Book Image

Cuckoo Malware Analysis

Book Image

Cuckoo Malware Analysis

Overview of this book

Cuckoo Sandbox is a leading open source automated malware analysis system. This means that you can throw any suspicious file at it and, in a matter of seconds, Cuckoo will provide you with some detailed results outlining what said file did when executed inside an isolated environment. Cuckoo Malware Analysis is a hands-on guide that will provide you with everything you need to know to use Cuckoo Sandbox with added tools like Volatility, Yara, Cuckooforcanari, Cuckoomx, Radare, and Bokken, which will help you to learn malware analysis in an easier and more efficient way. Cuckoo Malware Analysis will cover basic theories in sandboxing, automating malware analysis, and how to prepare a safe environment lab for malware analysis. You will get acquainted with Cuckoo Sandbox architecture and learn how to install Cuckoo Sandbox, troubleshoot the problems after installation, submit malware samples, and also analyze PDF files, URLs, and binary files. This book also covers memory forensics – using the memory dump feature, additional memory forensics using Volatility, viewing result analyses using the Cuckoo analysis package, and analyzing APT attacks using Cuckoo Sandbox, Volatility, and Yara. Finally, you will also learn how to screen Cuckoo Sandbox against VM detection and how to automate the scanning of e-mail attachments with Cuckoo.
Table of Contents (13 chapters)
Cuckoo Malware Analysis
About the Authors
About the Reviewers


I would like to thank Allah the God Almighty, my friend from IT Telkom, Indra Kusuma as a contributor and reviewer, and my boss and partner in Noosc Global for giving a facility for my research. I also want to thank my girlfriend, Eva, for her support and motivation in finishing this book.

I want to give you a list of names of persons to acknowledge as a gratitude for their effort in helping us in writing our book:

Chort Z. Row for the Video in Youtube (Using Cuckoobox and Volatility to analyze APT1 malware) at, and thank you for providing Yara rules for Miniasp3 detection.

A.A. Gede Indra Kusuma from IT Telkom. Thank you for your effort in Malware Lab, and produce some resources for the book.

Jaime Blasco and Alberto Ortega from Alienvault. Thank you for providing Yara rules for APT1 detection.

David Bressler (bostonlink) for the great effort on Cuckooforcanari Project.

Alberto Ortega from Alienvault for his post on about Hardening Cuckoo Sandbox.

Xavier Mertens (@xme) for CuckooMX Project at

All Cuckoo Sandbox Developers and founder: Claudio "nex" Guarnieri, Mark Schloesser, Alessandro "jekil" Tanasi, and Jurriaan Bremer. Thank you very much for the great documentation on

Mila Parkour from Thank you for providing a lot of information about malware samples. and for providing us APT1 malware sample.

Iqbal Muhardianto is a security enthusiast and he is working in the Ministry of Foreign Affairs of the Republic of Indonesia. He loves breaking things apart just to know how it works. In his computer learning career, he first started with learning MS-DOS and some C programming, after being a System admin, Network Admin, and now he is a IT Security Administrator with some skills in Linux, Windows, Network, SIEM, Malware Analysis, and Pentesting.

He currently lives Norway and works as an IT Staff in the Indonesia Embassy in Oslo.