search

PUNCH-Cyber / stoq-plugins-public

stoQ Public Plugins
https://stoq.punchcyber.com
Apache License 2.0
72 stars 24 forks source link

Filedir "'ascii' codec can't encode characters" #61

Closed Kolano closed 5 years ago

Kolano commented 5 years ago

I'm seeing character encoding issues again in v2.0.3 /w the filedir plugin; unclear it's good to force ascii rather than unicode encoding...

[2019-04-23 14:45:37,645 ERROR] stoq: Failed to save results using filedir: {
    "results": [
        {
            "payload_id": "3bf03de9-cf75-431a-80e1-52c45a8d71fe",
            "size": 72704,
            "payload_meta": {
                "should_archive": true,
                "extra_data": {
                    "filename": "file.224"
                },
                "dispatch_to": []
            },
            "workers": [
                {
                    "hash": {
                        "sha256": "09a1c17ac55cde962b4f3bcd61140d752d86362296ee74736000a6a647c73d8c",
                        "md5": "2a9d0d06d292a4cbbe4a95da4650ed54",
                        "sha1": "44c32dfae9ac971c3651adbd82c821971a5400dc"
                    },
                    "trid": {
                        "EXE": [
                            {
                                "likely": "48.1%",
                                "type": "Win32 Executable MS Visual C++ (generic) (31206/45/13)"
                            },
                            {
                                "likely": "25.4%",
                                "type": "Microsoft Visual C++ compiled executable (generic) (16529/12/5)"
                            },
                            {
                                "likely": "6.9%",
                                "type": "Win32 Executable (generic) (4508/7/1)"
                            },
                            {
                                "likely": "3.1%",
                                "type": "OS/2 Executable (generic) (2029/13)"
                            }
                        ],
                        "DLL": [
                            {
                                "likely": "10.1%",
                                "type": "Win32 Dynamic Link Library (generic) (6578/25/2)"
                            }
                        ]
                    },
                    "clamav": {
                        "found": true,
                        "result": "Win.Trojan.Farfli-444"
                    },
                    "mimetype": {
                        "mimetype": "application/x-dosexec"
                    }
                },
                {
                    "vtmis-search": [
                        {
                            "vhash": "07402d556095z100131mz3fz",
                            "submission_names": [
                                "SogouPY Config",
                                "Config.exe",
                                "854137.exe",
                                "0.exe",
                                "/854137.exe",
                                "/root/Desktop/0.exe",
                                "Malware.ex___",
                                "08.exe",
                                "uncompressed",
                                "C:\\Documents and Settings\\Administrator\\My Documents\\Downloads\\malware samples\\854137.exe\\854137.exe",
                                "41414221412rddwqdqw.exe",
                                "DSA9B0.dscapture.net_2017-01-16T09.44.38+0700_192.168.81.70-64866_192.168.81.140-80_2a9d0d06d292a4cbbe4a95da4650ed54_1.exe",
                                "D:\\0xFFFFFFFFFF\\\ucef4\ud4e8\ud130\\\uc545\uc131\ucf54\ub4dc\ubd84\uc11d\\0.exe\\0.exe",
                                "Lab1.exe",
                                "\ub4dc\ub86d\ud37c.exe",
                                "sample.exe",
                                "Ghost.exe",
                                "evil-shit.exe",
                                "C:\\Users\\hrd\\0.exe",
                                "854137.exe.vir",
                                "0.exe.vir",
                                "Trojan.W32.Downloader-Uad.Farfli-444.exe",
                                "2a9d0d06d292a4cbbe4a95da4650ed54",
                                "23f82686258760c273af981b69cf4251041b8f0b",
                                "2A9D0D06D292A4CBBE4A95DA4650ED54.VIR",
                                "9100173",
                                "/var/www/clean-mx/virusesevidence/output.9100173.txt",
                                "C:\\Downloads\\Files1\\0.exe",
                                "c:\\downloads\\files1\\0.exe",
                                "E:\\TEKDEFENSE\\854137.exe"
                            ],
                            "scan_date": "2019-03-24 23:35:14",
                            "first_seen": "2013-01-14 22:05:50",
                            "times_submitted": 136,
                            "additional_info": {
                                "magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit",
                                "exiftool": {
                                    "UninitializedDataSize": "0",
                                    "LinkerVersion": "6.0",
                                    "ImageVersion": "0.0",
                                    "FileVersionNumber": "1.0.0.1",
                                    "LanguageCode": "Chinese (Simplified)",
                                    "FileFlagsMask": "0x003f",
                                    "ImageFileCharacteristics": "No relocs, Executable, No line numbers, No symbols, 32-bit",
                                    "CharacterSet": "Unicode",
                                    "InitializedDataSize": "71680",
                                    "EntryPoint": "0x15a2",
                                    "OriginalFileName": "Config.exe",
                                    "MIMEType": "application/octet-stream",
                                    "LegalCopyright": "? 2010 Sogou.com Inc. All rights reserved.",
                                    "FileVersion": "5.0.0.3787",
