Automatic Behaviour Analysis of Malware
With the help of tools like nepenthes it is possible to collect malware in an automated and efficient way. In order to quickly analyze the collected binaries, it is necessary to implement a solution to automatically extract useful information from these binaries. This could for example be changes on the filesystem, modified registry keys, or network communication. CWSandbox is capable of extracting this kind of information from a given binary. With the help of API hooking, it extracts during runtime as much information as possible from the binary. The result is presented in XML format, thus allowing machine-based processing.
