Malwasm is another project that is designed to assist in reverse engineering. It is based on Cuckoo Sandbox a popular open source tool for automating malware analyses and PIN a binary instrumentation tool.
The algorithm works as follows:
1. Malware analysis is run in the sandbox Cuckoo Sandbox.
2. During the execution all actions are logged by pintool.
3. All actions and changes in the system are stored in a database (Postgres).
4. Visualize the data and information is possible over the web interface this to make handling many binaries collected from the honeypot easy and comfortable.
Some of the main features for Malwasm:
- offline programs debugging
- possibility to go back or forward in the execution’s time (with a time slide bar)
- states of registers and flags
- values of the stack/heap/data
- “Following dump” options
- fully works in the browser
Malwasm web interface
To work with the program you need to run the following two commands and next use the web interface:
- utils/submit.py /path/to/binary
- Run the webservice web/malwasm_web.py
- go to the web interface on http://127.0.0.1:5000.
you can download the tool on the following link: http://code.google.com/p/malwasm/