Zerowine Sandbox
マルウェアかどうかをビヘイビア分析によって判断するサンドボックス.
Zero wine is a sandbox created with WINE and QEmu to (automatically)
analyze malware.It's behavioral based: Just upload your malware to the zerowine's web
server and let it analyze the malware's behavior by running it (in a
isolated environment).The very first release consist in a prebuilt QEmu virtual machine (the
recommended way) or the python source code (see the file INSTALL for
details).Sourceforge's Project Page
http://sourceforge.net/projects/zerowine/
Download Virtual Machine
https://sourceforge.net/project/showfiles.php?group_id=248410&package_id=303323&release_id=649964
Download Source Code
https://sourceforge.net/project/showfiles.php?group_id=248410&package_id=303323&release_id=649963
Documentation
http://zerowine.sourceforge.net
Blog
http://joxeankoret.com/blog/?p=33
怪しいPEファイルを提出するだけで判断してくれる.
BLOGによると有名どころのPackerでpackされたものでもほぼ全部検出できるそうです.