Anubis: Analyzing Unknown Binaries
What kind of files can I submit to Anubis?
Anubis所支援的檔案類型
Anubis will analyze all Windows executable files. When you upload a file to the Anubis environment it will be executed by calling CreateProcess. Thus, it does not matter what your file is called (or which file extension it has), i.e. it is not a problem if your file is called, for example, postcard.txt, as long as it is actually an executable.
Anubis will also analyze all Android binaries, that are packaged as valid APK files. Uploaded APKs will be installed in an Android emulator and have to contain at least the AndroidManifest.xml and classes.dex files.
Anubis掃描的類型包括 windows可執行檔案,當你完成上傳時,我們将以CreateProcess指令對其執行。當然,不管你的檔案如何被呼叫,以及不論擴充名。假如一個 檔案被呼叫這并不是問題。比如,postcard.txt,看起來像文本文檔,實際是可執行檔案
Anubis 也支援Android binaries,即有效的APK文檔分析。上傳的APK将會被安裝到Android模拟器,但是這個APK必須包括至少AndroidManifest.xml and classes.dex這兩個檔案。
About Anubis
關于Anubis
Anubis is sponsored by Secure Business Austria and developed by the International Secure Systems Lab. We are a small team of enthusiastic security professionals doing research in the field of computer security and malware analysis. Our goal is to provide interested and advanced computer users with a tool that helps in combatting malware. This is why we provide this service free of charge.
Anubis是由Secure Business Austria贊助, the International Secure Systems Lab開發的。我們是專注于計算機安全和惡意軟體分析的小團隊。我們的目标是為計算機愛好者和專業使用者提供對抗惡意軟體的幫助。這也是為什麼我們提供的服 務免費
Anubis is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware. Execution of Anubis results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary. The generated report includes detailed data about modifications made to the Windows registry or the file system, about interactions with the Windows Service Manager or other processes and of course it logs all generated network traffic. The analysis is based on running the binary in an emulated environment and watching i.e. analyzing its execution. The analysis focuses on the security-relevant aspects of a program's actions, which makes the analysis process easier and because the domain is more fine-grained it allows for more precise results. It is the ideal tool for the malware and virus interested person to get a quick understanding of the purpose of an unknown binary.
Anubis是用于分析Windows PE-可執行檔案的工具,在分析方面具有強大的力量。依據Anubis執行結果所生成的,包含足夠資訊的,關于目的和行為的二進制分析報告。所産生的報告 包含關于修改系統資料庫/檔案系統,和Windows Service Manager 的互動,以及其他程序行為,如網絡資料交換的詳細資料。這個分析是基于二進制仿真環境的。這個分析器緻力于為電腦愛好者們提供惡意程式和病毒的資料以便愛 好者們快速了解這些程式
Anubis is the result of more than three years of programming and research. We have designed Anubis to be an open framework for malware analysis that allows the easy integration of other tools and research artifacts. This will allow us to integrate new research prototypes produced by our group into Anubis as soon their code base is stable enough.
Anubis是多年計劃和發展的産品。我們已經把Anubis設計為一個開放的惡意軟體分析架構,并允許簡單的內建,人工搜尋功能。這将使我們能夠将新的研究為原型制作Anubis,完善,使其擁有足夠穩定的代碼庫。
If you have any questions, bug reports or comments please do not hesitate to contact us at [email protected]
如果你有任何問題,BUG報告或評論,聯系[email protected]