search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.47k stars 1.7k forks source link

Error starting Virtual Machine! VM: cuckoo11, error: Timeout hit while for machine cuckoo11 to change status #1596

Closed uncleAntik closed 7 years ago

uncleAntik commented 7 years ago

Hello friends.

First of all Im sorry for barbarien english. I am running cuckoo on Ubuntu 16.04.2 LTS host and Windows 7 x64 as a guest under virtualbox-headless. Guest ip is 192.168.5.5, host ip is 192.168.5.1. Guest connected with hostonly connection and can ping host. At boot agent.pyw succesfully started and from host I can see an open port 8000 on guest. If I first run guest vm and after what run cuckoo my vm stoped and restoring to its current snapshot. Everything looks fine until I try to submit a file for analisys. I receive an error: Error starting Virtual Machine! VM: cuckoo11, error: Timeout hit while for machine cuckoo11 to change status Its seems what cuckoo cant start guest vm after submitting file for analisys. Detailed log cuckoo -d 

cuckoo -d

   _______ _     _ _______ _     _  _____   _____                                                                                                                                            
   |       |     | |       |____/  |     | |     |                                                                                                                                           
   |_____  |_____| |_____  |    \_ |_____| |_____|                                                                                                                                           

 Cuckoo Sandbox 2.0.3
 www.cuckoosandbox.org
 Copyright (c) 2010-2017

2017-05-23 11:37:23,878 [cuckoo.core.startup] DEBUG: Imported modules...
2017-05-23 11:37:23,886 [cuckoo.core.startup] DEBUG: Imported "auxiliary" modules:
2017-05-23 11:37:23,887 [cuckoo.core.startup] DEBUG:     |-- MITM
2017-05-23 11:37:23,887 [cuckoo.core.startup] DEBUG:     |-- Reboot
2017-05-23 11:37:23,887 [cuckoo.core.startup] DEBUG:     |-- Services
2017-05-23 11:37:23,887 [cuckoo.core.startup] DEBUG:     `-- Sniffer
2017-05-23 11:37:23,887 [cuckoo.core.startup] DEBUG: Imported "machinery" modules:
2017-05-23 11:37:23,888 [cuckoo.core.startup] DEBUG:     |-- vSphere
2017-05-23 11:37:23,888 [cuckoo.core.startup] DEBUG:     |-- KVM
2017-05-23 11:37:23,888 [cuckoo.core.startup] DEBUG:     |-- ESX
2017-05-23 11:37:23,888 [cuckoo.core.startup] DEBUG:     |-- XenServer
2017-05-23 11:37:23,889 [cuckoo.core.startup] DEBUG:     |-- VMware
2017-05-23 11:37:23,889 [cuckoo.core.startup] DEBUG:     |-- Avd
2017-05-23 11:37:23,889 [cuckoo.core.startup] DEBUG:     |-- QEMU
2017-05-23 11:37:23,889 [cuckoo.core.startup] DEBUG:     |-- VirtualBox
2017-05-23 11:37:23,890 [cuckoo.core.startup] DEBUG:     `-- Physical
2017-05-23 11:37:23,890 [cuckoo.core.startup] DEBUG: Imported "processing" modules:
2017-05-23 11:37:23,890 [cuckoo.core.startup] DEBUG:     |-- AnalysisInfo
2017-05-23 11:37:23,890 [cuckoo.core.startup] DEBUG:     |-- ApkInfo
2017-05-23 11:37:23,891 [cuckoo.core.startup] DEBUG:     |-- Baseline
2017-05-23 11:37:23,891 [cuckoo.core.startup] DEBUG:     |-- BehaviorAnalysis
2017-05-23 11:37:23,891 [cuckoo.core.startup] DEBUG:     |-- Debug
2017-05-23 11:37:23,891 [cuckoo.core.startup] DEBUG:     |-- Droidmon
2017-05-23 11:37:23,891 [cuckoo.core.startup] DEBUG:     |-- Dropped
2017-05-23 11:37:23,892 [cuckoo.core.startup] DEBUG:     |-- DroppedBuffer
2017-05-23 11:37:23,892 [cuckoo.core.startup] DEBUG:     |-- GooglePlay
2017-05-23 11:37:23,892 [cuckoo.core.startup] DEBUG:     |-- Irma
2017-05-23 11:37:23,892 [cuckoo.core.startup] DEBUG:     |-- Memory
2017-05-23 11:37:23,893 [cuckoo.core.startup] DEBUG:     |-- MetaInfo
2017-05-23 11:37:23,893 [cuckoo.core.startup] DEBUG:     |-- MISP
2017-05-23 11:37:23,893 [cuckoo.core.startup] DEBUG:     |-- NetworkAnalysis
2017-05-23 11:37:23,893 [cuckoo.core.startup] DEBUG:     |-- ProcessMemory
2017-05-23 11:37:23,893 [cuckoo.core.startup] DEBUG:     |-- Procmon
2017-05-23 11:37:23,894 [cuckoo.core.startup] DEBUG:     |-- Screenshots
2017-05-23 11:37:23,894 [cuckoo.core.startup] DEBUG:     |-- Snort
2017-05-23 11:37:23,894 [cuckoo.core.startup] DEBUG:     |-- Static
2017-05-23 11:37:23,894 [cuckoo.core.startup] DEBUG:     |-- Strings
2017-05-23 11:37:23,894 [cuckoo.core.startup] DEBUG:     |-- Suricata
2017-05-23 11:37:23,894 [cuckoo.core.startup] DEBUG:     |-- TargetInfo
2017-05-23 11:37:23,895 [cuckoo.core.startup] DEBUG:     |-- TLSMasterSecrets
2017-05-23 11:37:23,895 [cuckoo.core.startup] DEBUG:     `-- VirusTotal
2017-05-23 11:37:23,895 [cuckoo.core.startup] DEBUG: Imported "signatures" modules:
2017-05-23 11:37:23,895 [cuckoo.core.startup] DEBUG:     |-- AndroidAbortBroadcast
2017-05-23 11:37:23,895 [cuckoo.core.startup] DEBUG:     |-- AndroidAccountInfo
2017-05-23 11:37:23,895 [cuckoo.core.startup] DEBUG:     |-- AndroidAppInfo
2017-05-23 11:37:23,896 [cuckoo.core.startup] DEBUG:     |-- AndroidAudio
2017-05-23 11:37:23,896 [cuckoo.core.startup] DEBUG:     |-- AndroidCamera
2017-05-23 11:37:23,896 [cuckoo.core.startup] DEBUG:     |-- AndroidDangerousPermissions
2017-05-23 11:37:23,896 [cuckoo.core.startup] DEBUG:     |-- AndroidDeletedApp
2017-05-23 11:37:23,896 [cuckoo.core.startup] DEBUG:     |-- AndroidDynamicCode
2017-05-23 11:37:23,896 [cuckoo.core.startup] DEBUG:     |-- AndroidEmbeddedApk
2017-05-23 11:37:23,897 [cuckoo.core.startup] DEBUG:     |-- AndroidGooglePlayDiff
2017-05-23 11:37:23,897 [cuckoo.core.startup] DEBUG:     |-- AndroidInstalledApps
2017-05-23 11:37:23,897 [cuckoo.core.startup] DEBUG:     |-- AndroidNativeCode
2017-05-23 11:37:23,897 [cuckoo.core.startup] DEBUG:     |-- AndroidPhoneNumber
2017-05-23 11:37:23,897 [cuckoo.core.startup] DEBUG:     |-- AndroidPrivateInfoQuery
2017-05-23 11:37:23,897 [cuckoo.core.startup] DEBUG:     |-- AndroidReflectionCode
2017-05-23 11:37:23,898 [cuckoo.core.startup] DEBUG:     |-- AndroidRegisteredReceiver
2017-05-23 11:37:23,898 [cuckoo.core.startup] DEBUG:     |-- AndroidShellCommands
2017-05-23 11:37:23,898 [cuckoo.core.startup] DEBUG:     |-- AndroidSMS
2017-05-23 11:37:23,898 [cuckoo.core.startup] DEBUG:     |-- AndroidStopProcess
2017-05-23 11:37:23,898 [cuckoo.core.startup] DEBUG:     |-- ApplicationUsesLocation
2017-05-23 11:37:23,899 [cuckoo.core.startup] DEBUG:     |-- KnownVirustotal
2017-05-23 11:37:23,899 [cuckoo.core.startup] DEBUG:     |-- AntiAnalysisJavascript