                                    "TimeStamp": "2011:03:22 16:36:10+01:00",
                                    "FileType": "Win32 EXE",
                                    "PEType": "PE32",
                                    "InternalName": "SogouPY Config",
                                    "ProductVersion": "5.0.0.3787",
                                    "SubsystemVersion": "4.0",
                                    "OSVersion": "4.0",
                                    "FileOS": "Windows NT 32-bit",
                                    "Subsystem": "Windows GUI",
                                    "MachineType": "Intel 386 or later, and compatibles",
                                    "CompanyName": "Sogou.com Inc.",
                                    "CodeSize": "0",
                                    "FileSubtype": "0",
                                    "ProductVersionNumber": "1.0.0.1",
                                    "FileTypeExtension": "exe",
                                    "ObjectFileType": "Executable application"
                                },
                                "trid": "Win32 Executable MS Visual C++ (generic) (48.1%)\nMicrosoft Visual C++ compiled executable (generic) (25.4%)\nWin32 Dynamic Link Library (generic) (10.1%)\nWin32 Executable (generic) (6.9%)\nOS/2 Executable (generic) (3.1%)",
                                "pe-imphash": "03f2c2376dbaab48c69a23e5f572970b",
                                "pe-resource-list": {
                                    "934bff4e3799007028d2fb8ecf30013dec9fcfdd91cf4ec2e15ec1120683ee7e": "ASCII text",
                                    "96e3d5cf15f4ad9ae0abe2c55e485b7b9a072ae4748f0f58f9ee9cf8498de1d2": "data",
                                    "dd69a739e398ce71ee9e05b92db9e9b12447c23eba896ac3f73adf50ca9071de": "data",
                                    "a92f60b25322592e7ddd13d88e4006c097666f4d87c8cb0c21ffdccd53b31d78": "Lotus 1-2-3",
                                    "9ee45783d72da6e3ca955b6333b50d4512695c99209c2b11fd675184cc9b1ca6": "data",
                                    "0717dfca923df0beca176f2cb47bdf066cd80d7365dac55184d1a6282bb81b26": "data",
                                    "391109432ba2df9f3ebc74e0144f42a490405f7c8ecb51da01b4ce793be72f25": "application/x-ms-dos-executable",
                                    "35b7d03732d6f5834ca165995ac2985880c2ac0c13b0d9c60a23edc9e0ae11e3": "ASCII text",
                                    "519122f5886bcca7e78f1537961c526d3128675006ed0c04b459ac49409176be": "data"
                                },
                                "peid": "Armadillo v1.71",
                                "pe-resource-langs": {
                                    "CHINESE SIMPLIFIED": 9
                                },
                                "contacted_domains": [
                                    "www.wikiplum.com"
                                ],
                                "contacted_ips": [
                                    "208.91.197.46"
                                ],
                                "deepguard": "Suspicious:W32/Malware!Online",
                                "sigcheck": {
                                    "product": "\u641c\u72d7\u62fc\u97f3\u8f93\u5165\u6cd5",
                                    "description": "\u641c\u72d7\u62fc\u97f3\u8f93\u5165\u6cd5 \u8bbe\u7f6e\u7a0b\u5e8f",
                                    "copyright": "? 2010 Sogou.com Inc. All rights reserved.",
                                    "original name": "Config.exe",
                                    "authentihash": "3bad0e636b23c59cbf300ebbf3df53380288b7035f8c2ba130f3735ab3b3a2d1",
                                    "file version": "5.0.0.3787",
                                    "internal name": "SogouPY Config",
                                    "link date": "4:36 PM 3/22/2011"
                                },
                                "compressed_parents": [
                                    "ccac5ae298c791f3fc3c7e98817e318ee86694c0ab02936c61a8933828761f48",
                                    "35f8662cfae89266708e5faaeb539db4ac9158a2a379cd3b283c97278d669034",
                                    "86bdb2ca9cabab6335ce2c2ff8204d7e6f2a342471aaf7856c0c0494f099dde0",
                                    "19d5b3d83bb2c366f7daf443e07492d406708f2cef4b73396f087b569b059693",
                                    "c79ac8a613c7a25793b2a0167d48a6a5e8e7c811ccdaf01d0a47efc7dff99dbd",
                                    "4967fa8105bb39ff58c2ebd2dcb9e3767f7ccc8713f36f73627eaaeaad28a1f6",
                                    "c60373d02dc3309de283fc9081e23d78caa152cc420727351b6693e3cd5331f3",
                                    "e3443db4619946094b683d1290b02b38266b7844053562bd612b0a497e7eb6ad",
                                    "0425e34cae3f701cf17dd64155f29cca0a77799a4029df42320ab741c2e96ed1",
                                    "66797f88850ce377c6ddf41856799ab47644a277b982e11994ec7e2a40415c3e",
                                    "780d3b7a7427bf86190722c24b483a6b0866a0fd0e1c3000e196c5109ccd6ec6",
                                    "ac3084a0404db903e66796ff7adfbb078c8b8285d0bc73721f1e85d1101a0339",
                                    "1dd806fc41e7ce89609e056301a150945e88b47331e523e46fbcd8de9cc9f193",
                                    "a81d15158decfd7bc39870714a7f5053bcff14150529f80e3e80416242675eba",
                                    "ef13fa473820ec1b67851ace3338ef486bfa4f7acfdddd1e2249010a32006799",
                                    "56ab6024ac67cabbafb80a5839a83f45a611d58604944a53c3d5a44578c63c37",
                                    "8e7b4017a0e0702627835f0ef853bfa86d97b3a4e4d9cbe7ebc4162ff67fd37f"
                                ],
                                "positives_delta": 1,
                                "pe-resource-detail": [
                                    {
                                        "lang": "CHINESE SIMPLIFIED",
                                        "chi2": 987762.3125,
                                        "filetype": "application/x-ms-dos-executable",
