search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.54k stars 1.7k forks source link

Module 'bin\\is32bit.exe' failed.... #1201

Closed g00dv1n closed 7 years ago

g00dv1n commented 7 years ago

Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: Error returned by is32bit: Command '['bin\is32bit.exe', '-f', u'C:\Users\ANDYHA~1\AppData\Local\Temp\98UHNV~1.EXE']' returned non-zero exit statu

Error: Analysis failed: The package "modules.packages.exe" start function encountered an unhandled exception: Error returned by is32bit: Command '['bin\is32bit.exe', '-f', u'C:\Users\ANDYHA~1\AppData\Local\Temp\NB4VER~1.EXE']' returned non-zero exit status

doomedraven commented 7 years ago

provide more info, as logs, hashes etc

g00dv1n commented 7 years ago

https://www.virustotal.com/en/file/2b81cdc8f3c9608bbfb9122fa7bf52b8508b0a76fdc7b9f421ad095ecc8af492/analysis/

Full log ` $ ./cuckoo.py -d 

                  __

.----..--.--..----.| |--..-----..-----. | || | || || < | || | ||||||||||||_____|

Cuckoo Sandbox 2.0-rc1 www.cuckoosandbox.org Copyright (c) 2010-2015

Checking for updates... Good! You have the latest version available.

