Enter a universe where the real and the virtual worlds collide, where gamers and their inhabitants exist in an all-new dimension.
With this information, analyzing malware's behavior turns out to be very easy.
In the future, every time you upload a new malware file it will be added to a queue for later analysis and a new WINEPREFIX specific to run this malware will be created.
You must run the virtual machine using QEMU giving various arguments.
Running the distributed virtual machine with the correct command line options (use the supplied startup shell script to run the virtual machine) provides a web based (web server is written in python) graphical interface to upload malware to be analyzed (a CGI written, also, in python).
When a new malware is uploaded, it is copied to the directory /tmp/vir/MD5_OF_THE_FILE, them, the previous created WINE environment (WINEPREFIX if you prefer) is removed and a backup system is untared (the backup system is /home/malware/backup/gz).
Zero wine is an open source (GPL v2) research project to dynamically analyze the behavior of malware.
Zero wine just runs the malware using WINE in a safe virtual sandbox (in an isolated environment) collecting information about the APIs called by the program.
After this operation, the malware is executed using the shell script malware_(the file is stored in the folder /home/malware/bin).
The current system is subject to change as it doesn't allow the analysis of more than one malware at a time.
Zero wine is distributed as one QEMU virtual machine image with a Debian operating system installed.
The image contains software to upload and analyze malware and to generate reports based on the information gathered (this software is stored in /home/malware/zerowine).