sudosecure.net

Since my release of the ThreatExpert.com Perl script to aid in the batch processing of Malware binaries and automating the submission of these binaries for analysis I have written two more. One for the CWSandbox and one for Anubis. If you haven't used either of these sandboxes for a quick analysis I would really recommend them as they can provide a very fast and detailed report for suspected Malware binaries using a combination of automated static analysis and behavioral analysis techniques. One of the major advantages in utilizing them is you won't have to set up your own lab/sandnet to analysis suspicious binaries, and there is no risk of infecting your network during the analysis. Most of these sandboxes have established relationships with Antivirus companies to aid in the development of antivirus signatures through the sharing of submitted Malware binaries, so again I would encourage all of you to utilize them for the "greater good".

With that being said, I tend to favor the CWSandbox due to the wealth of information they provide in their reports. They provide options to down load a pcap file of network activity during the execution of the binary, a cab file of the analysis, an xml report, or just browse the results in their easy to navigate web interface. The pcap files can be downloaded and used to aid in writing snort signatures to feed your IDS solution, which would then aid in identifying other computers on your network that could possibly be infected with the same Malware. The detailed report of system modifications can also be used to search out possible computers infected with this Malware without an IDS solution in place.

Well enough rambling, so here you go two more scripts that I hope you can find useful: cwsandbox_submit_pl and anubis_submit.pl.

As always I do not warranty these scripts in any shape or fashion and you assume all risk in running them. Although if you have any questions, bug reports, or comments feel free to shoot me an email at: jeremy [at] sudosecure [dot] net.