A Dynamic Malware Analysis System

Corvus is a dynamic analysis system for malware targeting Windows, Linux, and Android. Corvus applies behavioral heuristics to identify suspicious activities exhibited by unknown programs. Users can submit their samples to Corvus Web interface and/or retrieve analysis results in a parsed format or in STIX format. Corvus is currently available in a beta version, so we appreciate any feedback and/or bug report. Access Corvus Now.

Corvus is the result of multiple developments: (i) packer detectors to identify embedded malicious payloads; (ii) kernel-drivers developed to intercept system and APIs calls; (iii) File-system filters developed to persist malicious objects which were marked for deletion by malware; (iv) Virtual-Machines (VMs) developed to scale analysis using multiple machines; (v) network filters developed to not infect neighbor network nodes; (vi) network dissectors to parse malicious network traffic; and (vii) a malware taxonomy developed to classify unknown binaries according to their behaviors. If you are interested to develop research in any of these subjects, get in touch!