Scribd
Upload
61 views

Lab 7: Ma With Cwsandbox, Anubis: Because Teaching Teaches Teachers To Teach

The document discusses two malware analysis sandboxes: CWSandbox and Anubis. CWSandbox allows users to upload files up to 16MB for analysis, which runs the file in a sandboxed environment for two minutes to log all file, registry, and network activity. It provides reports in multiple formats. Anubis similarly analyzes files and URLs to provide details on their behaviors in HTML, XML, PDF or text reports, and can download network captures, but not the samples themselves. Both tools analyze samples for malware behaviors but may not keep up with evolving malware.

Uploaded by

THUẬN NGUYỄN MINH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
61 views

Lab 7: Ma With Cwsandbox, Anubis: Because Teaching Teaches Teachers To Teach

The document discusses two malware analysis sandboxes: CWSandbox and Anubis. CWSandbox allows users to upload files up to 16MB for analysis, which runs the file in a sandboxed environment for two minutes to log all file, registry, and network activity. It provides reports in multiple formats. Anubis similarly analyzes files and URLs to provide details on their behaviors in HTML, XML, PDF or text reports, and can download network captures, but not the samples themselves. Both tools analyze samples for malware behaviors but may not keep up with evolving malware.

Uploaded by

THUẬN NGUYỄN MINH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Lab 7: MA with CWSandbox,

Anubis
I

Because teaching teaches


teachers to teach
MA with CWSandbox, Anubis
2

 CWSandbox
 Anubis

2
CWSandbox
3

 While VirusTotalcan give you assessment is file a


known malware, they do nothing for unknown one,
running software in sandboxed environment is best
way to get details on actions program performs.
 CWSandbox allows to submit files (up to 16MB) and
ZIP archives (with up to 50 files) through simple
browser upload.

3
CWSandbox
4

 Analysis runs for two minutes and during that time


all file, registry and networkactivity that comes from
app is logged.
 Strong features
 much safer than own sandbox
 thorough analysis
 report in multiply formats

4
CWSandbox
5

 Download a sample malware on


https://wildfire.paloaltonetworks.com/publicapi/tes
t/pe
 Upload http://www.cwsandbox.org/

5
CWSandbox
6

6
Anubis
7

 Anubis is developed by the International Secure


Systems Lab and analyzes both files and URLs. It
supports Windows executable files and Android
APKs
 It gives you access to everything that you need to
know. The reports can be downloaded as HTML,
XML, PDF or text.
 You can download the network captures in pcap
format, but you cannot download the samples.
Anubis reports also tell you if the malware
communicated with specific device paths.

7
Anubis
8

 Download a sample malware on


https://wildfire.paloaltonetworks.com/publicapi/tes
t/pe
 Upload Anubis

8
Anubis
9

 Unfortunately, we do not have the resources to


maintain these tools and improve them to match an
ever-changing malware landscape.
 If you have any questions, please send an
emailto [email protected] or [email protected]
u.

9
Q&A

10

You might also like