2017-05-23 11:37:23,899 [cuckoo.core.startup] DEBUG:     |-- DumpedBuffer
2017-05-23 11:37:23,899 [cuckoo.core.startup] DEBUG:     |-- DumpedBuffer2
2017-05-23 11:37:23,899 [cuckoo.core.startup] DEBUG:     |-- EncryptionKeys
2017-05-23 11:37:23,899 [cuckoo.core.startup] DEBUG:     |-- EvalJS
2017-05-23 11:37:23,900 [cuckoo.core.startup] DEBUG:     |-- Exploit_zteF460F660
2017-05-23 11:37:23,900 [cuckoo.core.startup] DEBUG:     |-- HtmlFlash
2017-05-23 11:37:23,900 [cuckoo.core.startup] DEBUG:     |-- JsIframe
2017-05-23 11:37:23,900 [cuckoo.core.startup] DEBUG:     |-- SuspiciousJavascript
2017-05-23 11:37:23,900 [cuckoo.core.startup] DEBUG:     |-- DarwinCodeInjection
2017-05-23 11:37:23,900 [cuckoo.core.startup] DEBUG:     |-- TaskForPid
2017-05-23 11:37:23,901 [cuckoo.core.startup] DEBUG:     |-- DeadHost
2017-05-23 11:37:23,901 [cuckoo.core.startup] DEBUG:     |-- NetworkBIND
2017-05-23 11:37:23,901 [cuckoo.core.startup] DEBUG:     |-- NetworkDynDNS
2017-05-23 11:37:23,901 [cuckoo.core.startup] DEBUG:     |-- NetworkHTTP
2017-05-23 11:37:23,901 [cuckoo.core.startup] DEBUG:     |-- NetworkICMP
2017-05-23 11:37:23,901 [cuckoo.core.startup] DEBUG:     |-- NetworkIRC
2017-05-23 11:37:23,902 [cuckoo.core.startup] DEBUG:     |-- NetworkSMTP
2017-05-23 11:37:23,902 [cuckoo.core.startup] DEBUG:     |-- SnortAlert
2017-05-23 11:37:23,902 [cuckoo.core.startup] DEBUG:     |-- SuricataAlert
2017-05-23 11:37:23,902 [cuckoo.core.startup] DEBUG:     |-- TorGateway
2017-05-23 11:37:23,902 [cuckoo.core.startup] DEBUG:     |-- WscriptDownloader
2017-05-23 11:37:23,902 [cuckoo.core.startup] DEBUG:     |-- ADS
2017-05-23 11:37:23,903 [cuckoo.core.startup] DEBUG:     |-- Adzok
2017-05-23 11:37:23,903 [cuckoo.core.startup] DEBUG:     |-- AlinaFile
2017-05-23 11:37:23,903 [cuckoo.core.startup] DEBUG:     |-- AlineURL
2017-05-23 11:37:23,903 [cuckoo.core.startup] DEBUG:     |-- AllocatesRWX
2017-05-23 11:37:23,903 [cuckoo.core.startup] DEBUG:     |-- Andromeda
2017-05-23 11:37:23,903 [cuckoo.core.startup] DEBUG:     |-- AntiAnalysisDetectFile
2017-05-23 11:37:23,904 [cuckoo.core.startup] DEBUG:     |-- AntiAVDetectFile
2017-05-23 11:37:23,904 [cuckoo.core.startup] DEBUG:     |-- AntiAVDetectReg
2017-05-23 11:37:23,904 [cuckoo.core.startup] DEBUG:     |-- AntiAVSRP
2017-05-23 11:37:23,904 [cuckoo.core.startup] DEBUG:     |-- AntiDBGDevices
2017-05-23 11:37:23,904 [cuckoo.core.startup] DEBUG:     |-- AntiDBGWindows
2017-05-23 11:37:23,904 [cuckoo.core.startup] DEBUG:     |-- AntiSandboxFile
2017-05-23 11:37:23,905 [cuckoo.core.startup] DEBUG:     |-- AntiSandboxForegroundWindow
2017-05-23 11:37:23,905 [cuckoo.core.startup] DEBUG:     |-- AntiSandboxIdleTime
2017-05-23 11:37:23,905 [cuckoo.core.startup] DEBUG:     |-- AntiSandboxSleep
2017-05-23 11:37:23,905 [cuckoo.core.startup] DEBUG:     |-- AntiVMBios
2017-05-23 11:37:23,905 [cuckoo.core.startup] DEBUG:     |-- AntiVMComputernameQuery
2017-05-23 11:37:23,905 [cuckoo.core.startup] DEBUG:     |-- AntiVMCPU
2017-05-23 11:37:23,906 [cuckoo.core.startup] DEBUG:     |-- AntiVMDiskSize
2017-05-23 11:37:23,906 [cuckoo.core.startup] DEBUG:     |-- AntiVMIDE
2017-05-23 11:37:23,906 [cuckoo.core.startup] DEBUG:     |-- AntiVMSCSI
2017-05-23 11:37:23,906 [cuckoo.core.startup] DEBUG:     |-- AntiVMServices
2017-05-23 11:37:23,906 [cuckoo.core.startup] DEBUG:     |-- AntiVMSharedDevice
2017-05-23 11:37:23,906 [cuckoo.core.startup] DEBUG:     |-- APT_Carbunak
2017-05-23 11:37:23,907 [cuckoo.core.startup] DEBUG:     |-- APT_CloudAtlas
2017-05-23 11:37:23,907 [cuckoo.core.startup] DEBUG:     |-- apt_sandworm_ip
2017-05-23 11:37:23,907 [cuckoo.core.startup] DEBUG:     |-- apt_sandworm_url
2017-05-23 11:37:23,907 [cuckoo.core.startup] DEBUG:     |-- ArdamaxMutexes
2017-05-23 11:37:23,907 [cuckoo.core.startup] DEBUG:     |-- AthenaHttp
2017-05-23 11:37:23,907 [cuckoo.core.startup] DEBUG:     |-- AthenaURL
2017-05-23 11:37:23,908 [cuckoo.core.startup] DEBUG:     |-- Autorun
2017-05-23 11:37:23,908 [cuckoo.core.startup] DEBUG:     |-- AvastDetectLibs
2017-05-23 11:37:23,908 [cuckoo.core.startup] DEBUG:     |-- AVDetectionChinaKey
2017-05-23 11:37:23,908 [cuckoo.core.startup] DEBUG:     |-- BadCerts
2017-05-23 11:37:23,908 [cuckoo.core.startup] DEBUG:     |-- Bagle
2017-05-23 11:37:23,908 [cuckoo.core.startup] DEBUG:     |-- Bandook
2017-05-23 11:37:23,909 [cuckoo.core.startup] DEBUG:     |-- banker_bancos
2017-05-23 11:37:23,909 [cuckoo.core.startup] DEBUG:     |-- BankingMutexes
2017-05-23 11:37:23,909 [cuckoo.core.startup] DEBUG:     |-- Banload
2017-05-23 11:37:23,909 [cuckoo.core.startup] DEBUG:     |-- Beastdoor
2017-05-23 11:37:23,909 [cuckoo.core.startup] DEBUG:     |-- BeebusMutexes
2017-05-23 11:37:23,910 [cuckoo.core.startup] DEBUG:     |-- BegseabugTDMutexes
2017-05-23 11:37:23,910 [cuckoo.core.startup] DEBUG:     |-- BetabotURL
2017-05-23 11:37:23,910 [cuckoo.core.startup] DEBUG:     |-- Bifrose
2017-05-23 11:37:23,910 [cuckoo.core.startup] DEBUG:     |-- BitcoinOpenCL
2017-05-23 11:37:23,910 [cuckoo.core.startup] DEBUG:     |-- BitcoinWallet
2017-05-23 11:37:23,910 [cuckoo.core.startup] DEBUG:     |-- BitdefenderDetectLibs
2017-05-23 11:37:23,911 [cuckoo.core.startup] DEBUG:     |-- BlackEnergyMutexes
2017-05-23 11:37:23,911 [cuckoo.core.startup] DEBUG:     |-- Blackhole
2017-05-23 11:37:23,911 [cuckoo.core.startup] DEBUG:     |-- BlackholeURL
2017-05-23 11:37:23,911 [cuckoo.core.startup] DEBUG:     |-- Blackice
2017-05-23 11:37:23,911 [cuckoo.core.startup] DEBUG:     |-- BlackposURL
2017-05-23 11:37:23,911 [cuckoo.core.startup] DEBUG:     |-- BlackRevMutexes
2017-05-23 11:37:23,912 [cuckoo.core.startup] DEBUG:     |-- Blackshades
2017-05-23 11:37:23,912 [cuckoo.core.startup] DEBUG:     |-- BladabindiMutexes
2017-05-23 11:37:23,912 [cuckoo.core.startup] DEBUG:     |-- BochsDetectKeys
2017-05-23 11:37:23,912 [cuckoo.core.startup] DEBUG:     |-- Bottilda
2017-05-23 11:37:23,912 [cuckoo.core.startup] DEBUG:     |-- BozokKey
2017-05-23 11:37:23,912 [cuckoo.core.startup] DEBUG:     |-- browser_startpage
2017-05-23 11:37:23,913 [cuckoo.core.startup] DEBUG:     |-- BrowserSecurity
2017-05-23 11:37:23,913 [cuckoo.core.startup] DEBUG:     |-- BrowserStealer
2017-05-23 11:37:23,913 [cuckoo.core.startup] DEBUG:     |-- Btcbotnet
2017-05-23 11:37:23,913 [cuckoo.core.startup] DEBUG:     |-- Bublik
2017-05-23 11:37:23,913 [cuckoo.core.startup] DEBUG:     |-- BuildLangID
2017-05-23 11:37:23,913 [cuckoo.core.startup] DEBUG:     |-- BuzusMutexes
