search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.56k stars 1.7k forks source link

Elacticsearch (encoding) #1220

Closed 1623664 closed 7 years ago

1623664 commented 7 years ago 
2016-12-26 16:26:40,418 [lib.cuckoo.core.plugins] WARNING: The reporting module "ElasticSearch" returned the following error: Failed to save results in ElasticSearch for task #82: ({'report_time': 1482758800, 'signatures': [{'markcount': 2, 'families': [], 'description': '\xd0\xa1\xd0\xbe\xd0\xb7\xd0\xb4\xd0\xb0\xd0\xb5\xd1\x82 (\xd0\xbe\xd1\x84\xd0\xb8\xd1\x81\xd0\xbd\xd1\x8b\xd0\xb5) \xd0\xb4\xd0\xbe\xd0\xba\xd1\x83\xd0\xbc\xd0\xb5\xd0\xbd\xd1\x82\xd1\x8b \xd0\xb2 \xd1\x84\xd0\xb0\xd0\xb9\xd0\xbb\xd0\xbe\xd0\xb2\xd0\xbe\xd0\xb9 \xd1\x81\xd0\xb8\xd1\x81\xd1\x82\xd0\xb5\xd0\xbc\xd0\xb5', 'severity': 2, 'marks': [{'category': 'file', 'ioc': u'C:\\Users\\admin\\AppData\\Local\\Temp\\~$e34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284.doc', 'type': 'ioc', 'description': None}, {'category': 'file', 'ioc': u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\\u0428\u0430\u0431\u043b\u043e\u043d\u044b\\~$Normal.dotm', 'type': 'ioc', 'description': None}], 'references': [], 'name': 'creates_doc'}, {'markcount': 18, 'families': [], 'description': '\xd0\x9f\xd0\xbe\xd1\x82\xd0\xb5\xd0\xbd\xd1\x86\xd0\xb8\xd0\xb0\xd0\xbb\xd1\x8c\xd0\xbd\xd0\xbe \xd0\xb2\xd1\x80\xd0\xb5\xd0\xb4\xd0\xbe\xd0\xbd\xd0\xbe\xd1\x81\xd0\xbd\xd1\x8b\xd0\xb5 URL-\xd0\xb0\xd0\xb4\xd1\x80\xd0\xb5\xd1\x81\xd0\xb0 \xd0\xb1\xd1\x8b\xd0\xbb\xd0\xb8 \xd0\xbd\xd0\xb0\xd0\xb9\xd0\xb4\xd0\xb5\xd0\xbd\xd1\x8b \xd0\xb2 \xd0\xbf\xd1\x80\xd0\xbe\xd1\x86\xd0\xb5\xd1\x81\xd1\x81\xd0\xb5 \xd0\xb4\xd0\xb0\xd0\xbc\xd0\xbf\xd0\xb0 \xd0\xbf\xd0\xb0\xd0\xbc\xd1\x8f\xd1\x82\xd0\xb8', 'severity': 2, 'marks': [{'category': 'url', 'ioc': 'http://www.microsoft.com/pki/certs/CSPCA.crt0', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://purl.org/dc/dcmitype/', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://office.microsoft.com', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://www.w33U', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://www.microsoft.com/pki/certs/tspca.crt0', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://purl.org/dc/elements/1.1/', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://www.w3v', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://schemas.openxmlformats.org/pa', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://www.wMU', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://crl.microsoft.com/pki/crl/products/tspca.crl0H', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://purl.org/dc/terms/', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://www', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://purl.org/dc/terms', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://purl.org/dc/ele', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://w', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://purlSx', 'type': 'ioc', 'description': None}, {'category': 'url', 'ioc': 'http://pu.', 'type': 'ioc', 'description': None}], 'references': [], 'name': 'memdump_urls'}, {'markcount': 1, 'families': [], 'description': '\xd0\x91\xd0\xb8\xd0\xb1\xd0\xbb\xd0\xb8\xd0\xbe\xd1\x82\xd0\xb5\xd0\xba\xd0\xb8 \xd1\x81\xd0\xb2\xd1\x8f\xd0\xb7\xd0\xb0\xd0\xbd\xd0\xb0 \xd1\x81 \xd0\xa1\xd0\xa1\xd0\x9e (\xd0\xbc\xd0\xbe\xd0\xb6\xd0\xb5\xd1\x82 \xd0\xb1\xd1\x8b\xd1\x82\xd1\x8c \xd0\xbb\xd0\xbe\xd0\xb6\xd0\xbd\xd0\xbe\xd0\xb9)', 'severity': 3, 'marks': [{'category': 