Zero Wine Malware Analysis Tool / News: Recent posts

Zerowine version 0.0.2 released

I'm pleased to announce the new version of Zerowine, a sandbox for malware analysis. The following are the new (sexy) features I added to the project:

* Added python-ptrace to the virtual machine.
* Added script to dump the malware while running (commonly unpacked).
* Added an small database of Virtual Machine detection tricks.
* Updated PEFile (By Ero Carrera) to the latest version.
* Added detection for anti-debugging techniques.
* Added support to download memory dumps.
* Drastically reduced the prebuilt Virtual Machine's image.

Posted by Joxean Koret 2009-01-20

Zero Wine: Malware Behavior Analysis

Zero wine is a sandbox created with WINE and QEmu to (automatically) analyze malware. It's behavioral based: Just upload your malware to the zero wine's web server and let it analyze the malware's behavior by running it in a isolated double virtual environment (Wine running under QEmu).

The very first release consist in a prebuilt QEmu virtual machine (the recommended way) or the source code (see the file INSTALL).

Posted by Joxean Koret 2008-12-29