2016-12-05 18:48:06,330 [root] DEBUG: Importing modules... 2016-12-05 18:48:06,556 [root] DEBUG: Imported "signatures" modules: 2016-12-05 18:48:06,557 [root] DEBUG: |-- AndroidAbortBroadcast 2016-12-05 18:48:06,557 [root] DEBUG: |-- AndroidAccountInfo 2016-12-05 18:48:06,557 [root] DEBUG: |-- AndroidAppInfo 2016-12-05 18:48:06,557 [root] DEBUG: |-- AndroidAudio 2016-12-05 18:48:06,557 [root] DEBUG: |-- AndroidCamera 2016-12-05 18:48:06,557 [root] DEBUG: |-- AndroidDangerousPermissions 2016-12-05 18:48:06,557 [root] DEBUG: |-- AndroidDeletedApp 2016-12-05 18:48:06,557 [root] DEBUG: |-- AndroidDynamicCode 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidEmbeddedApk 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidGooglePlayDiff 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidInstalledApps 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidNativeCode 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidPhoneNumber 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidPrivateInfoQuery 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidReflectionCode 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidRegisteredReceiver 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidSMS 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidShellCommands 2016-12-05 18:48:06,558 [root] DEBUG: |-- AndroidStopProcess 2016-12-05 18:48:06,559 [root] DEBUG: |-- ApplicationUsesLocation 2016-12-05 18:48:06,559 [root] DEBUG: |-- KnownVirustotal 2016-12-05 18:48:06,559 [root] DEBUG: |-- CreatesExe 2016-12-05 18:48:06,559 [root] DEBUG: |-- AntiAnalysisJavascript 2016-12-05 18:48:06,559 [root] DEBUG: |-- DumpedBuffer 2016-12-05 18:48:06,559 [root] DEBUG: |-- DumpedBuffer2 2016-12-05 18:48:06,559 [root] DEBUG: |-- EncryptionKeys 2016-12-05 18:48:06,559 [root] DEBUG: |-- EvalJS 2016-12-05 18:48:06,559 [root] DEBUG: |-- Exploit_zteF460F660 2016-12-05 18:48:06,559 [root] DEBUG: |-- HtmlFlash 2016-12-05 18:48:06,559 [root] DEBUG: |-- JsIframe 2016-12-05 18:48:06,560 [root] DEBUG: |-- SuspiciousJavascript 2016-12-05 18:48:06,560 [root] DEBUG: |-- DarwinCodeInjection 2016-12-05 18:48:06,560 [root] DEBUG: |-- TaskForPid 2016-12-05 18:48:06,560 [root] DEBUG: |-- SystemMetrics 2016-12-05 18:48:06,560 [root] DEBUG: |-- DeadHost 2016-12-05 18:48:06,560 [root] DEBUG: |-- NetworkBIND 2016-12-05 18:48:06,560 [root] DEBUG: |-- NetworkDynDNS 2016-12-05 18:48:06,560 [root] DEBUG: |-- NetworkHTTP 2016-12-05 18:48:06,560 [root] DEBUG: |-- NetworkICMP 2016-12-05 18:48:06,560 [root] DEBUG: |-- NetworkIRC 2016-12-05 18:48:06,560 [root] DEBUG: |-- NetworkSMTP 2016-12-05 18:48:06,561 [root] DEBUG: |-- SnortAlert 2016-12-05 18:48:06,561 [root] DEBUG: |-- SuricataAlert 2016-12-05 18:48:06,561 [root] DEBUG: |-- TorGateway 2016-12-05 18:48:06,561 [root] DEBUG: |-- WscriptDownloader 2016-12-05 18:48:06,561 [root] DEBUG: |-- ADS 2016-12-05 18:48:06,561 [root] DEBUG: |-- APT_Carbunak 2016-12-05 18:48:06,561 [root] DEBUG: |-- APT_CloudAtlas 2016-12-05 18:48:06,561 [root] DEBUG: |-- AVDetectionChinaKey 2016-12-05 18:48:06,561 [root] DEBUG: |-- Adzok 2016-12-05 18:48:06,561 [root] DEBUG: |-- AlinaFile 2016-12-05 18:48:06,561 [root] DEBUG: |-- AlineURL 2016-12-05 18:48:06,562 [root] DEBUG: |-- AllocatesRWX 2016-12-05 18:48:06,562 [root] DEBUG: |-- Andromeda 2016-12-05 18:48:06,562 [root] DEBUG: |-- AntiAVDetectFile 2016-12-05 18:48:06,562 [root] DEBUG: |-- AntiAVDetectReg 2016-12-05 18:48:06,562 [root] DEBUG: |-- AntiAVSRP 2016-12-05 18:48:06,562 [root] DEBUG: |-- AntiAnalysisDetectFile 2016-12-05 18:48:06,562 [root] DEBUG: |-- AntiDBGDevices 2016-12-05 18:48:06,562 [root] DEBUG: |-- AntiDBGWindows 2016-12-05 18:48:06,562 [root] DEBUG: |-- AntiSandboxFile 2016-12-05 18:48:06,562 [root] DEBUG: |-- AntiSandboxForegroundWindow 2016-12-05 18:48:06,562 [root] DEBUG: |-- AntiSandboxIdleTime 2016-12-05 18:48:06,563 [root] DEBUG: |-- AntiSandboxSleep 2016-12-05 18:48:06,563 [root] DEBUG: |-- AntiVMBios 2016-12-05 18:48:06,563 [root] DEBUG: |-- AntiVMCPU 2016-12-05 18:48:06,563 [root] DEBUG: |-- AntiVMComputernameQuery 2016-12-05 18:48:06,563 [root] DEBUG: |-- AntiVMIDE 2016-12-05 18:48:06,563 [root] DEBUG: |-- AntiVMSCSI 2016-12-05 18:48:06,563 [root] DEBUG: |-- AntiVMServices 2016-12-05 18:48:06,563 [root] DEBUG: |-- ArdamaxMutexes 2016-12-05 18:48:06,563 [root] DEBUG: |-- AthenaHttp 2016-12-05 18:48:06,563 [root] DEBUG: |-- AthenaURL 2016-12-05 18:48:06,563 [root] DEBUG: |-- Autorun 2016-12-05 18:48:06,564 [root] DEBUG: |-- AvastDetectLibs 2016-12-05 18:48:06,564 [root] DEBUG: |-- BadCerts 2016-12-05 18:48:06,564 [root] DEBUG: |-- Bagle 