'cve', 'ioc': 'CVE-2013-3906', 'type': 'ioc', 'description': None}], 'references': [], 'name': 'office_vuln_modules'}], 'target': {'category': u'file', 'file': {'yara': [], 'sha1': '52a841cd360e1f9ea9d3c5308669be3216c557b7', 'name': u'6be34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284.doc', 'type': 'Composite Document File V2 Document, Little Endian, Os: Windows, Version 1.0, Code page: -535, Template: Normal.dotm, Last Saved By: Call44, Revision Number: 2, Total Editing Time: 01:00, Last Printed: Fri Jul 22 10:17:00 2016, Create Time/Date: Mon Dec 26 11:23:57 2016, Last Saved Time/Date: Thu Dec 22 10:51:00 2016', 'sha256': '6be34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284', 'urls': [], 'crc32': '1AAD2874', 'path': '/home/cuckoo/cuckoo/storage/binaries/6be34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284', 'ssdeep': '3072:OizNdN/OCM5b/5CzYjG75IOFQz1nSyFfdOSxv509Zf:OiBbVM5b/czYj8UAGc', 'size': 185856, 'sha512': '8a114c7eb2588eef4920955e4c10e09c06832621f1858304bae6c4834693bba109927eeaa24bc6258072e7a11868392845a5405438044e84a6f0526a3b2ed5cc', 'md5': '4be6e1dfa1085e3500419162b1070dab'}}, 'task_id': 82, 'irma': None, 'virustotal': None, 'summary': defaultdict(<type 'set'>, {'file_created': [u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{3F95E209-1581-4E33-9024-AF9497EB6F1C}.tmp', u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{15462EFF-E1D9-49E7-9113-7D31FB88B275}.tmp', u'C:\\Users\\admin\\AppData\\Local\\Temp\\~$e34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284.doc', u'C:\\Users\\admin\\AppData\\Local\\Temp\\82678.od', u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{51396FD9-E467-45F2-8301-AA1A4B3A08CA}.tmp', u'C:\\Users\\admin\\AppData\\Local\\Temp\\CVR42C4.tmp', u'C:\\Users\\admin\\AppData\\Local\\Temp\\~DF4C7EFAECE5FC80B3.TMP', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\\u0428\u0430\u0431\u043b\u043e\u043d\u044b\\~$Normal.dotm'], 'file_recreated': [u'\\??\\IDE#CdRomVBOX_CD-ROM_____________________________1.0_____#5&2117b2e5&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}', u'\\??\\MountPointManager', u'\\??\\STORAGE#Volume#{449434c0-b530-11e6-839d-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}', u'\\??\\STORAGE#Volume#{449434c0-b530-11e6-839d-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}', u'\\??\\C:'], 'dll_loaded': [u'imm32.dll', u'C:\\Windows\\system32\\kernel32.dll', u'API-MS-Win-Security-LSALookup-L1-1-0.dll', u'C:\\Windows\\system32\\FontSub.dll', u'C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\unires.dll', u'apphelp.dll', u'C:\\Windows\\system32\\prntvpt.dll', u'C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\mxdwdrv.dll', u'C:\\Program Files\\Common Files\\Microsoft Shared\\office12\\riched20.dll', u'kernel32.dll', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\OGL.DLL', u'CRYPTBASE.dll', u'C:\\Windows\\system32\\rsaenh.dll', u'C:\\Windows\\system32\\ole32.dll', u'dwmapi.dll', u'Shlwapi.DLL', u'C:\\Program Files\\Microsoft Office\\Office12\\1049\\wwintl.dll', u'C:\\Windows\\system32\\uxtheme.dll', u'C:\\Windows\\system32\\apphelp.dll', u'ntmarta.dll', u'C:\\Windows\\system32\\mscoree.dll', u'C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\unidrvui.dll', u'wwlib.dll', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSPTLS.DLL', u'WINSTA.dll', u'UxTheme.DLL', u'OLEAUT32.DLL', u'SspiCli.dll', u'DwmApi.DLL', u'ole32.dll', u'SHLWAPI.dll', u'CRYPTSP.dll', u'USER32.dll', u'Comctl32.dll', u'WTSAPI32.DLL', u'API-MS-Win-Security-SDDL-L1-1-0.dll', u'C:\\Windows\\system32\\KERNEL32.DLL', u'MSO.dll', u'VERSION.DLL', u'C:\\Windows\\system32\\ADVAPI32.DLL', u'SHELL32.DLL', u'Kernel32.DLL', u'Winspool.DRV', u'profapi.dll', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSORES.DLL', u'SHELL32.dll', u'RPCRT4.dll', u'comctl32.dll', u'C:\\Windows\\system32\\spool\\DRIVERS\\W32X86\\3\\mxdwdui.DLL', u'SETUPAPI.dll', u'mso.dll', u'DavClnt.DLL', u'VERSION.dll', u'C:\\Program