                                        "entropy": 6.1942267417907715,
                                        "sha256": "391109432ba2df9f3ebc74e0144f42a490405f7c8ecb51da01b4ce793be72f25",
                                        "type": "CPP"
                                    },
                                    {
                                        "lang": "CHINESE SIMPLIFIED",
                                        "chi2": 56994.4375,
                                        "filetype": "data",
                                        "entropy": 0.7523787021636963,
                                        "sha256": "519122f5886bcca7e78f1537961c526d3128675006ed0c04b459ac49409176be",
                                        "type": "RT_CURSOR"
                                    },
                                    {
                                        "lang": "CHINESE SIMPLIFIED",
                                        "chi2": 12890.708984375,
                                        "filetype": "data",
                                        "entropy": 1.92000412940979,
                                        "sha256": "9ee45783d72da6e3ca955b6333b50d4512695c99209c2b11fd675184cc9b1ca6",
                                        "type": "RT_BITMAP"
                                    },
                                    {
                                        "lang": "CHINESE SIMPLIFIED",
                                        "chi2": 1830.888671875,
                                        "filetype": "data",
                                        "entropy": 1.9447168111801147,
                                        "sha256": "0717dfca923df0beca176f2cb47bdf066cd80d7365dac55184d1a6282bb81b26",
                                        "type": "RT_MENU"
                                    },
                                    {
                                        "lang": "CHINESE SIMPLIFIED",
                                        "chi2": 11565.8759765625,
                                        "filetype": "data",
                                        "entropy": 2.8630785942077637,
                                        "sha256": "96e3d5cf15f4ad9ae0abe2c55e485b7b9a072ae4748f0f58f9ee9cf8498de1d2",
                                        "type": "RT_DIALOG"
                                    },
                                    {
                                        "lang": "CHINESE SIMPLIFIED",
                                        "chi2": 7893.99951171875,
                                        "filetype": "ASCII text",
                                        "entropy": 0.9609531760215759,
                                        "sha256": "934bff4e3799007028d2fb8ecf30013dec9fcfdd91cf4ec2e15ec1120683ee7e",
                                        "type": "RT_STRING"
                                    },
                                    {
                                        "lang": "CHINESE SIMPLIFIED",
                                        "chi2": 1797.600341796875,
                                        "filetype": "Lotus 1-2-3",
                                        "entropy": 2.0192408561706543,
                                        "sha256": "a92f60b25322592e7ddd13d88e4006c097666f4d87c8cb0c21ffdccd53b31d78",
                                        "type": "RT_GROUP_CURSOR"
                                    },
                                    {
                                        "lang": "CHINESE SIMPLIFIED",
                                        "chi2": 68214.3046875,
                                        "filetype": "data",
                                        "entropy": 3.580381155014038,
                                        "sha256": "dd69a739e398ce71ee9e05b92db9e9b12447c23eba896ac3f73adf50ca9071de",
                                        "type": "RT_VERSION"
                                    },
                                    {
                                        "lang": "CHINESE SIMPLIFIED",
                                        "chi2": 4716.19970703125,
                                        "filetype": "ASCII text",
                                        "entropy": 5.106089115142822,
                                        "sha256": "35b7d03732d6f5834ca165995ac2985880c2ac0c13b0d9c60a23edc9e0ae11e3",
                                        "type": "RT_MANIFEST"
                                    }
                                ],
                                "first_seen_itw": "2011-03-22 08:36:10",
                                "pe-resource-types": {
                                    "RT_DIALOG": 1,
                                    "RT_GROUP_CURSOR": 1,
                                    "RT_STRING": 1,
                                    "RT_MANIFEST": 1,
                                    "RT_MENU": 1,
                                    "CPP": 1,
                                    "RT_BITMAP": 1,
                                    "RT_CURSOR": 1,
                                    "RT_VERSION": 1
                                },
                                "pe-timestamp": 1300808170,
                                "imports": {
                                    "ADVAPI32.dll": [
                                        "RegOpenKeyA",
                                        "RegCloseKey",
                                        "OpenServiceA",
                                        "ChangeServiceConfigA",
                                        "RegSetValueExA",
                                        "ControlService",
                                        "StartServiceA",
                                        "RegCreateKeyExA",
                                        "OpenSCManagerA"
                                    ],
                                    "KERNEL32.dll": [
                                        "GetStartupInfoA",
                                        "SizeofResource",
                                        "GetWindowsDirectoryA",
                                        "Sleep",
                                        "GetModuleHandleA",
