Automated dynamic analysis
These are tools used to automatically gather information by running the program in an enclosed sandbox.
- Cuckoo: This is a piece of Python-codedsoftwaredeployed in Debian-based operating systems. Usually, Cuckoo is installed in the hosting Ubuntu system, andsendsfiles to be analyzed in the VMWare or VirtualBox sandbox clients. Its development is community-driven, and as such, a lot of open source plugins are available for download.
- ThreatAnalyzer: Sold commercially, ThreatAnalyzer, previously known as CWSandbox, has been popular in the anti-virus community for its ability to analyze malware and return very useful information. And because users are able to develop their own rules, ThreatAnalyzer, as a backend system, can be used to determine if a submitted file contains malicious behaviors or not.
- Joe Sandbox: This is another commercial tool that shows meaningful information about the activities that a submitted program carries out when executed.
- Buster Sandbox Analyzer...