Files\\Common Files\\Microsoft Shared\\office12\\1049\\MSOINTL.DLL', u'RpcRtRemote.dll', u'C:\\Program Files\\Microsoft Office\\Office12\\wwlib.dll', u'gdi32.DLL', u'C:\\Program Files\\Common Files\\Microsoft Shared\\office12\\mso.dll', u'ADVAPI32.dll', u'rpcrt4.dll', u'OLE32.DLL', u'Shlwapi.dll', u'winspool.drv', u'C:\\Windows\\system32\\MSCTF.dll', u'OLEAUT32.dll'], 'file_opened': [u'C:\\Windows\\System32\\rsaenh.dll', u'C:\\Users\\admin\\AppData\\Local\\', u'C:\\Windows\\AppPatch\\sysmain.sdb', u'C:\\', u'C:\\Users\\admin\\AppData\\Local\\Temp', u'C:\\Program Files\\Microsoft Office\\Office12\\ID_0001A.DPC', u'C:\\Users\\admin\\Desktop\\desktop.ini', u'C:\\Users\\admin\\Pictures\\desktop.ini', u'C:\\Program Files\\Microsoft Office\\Office12\\ID_00016.DPC', u'C:\\Windows\\System32\\shdocvw.dll', u'C:\\Windows\\System32\\spool\\drivers\\w32x86\\3\\mxdwdui.gpd', u'C:\\Windows\\System32\\ru-RU\\MSCTF.dll.mui', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\\u0428\u0430\u0431\u043b\u043e\u043d\u044b\\Normal.dotm', u'C:\\Users\\admin\\Favorites\\desktop.ini', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\\u0428\u0430\u0431\u043b\u043e\u043d\u044b\\', u'C:\\Users\\admin\\Saved Games\\desktop.ini', u'C:\\Users\\admin\\AppData\\Local\\Temp\\6be34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284.doc', u'C:\\Users\\admin\\AppData\\', u'C:\\Users\\admin\\Downloads\\desktop.ini', u'C:\\Program Files\\Microsoft Office\\Office12\\STARTUP\\', u'C:\\ProgramData\\Microsoft\\OFFICE\\DATA\\OPA12.BAK', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\Cultures\\OFFICE.ODF', u'C:\\Program Files\\Microsoft Office\\Office12\\ID_00018.DPC', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSPTLS.DLL', u'C:\\Windows\\System32\\ru-RU\\USER32.dll.mui', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\RICHED20.DLL', u'C:\\Program Files\\Microsoft Office\\Office12\\ID_00051.DPC', u'C:\\Windows\\WindowsShell.Manifest', u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000001.db', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL', u'C:\\Users', u'C:\\Users\\admin\\Searches\\desktop.ini', u'C:\\Windows\\System32\\spool\\drivers\\w32x86\\3\\mxdwdui.BUD', u'C:\\Program Files\\Microsoft Office\\Office12\\ID_00015.DPC', u'C:\\Users\\admin\\AppData\\Local\\Temp\\CVR42C4.tmp', u'C:\\Windows\\System32\\spool\\drivers\\w32x86\\3\\mxdwdui.dll', u'C:\\Program Files\\Common Files\\Microsoft Shared\\', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\OGL.DLL', u'C:\\Windows\\System32\\shell32.dll', u'C:\\Users\\admin\\AppData\\Local', u'C:\\ProgramData\\Microsoft\\OFFICE\\DATA\\opa12.dat', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\\u0428\u0430\u0431\u043b\u043e\u043d\u044b', u'C:\\Users\\desktop.ini', u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Office\\', u'C:\\Users\\admin\\Links\\desktop.ini', u'C:\\Users\\admin\\Contacts\\desktop.ini', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Word\\STARTUP\\', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\', u'C:\\Program Files\\Microsoft Office\\Office12\\WWLIB.DLL', u'C:\\Program