2016-12-05 18:48:06,564 [root] DEBUG: |-- Bandook 2016-12-05 18:48:06,564 [root] DEBUG: |-- BankingMutexes 2016-12-05 18:48:06,564 [root] DEBUG: |-- Banload 2016-12-05 18:48:06,564 [root] DEBUG: |-- Beastdoor 2016-12-05 18:48:06,564 [root] DEBUG: |-- BeebusMutexes 2016-12-05 18:48:06,564 [root] DEBUG: |-- BegseabugTDMutexes 2016-12-05 18:48:06,564 [root] DEBUG: |-- BetabotURL 2016-12-05 18:48:06,564 [root] DEBUG: |-- Bifrose 2016-12-05 18:48:06,565 [root] DEBUG: |-- BitcoinOpenCL 2016-12-05 18:48:06,565 [root] DEBUG: |-- BitcoinWallet 2016-12-05 18:48:06,565 [root] DEBUG: |-- BitdefenderDetectLibs 2016-12-05 18:48:06,565 [root] DEBUG: |-- BlackEnergyMutexes 2016-12-05 18:48:06,565 [root] DEBUG: |-- BlackRevMutexes 2016-12-05 18:48:06,565 [root] DEBUG: |-- Blackhole 2016-12-05 18:48:06,565 [root] DEBUG: |-- BlackholeURL 2016-12-05 18:48:06,565 [root] DEBUG: |-- Blackice 2016-12-05 18:48:06,565 [root] DEBUG: |-- BlackposURL 2016-12-05 18:48:06,565 [root] DEBUG: |-- Blackshades 2016-12-05 18:48:06,565 [root] DEBUG: |-- BladabindiMutexes 2016-12-05 18:48:06,566 [root] DEBUG: |-- BochsDetectKeys 2016-12-05 18:48:06,566 [root] DEBUG: |-- Bottilda 2016-12-05 18:48:06,566 [root] DEBUG: |-- BozokKey 2016-12-05 18:48:06,566 [root] DEBUG: |-- BrowserSecurity 2016-12-05 18:48:06,566 [root] DEBUG: |-- BrowserStealer 2016-12-05 18:48:06,566 [root] DEBUG: |-- Btcbotnet 2016-12-05 18:48:06,566 [root] DEBUG: |-- Bublik 2016-12-05 18:48:06,566 [root] DEBUG: |-- BuildLangID 2016-12-05 18:48:06,566 [root] DEBUG: |-- BuzusMutexes 2016-12-05 18:48:06,566 [root] DEBUG: |-- BypassFirewall 2016-12-05 18:48:06,566 [root] DEBUG: |-- CarberpMutexes 2016-12-05 18:48:06,567 [root] DEBUG: |-- Ceatrg 2016-12-05 18:48:06,567 [root] DEBUG: |-- ChanitorMutexes 2016-12-05 18:48:06,567 [root] DEBUG: |-- CheckIP 2016-12-05 18:48:06,567 [root] DEBUG: |-- CloudFlare 2016-12-05 18:48:06,567 [root] DEBUG: |-- CloudGoogle 2016-12-05 18:48:06,567 [root] DEBUG: |-- CoinminerMutexes 2016-12-05 18:48:06,567 [root] DEBUG: |-- ComRAT 2016-12-05 18:48:06,567 [root] DEBUG: |-- Crash 2016-12-05 18:48:06,567 [root] DEBUG: |-- CreatesAutorunInf 2016-12-05 18:48:06,567 [root] DEBUG: |-- CreatesDocument 2016-12-05 18:48:06,567 [root] DEBUG: |-- CreatesExe 2016-12-05 18:48:06,567 [root] DEBUG: |-- CreatesService 2016-12-05 18:48:06,568 [root] DEBUG: |-- CreatesSuspiciousProcess 2016-12-05 18:48:06,568 [root] DEBUG: |-- Cridex 2016-12-05 18:48:06,568 [root] DEBUG: |-- Cryptolocker 2016-12-05 18:48:06,568 [root] DEBUG: |-- Cybergate 2016-12-05 18:48:06,568 [root] DEBUG: |-- DNS_TLD_BY 2016-12-05 18:48:06,568 [root] DEBUG: |-- DNS_TLD_CC 2016-12-05 18:48:06,568 [root] DEBUG: |-- DNS_TLD_ONION 2016-12-05 18:48:06,568 [root] DEBUG: |-- DNS_TLD_PW 2016-12-05 18:48:06,568 [root] DEBUG: |-- DNS_TLD_RU 2016-12-05 18:48:06,568 [root] DEBUG: |-- DNS_TLD_SU 2016-12-05 18:48:06,568 [root] DEBUG: |-- Dapato 2016-12-05 18:48:06,569 [root] DEBUG: |-- Darkcloud 2016-12-05 18:48:06,569 [root] DEBUG: |-- DarkddosMutexes 2016-12-05 18:48:06,569 [root] DEBUG: |-- Darkshell 2016-12-05 18:48:06,569 [root] DEBUG: |-- Ddos556 2016-12-05 18:48:06,569 [root] DEBUG: |-- Decay 2016-12-05 18:48:06,569 [root] DEBUG: |-- DecebalMutexes 2016-12-05 18:48:06,569 [root] DEBUG: |-- DeletesSelf 2016-12-05 18:48:06,569 [root] DEBUG: |-- DelfTrojan 2016-12-05 18:48:06,569 [root] DEBUG: |-- DerusbiMutexes 2016-12-05 18:48:06,569 [root] DEBUG: |-- Dexter 2016-12-05 18:48:06,569 [root] DEBUG: |-- Dibik 2016-12-05 18:48:06,570 [root] DEBUG: |-- DirtJumper 2016-12-05 18:48:06,570 [root] DEBUG: |-- DisableCmd 2016-12-05 18:48:06,570 [root] DEBUG: |-- DisableRegedit 2016-12-05 18:48:06,570 [root] DEBUG: |-- DisableTaskMgr 2016-12-05 18:48:06,570 [root] DEBUG: |-- DisablesAppLaunch 2016-12-05 18:48:06,570 [root] DEBUG: |-- DisablesBrowserWarn 2016-12-05 18:48:06,570 [root] DEBUG: |-- DisablesSPDY 2016-12-05 18:48:06,570 [root] DEBUG: |-- DisablesSecurity 2016-12-05 18:48:06,570 [root] DEBUG: |-- DisablesSystemRestore 2016-12-05 18:48:06,570 [root] DEBUG: |-- DisablesWER 2016-12-05 18:48:06,570 [root] DEBUG: |-- DisablesWindowsUpdate 2016-12-05 18:48:06,571 [root] DEBUG: |-- DiskInformation 2016-12-05 18:48:06,571 [root] DEBUG: |-- Dns_Freehosting_Domain 2016-12-05 18:48:06,571 [root] DEBUG: |-- DoFoil 2016-12-05 18:48:06,571 [root] DEBUG: |-- DownloaderCabby 2016-12-05 18:48:06,571 [root] DEBUG: |-- Drive 2016-12-05 18:48:06,571 [root] DEBUG: |-- Drive2 2016-12-05 18:48:06,571 [root] DEBUG: |-- DriverLoad 2016-12-05 18:48:06,571 [root] DEBUG: |-- DropBox 2016-12-05 18:48:06,571 [root] DEBUG: |-- Dyreza 2016-12-05 