                                        "LoadResource",
                                        "LockResource",
                                        "WaitForSingleObject",
                                        "DeleteFileA",
                                        "CreateEventA",
                                        "WriteFile",
                                        "GetTickCount",
                                        "CloseHandle",
                                        "CreateFileA",
                                        "GetModuleFileNameA",
                                        "GetProcAddress",
                                        "FindResourceA",
                                        "LoadLibraryA",
                                        "FreeResource"
                                    ],
                                    "MSVCRT.dll": [
                                        "_except_handler3",
                                        "rand",
                                        "_acmdln",
                                        "_adjust_fdiv",
                                        "srand",
                                        "__p__commode",
                                        "__p__fmode",
                                        "_controlfp",
                                        "__setusermatherr",
                                        "exit",
                                        "sprintf",
                                        "__getmainargs",
                                        "_exit",
                                        "__set_app_type",
                                        "_initterm",
                                        "_XcptFilter"
                                    ],
                                    "USER32.dll": [
                                        "LoadCursorA",
                                        "RegisterClassA",
                                        "LoadIconA"
                                    ],
                                    "GDI32.dll": [
                                        "GetStockObject"
                                    ]
                                },
                                "pe-entry-point": 5538,
                                "sections": [
                                    [
                                        ".data",
                                        4096,
                                        3020,
                                        3072,
                                        "5.82",
                                        "2a6a06117a251a3d3aef8f00b73876a2"
                                    ],
                                    [
                                        ".rsrc",
                                        8192,
                                        69632,
                                        68608,
                                        "6.13",
                                        "74a468373ff0f87c6a068b0bfbcb969b"
                                    ]
                                ],
                                "pe-machine-type": 332
                            },
                            "size": 72704,
                            "scan_id": "09a1c17ac55cde962b4f3bcd61140d752d86362296ee74736000a6a647c73d8c-1553470514",
                            "total": 71,
                            "harmless_votes": 0,
                            "verbose_msg": "Scan finished, information embedded",
                            "sha256": "09a1c17ac55cde962b4f3bcd61140d752d86362296ee74736000a6a647c73d8c",
                            "type": "Win32 EXE",
                            "scans": {
                                "Bkav": {
                                    "detected": true,
                                    "version": "1.3.0.9899",
                                    "result": "W32.SogouQhupgfLnr.Trojan",
                                    "update": "20190320"
                                },
                                "MicroWorld-eScan": {
                                    "detected": true,
                                    "version": "14.0.297.0",
                                    "result": "Gen:Variant.Symmi.72359",
                                    "update": "20190324"
                                },
                                "CMC": {
                                    "detected": true,
                                    "version": "1.1.0.977",
                                    "result": "Trojan-GameThief.Win32.Magania!O",
                                    "update": "20190321"
                                },
                                "CAT-QuickHeal": {
                                    "detected": true,
                                    "version": "14.00",
                                    "result": "Backdoor.Farfli.O",
                                    "update": "20190324"
                                },
                                "McAfee": {
                                    "detected": true,
                                    "version": "6.0.6.653",
                                    "result": "Generic Dropper.abs",
                                    "update": "20190324"
                                },
                                "Cylance": {
                                    "detected": true,
                                    "version": "2.3.1.101",
                                    "result": "Unsafe",
                                    "update": "20190325"
                                },
                                "Zillya": {
                                    "detected": true,
                                    "version": "2.0.0.3781",
                                    "result": "Trojan.Magania.Win32.59362",
                                    "update": "20190324"
                                },
                                "TheHacker": {
                                    "detected": true,
                                    "version": "6.8.0.5.4098",