2017-05-23 11:37:23,914 [cuckoo.core.startup] DEBUG:     |-- BypassFirewall
2017-05-23 11:37:23,914 [cuckoo.core.startup] DEBUG:     |-- c24URL
2017-05-23 11:37:23,914 [cuckoo.core.startup] DEBUG:     |-- CarberpMutexes
2017-05-23 11:37:23,914 [cuckoo.core.startup] DEBUG:     |-- Ceatrg
2017-05-23 11:37:23,914 [cuckoo.core.startup] DEBUG:     |-- ChanitorMutexes
2017-05-23 11:37:23,914 [cuckoo.core.startup] DEBUG:     |-- CheckIP
2017-05-23 11:37:23,915 [cuckoo.core.startup] DEBUG:     |-- cloud_mediafire
2017-05-23 11:37:23,915 [cuckoo.core.startup] DEBUG:     |-- cloud_wetransfer
2017-05-23 11:37:23,915 [cuckoo.core.startup] DEBUG:     |-- CloudFlare
2017-05-23 11:37:23,915 [cuckoo.core.startup] DEBUG:     |-- CloudGoogle
2017-05-23 11:37:23,915 [cuckoo.core.startup] DEBUG:     |-- CoinminerMutexes
2017-05-23 11:37:23,915 [cuckoo.core.startup] DEBUG:     |-- ComRAT
2017-05-23 11:37:23,916 [cuckoo.core.startup] DEBUG:     |-- Crash
2017-05-23 11:37:23,916 [cuckoo.core.startup] DEBUG:     |-- CreatesAutorunInf
2017-05-23 11:37:23,916 [cuckoo.core.startup] DEBUG:     |-- CreatesDocument
2017-05-23 11:37:23,916 [cuckoo.core.startup] DEBUG:     |-- CreatesExe
2017-05-23 11:37:23,916 [cuckoo.core.startup] DEBUG:     |-- CreatesService
2017-05-23 11:37:23,916 [cuckoo.core.startup] DEBUG:     |-- CreatesSuspiciousProcess
2017-05-23 11:37:23,917 [cuckoo.core.startup] DEBUG:     |-- Cridex
2017-05-23 11:37:23,917 [cuckoo.core.startup] DEBUG:     |-- Cryptolocker
2017-05-23 11:37:23,917 [cuckoo.core.startup] DEBUG:     |-- CuckooDetectFiles
2017-05-23 11:37:23,917 [cuckoo.core.startup] DEBUG:     |-- Cybergate
2017-05-23 11:37:23,917 [cuckoo.core.startup] DEBUG:     |-- Dapato
2017-05-23 11:37:23,917 [cuckoo.core.startup] DEBUG:     |-- Darkcloud
2017-05-23 11:37:23,918 [cuckoo.core.startup] DEBUG:     |-- DarkddosMutexes
2017-05-23 11:37:23,918 [cuckoo.core.startup] DEBUG:     |-- Darkshell
2017-05-23 11:37:23,918 [cuckoo.core.startup] DEBUG:     |-- Ddos556
2017-05-23 11:37:23,918 [cuckoo.core.startup] DEBUG:     |-- Decay
2017-05-23 11:37:23,918 [cuckoo.core.startup] DEBUG:     |-- DecebalMutexes
2017-05-23 11:37:23,918 [cuckoo.core.startup] DEBUG:     |-- DeletesSelf
2017-05-23 11:37:23,919 [cuckoo.core.startup] DEBUG:     |-- DelfTrojan
2017-05-23 11:37:23,919 [cuckoo.core.startup] DEBUG:     |-- DEPHeapBypass
2017-05-23 11:37:23,919 [cuckoo.core.startup] DEBUG:     |-- DEPStackBypass
2017-05-23 11:37:23,919 [cuckoo.core.startup] DEBUG:     |-- DerusbiMutexes
2017-05-23 11:37:23,919 [cuckoo.core.startup] DEBUG:     |-- Dexter
2017-05-23 11:37:23,920 [cuckoo.core.startup] DEBUG:     |-- Dibik
2017-05-23 11:37:23,920 [cuckoo.core.startup] DEBUG:     |-- DirtJumper
2017-05-23 11:37:23,920 [cuckoo.core.startup] DEBUG:     |-- DisableCmd
2017-05-23 11:37:23,920 [cuckoo.core.startup] DEBUG:     |-- DisableRegedit
2017-05-23 11:37:23,920 [cuckoo.core.startup] DEBUG:     |-- DisablesAppLaunch
2017-05-23 11:37:23,920 [cuckoo.core.startup] DEBUG:     |-- DisablesBrowserWarn
2017-05-23 11:37:23,921 [cuckoo.core.startup] DEBUG:     |-- DisablesSecurity
2017-05-23 11:37:23,921 [cuckoo.core.startup] DEBUG:     |-- DisablesSPDY
2017-05-23 11:37:23,921 [cuckoo.core.startup] DEBUG:     |-- DisablesSystemRestore
2017-05-23 11:37:23,921 [cuckoo.core.startup] DEBUG:     |-- DisablesWER
2017-05-23 11:37:23,921 [cuckoo.core.startup] DEBUG:     |-- DisablesWindowsUpdate
2017-05-23 11:37:23,921 [cuckoo.core.startup] DEBUG:     |-- DisableTaskMgr
2017-05-23 11:37:23,922 [cuckoo.core.startup] DEBUG:     |-- DiskInformation
2017-05-23 11:37:23,922 [cuckoo.core.startup] DEBUG:     |-- DisplaysHTA
2017-05-23 11:37:23,922 [cuckoo.core.startup] DEBUG:     |-- Dns_Freehosting_Domain
2017-05-23 11:37:23,922 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_BY
2017-05-23 11:37:23,922 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_CC
2017-05-23 11:37:23,922 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_ONION
2017-05-23 11:37:23,923 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_PW
2017-05-23 11:37:23,923 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_RU
2017-05-23 11:37:23,923 [cuckoo.core.startup] DEBUG:     |-- DNS_TLD_SU
2017-05-23 11:37:23,923 [cuckoo.core.startup] DEBUG:     |-- dnsserver_dynamic
2017-05-23 11:37:23,923 [cuckoo.core.startup] DEBUG:     |-- DoFoil
2017-05-23 11:37:23,923 [cuckoo.core.startup] DEBUG:     |-- DownloaderCabby
2017-05-23 11:37:23,924 [cuckoo.core.startup] DEBUG:     |-- Drive
2017-05-23 11:37:23,924 [cuckoo.core.startup] DEBUG:     |-- Drive2
2017-05-23 11:37:23,924 [cuckoo.core.startup] DEBUG:     |-- DriverLoad
2017-05-23 11:37:23,924 [cuckoo.core.startup] DEBUG:     |-- DropBox
2017-05-23 11:37:23,924 [cuckoo.core.startup] DEBUG:     |-- Dropper
2017-05-23 11:37:23,924 [cuckoo.core.startup] DEBUG:     |-- Dyreza
2017-05-23 11:37:23,925 [cuckoo.core.startup] DEBUG:     |-- EclipseMutexes
2017-05-23 11:37:23,925 [cuckoo.core.startup] DEBUG:     |-- Emotet
2017-05-23 11:37:23,925 [cuckoo.core.startup] DEBUG:     |-- Evilbot
2017-05-23 11:37:23,925 [cuckoo.core.startup] DEBUG:     |-- exp_3322_dom
2017-05-23 11:37:23,925 [cuckoo.core.startup] DEBUG:     |-- Expiro
2017-05-23 11:37:23,925 [cuckoo.core.startup] DEBUG:     |-- ExploitHeapspray
2017-05-23 11:37:23,926 [cuckoo.core.startup] DEBUG:     |-- ExploitKitMutexes
2017-05-23 11:37:23,926 [cuckoo.core.startup] DEBUG:     |-- FakeAVMutexes
2017-05-23 11:37:23,926 [cuckoo.core.startup] DEBUG:     |-- FakeAVMutexes
2017-05-23 11:37:23,926 [cuckoo.core.startup] DEBUG:     |-- FakeRean
2017-05-23 11:37:23,926 [cuckoo.core.startup] DEBUG:     |-- FarFli
2017-05-23 11:37:23,926 [cuckoo.core.startup] DEBUG:     |-- FesberMutexes
2017-05-23 11:37:23,927 [cuckoo.core.startup] DEBUG:     |-- Fingerprint
2017-05-23 11:37:23,927 [cuckoo.core.startup] DEBUG:     |-- Flame
2017-05-23 11:37:23,927 [cuckoo.core.startup] DEBUG:     |-- Flystudio
2017-05-23 11:37:23,927 [cuckoo.core.startup] DEBUG:     |-- FortinetDetectFiles
2017-05-23 11:37:23,927 [cuckoo.core.startup] DEBUG:     |-- FTPStealer
2017-05-23 11:37:23,927 [cuckoo.core.startup] DEBUG:     |-- Fynloski
2017-05-23 11:37:23,928 [cuckoo.core.startup] DEBUG:     |-- Gaelicum
2017-05-23 11:37:23,928 [cuckoo.core.startup] DEBUG:     |-- Ghostbot
2017-05-23 11:37:23,928 [cuckoo.core.startup] DEBUG:     |-- HasAuthenticode
2017-05-23 11:37:23,928 [cuckoo.core.startup] DEBUG:     |-- HasOfficeEps
2017-05-23 11:37:23,928 [cuckoo.core.startup] DEBUG:     |-- HasPdb
