Anubis,一个支持Android apk(Android binaries)行为分析的在线沙盘
2016-03-07 00:00
537 查看
Anubis: Analyzing Unknown Binaries
地址 http://anubis.iseclab.org/
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
What kind of files can I submit to Anubis?
Anubis所支持的文件类型
Anubis will analyze all Windows executable files. When you upload a file to the Anubis environment it will be executed by calling CreateProcess. Thus, it does not matter what your file is called (or which file extension it has), i.e. it is not a problem if your file is called, for example, postcard.txt, as long as it is actually an executable.
Anubis will also analyze all Android binaries, that are packaged as valid APK files. Uploaded APKs will be installed in an Android emulator and have to contain at least the AndroidManifest.xml and classes.dex files.
Anubis扫描的类型包括 windows可执行文件,当你完成上传时,我们将以CreateProcess命令对其执行。当然,不管你的文件如何被呼叫,以及不论扩展名。假如一个 文件被呼叫这并不是问题。比如,postcard.txt,看起来像文本文档,实际是可执行文件
Anubis 也支持Android binaries,即有效的APK文档分析。上传的APK将会被安装到Android模拟器,但是这个APK必须包括至少AndroidManifest.xml and classes.dex这两个文件。
About Anubis
关于Anubis
Anubis is sponsored by Secure Business Austria and developed by the International Secure Systems Lab. We are a small team of enthusiastic security professionals doing research in the field of computer security and malware analysis. Our goal is to provide interested and advanced computer users with a tool that helps in combatting malware. This is why we provide this service free of charge.
Anubis是由Secure Business Austria赞助, the International Secure Systems Lab开发的。我们是专注于计算机安全和恶意软件分析的小团队。我们的目标是为计算机爱好者和专业用户提供对抗恶意软件的帮助。这也是为什么我们提供的服 务免费
Anubis is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware. Execution of Anubis results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary. The generated report includes detailed data about modifications made to the Windows registry or the file system, about interactions with the Windows Service Manager or other processes and of course it logs all generated network traffic. The analysis is based on running the binary in an emulated environment and watching i.e. analyzing its execution. The analysis focuses on the security-relevant aspects of a program's actions, which makes the analysis process easier and because the domain is more fine-grained it allows for more precise results. It is the ideal tool for the malware and virus interested person to get a quick understanding of the purpose of an unknown binary.
Anubis是用于分析Windows PE-可执行文件的工具,在分析方面具有强大的力量。依据Anubis执行结果所生成的,包含足够信息的,关于目的和行为的二进制分析报告。所产生的报告 包含关于修改注册
3ff0
表/文件系统,和Windows Service Manager 的交互,以及其他进程行为,如网络数据交换的详细数据。这个分析是基于二进制仿真环境的。这个分析器致力于为电脑爱好者们提供恶意程序和病毒的数据以便爱 好者们快速理解这些程序
Anubis is the result of more than three years of programming and research. We have designed Anubis to be an open framework for malware analysis that allows the easy integration of other tools and research artifacts. This will allow us to integrate new research prototypes produced by our group into Anubis as soon their code base is stable enough.
Anubis是多年计划和发展的产品。我们已经把Anubis设计为一个开放的恶意软件分析框架,并允许简单的集成,人工搜索功能。这将使我们能够将新的研究为原型制作Anubis,完善,使其拥有足够稳定的代码库。
If you have any questions, bug reports or comments please do not hesitate to contact us at anubis@iseclab.org.
如果你有任何问题,BUG报告或评论,联系anubis@iseclab.org.
地址 http://anubis.iseclab.org/
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
What kind of files can I submit to Anubis?
Anubis所支持的文件类型
Anubis will analyze all Windows executable files. When you upload a file to the Anubis environment it will be executed by calling CreateProcess. Thus, it does not matter what your file is called (or which file extension it has), i.e. it is not a problem if your file is called, for example, postcard.txt, as long as it is actually an executable.
Anubis will also analyze all Android binaries, that are packaged as valid APK files. Uploaded APKs will be installed in an Android emulator and have to contain at least the AndroidManifest.xml and classes.dex files.
Anubis扫描的类型包括 windows可执行文件,当你完成上传时,我们将以CreateProcess命令对其执行。当然,不管你的文件如何被呼叫,以及不论扩展名。假如一个 文件被呼叫这并不是问题。比如,postcard.txt,看起来像文本文档,实际是可执行文件
Anubis 也支持Android binaries,即有效的APK文档分析。上传的APK将会被安装到Android模拟器,但是这个APK必须包括至少AndroidManifest.xml and classes.dex这两个文件。
About Anubis
关于Anubis
Anubis is sponsored by Secure Business Austria and developed by the International Secure Systems Lab. We are a small team of enthusiastic security professionals doing research in the field of computer security and malware analysis. Our goal is to provide interested and advanced computer users with a tool that helps in combatting malware. This is why we provide this service free of charge.
Anubis是由Secure Business Austria赞助, the International Secure Systems Lab开发的。我们是专注于计算机安全和恶意软件分析的小团队。我们的目标是为计算机爱好者和专业用户提供对抗恶意软件的帮助。这也是为什么我们提供的服 务免费
Anubis is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware. Execution of Anubis results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary. The generated report includes detailed data about modifications made to the Windows registry or the file system, about interactions with the Windows Service Manager or other processes and of course it logs all generated network traffic. The analysis is based on running the binary in an emulated environment and watching i.e. analyzing its execution. The analysis focuses on the security-relevant aspects of a program's actions, which makes the analysis process easier and because the domain is more fine-grained it allows for more precise results. It is the ideal tool for the malware and virus interested person to get a quick understanding of the purpose of an unknown binary.
Anubis是用于分析Windows PE-可执行文件的工具,在分析方面具有强大的力量。依据Anubis执行结果所生成的,包含足够信息的,关于目的和行为的二进制分析报告。所产生的报告 包含关于修改注册
3ff0
表/文件系统,和Windows Service Manager 的交互,以及其他进程行为,如网络数据交换的详细数据。这个分析是基于二进制仿真环境的。这个分析器致力于为电脑爱好者们提供恶意程序和病毒的数据以便爱 好者们快速理解这些程序
Anubis is the result of more than three years of programming and research. We have designed Anubis to be an open framework for malware analysis that allows the easy integration of other tools and research artifacts. This will allow us to integrate new research prototypes produced by our group into Anubis as soon their code base is stable enough.
Anubis是多年计划和发展的产品。我们已经把Anubis设计为一个开放的恶意软件分析框架,并允许简单的集成,人工搜索功能。这将使我们能够将新的研究为原型制作Anubis,完善,使其拥有足够稳定的代码库。
If you have any questions, bug reports or comments please do not hesitate to contact us at anubis@iseclab.org.
如果你有任何问题,BUG报告或评论,联系anubis@iseclab.org.
相关文章推荐
- Android开发自学笔记(Android Studio) 目录
- android群英传之自定义View--对现有控件进行扩展(1)
- Android掌中游斗地主游戏源码完整版
- Android Studio实现代码混淆
- Android 定时器实现方式
- Android 计算地球上任意两点(经纬度)距离
- Android 日期时间选择控件
- Android 翻滚的TextView
- Android 将数据库文件保存至sdcard中
- Android 本地文件管理类
- Android 读取本地txt文件中的内容
- Android应用安全之Content Provider安全
- px in pt dp(dip) sp in Android
- android监听左右滑动事件
- 【第一行代码】Android中的fragment
- 《Android开发艺术探索》读书笔记 (5) 第5章 理解RemoteViews
- Android复选框
- Android Transition
- android dp
- Android 应用界面开发笔记