Anubis: Analyzing Unknown Binaries
地址 http://anubis.iseclab.org/
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
What kind of files can I submit to Anubis?
Anubis所支持的文件类型
Anubis will analyze all Windows executable files. When you upload a file to the Anubis environment it will be executed by calling CreateProcess. Thus, it does not matter what your file is called (or which file extension it has), i.e. it is not a problem if your file is called, for example, postcard.txt, as long as it is actually an executable.
Anubis will also analyze all Android binaries, that are packaged as valid APK files. Uploaded APKs will be installed in an Android emulator and have to contain at least the AndroidManifest.xml and classes.dex files.
Anubis扫描的类型包括 windows可执行文件,当你完成上传时,我们将以CreateProcess命令对其执行。当然,不管你的文件如何被呼叫,以及不论扩展名。假如一个 文件被呼叫这并不是问题。比如,postcard.txt,看起来像文本文档,实际是可执行文件
Anubis 也支持Android binaries,即有效的APK文档分析。上传的APK将会被安装到Android模拟器,但是这个APK必须包括至少AndroidManifest.xml and classes.dex这两个文件。
About Anubis
关于Anubis
Anubis is sponsored by Secure Business Austria and developed by the International Secure Systems Lab. We are a small team of enthusiastic security professionals doing research in the field of computer security and malware analysis. Our goal is to provide interested and advanced computer users with a tool that helps in combatting malware. This is why we provide this service free of charge.
Anubis是由Secure Business Austria赞助, the International Secure Systems Lab开发的。我们是专注于计算机安全和恶意软件分析的小团队。我们的目标是为计算机爱好者和专业用户提供对抗恶意软件的帮助。这也是为什么我们提供的服 务免费
Anubis is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware. Execution of Anubis results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary. The generated report includes detailed data about modifications made to the Windows registry or the file system, about interactions with the Windows Service Manager or other processes and of course it logs all generated network traffic. The analysis is based on running the binary in an emulated environment and watching i.e. analyzing its execution. The analysis focuses on the security-relevant aspects of a program's actions, which makes the analysis process easier and because the domain is more fine-grained it allows for more precise results. It is the ideal tool for the malware and virus interested person to get a quick understanding of the purpose of an unknown binary.
Anubis是用于分析Windows PE-可执行文件的工具,在分析方面具有强大的力量。依据Anubis执行结果所生成的,包含足够信息的,关于目的和行为的二进制分析报告。所产生的报告 包含关于修改注册表/文件系统,和Windows Service Manager 的交互,以及其他进程行为,如网络数据交换的详细数据。这个分析是基于二进制仿真环境的。这个分析器致力于为电脑爱好者们提供恶意程序和病毒的数据以便爱 好者们快速理解这些程序
Anubis is the result of more than three years of programming and research. We have designed Anubis to be an open framework for malware analysis that allows the easy integration of other tools and research artifacts. This will allow us to integrate new research prototypes produced by our group into Anubis as soon their code base is stable enough.
Anubis是多年计划和发展的产品。我们已经把Anubis设计为一个开放的恶意软件分析框架,并允许简单的集成,人工搜索功能。这将使我们能够将新的研究为原型制作Anubis,完善,使其拥有足够稳定的代码库。
If you have any questions, bug reports or comments please do not hesitate to contact us at anubis@iseclab.org.
如果你有任何问题,BUG报告或评论,联系anubis@iseclab.org.
转载于:https://my.oschina.net/u/256975/blog/631898