... at the list of exported functions and then run something like: rundll32.exe file.dll,installA One example: Flame. Take a look here: http://blog.cuckoosandbox.org/2012/05/29/cuckoo-in-flame/

Yes, virtualization detection is one of my main concerns. That's the main reason why I didn't want Cuckoo to be VirtualBox-dependent, nor dependent to any other product. I'm still wondering if it is better to work on finding a proper solution to safely virtualize analysis ...

... there are conditions in which the capability to process high volumes of malwares is more important than failing on few of them. And still since Cuckoo makes you able to post process analysis results, you can set triggers to identify malwares that successfully detects your virtualization environment. ...

1. Well, you have to consider that Cuckoo is not meant to be used as a mainstream desktop product. It is meant for analysts, better if it is deployed in a production environment (as it was designed to be automated, concurrent and eventually ...

I reply to you, point by point. 1. Well, you have to consider that Cuckoo is not meant to be used as a mainstream desktop product. It is meant for analysts, better if it is deployed in a production environment (as it was designed to be automated, concurrent ...

Cuckoo is another Windows malware analyzer running under Linux.



That´s the main reason why I coded Buster Sandbox Analyzer.