search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.49k stars 1.7k forks source link

Cuckoo Errors #1872

Open SamTabaja opened 6 years ago

SamTabaja commented 6 years ago

Hello everyone.

Im using Cuckoo version 2.0.4 on Ubuntu, and VMware as virtual machine player. However, every time i submit a file a few errors appears such as following:

Checking for updates... You're good to go! 2017-10-02 00:56:28,343 [cuckoo.core.startup] INFO: Updated running task ID 9 status to failed_analysis 2017-10-02 00:56:28,365 [cuckoo.core.scheduler] INFO: Using "vmware" as machine manager 2017-10-02 00:56:29,208 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2017-10-02 00:56:29,226 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2017-10-02 00:56:41,738 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "1003.exe" (task #10, options "") 2017-10-02 00:56:41,850 [cuckoo.core.scheduler] INFO: Task #10: acquired machine WinXP (label=/home/geo/vmware/WinXP/WinXP.vmx) 2017-10-02 00:56:41,864 [cuckoo.auxiliary.mitm] INFO: Started mitm interception with PID 23971 (ip=192.168.33.1, port=50000). 2017-10-02 00:56:41,875 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 23972 (interface=vmnet8, host=192.168.33.128) 2017-10-02 00:56:42,701 [cuckoo.core.scheduler] ERROR: Error starting Virtual Machine! VM: WinXP, error: Unable to revert snapshot for machine /home/geo/vmware/WinXP/WinXP.vmx: vmrun exited with error 2017-10-02 00:56:43,123 [cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/scheduler.py", line 698, in run self.launch_analysis() File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/scheduler.py", line 565, in launch_analysis machinery.dump_memory(self.machine.label, dump_path) File "/usr/local/lib/python2.7/dist-packages/cuckoo/machinery/vmware.py", line 199, in dump_memory key=os.path.getctime) ValueError: max() arg is an empty sequence

I wish if you can help with this. Thank you in advanced.

SamTabaja commented 6 years ago

i did fix the 2nd Error, still trying to fix the 1st on: ERROR: Error starting Virtual Machine! VM: WinXP, error: Unable to revert snapshot for machine /home/geo/vmware/WinXP/WinXP.vmx: vmrun exited with error

RicoVZ commented 6 years ago

Hello SamTabaja,

It seems like the command to revert a snapshot failed. Can you try to manually revert it? This way we can see the actual error message vmrun shows. Currently Cuckoo does not catch this.

$ vmrun revertToSnapshot /home/geo/vmware/WinXP/WinXP.vmx snapshotname

Can you run that command and post the output/error?

SamTabaja commented 6 years ago

Hello @RicoVZ

i did run the command mentioned above and it showed the following error:

geo@geo:~$ vmrun revertToSnapshot /home/geo/vmware/WinXP/WinXP.vmx WinXPSS Error: Missing snapshot name.

i have tried to take a snapshot from the vmware and saved it in the mentioned path above, but still vmware can not see it so cuckoo. I think this problem is related to vmware itself it has nothing to do with cuckoo. because when i run cuckoo everything is fine, cuckoo can start VMware player, and the virtual machine also starts booting. but while the machine is booting it shows me the following error with Discard and Cancel buttons as options:

Failed to open the file "/home/geo/vmware/WinXP/WinXP-Snapshot4.vmem": Could not find the file. An error occurred while restoring the virtual machine state from file "/home/geo/vmware/WinXP/WinXP-Snapshot4.vmsn". An error caused the restore operation to fail. Cancel the restore operation and correct the error, or discard the snapshot's state and power off. The saved snapshot will not be affected.

However, WinXP-Snapshot4.vmem is not exist in the WinXP folder, but WinXP-Snapshot4.vmsn is already there.

thank you for your help, i appreciate it :),