I'm pleased to announce the new version of Zerowine, a sandbox for malware analysis. The following are the new (sexy) features I added to the project:
* Added python-ptrace to the virtual machine.
* Added script memory_dump.py to dump the malware while running (commonly unpacked).
* Added an small database of Virtual Machine detection tricks.
* Updated PEFile (By Ero Carrera) to the latest version.
* Added detection for anti-debugging techniques.
* Added support to download memory dumps.
* Drastically reduced the prebuilt Virtual Machine's image.
Zero wine is a sandbox created with WINE and QEmu to (automatically) analyze malware. It's behavioral based: Just upload your malware to the zero wine's web server and let it analyze the malware's behavior by running it in a isolated double virtual environment (Wine running under QEmu).
The very first release consist in a prebuilt QEmu virtual machine (the recommended way) or the source code (see the file INSTALL).