markro20
commented
8 years ago Researching more, I found that this could be linked with Issue #58 but it seems the problems appears in some situations.
Open markro20 opened 8 years ago
markro20
commented
8 years ago Researching more, I found that this could be linked with Issue #58 but it seems the problems appears in some situations.
brad-sp
commented
8 years ago Can you provide me with the bson logs for that analysis so I can see if it's the same issue of the bad version of bson?
markro20
commented
8 years ago Here are the logs https://db.tt/os8tH49c
markro20
commented
8 years ago Any more advices on the issue I have? Is it because of the wrong bson version? Thanks!
jgajek
commented
8 years ago I am running into the same traceback while analyzing a PE binary (MD5 d8165ba07f937a94e5a48d90e0ad3197). Subsequently, all signatures error out with tracebacks, and the analysis hangs in a processing state.
brad-sp
commented
8 years ago Thanks, I can reproduce it now as well on a 64-bit guest.
-Brad
jgajek
commented
8 years ago Thanks Brad, I tried installing the latest 'bson' module over the one that comes with pymongo in my Dockerized Cuckoo build (https://github.com/jgajek/cuckoo-docker) but this conflicts and breaks the Django web UI. So unfortunately installing the 'bson' module is not a viable solution.
ernestszocs
commented
8 years ago Hi, I am also having this issue, it makes Cuckoo Sandbox almost unusable. Is there any fix for this problem? Thanks.
jgajek
commented
8 years ago ernestszocs: Yes, I submitted a fix which has been merged here: https://github.com/spender-sandbox/cuckoo-modified
markro20
commented
8 years ago Thanks Jacob. Your fix worked for me.
I have current version installed but when processing an infected DOC file on Win7x64, multiple errors are raised and in the final the processing hangs. On WinXP the same file process fine with no to many results but at least is not hanging.
Here are some errors examples I found in log file:
2015-11-05 09:03:30,277 [lib.cuckoo.core.plugins] ERROR: Failed to run the processing module "BehaviorAnalysis": Traceback (most recent call last): File "/home/sandbox1/cuckoo-modified/lib/cuckoo/core/plugins.py", line 197, in process data = current.run() File "/home/sandbox1/cuckoo-modified/modules/processing/behavior.py", line 1106, in run for call in process["calls"]: File "/home/sandbox1/cuckoo-modified/modules/processing/behavior.py", line 191, in next return self.cacheless_next() File "/home/sandbox1/cuckoo-modified/modules/processing/behavior.py", line 168, in cacheless_next self.wait_for_lastcall() File "/home/sandbox1/cuckoo-modified/modules/processing/behavior.py", line 146, in wait_for_lastcall if not self.parser.read_next_message(): File "/home/sandbox1/cuckoo-modified/lib/cuckoo/common/netlog.py", line 195, in read_next_message self.handler.log_call(context, apiname, category, arguments) File "/home/sandbox1/cuckoo-modified/modules/processing/behavior.py", line 252, in log_call returnval] + arguments) File "/home/sandbox1/cuckoo-modified/modules/processing/behavior.py", line 311, in _parse pretty = pretty_print_arg(category, api_name, arg_name, argument["value"]) File "/home/sandbox1/cuckoo-modified/lib/cuckoo/common/utils.py", line 1261, in pretty_print_arg val = int(arg_val, 16) ValueError: invalid literal for int() with base 16: '0x-7fffffff'
2015-11-05 09:03:36,957 [lib.cuckoo.core.plugins] ERROR: Failed to run signature "antianalysis_detectfile": Traceback (most recent call last): File "/home/sandbox1/cuckoo-modified/lib/cuckoo/core/plugins.py", line 351, in process data = current.run() File "/home/sandbox1/cuckoo-modified/modules/signatures/antianalysis_detectfile.py", line 26, in run file_match = self.check_file(pattern=indicator, regex=True, all=True) File "/home/sandbox1/cuckoo-modified/lib/cuckoo/common/abstracts.py", line 762, in check_file subject = self.results["behavior"]["summary"]["files"] KeyError: 'behavior'
2015-11-05 09:03:37,002 [lib.cuckoo.core.plugins] ERROR: Failed to run signature "fleercivet_mutex": Traceback (most recent call last): File "/home/sandbox1/cuckoo-modified/lib/cuckoo/core/plugins.py", line 351, in process data = current.run() File "/home/sandbox1/cuckoo-modified/modules/signatures/trojan_fleercivet_mutex.py", line 34, in run if self.check_mutex(pattern=indicator): File "/home/sandbox1/cuckoo-modified/lib/cuckoo/common/abstracts.py", line 890, in check_mutex subject = self.results["behavior"]["summary"]["mutexes"] KeyError: 'behavior'
And the process completely hangs at:
2015-11-05 09:03:37,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3" 2015-11-05 09:03:37,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "webmail_phish" 2015-11-05 09:03:37,004 [lib.cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run: 'behavior' Traceback (most recent call last): File "/home/sandbox1/cuckoo-modified/lib/cuckoo/core/scheduler.py", line 429, in run self.process_results() File "/home/sandbox1/cuckoo-modified/lib/cuckoo/core/scheduler.py", line 373, in process_results RunReporting(task=self.task.to_dict(), results=results).run() File "/home/sandbox1/cuckoo-modified/lib/cuckoo/core/plugins.py", line 577, in init for process in results["behavior"]["processes"]: KeyError: 'behavior'
Any ideas what is wrong??