Introducing Profiler

Profiler was designed and developed as part of a forensics methodology which involves executing the same malware specimen multiple times in differently configured systems, in order to observe and record possible diverse behavioral patterns that most modern contextually dependent malware instances exhibit.

Profiler’s current implementation is meant to extend the functionality of the Cuckoo sandbox malware analysis tool in order to automate the process of correlating and investigating multiple analyses results of the same malware sample.

Profiler is able to automatically detect differences and similarities in the malware’s activities among its multiple executions, thus identifying any contingent behavioral changes. 

Profiler’s automated processing and reporting features will hopefully allow analysts to quickly assess malware conduct and provide insights on how the malware operated within an explicit organizational infrastructure, minimizing manual effort and time consuming analysis procedures.

Profiler is open-source and its beta version (along with the appropriate documentation) is available at: http://code.google.com/p/cuckoo-profiler/