Anubis: Analyzing Unknown Binaries


Anubis is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware. Execution of Anubis results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary. The generated report includes detailed data about modifications made to the Windows registry or the file system, about interactions with the Windows Service Manager or other processes and of course it logs all generated network traffic. The analysis is based on running the binary in an emulated environment and watching i.e. analyzing its execution. The analysis focuses on the security-relevant aspects of a program's actions, which makes the analysis process easier and because the domain is more fine-grained it allows for more precise results. It is the ideal tool for the malware and virus interested person to get a quick understanding of the purpose of an unknown binary.

Anubis is the result of more than three years of programming and research. We have designed Anubis to be an open framework for malware analysis that allows the easy integration of other tools and research artifacts. This will allow us to integrate new research prototypes produced by our group into Anubis as soon their code base is stable enough.

Research topics

People involved

PhD Students

Last update
Dec. 11, 2011, 2:16 p.m.