18:48:06,571 [root] DEBUG: |-- EclipseMutexes 2016-12-05 18:48:06,571 [root] DEBUG: |-- Emotet 2016-12-05 18:48:06,572 [root] DEBUG: |-- Evilbot 2016-12-05 18:48:06,572 [root] DEBUG: |-- Expiro 2016-12-05 18:48:06,572 [root] DEBUG: |-- ExploitKitMutexes 2016-12-05 18:48:06,572 [root] DEBUG: |-- FTPStealer 2016-12-05 18:48:06,572 [root] DEBUG: |-- FakeAVMutexes 2016-12-05 18:48:06,572 [root] DEBUG: |-- FakeRean 2016-12-05 18:48:06,572 [root] DEBUG: |-- FarFli 2016-12-05 18:48:06,572 [root] DEBUG: |-- FesberMutexes 2016-12-05 18:48:06,572 [root] DEBUG: |-- Fingerprint 2016-12-05 18:48:06,572 [root] DEBUG: |-- Flame 2016-12-05 18:48:06,572 [root] DEBUG: |-- Flystudio 2016-12-05 18:48:06,573 [root] DEBUG: |-- FortinetDetectFiles 2016-12-05 18:48:06,573 [root] DEBUG: |-- Fynloski 2016-12-05 18:48:06,573 [root] DEBUG: |-- Gaelicum 2016-12-05 18:48:06,573 [root] DEBUG: |-- Ghostbot 2016-12-05 18:48:06,573 [root] DEBUG: |-- HasAuthenticode 2016-12-05 18:48:06,573 [root] DEBUG: |-- HasOfficeEps 2016-12-05 18:48:06,573 [root] DEBUG: |-- HasPdb 2016-12-05 18:48:06,573 [root] DEBUG: |-- HasWMI 2016-12-05 18:48:06,573 [root] DEBUG: |-- Hesperbot 2016-12-05 18:48:06,573 [root] DEBUG: |-- Hikit 2016-12-05 18:48:06,573 [root] DEBUG: |-- HookMouse 2016-12-05 18:48:06,574 [root] DEBUG: |-- Hupigon 2016-12-05 18:48:06,574 [root] DEBUG: |-- HyperVDetectKeys 2016-12-05 18:48:06,574 [root] DEBUG: |-- IEMartian 2016-12-05 18:48:06,574 [root] DEBUG: |-- IMStealer 2016-12-05 18:48:06,574 [root] DEBUG: |-- IPKillerMutexes 2016-12-05 18:48:06,574 [root] DEBUG: |-- ISRstealerURL 2016-12-05 18:48:06,574 [root] DEBUG: |-- IcePoint 2016-12-05 18:48:06,574 [root] DEBUG: |-- InceptionAPT 2016-12-05 18:48:06,574 [root] DEBUG: |-- Infinity 2016-12-05 18:48:06,574 [root] DEBUG: |-- InjectionRunPE 2016-12-05 18:48:06,574 [root] DEBUG: |-- InjectionThread 2016-12-05 18:48:06,574 [root] DEBUG: |-- InstalledApps 2016-12-05 18:48:06,575 [root] DEBUG: |-- InstallsAppInit 2016-12-05 18:48:06,575 [root] DEBUG: |-- InstallsBHO 2016-12-05 18:48:06,575 [root] DEBUG: |-- InstallsWinpcap 2016-12-05 18:48:06,575 [root] DEBUG: |-- Ircbrute 2016-12-05 18:48:06,575 [root] DEBUG: |-- JackPOSFile 2016-12-05 18:48:06,575 [root] DEBUG: |-- JackposURL 2016-12-05 18:48:06,575 [root] DEBUG: |-- JeefoMutexes 2016-12-05 18:48:06,575 [root] DEBUG: |-- Jewdo 2016-12-05 18:48:06,575 [root] DEBUG: |-- JintorMutexes 2016-12-05 18:48:06,575 [root] DEBUG: |-- JorikTrojan 2016-12-05 18:48:06,575 [root] DEBUG: |-- Karagany 2016-12-05 18:48:06,576 [root] DEBUG: |-- Karakum 2016-12-05 18:48:06,576 [root] DEBUG: |-- Katusha 2016-12-05 18:48:06,576 [root] DEBUG: |-- KelihosBot 2016-12-05 18:48:06,576 [root] DEBUG: |-- Keylogger 2016-12-05 18:48:06,576 [root] DEBUG: |-- Kilim 2016-12-05 18:48:06,576 [root] DEBUG: |-- Killdisk 2016-12-05 18:48:06,576 [root] DEBUG: |-- KnownVirustotal 2016-12-05 18:48:06,576 [root] DEBUG: |-- Koobface 2016-12-05 18:48:06,576 [root] DEBUG: |-- Koutodoor 2016-12-05 18:48:06,576 [root] DEBUG: |-- KovterBot 2016-12-05 18:48:06,576 [root] DEBUG: |-- KrepperMutexes 2016-12-05 18:48:06,577 [root] DEBUG: |-- KuluozMutexes 2016-12-05 18:48:06,577 [root] DEBUG: |-- Likseput 2016-12-05 18:48:06,577 [root] DEBUG: |-- LocatesBrowser 2016-12-05 18:48:06,577 [root] DEBUG: |-- LocatesSniffer 2016-12-05 18:48:06,577 [root] DEBUG: |-- Lockscreen 2016-12-05 18:48:06,577 [root] DEBUG: |-- LolBot 2016-12-05 18:48:06,577 [root] DEBUG: |-- Luder 2016-12-05 18:48:06,577 [root] DEBUG: |-- Madness 2016-12-05 18:48:06,577 [root] DEBUG: |-- MadnessURL 2016-12-05 18:48:06,577 [root] DEBUG: |-- MaganiaMutexes 2016-12-05 18:48:06,577 [root] DEBUG: |-- MailStealer 2016-12-05 18:48:06,578 [root] DEBUG: |-- MegaUpload 2016-12-05 18:48:06,578 [root] DEBUG: |-- Minerbot 2016-12-05 18:48:06,578 [root] DEBUG: |-- MircFile 2016-12-05 18:48:06,578 [root] DEBUG: |-- ModifiesDesktopWallpaper 2016-12-05 18:48:06,578 [root] DEBUG: |-- ModifiesFiles 2016-12-05 18:48:06,578 [root] DEBUG: |-- ModifiesUACNotify 2016-12-05 18:48:06,578 [root] DEBUG: |-- MyBot 2016-12-05 18:48:06,578 [root] DEBUG: |-- Nakbot 2016-12-05 18:48:06,578 [root] DEBUG: |-- Napolar 2016-12-05 18:48:06,578 [root] DEBUG: |-- Nebuler 2016-12-05 18:48:06,578 [root] DEBUG: |-- Netobserve 2016-12-05 18:48:06,579 [root] DEBUG: |-- Netshadow 2016-12-05 18:48:06,579 [root] DEBUG: |-- Netwire 2016-12-05 18:48:06,579 [root] DEBUG: |-- Nitol 2016-12-05 18:48:06,579 [root] DEBUG: |-- NjRat 2016-12-05 18:48:06,579 [root] DEBUG: |-- ObfusMutexes 2016-12-05 18:48:06,579 [root] DEBUG: |-- OfficeCreateObject 2016-12-05 18:48:06,579 [root] DEBUG: |-- OfficeEpsStrings 2016-12-05 18:48:06,579 [root] DEBUG: |-- OfficeHttpRequest 2016-12-05 18:48:06,579 [root] DEBUG: |-- OfficePackager 2016-12-05 18:48:06,579 [root] DEBUG: |-- OfficeRecentFiles 2016-12-05 18:48:06,579 [root] DEBUG: |-- OfficeVulnModules 2016-12-05 18:48:06,579 [root] DEBUG: |-- OfficeVulnerableGuid 2016-12-05 18:48:06,580 [root] DEBUG: |-- OfficeWriteEXE 2016-12-05 18:48:06,580 [root] DEBUG: |-- Oldrea 2016-12-05 18:48:06,580 [root] DEBUG: |-- PEFeatures 2016-12-05 18:48:06,580 [root] DEBUG: |-- PWDumpFile 2016-12-05 18:48:06,580 [root] DEBUG: |-- PackerEntropy 2016-12-05 18:48:06,580 [root] DEBUG: |-- Palevo 2016-12-05 18:48:06,580 [root] DEBUG: |-- ParallelsDetectKeys 2016-12-05 18:48:06,580 [root] DEBUG: |-- Pasta 2016-12-05 18:48:06,580 [root] DEBUG: |-- PcClientMutexes 2016-12-05 18:48:06,580 [root] DEBUG: |-- PerfLogger 2016-12-05 18:48:06,580 [root] DEBUG: |-- PersistenceBootexecute 2016-12-05 18:48:06,581 [root] DEBUG: |-- Phorpiex 2016-12-05 18:48:06,581 [root] DEBUG: |-- Pidief 2016-12-05 18:48:06,581 [root] DEBUG: |-- Plugx 2016-12-05 18:48:06,581 [root] DEBUG: |-- Poebot 2016-12-05 18:48:06,581 [root] DEBUG: |-- PoisonIvy 2016-12-05 18:48:06,581 [root] DEBUG: |-- Polymorphic 2016-12-05 18:48:06,581 [root] DEBUG: |-- Ponfoy 2016-12-05 18:48:06,581 [root] DEBUG: |-- PonyURL 2016-12-05 18:48:06,581 [root] DEBUG: |-- PosCardStealerURL 2016-12-05 18:48:06,581 [root] DEBUG: |-- Prinimalka 2016-12-05 18:48:06,581 [root] DEBUG: |-- ProcMemDumpURLs 2016-12-05 18:48:06,582 [root] DEBUG: |-- Psyokym 2016-12-05 18:48:06,582 [root] DEBUG: |-- PuceMutexes 2016-12-05 18:48:06,582 [root] DEBUG: |-- PutterpandaMutexes 2016-12-05 18:48:06,582 [root] DEBUG: |-- Putty 2016-12-05 18:48:06,582 [root] DEBUG: |-- Pykse 2016-12-05 18:48:06,582 [root] DEBUG: |-- Qakbot 2016-12-05 18:48:06,582 [root] DEBUG: |-- RBot 2016-12-05 18:48:06,582 [root] DEBUG: |-- Ragebot 2016-12-05 18:48:06,582 [root] DEBUG: |-- RaisesException 2016-12-05 18:48:06,582 [root] DEBUG: |-- Ramnit 2016-12-05 18:48:06,582 [root] DEBUG: |-- RansomwareBcdedit 2016-12-05 18:48:06,583 [root] DEBUG: |-- RansomwareFiles 2016-12-05 18:48:06,583 [root] DEBUG: |-- RansomwareShadowcopy 2016-12-05 18:48:06,583 [root] DEBUG: |-- RapidShare 2016-12-05 18:48:06,583 [root] DEBUG: |-- RatSiggen 2016-12-05 18:48:06,583 [root] DEBUG: |-- RdpMutexes 2016-12-05 18:48:06,583 [root] DEBUG: |-- Renocide 2016-12-05 18:48:06,583 [root] DEBUG: |-- RenosTrojan 2016-12-05 18:48:06,583 [root] DEBUG: |-- Rovnix 2016-12-05 18:48:06,583 [root] DEBUG: |-- Runbu 2016-12-05 18:48:06,583 [root] DEBUG: |-- RunouceMutexes 2016-12-05 18:48:06,583 [root] DEBUG: |-- Ruskill 2016-12-05 18:48:06,583 [root] DEBUG: |-- SDBot 2016-12-05 18:48:06,584 [root] DEBUG: |-- Sadbot 2016-12-05 18:48:06,584 [root] DEBUG: |-- SandboxJoeAnubisDetectFiles 2016-12-05 18:48:06,584 [root] DEBUG: |-- SandboxieDetect 2016-12-05 18:48:06,584 [root] DEBUG: |-- SelfDeleteBat 2016-12-05 18:48:06,584 [root] DEBUG: |-- Senna 2016-12-05 18:48:06,584 [root] DEBUG: |-- Shadowbot 2016-12-05 18:48:06,584 [root] DEBUG: |-- SharingRGhost 2016-12-05 18:48:06,584 [root] DEBUG: |-- SharpStealerURL 2016-12-05 18:48:06,584 [root] DEBUG: |-- Shiz 2016-12-05 18:48:06,584 [root] DEBUG: |-- ShutdownSystem 2016-12-05 18:48:06,584 [root] DEBUG: |-- Shylock 2016-12-05 18:48:06,585 [root] DEBUG: |-- SipStun 2016-12-05 18:48:06,585 [root] DEBUG: |-- Smtp_GMail 2016-12-05 18:48:06,585 [root] DEBUG: |-- Smtp_Live 2016-12-05 18:48:06,585 [root] DEBUG: |-- Smtp_Mail_Ru 2016-12-05 18:48:06,585 [root] DEBUG: |-- Smtp_Yahoo 2016-12-05 18:48:06,585 [root] DEBUG: |-- SolarURL 2016-12-05 18:48:06,585 [root] DEBUG: |-- SpyEyeMutexes 2016-12-05 18:48:06,585 [root] DEBUG: |-- SpyeyeURL 2016-12-05 18:48:06,585 [root] DEBUG: |-- SpynetRat 2016-12-05 18:48:06,585 [root] DEBUG: |-- Spyrecorder 2016-12-05 18:48:06,585 [root] DEBUG: |-- Staser 2016-12-05 18:48:06,586 [root] DEBUG: |-- StealthChildProc 2016-12-05 18:48:06,586 [root] DEBUG: |-- StealthHiddenExtension 2016-12-05 18:48:06,586 [root] DEBUG: |-- StealthHiddenFile 2016-12-05 18:48:06,586 [root] DEBUG: |-- StealthHiddenIcons 2016-12-05 18:48:06,586 [root] DEBUG: |-- StopsService 2016-12-05 18:48:06,586 [root] DEBUG: |-- SunBeltSandboxDetect 2016-12-05 18:48:06,586 [root] DEBUG: |-- SunbeltDetectFiles 2016-12-05 18:48:06,586 [root] DEBUG: |-- SuspiciousPowershell 2016-12-05 18:48:06,586 [root] DEBUG: |-- SweetorangeMutexes 2016-12-05 18:48:06,586 [root] DEBUG: |-- Swrort 2016-12-05 18:48:06,586 [root] DEBUG: |-- SystemInfo 2016-12-05 18:48:06,586 [root] DEBUG: |-- TDSSBackdoor 