Cuckoo Sandbox is an open source tool that can be used to reverse malwares , exploits, documents and links. the program is written in Python and running in a virtual environment VirtualBox. the application starts by creating a clean snapshot of the system Next it will allow to monitor , record and investigate changes in the system. comparing the result will reveal all malicious activities on the analyzed system.
some of the main features in Cuckoo Sandbox are:
– Monitoring win32 API functions;
– Dump network activity;
– Create screenshots during the analysis;
– save copies of all files created during the forensics analysis;
– Tracking instructions executed by the malicious process;
– Create user-friendly report in txt, JSON and HTML format;
– Absolute isolation of the environment in which the malware is launched.
You can download the recent release and read more about Cuckoo Sandbox on the official website.