... and dumpguestcore and 2 tools(API-sniffer and RWX-dumper). It's not the best tool but it's always fun to create your own thing. I've tried Cuckoo but the behavioral function never works for me. The problem is that my tools kinda sucks. I have no program to monitor the I/O(filemon sucks ...

... malwr, CAMAS, VirusTotal etc works. The ideal would be a software like Cuckoo Sandbox (malwr) with the features/reports from BSA. The most similar to that is Joe Sandbox ...

... mean Sandboxie, and it works in all cases: no files are written out of sandbox folder. Oh, yes I mean Sandboxie. I analyzed a sample a few days ago and an .ini was dropped but Sandboxie did not save the file. Cuckoo did a great job with the saving. malwr: https://malwr.com/analysis/YmNhNTIxOTZjY2I3NDNhY2I0ZjUxZWYwOTY0YmZlYWU/ ...

v1.0.0.2 found on my cuckoo. http://i.imgur.com/7nDMLg5.png https://www.virustotal.com/en/file/6798c9b183497f8337dcf84ab3bdbbb4c06f4f902d9b93eddcfd6bda6a115b16/analysis/1398616893/ C2 B3 1D 3D 36 DF 0D F7 16 8B FB E4 E6 0C 65 3B 20 ...

... of work and the technicity to extract config. For the background it's a Cuckoo sandbox with Volatility and the plugin ZbotScan hosted on a OVH Kimsufi. The tracker is auto-feeded ...

SkyTraF is the executable downloaded by http://www.kernelmode.info/forum/viewto ... =50#p22475
each time it will download the payload from new ips (tested on cuckoo)

... (C&C) panel on Twitter. bullshit, the threat was first identified on vx.vault, malware was downloaded from a zeus if i remember, i saw that on cuckoo. Correct the panel is from N0PE but the bin isn't.

... (C&C) panel on Twitter. bullshit, the threat was first identified on vx.vault, malware was downloaded from a zeus if i remember, i saw that on cuckoo.

... Anyone knowing this stuff can give an appropriate name to the attached sample ? 64a39e6c10c58fca07d17620b9864fdf Here successfully handled by Cuckoo : https://malwr.com/analysis/MTZmMDQ5MDhiOTJjNDk1YWI3MGM3NGE4NmNmZTRmZDc/share/ba482770c2bc4793a580850315363cb3

... Weird broken jpeg in ressource: http://i.imgur.com/eo2NcbT.png And no communication for me, maybe p2p node is down, run under cuckoo, just some ICMP traffic and HTTP on google.com. http://i.imgur.com/Qq4WuBy.png