2017-05-23 11:37:23,929 [cuckoo.core.startup] DEBUG:     |-- HasWMI
2017-05-23 11:37:23,929 [cuckoo.core.startup] DEBUG:     |-- Hesperbot
2017-05-23 11:37:23,929 [cuckoo.core.startup] DEBUG:     |-- Hikit
2017-05-23 11:37:23,929 [cuckoo.core.startup] DEBUG:     |-- HookMouse
2017-05-23 11:37:23,929 [cuckoo.core.startup] DEBUG:     |-- Hupigon
2017-05-23 11:37:23,929 [cuckoo.core.startup] DEBUG:     |-- HyperVDetectKeys
2017-05-23 11:37:23,930 [cuckoo.core.startup] DEBUG:     |-- IcePoint
2017-05-23 11:37:23,930 [cuckoo.core.startup] DEBUG:     |-- IEMartian
2017-05-23 11:37:23,930 [cuckoo.core.startup] DEBUG:     |-- im_btb
2017-05-23 11:37:23,930 [cuckoo.core.startup] DEBUG:     |-- im_qq
2017-05-23 11:37:23,930 [cuckoo.core.startup] DEBUG:     |-- IMStealer
2017-05-23 11:37:23,930 [cuckoo.core.startup] DEBUG:     |-- InceptionAPT
2017-05-23 11:37:23,931 [cuckoo.core.startup] DEBUG:     |-- Infinity
2017-05-23 11:37:23,931 [cuckoo.core.startup] DEBUG:     |-- InjectionRunPE
2017-05-23 11:37:23,931 [cuckoo.core.startup] DEBUG:     |-- InjectionThread
2017-05-23 11:37:23,931 [cuckoo.core.startup] DEBUG:     |-- InstalledApps
2017-05-23 11:37:23,931 [cuckoo.core.startup] DEBUG:     |-- InstallsAppInit
2017-05-23 11:37:23,931 [cuckoo.core.startup] DEBUG:     |-- InstallsBHO
2017-05-23 11:37:23,932 [cuckoo.core.startup] DEBUG:     |-- InstallsWinpcap
2017-05-23 11:37:23,932 [cuckoo.core.startup] DEBUG:     |-- IPKillerMutexes
2017-05-23 11:37:23,932 [cuckoo.core.startup] DEBUG:     |-- Ircbrute
2017-05-23 11:37:23,932 [cuckoo.core.startup] DEBUG:     |-- ISRstealerURL
2017-05-23 11:37:23,932 [cuckoo.core.startup] DEBUG:     |-- iStealerURL
2017-05-23 11:37:23,932 [cuckoo.core.startup] DEBUG:     |-- JackPOSFile
2017-05-23 11:37:23,933 [cuckoo.core.startup] DEBUG:     |-- JackposURL
2017-05-23 11:37:23,933 [cuckoo.core.startup] DEBUG:     |-- JeefoMutexes
2017-05-23 11:37:23,933 [cuckoo.core.startup] DEBUG:     |-- Jewdo
2017-05-23 11:37:23,933 [cuckoo.core.startup] DEBUG:     |-- JintorMutexes
2017-05-23 11:37:23,933 [cuckoo.core.startup] DEBUG:     |-- JorikTrojan
2017-05-23 11:37:23,933 [cuckoo.core.startup] DEBUG:     |-- Karagany
2017-05-23 11:37:23,934 [cuckoo.core.startup] DEBUG:     |-- Karakum
2017-05-23 11:37:23,934 [cuckoo.core.startup] DEBUG:     |-- Katusha
2017-05-23 11:37:23,934 [cuckoo.core.startup] DEBUG:     |-- KelihosBot
2017-05-23 11:37:23,934 [cuckoo.core.startup] DEBUG:     |-- Keylogger
2017-05-23 11:37:23,934 [cuckoo.core.startup] DEBUG:     |-- Kilim
2017-05-23 11:37:23,934 [cuckoo.core.startup] DEBUG:     |-- Killdisk
2017-05-23 11:37:23,935 [cuckoo.core.startup] DEBUG:     |-- KnownVirustotal
2017-05-23 11:37:23,935 [cuckoo.core.startup] DEBUG:     |-- Koobface
2017-05-23 11:37:23,935 [cuckoo.core.startup] DEBUG:     |-- Koutodoor
2017-05-23 11:37:23,935 [cuckoo.core.startup] DEBUG:     |-- KovterBot
2017-05-23 11:37:23,935 [cuckoo.core.startup] DEBUG:     |-- KrepperMutexes
2017-05-23 11:37:23,935 [cuckoo.core.startup] DEBUG:     |-- KuluozMutexes
2017-05-23 11:37:23,936 [cuckoo.core.startup] DEBUG:     |-- Likseput
2017-05-23 11:37:23,936 [cuckoo.core.startup] DEBUG:     |-- LocatesBrowser
2017-05-23 11:37:23,936 [cuckoo.core.startup] DEBUG:     |-- LocatesSniffer
2017-05-23 11:37:23,936 [cuckoo.core.startup] DEBUG:     |-- Lockscreen
2017-05-23 11:37:23,936 [cuckoo.core.startup] DEBUG:     |-- LolBot
2017-05-23 11:37:23,936 [cuckoo.core.startup] DEBUG:     |-- Luder
2017-05-23 11:37:23,937 [cuckoo.core.startup] DEBUG:     |-- Madness
2017-05-23 11:37:23,937 [cuckoo.core.startup] DEBUG:     |-- Madness
2017-05-23 11:37:23,937 [cuckoo.core.startup] DEBUG:     |-- MadnessURL
2017-05-23 11:37:23,937 [cuckoo.core.startup] DEBUG:     |-- MaganiaMutexes
2017-05-23 11:37:23,937 [cuckoo.core.startup] DEBUG:     |-- MailStealer
2017-05-23 11:37:23,937 [cuckoo.core.startup] DEBUG:     |-- MaliciousDocumentURLs
2017-05-23 11:37:23,938 [cuckoo.core.startup] DEBUG:     |-- MegaUpload
2017-05-23 11:37:23,938 [cuckoo.core.startup] DEBUG:     |-- MemoryAvailable
2017-05-23 11:37:23,938 [cuckoo.core.startup] DEBUG:     |-- Minerbot
2017-05-23 11:37:23,938 [cuckoo.core.startup] DEBUG:     |-- miningpool
2017-05-23 11:37:23,938 [cuckoo.core.startup] DEBUG:     |-- MircFile
2017-05-23 11:37:23,938 [cuckoo.core.startup] DEBUG:     |-- ModifiesDesktopWallpaper
2017-05-23 11:37:23,939 [cuckoo.core.startup] DEBUG:     |-- ModifiesFiles
2017-05-23 11:37:23,939 [cuckoo.core.startup] DEBUG:     |-- ModifiesUACNotify
2017-05-23 11:37:23,939 [cuckoo.core.startup] DEBUG:     |-- MyBot
2017-05-23 11:37:23,939 [cuckoo.core.startup] DEBUG:     |-- Nakbot
2017-05-23 11:37:23,939 [cuckoo.core.startup] DEBUG:     |-- Napolar
2017-05-23 11:37:23,940 [cuckoo.core.startup] DEBUG:     |-- Nebuler
2017-05-23 11:37:23,940 [cuckoo.core.startup] DEBUG:     |-- Netobserve
2017-05-23 11:37:23,940 [cuckoo.core.startup] DEBUG:     |-- Netshadow
2017-05-23 11:37:23,940 [cuckoo.core.startup] DEBUG:     |-- Netwire
2017-05-23 11:37:23,940 [cuckoo.core.startup] DEBUG:     |-- NetworkAdapters
2017-05-23 11:37:23,940 [cuckoo.core.startup] DEBUG:     |-- NetworkDocumentFile
2017-05-23 11:37:23,941 [cuckoo.core.startup] DEBUG:     |-- NetworkEXE
2017-05-23 11:37:23,941 [cuckoo.core.startup] DEBUG:     |-- Nitol
2017-05-23 11:37:23,941 [cuckoo.core.startup] DEBUG:     |-- NjRat
2017-05-23 11:37:23,941 [cuckoo.core.startup] DEBUG:     |-- ObfusMutexes
2017-05-23 11:37:23,941 [cuckoo.core.startup] DEBUG:     |-- OfficeCreateObject
2017-05-23 11:37:23,941 [cuckoo.core.startup] DEBUG:     |-- OfficeEpsStrings
2017-05-23 11:37:23,942 [cuckoo.core.startup] DEBUG:     |-- OfficeHttpRequest
2017-05-23 11:37:23,942 [cuckoo.core.startup] DEBUG:     |-- OfficePackager
2017-05-23 11:37:23,942 [cuckoo.core.startup] DEBUG:     |-- OfficeRecentFiles
2017-05-23 11:37:23,942 [cuckoo.core.startup] DEBUG:     |-- OfficeVulnerableGuid
2017-05-23 11:37:23,942 [cuckoo.core.startup] DEBUG:     |-- OfficeVulnModules
2017-05-23 11:37:23,942 [cuckoo.core.startup] DEBUG:     |-- Oldrea
2017-05-23 11:37:23,943 [cuckoo.core.startup] DEBUG:     |-- PackerEntropy
2017-05-23 11:37:23,943 [cuckoo.core.startup] DEBUG:     |-- Palevo
2017-05-23 11:37:23,943 [cuckoo.core.startup] DEBUG:     |-- ParallelsDetectKeys
2017-05-23 11:37:23,943 [cuckoo.core.startup] DEBUG:     |-- Pasta
2017-05-23 11:37:23,943 [cuckoo.core.startup] DEBUG:     |-- PcClientMutexes
2017-05-23 11:37:23,943 [cuckoo.core.startup] DEBUG:     |-- PEFeatures