Files\\', u'C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\', u'C:\\Program Files\\Microsoft Office\\Office12\\', u'C:\\Users\\admin\\Videos\\desktop.ini', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Office\\Word12.pip', u'C:\\Users\\admin\\Documents\\desktop.ini', u'C:\\Users\\admin\\Music\\desktop.ini', u'C:\\Users\\admin\\AppData\\Roaming', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE11\\msxml5.dll', u'C:\\Windows\\Globalization\\Sorting\\sortdefault.nls', u'C:\\Program Files\\Microsoft Office\\Office12\\ID_0001B.DPC', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft', u'C:\\Windows\\Fonts\\staticcache.dat', u'C:\\Users\\admin\\', u'C:\\Windows\\System32\\spool\\drivers\\w32x86\\3\\ru-RU\\unires.dll.mui', u'C:\\Windows\\System32\\spool\\drivers\\w32x86\\3\\STDNAMES.GPD', u'C:\\Program Files\\Microsoft Office\\Office12\\OART.DLL', u'C:\\Users\\admin\\AppData', u'C:\\Users\\', u'C:\\Users\\admin', u'C:\\Windows\\System32\\spool\\drivers\\w32x86\\3\\mxdwdui.ini', u'C:\\Users\\admin\\AppData\\Local\\Temp\\', u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db'], 'file_written': [u'C:\\Users\\admin\\AppData\\Local\\Temp\\~$e34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284.doc', u'C:\\Users\\admin\\AppData\\Local\\Temp\\82678.od', u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{15462EFF-E1D9-49E7-9113-7D31FB88B275}.tmp', u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{51396FD9-E467-45F2-8301-AA1A4B3A08CA}.tmp', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\\u0428\u0430\u0431\u043b\u043e\u043d\u044b\\~$Normal.dotm'], 'file_failed': [u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Office\\review.rcd', u'C:\\Users\\admin\\AppData\\Roaming', u'C:\\Users\\admin\\AppData\\Local', u'C:\\ProgramData\\Microsoft\\OFFICE\\DATA\\opa12.dat', u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Schemas\\MS Word_restart.xml', u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Caches', u'C:\\Windows\\Microsoft.NET\\Framework\\v2.0.0\\', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\\u0428\u0430\u0431\u043b\u043e\u043d\u044b\\Normal.dotm', u'C:\\Program Files\\Microsoft Office\\Office12\\WINWORD.EXE.config', u'C:\\Program Files\\Common Files\\Microsoft Shared\\OFFICE12\\MSO.DLL', u'C:\\Users\\admin', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\desktop.ini', u'C:\\Users\\admin\\AppData\\Local\\Temp\\6be34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284.doc', u'C:\\Windows\\Microsoft.NET\\Framework\\Upgrades.2.0.50727\\', u'C:\\Users\\admin\\AppData\\Roaming\\Microsoft\\Office\\adhoc.rcd'], 'guid': [u'{add8ba80-002b-11d0-8f0f-00c04fd7d062}', u'{88d969ef-f192-11d4-a65f-0040963251e5}', u'{5762f2a7-4658-4c7a-a4ac-bdabfe154e0d}', u'{79eac9ee-baf9-11ce-8c82-00aa004ba90b}', u'{00000000-0000-0000-c000-000000000046}', u'{dffacdc5-679f-4156-8947-c5c76bc0b67f}', u'{529a9e6b-6587-4f23-ab9e-9c7d683e3c50}', u'{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}', u'{88d969ec-8b8b-4c3d-859e-af6cd158be0f}', u'{aa80e801-2021-11d2-93e0-0060b067b86e}', u'{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}']}), 'dropped': [{'yara': [], 'sha1': '196898d268cb01714706618d54465601fc04151a', 'name': 'fd8ba703caa6e03e_82678.od', 'filepath': u'C:\\Users\\admin\\AppData\\Local\\Temp\\82678.od', 'type': 'ASCII text, with CRLF line terminators', 'sha256': 'fd8ba703caa6e03ec635d6e02798c6a7ebeb3087dc51c57397c64fe7e92d95ff', 'urls': [], 'crc32': 'AE4F90A9', 