2016-12-05 18:48:06,587 [root] DEBUG: |-- TapiDpMutexes 2016-12-05 18:48:06,587 [root] DEBUG: |-- TeamviewerRat 2016-12-05 18:48:06,587 [root] DEBUG: |-- ThreatTrackDetectFiles 2016-12-05 18:48:06,587 [root] DEBUG: |-- TinbaMutexes 2016-12-05 18:48:06,587 [root] DEBUG: |-- TnegaMutexes 2016-12-05 18:48:06,587 [root] DEBUG: |-- Tor 2016-12-05 18:48:06,587 [root] DEBUG: |-- TorHiddenService 2016-12-05 18:48:06,587 [root] DEBUG: |-- Travnet 2016-12-05 18:48:06,587 [root] DEBUG: |-- Trogbot 2016-12-05 18:48:06,587 [root] DEBUG: |-- TrojanJorik 2016-12-05 18:48:06,587 [root] DEBUG: |-- TrojanLethic 2016-12-05 18:48:06,588 [root] DEBUG: |-- TrojanRedosru 2016-12-05 18:48:06,588 [root] DEBUG: |-- TrojanSysn 2016-12-05 18:48:06,588 [root] DEBUG: |-- TufikMutexes 2016-12-05 18:48:06,588 [root] DEBUG: |-- Turkojan 2016-12-05 18:48:06,588 [root] DEBUG: |-- TurlaCarbon 2016-12-05 18:48:06,588 [root] DEBUG: |-- UFRStealer 2016-12-05 18:48:06,588 [root] DEBUG: |-- UPXCompressed 2016-12-05 18:48:06,588 [root] DEBUG: |-- URLSpy 2016-12-05 18:48:06,588 [root] DEBUG: |-- Unhook 2016-12-05 18:48:06,588 [root] DEBUG: |-- Upatre 2016-12-05 18:48:06,588 [root] DEBUG: |-- UpatreTDMutexes 2016-12-05 18:48:06,589 [root] DEBUG: |-- UrkShortCN 2016-12-05 18:48:06,589 [root] DEBUG: |-- UroburosFile 2016-12-05 18:48:06,589 [root] DEBUG: |-- UroburosMutexes 2016-12-05 18:48:06,589 [root] DEBUG: |-- Urxbot 2016-12-05 18:48:06,589 [root] DEBUG: |-- UsesWindowsUtilities 2016-12-05 18:48:06,589 [root] DEBUG: |-- VBInject 2016-12-05 18:48:06,589 [root] DEBUG: |-- VBoxDetectACPI 2016-12-05 18:48:06,589 [root] DEBUG: |-- VBoxDetectDevices 2016-12-05 18:48:06,589 [root] DEBUG: |-- VBoxDetectFiles 2016-12-05 18:48:06,589 [root] DEBUG: |-- VBoxDetectKeys 2016-12-05 18:48:06,589 [root] DEBUG: |-- VBoxDetectWindow 2016-12-05 18:48:06,590 [root] DEBUG: |-- VMFirmware 2016-12-05 18:48:06,590 [root] DEBUG: |-- VMPPacked 2016-12-05 18:48:06,590 [root] DEBUG: |-- VMWareDetectFiles 2016-12-05 18:48:06,590 [root] DEBUG: |-- VMWareDetectKeys 2016-12-05 18:48:06,590 [root] DEBUG: |-- VMWareInInstruction 2016-12-05 18:48:06,590 [root] DEBUG: |-- VNLoaderURL 2016-12-05 18:48:06,590 [root] DEBUG: |-- VPCDetectKeys 2016-12-05 18:48:06,590 [root] DEBUG: |-- Vanbot 2016-12-05 18:48:06,590 [root] DEBUG: |-- Vertex 2016-12-05 18:48:06,590 [root] DEBUG: |-- VertexSolarURL 2016-12-05 18:48:06,590 [root] DEBUG: |-- VirtualPCDetect 2016-12-05 18:48:06,590 [root] DEBUG: |-- VirtualPCIllegalInstruction 2016-12-05 18:48:06,591 [root] DEBUG: |-- Virut 2016-12-05 18:48:06,591 [root] DEBUG: |-- VncMutexes 2016-12-05 18:48:06,591 [root] DEBUG: |-- VolDevicetree1 2016-12-05 18:48:06,591 [root] DEBUG: |-- VolHandles1 2016-12-05 18:48:06,591 [root] DEBUG: |-- VolLdrModules1 2016-12-05 18:48:06,591 [root] DEBUG: |-- VolLdrModules2 2016-12-05 18:48:06,591 [root] DEBUG: |-- VolMalfind1 2016-12-05 18:48:06,591 [root] DEBUG: |-- VolModscan1 2016-12-05 18:48:06,591 [root] DEBUG: |-- VolSvcscan1 2016-12-05 18:48:06,591 [root] DEBUG: |-- VolSvcscan2 2016-12-05 18:48:06,591 [root] DEBUG: |-- VolSvcscan3 2016-12-05 18:48:06,592 [root] DEBUG: |-- Wakbot 2016-12-05 18:48:06,592 [root] DEBUG: |-- WarbotURL 2016-12-05 18:48:06,592 [root] DEBUG: |-- Whimoo 2016-12-05 18:48:06,592 [root] DEBUG: |-- Win32ProcessCreate 2016-12-05 18:48:06,592 [root] DEBUG: |-- WinSCP 2016-12-05 18:48:06,592 [root] DEBUG: |-- WinSxsBot 2016-12-05 18:48:06,592 [root] DEBUG: |-- WineDetect 2016-12-05 18:48:06,592 [root] DEBUG: |-- WormAllaple 2016-12-05 18:48:06,592 [root] DEBUG: |-- WormKolabc 2016-12-05 18:48:06,592 [root] DEBUG: |-- XenDetectKeys 2016-12-05 18:48:06,592 [root] DEBUG: |-- XtremeRAT 2016-12-05 18:48:06,593 [root] DEBUG: |-- Xworm 2016-12-05 18:48:06,593 [root] DEBUG: |-- Zegost 2016-12-05 18:48:06,593 [root] DEBUG: |-- ZeusMutexes 2016-12-05 18:48:06,593 [root] DEBUG: |-- ZeusP2P 2016-12-05 18:48:06,593 [root] DEBUG: |-- ZeusURL 2016-12-05 18:48:06,593 [root] DEBUG: |-- ZoneID 2016-12-05 18:48:06,593 [root] DEBUG: |-- apt_sandworm_ip 2016-12-05 18:48:06,593 [root] DEBUG: |-- apt_sandworm_url 2016-12-05 18:48:06,593 [root] DEBUG: |-- banker_bancos 2016-12-05 18:48:06,593 [root] DEBUG: |-- browser_startpage 2016-12-05 18:48:06,593 [root] DEBUG: |-- c24URL 2016-12-05 18:48:06,594 [root] DEBUG: |-- cloud_mediafire 2016-12-05 18:48:06,594 [root] DEBUG: |-- cloud_wetransfer 2016-12-05 18:48:06,594 [root] DEBUG: |-- dnsserver_dynamic 2016-12-05 18:48:06,594 [root] DEBUG: |-- exp_3322_dom 2016-12-05 18:48:06,594 [root] DEBUG: |-- iStealerURL 2016-12-05 18:48:06,594 [root] DEBUG: |-- im_btb 2016-12-05 