Page 28 - index
P. 28
The more information you have on the infection, the better equipped you are to handle it. One of the
6
many useful reporting features is the ability to hook up to Virus Total , which will generate information
on the sample similar to the report you would receive via the Virus Total site.
Unlike peframe, Cuckoo can analyse a wide array of subjects beyond generic Windows executables; DLL
files, PDF documents, Microsoft Office documents, URLs, PHP scripts and almost anything else you want
to investigate. It’s even possible to queue up a batch of samples and let the system automatically
analyse all of them in sequence.
Cuckoo Architecture
7
From the Cuckoo website :
“Cuckoo Sandbox consists of a central management software which handles sample execution and
analysis.
Each analysis is launched in a fresh and isolated virtual machine. Cuckoo’s infrastructure is composed by
an Host machine (the management software) and a number of Guest machines (virtual machines for
analysis).
The Host runs the core component of the sandbox that manages the whole analysis process, while the
Guests are the isolated environments where the malwares get actually safely executed and analyzed.
The following picture explains Cuckoo’s main architecture:”
6
https://www.virustotal.com
7
http://docs.cuckoosandbox.org/en/latest/introduction/what/#use-cases
28 Cyber Warnings E-Magazine – August 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
