search

brad-sp / cuckoo-modified

Modified edition of cuckoo
271 stars 100 forks source link

Static and ReSubmit plugins failing to run properly #188

Closed geudrik closed 9 years ago

geudrik commented 9 years ago

Static analysis and the subsequent re-submission modules fail to execute properly. The trace is below (latest pull is from four days ago)

Edit: I've got the processor running in standalone mode, for what it's worth. For the pefile issue, I'm not sure whether or not the object is being correctly initialized or not. This could easily be one to ignore.

2015-09-08 12:26:51,486 [lib.cuckoo.core.plugins] ERROR: Failed to run the processing module "Static":
Traceback (most recent call last):
  File "/opt/cuckoo/cuckoo-modified/utils/../lib/cuckoo/core/plugins.py", line 197, in process
    data = current.run()
  File "/opt/cuckoo/cuckoo-modified/utils/../modules/processing/static.py", line 992, in run
    static = PortableExecutable(self.file_path, self.results).run()
  File "/opt/cuckoo/cuckoo-modified/utils/../modules/processing/static.py", line 704, in run
    results["pe_actual_checksum"] = self._get_actual_checksum()
  File "/opt/cuckoo/cuckoo-modified/utils/../modules/processing/static.py", line 472, in _get_actual_checksum
    return "0x{0:08x}".format(self.pe.generate_checksum())
  File "/usr/lib/python2.7/dist-packages/pefile.py", line 3720, in generate_checksum
    dword = struct.unpack('L', self.__data__[ i*4 : i*4+4 ])[0]
error: unpack requires a string argument of length 8
2015-09-08 12:26:53,181 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "ReSubmitExtractedEXE":
Traceback (most recent call last):
  File "/opt/cuckoo/cuckoo-modified/utils/../lib/cuckoo/core/plugins.py", line 619, in process
    current.run(self.results)
  File "/opt/cuckoo/cuckoo-modified/utils/../modules/reporting/resubmitexe.py", line 44, in run
    if report["info"].has_key("options") and report["info"]["options"].has_key("resubmitjob") and report["info"]["options"]["resubmitjob"]:
AttributeError: 'str' object has no attribute 'has_key'
2015-09-08 12:27:00,560 [root] INFO: Task #16: reports generation completed
brad-sp commented 9 years ago

First issue is probably from an outdated version of pefile.

Second issue should be fixed now with https://github.com/brad-accuvant/cuckoo-modified/commit/806c1932a40abecfcf07ea0c241e3a1dfed9d6f7

Thanks!

geudrik commented 9 years ago

Cheers Brad!