                                    "result": "Trojan/Magania.enxs",
                                    "update": "20190324"
                                },
                                "BitDefender": {
                                    "detected": true,
                                    "version": "7.2",
                                    "result": "Gen:Variant.Symmi.72359",
                                    "update": "20190324"
                                },
                                "K7GW": {
                                    "detected": true,
                                    "version": "11.34.30381",
                                    "result": "Password-Stealer ( 0022e0431 )",
                                    "update": "20190324"
                                },
                                "K7AntiVirus": {
                                    "detected": true,
                                    "version": "11.34.30381",
                                    "result": "Password-Stealer ( 0022e0431 )",
                                    "update": "20190324"
                                },
                                "Arcabit": {
                                    "detected": true,
                                    "version": "1.0.0.844",
                                    "result": "Trojan.Symmi.D11AA7",
                                    "update": "20190324"
                                },
                                "TrendMicro": {
                                    "detected": true,
                                    "version": "10.0.0.1040",
                                    "result": "TROJ_SPNR.15JQ11",
                                    "update": "20190324"
                                },
                                "Baidu": {
                                    "detected": true,
                                    "version": "1.0.0.2",
                                    "result": "Win32.Backdoor.DarkAngle.a",
                                    "update": "20190318"
                                },
                                "Babable": {
                                    "detected": false,
                                    "version": "9107201",
                                    "result": null,
                                    "update": "20180918"
                                },
                                "F-Prot": {
                                    "detected": true,
                                    "version": "4.7.1.166",
                                    "result": "W32/Backdoor.Q.gen!Eldorado",
                                    "update": "20190324"
                                },
                                "Symantec": {
                                    "detected": true,
                                    "version": "1.8.0.0",
                                    "result": "Trojan.Dropper",
                                    "update": "20190324"
                                },
                                "TotalDefense": {
                                    "detected": false,
                                    "version": "37.1.62.1",
                                    "result": null,
                                    "update": "20190324"
                                },
                                "TrendMicro-HouseCall": {
                                    "detected": true,
                                    "version": "10.0.0.1040",
                                    "result": "TROJ_SPNR.15JQ11",
                                    "update": "20190324"
                                },
                                "Paloalto": {
                                    "detected": true,
                                    "version": "1.0",
                                    "result": "generic.ml",
                                    "update": "20190325"
                                },
                                "ClamAV": {
                                    "detected": true,
                                    "version": "0.101.1.0",
                                    "result": "Win.Trojan.Farfli-444",
                                    "update": "20190324"
                                },
                                "Kaspersky": {
                                    "detected": true,
                                    "version": "15.0.1.13",
                                    "result": "Trojan-GameThief.Win32.Magania.ensu",
                                    "update": "20190324"
                                },
                                "Alibaba": {
                                    "detected": false,
                                    "version": "0.2.0.3",
                                    "result": null,
                                    "update": "20190306"
                                },
                                "NANO-Antivirus": {
                                    "detected": true,
                                    "version": "1.0.134.24576",
                                    "result": "Trojan.Win32.Dwn.tshuf",
                                    "update": "20190324"
                                },
                                "ViRobot": {
                                    "detected": true,
                                    "version": "2014.3.20.0",
                                    "result": "Trojan.Win32.PSW-Magania.72704",
                                    "update": "20190324"
                                },
                                "SUPERAntiSpyware": {
                                    "detected": true,
                                    "version": "5.6.0.1032",
                                    "result": "Trojan.Agent/Gen-Farfli",
                                    "update": "20190321"
                                },
                                "Avast": {
                                    "detected": true,
                                    "version": "18.4.3895.0",
                                    "result": "Win32:Downloader-UAD [Trj]",