'path': '/home/cuckoo/cuckoo/storage/analyses/82/files/fd8ba703caa6e03e_82678.od', 'ssdeep': '3:OFrpRCMKLovyafNREalYEHNRzW+3GTPidUQILbIHJTQnov:OKMKcaaYalDW+3E6dJISQnov', 'size': 134, 'sha512': '610d786e9c84c1638d3387c9042564397c51ffbbb311fad47d110ad8adbf4156c3faebffa0a29f6116c1fd0f1494b0bf2e26b449e6824eced0331f81962da0a3', 'pids': [3088], 'md5': '2ec00313a9d71e0e86197ede4da594f7'}, {'yara': [], 'sha1': 'dbb111419c704f116efa8e72471dd83e86e49677', 'name': '4826c0d860af884d_~wrs{51396fd9-e467-45f2-8301-aa1a4b3a08ca}.tmp', 'filepath': u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{51396FD9-E467-45F2-8301-AA1A4B3A08CA}.tmp', 'type': 'data', 'sha256': '4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1', 'urls': [], 'crc32': '23C03491', 'path': '/home/cuckoo/cuckoo/storage/analyses/82/files/4826c0d860af884d_~wrs{51396fd9-e467-45f2-8301-aa1a4b3a08ca}.tmp', 'ssdeep': '3:ol3lYdn:4Wn', 'size': 1024, 'sha512': '95f83ae84cafcced5eaf504546725c34d5f9710e5ca2d11761486970f2fbeccb25f9cf50bbfc272bd75e1a66a18b7783f09e1c1454afda519624bc2bb2f28ba4', 'pids': [3088], 'md5': '5d4d94ee7e06bbb0af9584119797b23a'}, {'yara': [], 'sha1': '975f989f94a6a8165a69272988a6a6507e46dbba', 'name': '0403696d84689d20_~wrs{15462eff-e1d9-49e7-9113-7d31fb88b275}.tmp', 'filepath': u'C:\\Users\\admin\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.Word\\~WRS{15462EFF-E1D9-49E7-9113-7D31FB88B275}.tmp', 'type': 'data', 'sha256': '0403696d84689d20a0f61d245fcff9f5d8c32e9f9e35bf7d3945518fc8d3211d', 'urls': [], 'crc32': 'AF15D3BD', 'path': '/home/cuckoo/cuckoo/storage/analyses/82/files/0403696d84689d20_~wrs{15462eff-e1d9-49e7-9113-7d31fb88b275}.tmp', 'ssdeep': '6:IiiiiiiiiiOlvJMVc8++l66XA14AzAtolAuCASASCAwf:EVJMVG+A6QXsvuzjSzi', 'size': 1536, 'sha512': 'b4f9fe0816cc64b80ea43e7610d0b4294c513defbd03565b7b379489d278d485c19bd223815af1e3cb2d68449db01876c6ab5ec38d16147e40c6ed0ae027a396', 'pids': [3088], 'md5': 'a2146f55d77de03e48f3541f617bdc50'}, {'yara': [], 'sha1': '121226e0135ad3e06167086525c44b32abae0bb0', 'name': '2aed85fbf4019a33_~$e34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284.doc', 'filepath': u'C:\\Users\\admin\\AppData\\Local\\Temp\\~$e34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284.doc', 'type': 'data', 'sha256': '2aed85fbf4019a335a31a7292d0a7f9f81b5adfecb3699a020c5b80853b400ad', 'urls': [], 'crc32': '52A9053B', 'path': '/home/cuckoo/cuckoo/storage/analyses/82/files/2aed85fbf4019a33_~$e34826d449eaefd7ad2acab61166ff96e9d4db7a7a67537d582d654a983284.doc', 'ssdeep': '3:BBxLBlBlI4llluRss14Qtlla:3xV+4Uf1VXla', 'size': 162, 'sha512': '396f990ac0c37e3de39879bfe2f42cad5a3a539a43dcfd10784ddc5ecd935c71c4a754446584b82e76a0ba90f7fc819e9ff32b45f5e8a8f7a61af9d7d9e6ef30', 'pids': [3088], 'md5': '29f8d077d9214696564ee35d048d32b3'}], 'cuckoo_node': None, 'report_id': 82}, UnicodeDecodeError('ascii', '"\xd0\xa1\xd0\xbe\xd0\xb7\xd0\xb4\xd0\xb0\xd0\xb5\xd1\x82 (\xd0\xbe\xd1\x84\xd0\xb8\xd1\x81\xd0\xbd\xd1\x8b\xd0\xb5) \xd0\xb4\xd0\xbe\xd0\xba\xd1\x83\xd0\xbc\xd0\xb5\xd0\xbd\xd1\x82\xd1\x8b \xd0\xb2 \xd1\x84\xd0\xb0\xd0\xb9\xd0\xbb\xd0\xbe\xd0\xb2\xd0\xbe\xd0\xb9 \xd1\x81\xd0\xb8\xd1\x81\xd1\x82\xd0\xb5\xd0\xbc\xd0\xb5"', 1, 2, 'ordinal not in range(128)'))
1623664 commented 7 years ago

I'm confused with the coding((

jbremer commented 7 years ago

It appears there's some unicode issue with ElasticSearch. There could be a million reasons for this though. We're on the verge of merging #1196, so perhaps that would also fix your issues?

jbremer commented 7 years ago

Going to close this issue for lack of additional information.