2017-05-23 11:37:23,944 [cuckoo.core.startup] DEBUG:     |-- PerfLogger
2017-05-23 11:37:23,944 [cuckoo.core.startup] DEBUG:     |-- PersistenceBootexecute
2017-05-23 11:37:23,944 [cuckoo.core.startup] DEBUG:     |-- Phorpiex
2017-05-23 11:37:23,944 [cuckoo.core.startup] DEBUG:     |-- Pidief
2017-05-23 11:37:23,944 [cuckoo.core.startup] DEBUG:     |-- Plugx
2017-05-23 11:37:23,944 [cuckoo.core.startup] DEBUG:     |-- Poebot
2017-05-23 11:37:23,945 [cuckoo.core.startup] DEBUG:     |-- PoisonIvy
2017-05-23 11:37:23,945 [cuckoo.core.startup] DEBUG:     |-- Polymorphic
2017-05-23 11:37:23,945 [cuckoo.core.startup] DEBUG:     |-- Ponfoy
2017-05-23 11:37:23,945 [cuckoo.core.startup] DEBUG:     |-- PonyURL
2017-05-23 11:37:23,945 [cuckoo.core.startup] DEBUG:     |-- PosCardStealerURL
2017-05-23 11:37:23,945 [cuckoo.core.startup] DEBUG:     |-- Prinimalka
2017-05-23 11:37:23,946 [cuckoo.core.startup] DEBUG:     |-- ProcessInterest
2017-05-23 11:37:23,946 [cuckoo.core.startup] DEBUG:     |-- ProcessNeeded
2017-05-23 11:37:23,946 [cuckoo.core.startup] DEBUG:     |-- ProcMemDumpURLs
2017-05-23 11:37:23,946 [cuckoo.core.startup] DEBUG:     |-- Psyokym
2017-05-23 11:37:23,946 [cuckoo.core.startup] DEBUG:     |-- PuceMutexes
2017-05-23 11:37:23,946 [cuckoo.core.startup] DEBUG:     |-- PutterpandaMutexes
2017-05-23 11:37:23,947 [cuckoo.core.startup] DEBUG:     |-- Putty
2017-05-23 11:37:23,947 [cuckoo.core.startup] DEBUG:     |-- PWDumpFile
2017-05-23 11:37:23,947 [cuckoo.core.startup] DEBUG:     |-- Pykse
2017-05-23 11:37:23,947 [cuckoo.core.startup] DEBUG:     |-- Qakbot
2017-05-23 11:37:23,947 [cuckoo.core.startup] DEBUG:     |-- Ragebot
2017-05-23 11:37:23,947 [cuckoo.core.startup] DEBUG:     |-- RaisesException
2017-05-23 11:37:23,948 [cuckoo.core.startup] DEBUG:     |-- Ramnit
2017-05-23 11:37:23,948 [cuckoo.core.startup] DEBUG:     |-- ransomware_viruscoder
2017-05-23 11:37:23,948 [cuckoo.core.startup] DEBUG:     |-- RansomwareBcdedit
2017-05-23 11:37:23,948 [cuckoo.core.startup] DEBUG:     |-- RansomwareExtensions
2017-05-23 11:37:23,948 [cuckoo.core.startup] DEBUG:     |-- RansomwareFiles
2017-05-23 11:37:23,948 [cuckoo.core.startup] DEBUG:     |-- RansomwareShadowcopy
2017-05-23 11:37:23,949 [cuckoo.core.startup] DEBUG:     |-- RapidShare
2017-05-23 11:37:23,949 [cuckoo.core.startup] DEBUG:     |-- rat_fexel_ip
2017-05-23 11:37:23,949 [cuckoo.core.startup] DEBUG:     |-- rat_naid_ip
2017-05-23 11:37:23,949 [cuckoo.core.startup] DEBUG:     |-- RatSiggen
2017-05-23 11:37:23,949 [cuckoo.core.startup] DEBUG:     |-- RBot
2017-05-23 11:37:23,950 [cuckoo.core.startup] DEBUG:     |-- RdpMutexes
2017-05-23 11:37:23,950 [cuckoo.core.startup] DEBUG:     |-- Renocide
2017-05-23 11:37:23,950 [cuckoo.core.startup] DEBUG:     |-- RenosTrojan
2017-05-23 11:37:23,950 [cuckoo.core.startup] DEBUG:     |-- Rovnix
2017-05-23 11:37:23,950 [cuckoo.core.startup] DEBUG:     |-- Runbu
2017-05-23 11:37:23,950 [cuckoo.core.startup] DEBUG:     |-- RunouceMutexes
2017-05-23 11:37:23,951 [cuckoo.core.startup] DEBUG:     |-- Ruskill
2017-05-23 11:37:23,951 [cuckoo.core.startup] DEBUG:     |-- Sadbot
2017-05-23 11:37:23,951 [cuckoo.core.startup] DEBUG:     |-- SandboxieDetect
2017-05-23 11:37:23,951 [cuckoo.core.startup] DEBUG:     |-- SandboxJoeAnubisDetectFiles
2017-05-23 11:37:23,951 [cuckoo.core.startup] DEBUG:     |-- SDBot
2017-05-23 11:37:23,951 [cuckoo.core.startup] DEBUG:     |-- SelfDeleteBat
2017-05-23 11:37:23,952 [cuckoo.core.startup] DEBUG:     |-- Senna
2017-05-23 11:37:23,952 [cuckoo.core.startup] DEBUG:     |-- Shadowbot
2017-05-23 11:37:23,952 [cuckoo.core.startup] DEBUG:     |-- SharingRGhost
2017-05-23 11:37:23,952 [cuckoo.core.startup] DEBUG:     |-- SharpStealerURL
2017-05-23 11:37:23,952 [cuckoo.core.startup] DEBUG:     |-- ShellcodeWriteProcessMemory
2017-05-23 11:37:23,952 [cuckoo.core.startup] DEBUG:     |-- Shiz
2017-05-23 11:37:23,953 [cuckoo.core.startup] DEBUG:     |-- ShutdownSystem
2017-05-23 11:37:23,953 [cuckoo.core.startup] DEBUG:     |-- Shylock
2017-05-23 11:37:23,953 [cuckoo.core.startup] DEBUG:     |-- SipStun
2017-05-23 11:37:23,953 [cuckoo.core.startup] DEBUG:     |-- Smtp_GMail
2017-05-23 11:37:23,953 [cuckoo.core.startup] DEBUG:     |-- Smtp_Live
2017-05-23 11:37:23,953 [cuckoo.core.startup] DEBUG:     |-- Smtp_Mail_Ru
2017-05-23 11:37:23,954 [cuckoo.core.startup] DEBUG:     |-- Smtp_Yahoo
2017-05-23 11:37:23,954 [cuckoo.core.startup] DEBUG:     |-- SolarURL
2017-05-23 11:37:23,954 [cuckoo.core.startup] DEBUG:     |-- SpyEyeMutexes
2017-05-23 11:37:23,954 [cuckoo.core.startup] DEBUG:     |-- SpyeyeURL
2017-05-23 11:37:23,954 [cuckoo.core.startup] DEBUG:     |-- SpynetRat
2017-05-23 11:37:23,954 [cuckoo.core.startup] DEBUG:     |-- Spyrecorder
2017-05-23 11:37:23,955 [cuckoo.core.startup] DEBUG:     |-- StackPivot
2017-05-23 11:37:23,955 [cuckoo.core.startup] DEBUG:     |-- StackPivotDllLoad
2017-05-23 11:37:23,955 [cuckoo.core.startup] DEBUG:     |-- Staser
2017-05-23 11:37:23,955 [cuckoo.core.startup] DEBUG:     |-- StealthChildProc
2017-05-23 11:37:23,955 [cuckoo.core.startup] DEBUG:     |-- StealthHiddenExtension
2017-05-23 11:37:23,955 [cuckoo.core.startup] DEBUG:     |-- StealthHiddenFile
2017-05-23 11:37:23,956 [cuckoo.core.startup] DEBUG:     |-- StealthHiddenIcons
2017-05-23 11:37:23,956 [cuckoo.core.startup] DEBUG:     |-- StopsService
2017-05-23 11:37:23,956 [cuckoo.core.startup] DEBUG:     |-- SunbeltDetectFiles
2017-05-23 11:37:23,956 [cuckoo.core.startup] DEBUG:     |-- SunBeltSandboxDetect
2017-05-23 11:37:23,956 [cuckoo.core.startup] DEBUG:     |-- SuspiciousPowershell
2017-05-23 11:37:23,956 [cuckoo.core.startup] DEBUG:     |-- SuspiciousWriteEXE
2017-05-23 11:37:23,957 [cuckoo.core.startup] DEBUG:     |-- SweetorangeMutexes
2017-05-23 11:37:23,957 [cuckoo.core.startup] DEBUG:     |-- Swrort
2017-05-23 11:37:23,957 [cuckoo.core.startup] DEBUG:     |-- SystemInfo
2017-05-23 11:37:23,957 [cuckoo.core.startup] DEBUG:     |-- SystemMetrics
2017-05-23 11:37:23,957 [cuckoo.core.startup] DEBUG:     |-- TapiDpMutexes
2017-05-23 11:37:23,957 [cuckoo.core.startup] DEBUG:     |-- TDSSBackdoor
2017-05-23 11:37:23,958 [cuckoo.core.startup] DEBUG:     |-- TeamviewerRat
2017-05-23 11:37:23,958 [cuckoo.core.startup] DEBUG:     |-- ThreatTrackDetectFiles
2017-05-23 11:37:23,958 [cuckoo.core.startup] DEBUG:     |-- TinbaMutexes
2017-05-23 11:37:23,958 [cuckoo.core.startup] DEBUG:     |-- TnegaMutexes