                                    "update": "20190324"
                                },
                                "Rising": {
                                    "detected": true,
                                    "version": "25.0.0.24",
                                    "result": "Backdoor.Farfli!1.64A3 (CLOUD)",
                                    "update": "20190324"
                                },
                                "Endgame": {
                                    "detected": true,
                                    "version": "3.0.8",
                                    "result": "malicious (high confidence)",
                                    "update": "20190322"
                                },
                                "Trustlook": {
                                    "detected": false,
                                    "version": "1.0",
                                    "result": null,
                                    "update": "20190325"
                                },
                                "Sophos": {
                                    "detected": true,
                                    "version": "4.98.0",
                                    "result": "Troj/Farfli-Gen",
                                    "update": "20190322"
                                },
                                "Comodo": {
                                    "detected": true,
                                    "version": "30620",
                                    "result": "TrojWare.Win32.Farfli.~hon@4k8xs5",
                                    "update": "20190325"
                                },
                                "F-Secure": {
                                    "detected": true,
                                    "version": "12.0.86.52",
                                    "result": "Trojan.TR/Spy.Gen",
                                    "update": "20190324"
                                },
                                "DrWeb": {
                                    "detected": true,
                                    "version": "7.0.34.11020",
                                    "result": "Trojan.DownLoader4.44699",
                                    "update": "20190324"
                                },
                                "VIPRE": {
                                    "detected": true,
                                    "version": "73920",
                                    "result": "Trojan-Dropper.Win32.Farfli.e (v)",
                                    "update": "20190324"
                                },
                                "Invincea": {
                                    "detected": true,
                                    "version": "6.3.6.26157",
                                    "result": "heuristic",
                                    "update": "20190313"
                                },
                                "McAfee-GW-Edition": {
                                    "detected": true,
                                    "version": "v2017.3010",
                                    "result": "Generic Dropper.abs",
                                    "update": "20190324"
                                },
                                "Trapmine": {
                                    "detected": true,
                                    "version": "3.1.48.748",
                                    "result": "malicious.high.ml.score",
                                    "update": "20190301"
                                },
                                "Emsisoft": {
                                    "detected": true,
                                    "version": "2018.4.0.1029",
                                    "result": "Gen:Variant.Symmi.72359 (B)",
                                    "update": "20190324"
                                },
                                "SentinelOne": {
                                    "detected": true,
                                    "version": "1.0.24.302",
                                    "result": "DFI - Malicious PE",
                                    "update": "20190317"
                                },
                                "Cyren": {
                                    "detected": true,
                                    "version": "6.2.0.1",
                                    "result": "W32/Backdoor.Q.gen!Eldorado",
                                    "update": "20190324"
                                },
                                "Jiangmin": {
                                    "detected": true,
                                    "version": "16.0.100",
                                    "result": "Trojan/PSW.Magania.auqv",
                                    "update": "20190324"
                                },
                                "Webroot": {
                                    "detected": true,
                                    "version": "1.0.0.403",
                                    "result": "W32.Backdoor.Gen",
                                    "update": "20190325"
                                },
                                "Avira": {
                                    "detected": true,
                                    "version": "8.3.3.8",
                                    "result": "TR/Spy.Gen",
                                    "update": "20190324"
                                },
                                "MAX": {
                                    "detected": true,
                                    "version": "2018.9.12.1",
                                    "result": "malware (ai score=100)",
                                    "update": "20190325"
                                },
                                "Antiy-AVL": {
                                    "detected": true,
                                    "version": "3.0.0.1",
                                    "result": "Trojan[GameThief]/Win32.Magania",
