scan is defenitfly static(scantime as you referred) but some samples get into cuckoo sandbox, but you should notice that cuckoo is not an AV, it's sandbox and show the dynamic activity.

According to this
http://blog.virustotal.com/2012/07/viru ... ation.html

They use a cuckoo sandbox, I would imagine tweaked so they can generate their reports properly.

Xylitol wrote:

Vult wrote:i tried hexing

if you come just for that then you're not welcome here.
Also a simple cuckoo should do the tricks to get gate urls, in attach, php page from the ram scrapper plugin.

Vult wrote:i tried hexing

... We already have automated malware analysis systems like Malwr (Cuckoo), Joe Sandbox, Anubis, etc. This topic is meant to shed some light on the features you would like ...

Cuckoo supports VBOX, VMWARE and QEMU KVM. Further it has support for Volatility. The latet Version has a branch to a new API-Monitor, which will integrate in the master branch in the near future. Another plugin is zer0m0n ...

Hello, TK_: The malwr uses Cuckoo - I've updated the initial post to make this clear. EP_X0FF: Thank you for your comment, I'll take a closer look. rnd.usr: I'm aware of the Drakvuf. Thank you all for your provided answers, but if anybody ...

your missing cuckoo.

Have you looked how for example camas or vt/malwr (vbox vm) do this monitoring? Well, yes. First of all is Cuckoo using Cuckoomon: https://github.com/cuckoobox/cuckoomon for it's hooking and monitoring. Then there's the Behavior-plugin: https://github.com/cuckoobox/cuckoo/blob/master/modules/processing/behavior.py ...

... and dumpguestcore and 2 tools(API-sniffer and RWX-dumper). It's not the best tool but it's always fun to create your own thing. I've tried Cuckoo but the behavioral function never works for me. The problem is that my tools kinda sucks. I have no program to monitor the I/O(filemon sucks ...