Monday, August 19, 2013

Sample Profiler Results



The following table presents some of the malware profile reports that Profiler has generated when they were analysed with Cuckoo (names and md5 hashes are provided). Since Profiler uses Cuckoo as the main malware analysis tool, the results also follow cuckoo's reporting style.

For experimentation purposes (while developing Profiler) some of the below malware samples have been analyzed many many many times, so some of the reports can be quite lengthy. However they are presented here in order to provide a better understanding of Profiler's functionality.
If you deside to use profiler you don't need to analyse your sample's that many times. Just run a few analyses of the same malware instance with cuckoo using different systems, configurations, applications etc.
Keep in mind that Profiler does not perform malware analysis by itself but rather processes and correlates the analysis results that Cuckoo produces for each distinct malware sample.

Profiler is a work in progress so any feedback and comments will be highly appreciated!





A/A

Kaspersky Nomenclature

File Name

Txt Profile Report

Html Profile Report
1
Trojan-proxy.Win32.DiskMaster.an ebd4eea0dafc3bd21ce3b345f083e570
diskmaster.exe
2
Backdoor.Win32.Buterat.jy f4f923a4a37e9a773d672dae4abf2319
buterat.exe
3
Backdoor.Win32.Agent.ipm 43c3b72822f542d718272fdf5fd4bf90
agent.exe
4
Trojan-Dropper.Win32.Delf.bwq ea41c061a7cc5908ba95ff8f3a409dec
delf.exe
5
Worm.Win32.VBNA.agdg 075f1deb79ff781a17186d3c23e33e5c
vbna.exe
6
P2P-Worm.Win32.Palevo.jwe 1ce6ab087572a6c74371b83970af970f
palevo.exe
7
Trojan-Spy.Win32.Zbot.eev 65af4452a0f0f3d13e101bcaa0d0c34b
zbot.exe
8
Trojan-PSW.Win32.Dybalom.dhj e874b5cce5c33dc28a221cf552cdfd94
dybalom.exe
9
Trojan-PSW.Win32.Tepfer.cfu dcbff206b9d30a1edac268fadc396f4f
tepfer.exe
10
Backdoor.Win32.Small.kbv 4ec0027bef4d7e1786a04d021fa8a67f
dg003.exe





No comments:

Post a Comment

enter a comment....