18:48:06,594 [root] DEBUG: |-- im_qq 2016-12-05 18:48:06,594 [root] DEBUG: |-- miningpool 2016-12-05 18:48:06,594 [root] DEBUG: |-- ransomware_viruscoder 2016-12-05 18:48:06,595 [root] DEBUG: |-- rat_fexel_ip 2016-12-05 18:48:06,595 [root] DEBUG: |-- rat_naid_ip 2016-12-05 18:48:06,595 [root] DEBUG: |-- trojanmrblack 2016-12-05 18:48:06,595 [root] DEBUG: -- trojanyoddos 2016-12-05 18:48:06,595 [root] DEBUG: Imported "processing" modules: 2016-12-05 18:48:06,595 [root] DEBUG: |-- AnalysisInfo 2016-12-05 18:48:06,595 [root] DEBUG: |-- ApkInfo 2016-12-05 18:48:06,595 [root] DEBUG: |-- Baseline 2016-12-05 18:48:06,595 [root] DEBUG: |-- BehaviorAnalysis 2016-12-05 18:48:06,595 [root] DEBUG: |-- DroppedBuffer 2016-12-05 18:48:06,596 [root] DEBUG: |-- Debug 2016-12-05 18:48:06,596 [root] DEBUG: |-- Droidmon 2016-12-05 18:48:06,596 [root] DEBUG: |-- Dropped 2016-12-05 18:48:06,596 [root] DEBUG: |-- TLSMasterSecrets 2016-12-05 18:48:06,596 [root] DEBUG: |-- GooglePlay 2016-12-05 18:48:06,596 [root] DEBUG: |-- Memory 2016-12-05 18:48:06,596 [root] DEBUG: |-- NetworkAnalysis 2016-12-05 18:48:06,596 [root] DEBUG: |-- ProcessMemory 2016-12-05 18:48:06,596 [root] DEBUG: |-- Screenshots 2016-12-05 18:48:06,596 [root] DEBUG: |-- Snort 2016-12-05 18:48:06,596 [root] DEBUG: |-- Static 2016-12-05 18:48:06,597 [root] DEBUG: |-- Strings 2016-12-05 18:48:06,597 [root] DEBUG: |-- Suricata 2016-12-05 18:48:06,597 [root] DEBUG: |-- TargetInfo 2016-12-05 18:48:06,597 [root] DEBUG:-- VirusTotal 2016-12-05 18:48:06,597 [root] DEBUG: Imported "auxiliary" modules: 2016-12-05 18:48:06,597 [root] DEBUG: |-- MITM 2016-12-05 18:48:06,597 [root] DEBUG: |-- Services 2016-12-05 18:48:06,597 [root] DEBUG: -- Sniffer 2016-12-05 18:48:06,597 [root] DEBUG: Imported "reporting" modules: 2016-12-05 18:48:06,597 [root] DEBUG: |-- CustomReport 2016-12-05 18:48:06,597 [root] DEBUG: |-- SigSender 2016-12-05 18:48:06,598 [root] DEBUG: |-- JsonDump 2016-12-05 18:48:06,598 [root] DEBUG: |-- Moloch 2016-12-05 18:48:06,598 [root] DEBUG: |-- MongoDB 2016-12-05 18:48:06,598 [root] DEBUG: |-- PlaceSender 2016-12-05 18:48:06,598 [root] DEBUG: |-- ReportHTML 2016-12-05 18:48:06,598 [root] DEBUG: |-- ReportJson 2016-12-05 18:48:06,598 [root] DEBUG: |-- SaveMVIDS 2016-12-05 18:48:06,598 [root] DEBUG: |-- SigSender 2016-12-05 18:48:06,598 [root] DEBUG:-- SubmitDropped 2016-12-05 18:48:06,598 [root] DEBUG: Imported "machinery" modules: 2016-12-05 18:48:06,598 [root] DEBUG: -- VirtualBox 2016-12-05 18:48:06,600 [root] DEBUG: Checking for locked tasks.. 2016-12-05 18:48:06,650 [root] DEBUG: Checking for pending service tasks.. 2016-12-05 18:48:06,698 [root] DEBUG: Initializing Yara... 2016-12-05 18:48:06,699 [root] DEBUG: |-- index_binaries.yar 2016-12-05 18:48:06,699 [root] DEBUG:-- index_memory.yar 2016-12-05 18:48:06,707 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:7234. 2016-12-05 18:48:06,709 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2016-12-05 18:48:06,990 [modules.machinery.virtualbox] DEBUG: Getting status for c_win7_box1 2016-12-05 18:48:07,066 [modules.machinery.virtualbox] DEBUG: Machine c_win7_box1 status poweroff 2016-12-05 18:48:07,107 [modules.machinery.virtualbox] DEBUG: Getting status for c_win7_box2 2016-12-05 18:48:07,181 [modules.machinery.virtualbox] DEBUG: Machine c_win7_box2 status poweroff 2016-12-05 18:48:07,224 [modules.machinery.virtualbox] DEBUG: Getting status for c_win7_box3 2016-12-05 18:48:07,278 [modules.machinery.virtualbox] DEBUG: Machine c_win7_box3 status poweroff 2016-12-05 18:48:07,324 [lib.cuckoo.core.scheduler] INFO: Loaded 3 machine/s 2016-12-05 18:48:07,332 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2016-12-05 18:56:04,694 [lib.cuckoo.core.scheduler] DEBUG: Processing task #129664 2016-12-05 18:56:04,696 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "P_antimalware (1).zip" (task #129664, options "route=none") 2016-12-05 18:56:04,701 [lib.cuckoo.core.scheduler] INFO: File already exists at "/home/ubox/gdvn-cuckoo/storage/binaries/2b81cdc8f3c9608bbfb9122fa7bf52b8508b0a76fdc7b9f421ad095ecc8af492" 2016-12-05 18:56:04,748 [lib.cuckoo.core.scheduler] INFO: Task #129664: acquired machine c_win7_box1 (label=c_win7_box1) 2016-12-05 18:56:04,754 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 27586 (interface=vboxnet0, host=192.168.56.109, pcap=/home/ubox/gdvn-cuckoo/storage/analyses/129664/dump.pcap) 2016-12-05 18:56:04,754 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2016-12-05 18:56:04,756 [lib.cuckoo.common.objects] WARNING: Unable to import androguard (pip install androguard) tcpdump: