Cuckoo
Cuckoo facilitates analysis in both static and dynamic dimensions. It analyses the malware by logging their activities, and provides a complete report containing details about the following parameters (as shown in Figure 2): The details regarding all the API calls initiated by the malware and chained processes The file-related details like creation, deletion and modification The network activities, which are understood through the network traces Memory dumps provide a clear picture about the internals of the malware activities The facility to snap screenshots of the system while the malware is in operation provides clear insights on the various operations carried out by the malware In January 2012, malwr.com, the Web interface for the Cuckoo sandbox (which is open to the public), was launched. With this facility, anyone can submit their file for malware analysis and the results are sent to them. Cuckoo version 0.4 was launched in July 2012 and version 0.5 in December 2012. In April 2013, version 0.6 was launched with subsequent updates to malwr.com. In January 2014, the Cuckoo sandbox version 1.0 was launched, and the most recent release of Cuckoo 1.1 was in April 2014. From this timeline, you can observe that Cuckoo has evolved from a simple project in 2010 into a professional malware analysis tool with progressively quicker updates from Cuckoo’s development team.
Cuckoo can be used to analyse various types of files as shown in Figure 4.