cuckoo loads the submitted sample into the Guest through the vbox shared folder feature and loads that sample inside the Guest. As of now it can load dll, exe , doc, pdf, php document samples and it can load an URL into Firefox or IE. Once the process is started inside the Guest, it injects a DLL into the target process and it hooks few API’s. cuckoo didn’t release the source code of the DLL. If you just take a strings of it you can find the list of API’s hooked by this DLL. cuckoo provides an option of loading your own custom DLL too.
List of API’s hooked by the cmonitor.dll: