Let "auto choose analysis package" properly work on Windows 10 64-bit

As I said before(, these days I' m working hard on creating custom signatures for Cuckoo Sandbox.
During the process of deploying Cuckoo Sandbox, I encountered lots of problems and I fixed most of them.
Today I let the "auto choose analysis package" properly work on my computer, the most important problem is installing python-magic on Windows 10 64-bit because python-magic does not support 64-bit Windows.
Here is the final solution to let this function properly work :-)

Cuckoo Version: 2.0.5
OS: Windows 10 Professional 64-bit(16299)

1. Patch file: .cuckoo/analyzer/windows/
line 543: we should add a check for "None" string
if not self.config.package or self.config.package == "None"

Download DLL & MGC file, rename DLL file into "magic1.dll" then drop it on System32 directory, over-write same MGC file on [pytho…

Behavior-based Signature Changelog

About a week ago, I started to deploy Cuckoo Sandbox on my old laptop(I would like to use it as Cloud Analysis for X-Sec Antivirus in the future) and I finished deployment on 31th Mar. 2018.

After a overview of Cuckoo Community signature, I found that the signatures can't meet my need, so it's time to create extra signatures to enhance malware detection.

Due to the lack of official document, create a signature usually costs me 3~4 hours, but it doesn't matter, the time will be reduced after I'm proficient in doing it.

Here is the signature changelog.

+ -> add
↑ -> improve/bugfix
- -> remove
× -> try to add signature but failed/unnecessary to add signature

+ dyncompile[Behavior]
↑ suspicious_url[Behavior]

↑ suspicious_domain[Behavior]

+ suspicious_domain[Behavior]
+ suspicious_url[Behavior]

+ Sality
↑ Orcus

+ antidebug_detectapi[Behavior]

+ findwindow[Behavior]
× Formbook

+ modify_t…