Cuckoo - Automated Malware Analysis

Malware is the raw-material associated with many cybercrime-related activities. Cuckoo is a lightweight solution that performs automated dynamic analysis of provided Windows binaries. It is able to return comprehensive reports on key API calls and network activity.

Cuckoobox was originally developed as part of GSoc 2010 by Claudio Guarnieri and has been greatly enhanced in subsequent GSocs under Claudio's leadership.

An online version of cuckoobox is available at

Current features are:

  • Retrieve files from remote URLs and analyze them.
  • Trace relevant API calls for behavioral analysis.
  • Recursively monitor newly spawned processes.
  • Dump generated network traffic.
  • Run concurrent analysis on multiple machines.
  • Support custom analysis package based on AutoIt3 scripting.
  • Intercept downloaded and deleted files.
  • Take screenshots during runtime.

Cuckoo is available from