2017-05-23 11:37:23,958 [cuckoo.core.startup] DEBUG:     |-- Tor
2017-05-23 11:37:23,958 [cuckoo.core.startup] DEBUG:     |-- TorHiddenService
2017-05-23 11:37:23,959 [cuckoo.core.startup] DEBUG:     |-- Travnet
2017-05-23 11:37:23,959 [cuckoo.core.startup] DEBUG:     |-- Trogbot
2017-05-23 11:37:23,959 [cuckoo.core.startup] DEBUG:     |-- TrojanJorik
2017-05-23 11:37:23,959 [cuckoo.core.startup] DEBUG:     |-- TrojanLethic
2017-05-23 11:37:23,959 [cuckoo.core.startup] DEBUG:     |-- TrojanLethic
2017-05-23 11:37:23,959 [cuckoo.core.startup] DEBUG:     |-- trojanmrblack
2017-05-23 11:37:23,960 [cuckoo.core.startup] DEBUG:     |-- TrojanRedosru
2017-05-23 11:37:23,960 [cuckoo.core.startup] DEBUG:     |-- TrojanSysn
2017-05-23 11:37:23,960 [cuckoo.core.startup] DEBUG:     |-- trojanyoddos
2017-05-23 11:37:23,960 [cuckoo.core.startup] DEBUG:     |-- TufikMutexes
2017-05-23 11:37:23,960 [cuckoo.core.startup] DEBUG:     |-- Turkojan
2017-05-23 11:37:23,960 [cuckoo.core.startup] DEBUG:     |-- TurlaCarbon
2017-05-23 11:37:23,961 [cuckoo.core.startup] DEBUG:     |-- UFRStealer
2017-05-23 11:37:23,961 [cuckoo.core.startup] DEBUG:     |-- Unhook
2017-05-23 11:37:23,961 [cuckoo.core.startup] DEBUG:     |-- Upatre
2017-05-23 11:37:23,961 [cuckoo.core.startup] DEBUG:     |-- UpatreTDMutexes
2017-05-23 11:37:23,961 [cuckoo.core.startup] DEBUG:     |-- UPXCompressed
2017-05-23 11:37:23,962 [cuckoo.core.startup] DEBUG:     |-- UrkShortCN
2017-05-23 11:37:23,962 [cuckoo.core.startup] DEBUG:     |-- URLSpy
2017-05-23 11:37:23,962 [cuckoo.core.startup] DEBUG:     |-- UroburosFile
2017-05-23 11:37:23,962 [cuckoo.core.startup] DEBUG:     |-- UroburosMutexes
2017-05-23 11:37:23,962 [cuckoo.core.startup] DEBUG:     |-- Urxbot
2017-05-23 11:37:23,962 [cuckoo.core.startup] DEBUG:     |-- UsesWindowsUtilities
2017-05-23 11:37:23,963 [cuckoo.core.startup] DEBUG:     |-- Vanbot
2017-05-23 11:37:23,963 [cuckoo.core.startup] DEBUG:     |-- VBInject
2017-05-23 11:37:23,963 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectACPI
2017-05-23 11:37:23,963 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectDevices
2017-05-23 11:37:23,963 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectFiles
2017-05-23 11:37:23,963 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectKeys
2017-05-23 11:37:23,964 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectProvname
2017-05-23 11:37:23,964 [cuckoo.core.startup] DEBUG:     |-- VBoxDetectWindow
2017-05-23 11:37:23,964 [cuckoo.core.startup] DEBUG:     |-- Vertex
2017-05-23 11:37:23,964 [cuckoo.core.startup] DEBUG:     |-- VertexSolarURL
2017-05-23 11:37:23,964 [cuckoo.core.startup] DEBUG:     |-- VirtualPCDetect
2017-05-23 11:37:23,964 [cuckoo.core.startup] DEBUG:     |-- VirtualPCIllegalInstruction
2017-05-23 11:37:23,965 [cuckoo.core.startup] DEBUG:     |-- Virut
2017-05-23 11:37:23,965 [cuckoo.core.startup] DEBUG:     |-- VMFirmware
2017-05-23 11:37:23,965 [cuckoo.core.startup] DEBUG:     |-- VMPPacked
2017-05-23 11:37:23,965 [cuckoo.core.startup] DEBUG:     |-- VMWareDetectFiles
2017-05-23 11:37:23,965 [cuckoo.core.startup] DEBUG:     |-- VMWareDetectKeys
2017-05-23 11:37:23,965 [cuckoo.core.startup] DEBUG:     |-- VMWareInInstruction
2017-05-23 11:37:23,966 [cuckoo.core.startup] DEBUG:     |-- VncMutexes
2017-05-23 11:37:23,966 [cuckoo.core.startup] DEBUG:     |-- VNLoaderURL
2017-05-23 11:37:23,966 [cuckoo.core.startup] DEBUG:     |-- VolDevicetree1
2017-05-23 11:37:23,966 [cuckoo.core.startup] DEBUG:     |-- VolHandles1
2017-05-23 11:37:23,966 [cuckoo.core.startup] DEBUG:     |-- VolLdrModules1
2017-05-23 11:37:23,966 [cuckoo.core.startup] DEBUG:     |-- VolLdrModules2
2017-05-23 11:37:23,967 [cuckoo.core.startup] DEBUG:     |-- VolMalfind1
2017-05-23 11:37:23,967 [cuckoo.core.startup] DEBUG:     |-- VolModscan1
2017-05-23 11:37:23,967 [cuckoo.core.startup] DEBUG:     |-- VolSvcscan1
2017-05-23 11:37:23,967 [cuckoo.core.startup] DEBUG:     |-- VolSvcscan2
2017-05-23 11:37:23,967 [cuckoo.core.startup] DEBUG:     |-- VolSvcscan3
2017-05-23 11:37:23,967 [cuckoo.core.startup] DEBUG:     |-- VPCDetectKeys
2017-05-23 11:37:23,968 [cuckoo.core.startup] DEBUG:     |-- Wakbot
2017-05-23 11:37:23,968 [cuckoo.core.startup] DEBUG:     |-- WarbotURL
2017-05-23 11:37:23,968 [cuckoo.core.startup] DEBUG:     |-- Whimoo
2017-05-23 11:37:23,968 [cuckoo.core.startup] DEBUG:     |-- Win32ProcessCreate
2017-05-23 11:37:23,968 [cuckoo.core.startup] DEBUG:     |-- WineDetect
2017-05-23 11:37:23,968 [cuckoo.core.startup] DEBUG:     |-- WinSCP
2017-05-23 11:37:23,969 [cuckoo.core.startup] DEBUG:     |-- WinSxsBot
2017-05-23 11:37:23,969 [cuckoo.core.startup] DEBUG:     |-- WMIAntiVM
2017-05-23 11:37:23,969 [cuckoo.core.startup] DEBUG:     |-- WormAllaple
2017-05-23 11:37:23,969 [cuckoo.core.startup] DEBUG:     |-- WormKolabc
2017-05-23 11:37:23,969 [cuckoo.core.startup] DEBUG:     |-- XenDetectKeys
2017-05-23 11:37:23,969 [cuckoo.core.startup] DEBUG:     |-- XtremeRAT
2017-05-23 11:37:23,970 [cuckoo.core.startup] DEBUG:     |-- Xworm
2017-05-23 11:37:23,970 [cuckoo.core.startup] DEBUG:     |-- Zegost
2017-05-23 11:37:23,970 [cuckoo.core.startup] DEBUG:     |-- ZeusMutexes
2017-05-23 11:37:23,970 [cuckoo.core.startup] DEBUG:     |-- ZeusP2P
2017-05-23 11:37:23,970 [cuckoo.core.startup] DEBUG:     |-- ZeusURL
2017-05-23 11:37:23,970 [cuckoo.core.startup] DEBUG:     `-- ZoneID
2017-05-23 11:37:23,971 [cuckoo.core.startup] DEBUG: Imported "reporting" modules:
2017-05-23 11:37:23,971 [cuckoo.core.startup] DEBUG:     |-- ElasticSearch
2017-05-23 11:37:23,971 [cuckoo.core.startup] DEBUG:     |-- Feedback
2017-05-23 11:37:23,971 [cuckoo.core.startup] DEBUG:     |-- JsonDump
2017-05-23 11:37:23,971 [cuckoo.core.startup] DEBUG:     |-- Mattermost
2017-05-23 11:37:23,971 [cuckoo.core.startup] DEBUG:     |-- MISP
2017-05-23 11:37:23,972 [cuckoo.core.startup] DEBUG:     |-- Moloch
2017-05-23 11:37:23,972 [cuckoo.core.startup] DEBUG:     |-- MongoDB
2017-05-23 11:37:23,972 [cuckoo.core.startup] DEBUG:     |-- Notification
2017-05-23 11:37:23,972 [cuckoo.core.startup] DEBUG:     `-- SingleFile
2017-05-23 11:37:23,972 [cuckoo.core.startup] DEBUG: Checking for locked tasks..
2017-05-23 11:37:23,993 [cuckoo.core.startup] DEBUG: Checking for pending service tasks..
2017-05-23 11:37:24,005 [cuckoo.core.startup] DEBUG: Initializing Yara...
2017-05-23 11:37:24,006 [cuckoo.core.startup] DEBUG:     |-- binaries embedded.yar
2017-05-23 11:37:24,006 [cuckoo.core.startup] DEBUG:     |-- binaries shellcodes.yar
