Claudio released yesterday a new version of its Cuckoo Sandbox 0.5. The changelog is huge and they have added many new features.
They named this version “To The End Of The World” because it was released on the 20th, a day before the long-awaited 12/21/2012 theory.
You can view the list of new features in the release below:
- Added native support for URL analysis
- Added full memory dump of the virtual machine
- Added base class for libvirt machine managers
- Added auxiliary modules for Windows analyzer
- Added Jar analysis package
- Added Java Applet analysis package
- Added Zip analysis package
- Added option to enforce full timeout execution
- Added support for Graylog2 logging
- Transitioned internal database to SQLAlchemy
- Added logging of analysis errors into the database
- Added logging of guest executions into the database
- Added logging of active analysis machines into the database
- Added logging of details of submitted samples into the database
- Added functionality for automatic version lookup to get notified of available updates
- Added possibility to order processing and reporting modules
- Added extraction of strings from analyzed binaries
- Added Yara signature with indicators of possible virtualization-aware samples
- Added dissection of intercepted SMTP traffic
- Added a REST API server to interact with Cuckoo
- Added user interaction emulation (clicking dialogs buttons and mouse movements)
- Added support for Windows 7 execution
- Added support for dumping queried and modified registry data
- Added more functions to be hooked and logged
- Added simple functionality to omit injection into Cuckoo processes
- Added support for dumping files with relative paths
- Added shared VirusTotal API key
- Introduced fairly smart way of skipping Sleep calls
- Unified utility for results processing and reports generation
- Improved analysis process logic
- Improved automatic analysis package selection
- Improved process injection and process following
- Improved dumping of modified files
- Improved logging to reduce the amount of useless entries
- Improved unicode support
- Improved management of analysis machines parallel execution
- Improved internal management of plugins and modules
- Improved dissection of intercepted DNS traffic
- Fixed bugs in connection with the agent
- Fixed some issues in dumping dropped files
- Fixed bug in termination of tcpdump processes
- Fixed bugs in MongoDB reporting module
- Fixed issues with internal DNS resolution