APSHEN: A Hybrid Sandboxing Environment For Dynamic Analysis of Windows Executables

APSHEN is a hybrid and tightly-controlled execution environment (a.k.a sandbox) which we created by combining open source sandbox projects Cuckoo and Zerowine. The aim of the hybrid approach was to provide more accurate dynamic analysis by summing the benefits of two different execution approaches: (1) Executing the malware samples on a Windows virtual machine, which is done by Cuckoo; and (2) Executing the sample by emulating windows APIs on top of Linux kernel, which is done by ZeroWine.

PhD Candidate/Security Researcher