Dailydave mailing list archives

Re: VPC

From: "Thorsten Holz" <thorsten.holz () gmail com>
Date: Thu, 21 Feb 2008 16:51:24 +0100

On Thu, Feb 21, 2008 at 1:54 PM, Dave Aitel <dave () immunityinc com> wrote:

 There's another one called CWSandbox that has a free web form you can
 send exe's to.


You can either send a sample to <https://cwsandbox.org/?page=submit>
or <http://research.sunbelt-software.com/submit.aspx>
More info about the tool is available in an article
(<http://pi1.informatik.uni-mannheim.de/filepool/publications/j2holz.pdf>)
 and an example report is
<https://cwsandbox.org/?page=details&id=156851&password=iokop>

(They hook a bunch of things but I think you can escape
 the hooking by calling system calls directly?)


But then you are not platform independent. CWSandbox was originally
designed to automatically analyze the malware we capture with the help
of honeypots (worms, bots, ...), but has evolved a lot since then.

Cheers,
  Thorsten
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: VPC, (continued)
- - - Re: VPC Jared DeMott (Feb 22)
    - Re: VPC Andrew R. Reiter (Feb 22)
    - Re: VPC Eduardo Tongson (Feb 22)
    - Re: VPC Jared DeMott (Feb 22)
    - Re: VPC Thierry Zoller (Feb 23)
    - Re: VPC Joanna Rutkowska (Feb 25)
    - Re: VPC dan (Feb 25)
    - Re: VPC Joanna Rutkowska (Feb 25)
    - Re: VPC Kurt Baumgartner (Feb 22)
    - Re: VPC John H. Sawyer (Feb 23)
- Re: VPC Thorsten Holz (Feb 21)
  - Re: VPC Jared DeMott (Feb 22)
    - Re: VPC John H. Sawyer (Feb 23)
  - Re: VPC Halvar Flake (Feb 27)
- Re: VPC Thierry Zoller (Feb 22)
- Re: VPC Alexander Sotirov (Feb 24)
- Re: VPC Anthony Lineberry (Feb 28)
  - Re: VPC Matt Richard (Feb 29)
    - Re: VPC Jon Oberheide (Feb 29)
    - Re: VPC Andrew R. Reiter (Mar 03)
- Re: VPC Thierry Zoller (Feb 23)

(Thread continues...)