2017-05-23 11:37:24,006 [cuckoo.core.startup] DEBUG:     `-- binaries vmdetect.yar
2017-05-23 11:37:24,010 [cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.5.1:2042.
2017-05-23 11:37:24,012 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager
2017-05-23 11:37:24,858 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo11 to lone
2017-05-23 11:37:25,014 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s
2017-05-23 11:37:25,034 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
2017-05-23 11:37:37,469 [cuckoo.core.scheduler] DEBUG: Processing task #19
2017-05-23 11:37:37,486 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "cmd.exe" (task #19, options "")
2017-05-23 11:37:37,587 [cuckoo.core.scheduler] INFO: Task #19: acquired machine cuckoo11 (label=cuckoo11)
2017-05-23 11:37:37,777 [cuckoo.machinery.virtualbox] DEBUG: Starting vm cuckoo11
2017-05-23 11:37:38,120 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo11 to lone
2017-05-23 11:37:38,403 [cuckoo.common.abstracts] DEBUG: Waiting 0 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:39,588 [cuckoo.common.abstracts] DEBUG: Waiting 1 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:40,759 [cuckoo.common.abstracts] DEBUG: Waiting 2 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:41,939 [cuckoo.common.abstracts] DEBUG: Waiting 3 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:43,107 [cuckoo.common.abstracts] DEBUG: Waiting 4 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:44,290 [cuckoo.common.abstracts] DEBUG: Waiting 5 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:45,499 [cuckoo.common.abstracts] DEBUG: Waiting 6 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:46,721 [cuckoo.common.abstracts] DEBUG: Waiting 7 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:47,894 [cuckoo.common.abstracts] DEBUG: Waiting 8 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:49,065 [cuckoo.common.abstracts] DEBUG: Waiting 9 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:50,263 [cuckoo.common.abstracts] DEBUG: Waiting 10 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:51,434 [cuckoo.common.abstracts] DEBUG: Waiting 11 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:52,613 [cuckoo.common.abstracts] DEBUG: Waiting 12 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:53,792 [cuckoo.common.abstracts] DEBUG: Waiting 13 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:55,024 [cuckoo.common.abstracts] DEBUG: Waiting 14 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:56,323 [cuckoo.common.abstracts] DEBUG: Waiting 15 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:57,483 [cuckoo.common.abstracts] DEBUG: Waiting 16 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:58,690 [cuckoo.common.abstracts] DEBUG: Waiting 17 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:37:59,864 [cuckoo.common.abstracts] DEBUG: Waiting 18 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:38:01,175 [cuckoo.common.abstracts] DEBUG: Waiting 19 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:38:02,347 [cuckoo.common.abstracts] DEBUG: Waiting 20 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:38:03,520 [cuckoo.common.abstracts] DEBUG: Waiting 21 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:38:04,693 [cuckoo.common.abstracts] DEBUG: Waiting 22 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:38:05,895 [cuckoo.common.abstracts] DEBUG: Waiting 23 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:38:07,074 [cuckoo.common.abstracts] DEBUG: Waiting 24 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:38:08,235 [cuckoo.common.abstracts] DEBUG: Waiting 25 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:38:09,390 [cuckoo.common.abstracts] DEBUG: Waiting 26 cuckooseconds for machine cuckoo11 to switch to status ('saved',)
2017-05-23 11:38:09,390 [cuckoo.core.scheduler] ERROR: Error starting Virtual Machine! VM: cuckoo11, error: Timeout hit while for machine cuckoo11 to change status
2017-05-23 11:38:09,391 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo11
2017-05-23 11:38:09,569 [cuckoo.core.scheduler] WARNING: Unable to stop machine cuckoo11: Trying to stop an already stopped VM: cuckoo11
2017-05-23 11:38:09,651 [cuckoo.core.rooter] CRITICAL: Unable to passthrough root command (drop_disable) as the rooter unix socket doesn't exist.
2017-05-23 11:38:09,764 [cuckoo.core.scheduler] DEBUG: Released database task #19
2017-05-23 11:38:09,790 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:09,791 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/anton/.cuckoo/storage/analyses/19/logs'.
2017-05-23 11:38:09,791 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:09,792 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:09,792 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:09,793 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:09,793 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:09,794 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:09,794 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:10,558 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:10,600 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:10,615 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:10,615 [cuckoo.processing.network] WARNING: The PCAP file does not exist at path "/home/anton/.cuckoo/storage/analyses/19/dump.pcap".
2017-05-23 11:38:10,616 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:11,235 [cuckoo.core.plugins] DEBUG: Executed processing module "VirusTotal" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:11,235 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:11,236 [cuckoo.processing.debug] ERROR: Error processing task #19: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration
2017-05-23 11:38:11,315 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/home/anton/.cuckoo/storage/analyses/19"
2017-05-23 11:38:11,328 [cuckoo.core.plugins] DEBUG: Running 421 signatures
2017-05-23 11:38:11,566 [cuckoo.core.plugins] DEBUG: Analysis matched signature: has_pdb
2017-05-23 11:38:11,582 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2017-05-23 11:38:11,594 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB"
2017-05-23 11:38:11,595 [cuckoo.core.scheduler] INFO: Task #19: reports generation completed (path=/home/anton/.cuckoo/storage/analyses/19)
2017-05-23 11:38:11,663 [cuckoo.core.scheduler] INFO: Task #19: analysis procedure completed

