Wednesday, June 25, 2008

[nepenthes] Using Anubis Python script

We can use this python script to automate/mocking the automated submission triggered by Nepenthes...


root@nuvox:~/binaries# ./submit_to_anubis.py * -e mailaku @ gmail.com
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=f474d3ae50475c6451031f37d2d283fd
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=357c926ee5bfeb6471185f4fb403b55c
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=0c75b6d90af30124155cf3c69cce504b
Could not submit the sample.
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=fd7ca9e064aef6d499121a4956a2d9fa
Could not submit the sample.
Could not submit the sample.
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=639c177e1ee45b44e1a472b9adcd5654
Successfully submitted the sample.
Get the task result at http://analysis.seclab.tuwien.ac.at/result.php?taskid
=eb7e2f28889e51d4e5fa0b7903e76a30
Could not submit the sample.

Some of the binaries are malformed.. you will received the same notification from the other sandbox provider given you use the default submit_norman.conf submission as well.


Also, by using this way the malware analysis submission reports do not have any nepenthes- prefix at all.

No comments: