Cuckoo Sandbox Processing module - bytes-frequence-distribution
Cuckoo Sandbox is the leading open source automated malware analysis system. This module is installed directly into the processing modules directory of a Cuckoo instance. It accesses the file path of the task with 'category' as 'file' and creates a byte sequence distribution table. The output value for each byte is a percentage of the total file size. In addition, shannon entropy information is also provided to provide useful information for analysis. This module is designed and tested on Cuckoo version 2.0.7. To use the module, refer to the contents below.
bytes-frequence-distribution is self-contained. The module has no dependencies.
This module is for Cuckoo Sandbox 2.0.7 which can be obtained here:
- Add the information at
$your_cwd/conf/processing.py.
$ vim $your_cwd/conf/processing.conf
# ...
[bytes]
enabled = yes- Add the information at
$your_cuckoo_instance/cuckoo/common/config.py.
class Config(object):
configuration = {
# ...
"processing": {
# ...
"bytes": {
"enabled": Boolean(True),
},
},
}-
Copy the file to
$your_cuckoo_instance/cuckoo/processing/.cuckoo/processing/bytes.py
-
Copy the file to
$your_cuckoo_instance/tests/.tests/test_processing_bfd.py
-
Test
$ pytest tests/test_processing_bfd.py- Setup
$ python $your_cuckoo_instance/setup.py sdist develop
$ pip install $your_cuckoo_instance/dist/Cuckoo-2.0.7.tar.gz- Analysis
$ cuckoo
$ cuckoo submit [file]- Results
$ cat $your_cwd/storage/analyses/[task_id]/reports/report.json