
cuckoo.pyproj
cuckoo.sln
requirements.txt

README.md

This fork aims to continue the work of the heavily modified version of Cuckoo Sandbox provided under the GPL by Optiv, Inc.

It offers a number of advantages over the upstream Cuckoo:

  • Fully-normalized file and registry names
  • 64-bit analysis
  • Handling of WoW64 filesystem redirection
  • Many additional API hooks
  • Service monitoring
  • Correlates API calls to malware call chains
  • Ability to follow APC injection and stealth explorer injection
  • Pretty-printed API flags
  • Per-analysis Tor support
  • Over 150 new signature modules (over 75 developed solely by Optiv)
  • Anti-anti-sandbox and anti-anti-VM techniques built-in
  • More stable hooking
  • Ability to restore removed hooks
  • Greatly improved behavioral analysis and signature module API
  • Ability to post comments about analyses
  • Deep hooks in IE's JavaScript and DOM engines usable for Exploit Kit identification
  • Automatic extraction and submission of interesting files from ZIPs, RARs, RFC 2822 emails (.eml), and Outlook .msg files
  • Direct submission of AV quarantine files (Forefront, McAfee, Trend Micro, Kaspersky, MalwareBytes, MSE/SCEP, and SEP12 formats currently supported)
  • Automatic malware classification by Malheur
  • Significant contributions from Jeremy Hedges, William Metcalf, and Kevin Ross
  • Hundreds of other bugfixes

For more information on the initial set of changes, see: http://www.accuvant.com/blog/improving-reliability-of-sandbox-results

If you want to contribute to development, feel free to submit a pull request.

You can’t perform that action at this time.