Cuckoo Sandbox is an open source tool that can be used to reverse malwares , exploits, documents and links. the program is written in Python and running in a virtual environment VirtualBox. the application starts by creating a clean snapshot of the system Next it will allow to monitor , record and investigate changes in the system. comparing the result will reveal all malicious activities on the analyzed system.
some of the main features in Cuckoo Sandbox are:
- Monitoring win32 API functions;
- Dump network activity;
- Create screenshots during the analysis;
- save copies of all files created during the forensics analysis;
- Tracking instructions executed by the malicious process;
- Create user-friendly report in txt, JSON and HTML format;
- Absolute isolation of the environment in which the malware is launched.
You can download the recent release and read more about Cuckoo Sandbox on the official website.