At the same time "vboxmanage list runningvms" shows nothing. My virtualbox.conf

[virtualbox]
mode = headless
path = /usr/bin/VBoxManage
interface = vboxnet0
machines = cuckoo11
[cuckoo11]
label = cuckoo11
platform = windows
ip = 192.168.5.5
snapshot = lone 
interface = vboxnet0 
resultserver_ip =  
resultserver_port = 
tags = 
options = 
osprofile = 
[honeyd]
label = honeyd
platform = linux
ip = 192.168.56.102
tags = service, honeyd
#options = nictrace noagent

So, I just don`t understand why it happens and how I can resolve my issue. Any help will be appreciated

uncleAntik commented 7 years ago

So I install auditd and configure it to audit vbox.sh (symlink /usr/bin/VBoxManage). When I submit file for analyse cuckoo submit filepath ausearch show me this time->Wed May 24 16:17:05 2017 type=PROCTITLE msg=audit(1495631825.777:195826): proctitle=2F62696E2F7368002F7573722F62696E2F56426F784D616E6167650073686F77766D696E666F006375636B6F6F3131002D2D6D616368696E657265616461626C65 type=PATH msg=audit(1495631825.777:195826): item=2 name="/lib64/ld-linux-x86-64.so.2" inode=13373821 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL type=PATH msg=audit(1495631825.777:195826): item=1 name="/bin/sh" inode=1179668 dev=fc:00 mode=0100755 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL type=PATH msg=audit(1495631825.777:195826): item=0 name="/usr/bin/VBoxManage" inode=4852184 dev=fc:00 mode=0100745 ouid=0 ogid=0 rdev=00:00 nametype=NORMAL type=CWD msg=audit(1495631825.777:195826): cwd="/home/anton" type=EXECVE msg=audit(1495631825.777:195826): argc=5 a0="/bin/sh" a1="/usr/bin/VBoxManage" a2="showvminfo" a3="cuckoo11" a4="--machinereadable" type=SYSCALL msg=audit(1495631825.777:195826): arch=c000003e syscall=59 success=yes exit=0 a0=7fce081455e0 a1=7fce08092190 a2=2db31e0 a3=97 items=3 ppid=5145 pid=6570 auid=1001 uid=1001 gid=1001 euid=1001 suid=1001 fsuid=1001 egid=1001 sgid=1001 fsgid=1001 tty=pts1 ses=2 comm="VBoxManage" exe="/bin/dash" key="vboxm" I dont see in aurearch any try to start vm or restore to current snapshot or something more. Why cuckoo dont start vm after submitting file?

weiqiangdragonite commented 7 years ago

I have the same problem,how to fix this?

doomedraven commented 7 years ago

why status is saved? it should be running

jbremer commented 7 years ago

@cheantik Well, you have to actually run the Cuckoo daemon (i.e., cuckoo -d). @weiqiangdragonite Which problem exactly?

uncleAntik commented 7 years ago

Cuckoo daemon is running, Then I submit a file cuckoo dont start a vm for analyse a file. 2017-05-23 11:38:09,390 [cuckoo.core.scheduler] ERROR: Error starting Virtual Machine! VM: cuckoo11, error: Timeout hit while for machine cuckoo11 to change status` At the same time (cuckoo daemon is running, file submitted) auditd shows me many times only one exec- type=EXECVE msg=audit(1495631825.777:195826): argc=5 a0="/bin/sh" a1="/usr/bin/VBoxManage" a2="showvminfo" a3="cuckoo11" a4="--machinereadable"

weiqiangdragonite commented 7 years ago

@chentik I have solve this problem, I think is the virtualbox snapshot cause the cuckoo cant start the vm. I suggest you re-create the vm snapshot follow the cuckoo docs http://docs.cuckoosandbox.org/en/latest/installation/guest/saving/

uncleAntik commented 7 years ago

@weiqiangdragonite It`s work for me too. Only after delete and re-create vm snapshot as described here http://docs.cuckoosandbox.org/en/latest/installation/guest/saving/ vm started. Thanks!