                                    "update": "20190324"
                                },
                                "Kingsoft": {
                                    "detected": true,
                                    "version": "2013.8.14.323",
                                    "result": "Win32.Troj.Generic.(kcloud)",
                                    "update": "20190325"
                                },
                                "Microsoft": {
                                    "detected": true,
                                    "version": "1.1.15800.1",
                                    "result": "TrojanDropper:Win32/Farfli.E",
                                    "update": "20190324"
                                },
                                "AegisLab": {
                                    "detected": true,
                                    "version": "4.2",
                                    "result": "Trojan.Win32.Magania.4!c",
                                    "update": "20190324"
                                },
                                "ZoneAlarm": {
                                    "detected": true,
                                    "version": "1.0",
                                    "result": "Trojan-GameThief.Win32.Magania.ensu",
                                    "update": "20190324"
                                },
                                "Avast-Mobile": {
                                    "detected": false,
                                    "version": "190324-00",
                                    "result": null,
                                    "update": "20190324"
                                },
                                "GData": {
                                    "detected": true,
                                    "version": "A:25.21250B:25.14682",
                                    "result": "Gen:Variant.Symmi.72359",
                                    "update": "20190324"
                                },
                                "AhnLab-V3": {
                                    "detected": true,
                                    "version": "3.15.0.23609",
                                    "result": "Dropper/Win32.OnlineGameHack.R3269",
                                    "update": "20190324"
                                },
                                "Acronis": {
                                    "detected": false,
                                    "version": "1.0.1.40",
                                    "result": null,
                                    "update": "20190322"
                                },
                                "VBA32": {
                                    "detected": true,
                                    "version": "4.0.0",
                                    "result": "BScope.Trojan.Downloader",
                                    "update": "20190322"
                                },
                                "ALYac": {
                                    "detected": true,
                                    "version": "1.1.1.5",
                                    "result": "Gen:Variant.Symmi.72359",
                                    "update": "20190324"
                                },
                                "TACHYON": {
                                    "detected": true,
                                    "version": "2019-03-24.02",
                                    "result": "Trojan-PWS/W32.WebGame.72704.AX",
                                    "update": "20190324"
                                },
                                "Ad-Aware": {
                                    "detected": true,
                                    "version": "3.0.5.370",
                                    "result": "Gen:Variant.Symmi.72359",
                                    "update": "20190324"
                                },
                                "Malwarebytes": {
                                    "detected": true,
                                    "version": "2.1.1.1115",
                                    "result": "Backdoor.Farfli.Gen",
                                    "update": "20190324"
                                },
                                "Zoner": {
                                    "detected": true,
                                    "version": "1.0",
                                    "result": "Trojan.Win32.9143",
                                    "update": "20190325"
                                },
                                "ESET-NOD32": {
                                    "detected": true,
                                    "version": "19081",
                                    "result": "Win32/Farfli.DV",
                                    "update": "20190324"
                                },
                                "Tencent": {
                                    "detected": true,
                                    "version": "1.0.0.1",
                                    "result": "Trojan.Win32.Magania.nlz",
                                    "update": "20190325"
                                },
                                "Yandex": {
                                    "detected": true,
                                    "version": "5.5.1.3",
                                    "result": "Trojan.PWS.Magania!d9Mad2m07yY",
                                    "update": "20190324"
                                },
                                "Ikarus": {
                                    "detected": true,
                                    "version": "0.1.5.2",
                                    "result": "Trojan-Spy.Win32.Insain",
                                    "update": "20190324"
                                },
                                "eGambit": {
                                    "detected": true,
                                    "version": "v4.3.6",
                                    "result": "Unsafe.AI_Score_95%",
                                    "update": "20190325"
