In this chapter we introduced a tool called CWSandbox for automated analysis of malware. This is necessary due to the fact that more and more malware is released and techniques like manual disassembling or reverse engineering do not scale. The tool uses API hooking and DLL injection to observe all relevant function calls during a malware's execution. With an example of a real-world malware binary and some preliminary results of our automation process, we showed the feasibility of this approach.
You can use CWSandbox to learn more about the behavior of Windows binaries. Just submit the sample that you want to analyze to http://www.cwsandbox.org/, and a few minutes later you should receive an analysis report. This gives you a good starting point and helps in vulnerability assessment.