listening on vboxnet0, link-type EN10MB (Ethernet), capture size 65535 bytes 2016-12-05 18:56:04,800 [modules.machinery.virtualbox] DEBUG: Starting vm c_win7_box1 2016-12-05 18:56:04,800 [modules.machinery.virtualbox] DEBUG: Getting status for c_win7_box1 2016-12-05 18:56:04,863 [modules.machinery.virtualbox] DEBUG: Machine c_win7_box1 status poweroff 2016-12-05 18:56:04,919 [modules.machinery.virtualbox] DEBUG: Using snapshot с_win7_snap05 for virtual machine c_win7_box1 2016-12-05 18:56:05,222 [modules.machinery.virtualbox] DEBUG: Getting status for c_win7_box1 2016-12-05 18:56:05,303 [modules.machinery.virtualbox] DEBUG: Machine c_win7_box1 status saved 2016-12-05 18:56:07,448 [modules.machinery.virtualbox] DEBUG: Getting status for c_win7_box1 2016-12-05 18:56:07,513 [modules.machinery.virtualbox] DEBUG: Machine c_win7_box1 status running 2016-12-05 18:56:07,856 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=c_win7_box1, ip=192.168.56.109) 2016-12-05 18:56:08,861 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: not ready yet 2016-12-05 18:56:09,866 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: not ready yet 2016-12-05 18:56:10,869 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: not ready yet 2016-12-05 18:56:11,873 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: not ready yet 2016-12-05 18:56:13,047 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: waiting for status 0x0001 2016-12-05 18:56:13,107 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: status ready 2016-12-05 18:56:13,241 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=c_win7_box1, ip=192.168.56.109) 2016-12-05 18:56:13,754 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: analyzer started with PID 304 2016-12-05 18:56:13,808 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: waiting for completion 2016-12-05 18:56:14,582 [lib.cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized. 2016-12-05 18:56:14,815 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: analysis not completed yet (status=2) 2016-12-05 18:56:15,821 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: analysis not completed yet (status=2) 2016-12-05 18:56:16,828 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: analysis not completed yet (status=2) 2016-12-05 18:56:17,834 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: analysis not completed yet (status=2) 2016-12-05 18:56:18,841 [lib.cuckoo.core.guest] DEBUG: c_win7_box1: analysis not completed yet (status=2) 2016-12-05 18:56:19,112 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0001.jpg 2016-12-05 18:56:19,181 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 45781 2016-12-05 18:56:19,181 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 192.168.56.109:49175 2016-12-05 18:56:19,848 [lib.cuckoo.core.scheduler] ERROR: Analysis failed: The package "modules.packages.zip" start function encountered an unhandled exception: Error returned by is32bit: Command '['bin\is32bit.exe', '-f', u'C:\Users\ANDYHA~1\AppData\Local\Temp\-UDM02~1.JS']' returned non-zero exit status 1 /usr/local/lib/python2.7/dist-packages/sqlalchemy/engine/default.py:450: Warning: Data truncated for column 'message' at row 1 cursor.execute(statement, parameters) 102 packets captured 102 packets received by filter 0 packets dropped by kernel 2016-12-05 18:56:19,884 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2016-12-05 18:56:19,884 [modules.machinery.virtualbox] DEBUG: Stopping vm c_win7_box1 2016-12-05 18:56:19,884 [modules.machinery.virtualbox] DEBUG: Getting status for c_win7_box1 2016-12-05 18:56:19,964 [modules.machinery.virtualbox] DEBUG: Machine c_win7_box1 status running 2016-12-05 18:56:21,009 [modules.machinery.virtualbox] DEBUG: Getting status for c_win7_box1 2016-12-05 18:56:21,079 [modules.machinery.virtualbox] DEBUG: Machine c_win7_box1 status poweroff 2016-12-05 18:56:21,978 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: `

doomedraven commented 7 years ago

first of all upgrade to rc2 and retest it

g00dv1n commented 7 years ago

How I can easy upgrade to rc2 without re-install cuckoo, because I have custom modules and config ?

doomedraven commented 7 years ago

git pull?

g00dv1n commented 7 years ago

I installed it from archive. Not from git. Because I have my own repo for custom changes

doomedraven commented 7 years ago

then probably 

git init
#puthing as remote repo this one
git ...
git pull
g00dv1n commented 7 years ago

Okay. I will try it.

Thanks!

jbremer commented 7 years ago

I think this has been resolved, closing as such.