                                },
                                "Fortinet": {
                                    "detected": true,
                                    "version": "5.4.247.0",
                                    "result": "W32/Onlinegames.BNLQ!tr",
                                    "update": "20190324"
                                },
                                "AVG": {
                                    "detected": true,
                                    "version": "18.4.3895.0",
                                    "result": "Win32:Downloader-UAD [Trj]",
                                    "update": "20190324"
                                },
                                "Cybereason": {
                                    "detected": true,
                                    "version": "1.2.449",
                                    "result": "malicious.6d292a",
                                    "update": "20190324"
                                },
                                "Panda": {
                                    "detected": true,
                                    "version": "4.6.4.2",
                                    "result": "Generic Malware",
                                    "update": "20190324"
                                },
                                "CrowdStrike": {
                                    "detected": true,
                                    "version": "1.0",
                                    "result": "win/malicious_confidence_100% (W)",
                                    "update": "20190212"
                                },
                                "Qihoo-360": {
                                    "detected": true,
                                    "version": "1.0.0.1120",
                                    "result": "Win32/Trojan.GameThief.cda",
                                    "update": "20190325"
                                }
                            },
                            "tags": [
                                "peexe",
                                "armadillo"
                            ],
                            "authentihash": "3bad0e636b23c59cbf300ebbf3df53380288b7035f8c2ba130f3735ab3b3a2d1",
                            "unique_sources": 116,
                            "positives": 65,
                            "ssdeep": "1536:jWZpTtLcWyeYd4//yEZc1GJf7/QP4uirySj5e:+pZTvnyEZiGJ7/QguiryS5e",
                            "md5": "2a9d0d06d292a4cbbe4a95da4650ed54",
                            "permalink": "https://www.virustotal.com/file/09a1c17ac55cde962b4f3bcd61140d752d86362296ee74736000a6a647c73d8c/analysis/1553470514/",
                            "sha1": "44c32dfae9ac971c3651adbd82c821971a5400dc",
                            "resource": "44c32dfae9ac971c3651adbd82c821971a5400dc",
                            "response_code": 1,
                            "community_reputation": -59,
                            "malicious_votes": 5,
                            "ITW_urls": [
                                "http://34.240.31.94/854137.exe",
                                "http://200.129.137.121/Malware.ex___",
                                "http://199.193.71.91:89/0.exe"
                            ],
                            "last_seen": "2019-03-09 18:46:24"
                        }
                    ]
                }
            ],
            "archivers": {},
            "plugins_run": {
                "workers": [
                    [
                        "hash",
                        "trid",
                        "clamav",
                        "mimetype"
                    ],
                    [
                        "vtmis-search"
                    ]
                ],
                "archivers": []
            },
            "extracted_from": null,
            "extracted_by": null
        }
    ],
    "request_meta": {
        "archive_payloads": true,
        "source": null,
        "extra_data": {}
    },
    "errors": {
    },
    "time": "2019-04-23T14:45:37.636438",
    "decorators": {},
    "scan_id": "c25068fd-f0f2-4f7d-b988-d7712ef4d132"
}
Traceback (most recent call last):
  File "/home/pass/.stoq/.venv/lib/python3.6/site-packages/stoq/core.py", line 546, in scan_payload
    connector.save(response)
  File "/home/pass/.stoq/plugins/filedir/filedir.py", line 139, in save
    outfile.write(f'{helpers.dumps(response, compactly=self.compactly)}\n')
UnicodeEncodeError: 'ascii' codec can't encode characters in position 1418-1420: ordinal not in range(128)
--- Logging error ---
Traceback (most recent call last):
  File "/home/pass/.stoq/.venv/lib/python3.6/site-packages/stoq/core.py", line 546, in scan_payload
    connector.save(response)
  File "/home/pass/.stoq/plugins/filedir/filedir.py", line 139, in save
    outfile.write(f'{helpers.dumps(response, compactly=self.compactly)}\n')
UnicodeEncodeError: 'ascii' codec can't encode characters in position 1418-1420: ordinal not in 
range(128)
mlaferrera commented 5 years ago

What command are you running? What is your environments LANG set to? I've tried several different ways to try and replicate this issue, but in each instance it appears to be working fine.

Kolano commented 5 years ago

Command is: stoq scan '$1' -a clamav hash mimetype trid -E pass-dispatch -C filedir LANG is: en_US.UTF-8 (the default in Ubuntu 18.10)

It doesn't seem to happen consistently, I presume only certain results include Unicode characters relevant to setting it off. I'd need some time to dig up the file analyzed here; it is malicious, so unclear if I'd be able to submit it here (I guess a password protected zip might work out).

Kolano commented 5 years ago

Hrm, I found the file, but can't replicate the error myself when re-analyzing it in either v2.0.3 or v2.0.4. I'll try to report back when I can work out a way to reproduce this consistently.

mlaferrera commented 5 years ago

I'm still unable to replicate this issue. I'm closing for now since it can't be reproduced but please feel free to reopen if you are able to do so.