search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.52k stars 1.7k forks source link

Win7x64 analysis problems #2081

Open ahmad67 opened 6 years ago

ahmad67 commented 6 years ago

HEllo guys Why when i do same analysis using Win7x86 bit as guest cuckoo return result especially behavior results but when using Win7x64 even when i do same steps that i did in x86 does not back anything and give me these results please help me

the log 2018-01-25 15:53:28,457 [cuckoo.core.startup] DEBUG: Imported modules... 2018-01-25 15:53:28,461 [cuckoo.core.startup] DEBUG: Imported "auxiliary" modules: 2018-01-25 15:53:28,461 [cuckoo.core.startup] DEBUG: |-- MITM 2018-01-25 15:53:28,461 [cuckoo.core.startup] DEBUG: |-- Reboot 2018-01-25 15:53:28,461 [cuckoo.core.startup] DEBUG: |-- Services 2018-01-25 15:53:28,462 [cuckoo.core.startup] DEBUG: -- Sniffer 2018-01-25 15:53:28,462 [cuckoo.core.startup] DEBUG: Imported "machinery" modules: 2018-01-25 15:53:28,462 [cuckoo.core.startup] DEBUG: |-- vSphere 2018-01-25 15:53:28,462 [cuckoo.core.startup] DEBUG: |-- KVM 2018-01-25 15:53:28,462 [cuckoo.core.startup] DEBUG: |-- ESX 2018-01-25 15:53:28,462 [cuckoo.core.startup] DEBUG: |-- XenServer 2018-01-25 15:53:28,462 [cuckoo.core.startup] DEBUG: |-- VirtualBox 2018-01-25 15:53:28,462 [cuckoo.core.startup] DEBUG: |-- Avd 2018-01-25 15:53:28,462 [cuckoo.core.startup] DEBUG: |-- QEMU 2018-01-25 15:53:28,462 [cuckoo.core.startup] DEBUG: |-- VMware 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG:-- Physical 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG: Imported "processing" modules: 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG: |-- AnalysisInfo 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG: |-- ApkInfo 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG: |-- Baseline 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG: |-- BehaviorAnalysis 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG: |-- Debug 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG: |-- Droidmon 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG: |-- Dropped 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG: |-- DroppedBuffer 2018-01-25 15:53:28,463 [cuckoo.core.startup] DEBUG: |-- Extracted 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- GooglePlay 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- Irma 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- Memory 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- MetaInfo 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- MISP 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- NetworkAnalysis 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- ProcessMemory 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- Procmon 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- Screenshots 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- Snort 2018-01-25 15:53:28,464 [cuckoo.core.startup] DEBUG: |-- Static 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: |-- Strings 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: |-- Suricata 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: |-- TargetInfo 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: |-- TLSMasterSecrets 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: -- VirusTotal 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: Imported "signatures" modules: 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: |-- AndroidAbortBroadcast 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: |-- AndroidAccountInfo 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: |-- AndroidAppInfo 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: |-- AndroidAudio 2018-01-25 15:53:28,465 [cuckoo.core.startup] DEBUG: |-- AndroidCamera 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidDangerousPermissions 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidDeletedApp 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidDynamicCode 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidEmbeddedApk 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidGooglePlayDiff 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidInstalledApps 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidNativeCode 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidPhoneNumber 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidPrivateInfoQuery 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidReflectionCode 2018-01-25 15:53:28,466 [cuckoo.core.startup] DEBUG: |-- AndroidRegisteredReceiver 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- AndroidShellCommands 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- AndroidSMS 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- AndroidStopProcess 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- ApplicationUsesLocation 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisJavascript 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- DumpedBuffer2 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- EncryptionKeys 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- EvalJS 2018-01-25 15:53:28,467 [cuckoo.core.startup] DEBUG: |-- Exploit_zteF460F660 2018-01-25 15:53:28,468 [cuckoo.core.startup] DEBUG: |-- HtmlFlash 2018-01-25 15:53:28,468 [cuckoo.core.startup] DEBUG: |-- JsIframe 2018-01-25 15:53:28,468 [cuckoo.core.startup] DEBUG: |-- PDFAttachments 2018-01-25 15:53:28,468 [cuckoo.core.startup] DEBUG: |-- PDFJavaScript 2018-01-25 15:53:28,468 [cuckoo.core.startup] DEBUG: |-- PDFOpenAction 2018-01-25 15:53:28,468 [cuckoo.core.startup] DEBUG: |-- PDFOpenActionJS 2018-01-25 15:53:28,468 [cuckoo.core.startup] DEBUG: |-- SuspiciousJavascript 2018-01-25 15:53:28,468 [cuckoo.core.startup] DEBUG: |-- DarwinCodeInjection 2018-01-25 15:53:28,468 [cuckoo.core.startup] DEBUG: |-- TaskForPid 2018-01-25 15:53:28,469 [cuckoo.core.startup] DEBUG: |-- DeadHost 2018-01-25 15:53:28,469 [cuckoo.core.startup] DEBUG: |-- NetworkBIND 2018-01-25 15:53:28,469 [cuckoo.core.startup] DEBUG: |-- NetworkDynDNS 2018-01-25 15:53:28,469 [cuckoo.core.startup] DEBUG: |-- NetworkHTTP 2018-01-25 15:53:28,469 [cuckoo.core.startup] DEBUG: |-- NetworkICMP 2018-01-25 15:53:28,469 [cuckoo.core.startup] DEBUG: |-- NetworkIRC 2018-01-25 15:53:28,469 [cuckoo.core.startup] DEBUG: |-- NetworkSMTP 2018-01-25 15:53:28,469 [cuckoo.core.startup] DEBUG: |-- SnortAlert 2018-01-25 15:53:28,469 [cuckoo.core.startup] DEBUG: |-- SuricataAlert 2018-01-25 15:53:28,470 [cuckoo.core.startup] DEBUG: |-- Suspicious_TLD 2018-01-25 15:53:28,470 [cuckoo.core.startup] DEBUG: |-- TorGateway 2018-01-25 15:53:28,470 [cuckoo.core.startup] DEBUG: |-- WscriptDownloader 2018-01-25 15:53:28,470 [cuckoo.core.startup] DEBUG: |-- ADS 2018-01-25 15:53:28,470 [cuckoo.core.startup] DEBUG: |-- Adzok 2018-01-25 15:53:28,470 [cuckoo.core.startup] DEBUG: |-- AlinaFile 2018-01-25 15:53:28,470 [cuckoo.core.startup] DEBUG: |-- AlineURL 2018-01-25 15:53:28,470 [cuckoo.core.startup] DEBUG: |-- AllocatesRWX 2018-01-25 15:53:28,470 [cuckoo.core.startup] DEBUG: |-- AmsiBypass 2018-01-25 15:53:28,470 [cuckoo.core.startup] DEBUG: |-- Andromeda 2018-01-25 15:53:28,471 [cuckoo.core.startup] DEBUG: |-- AntiAnalysisDetectFile 2018-01-25 15:53:28,471 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectFile 2018-01-25 15:53:28,471 [cuckoo.core.startup] DEBUG: |-- AntiAVDetectReg 2018-01-25 15:53:28,471 [cuckoo.core.startup] DEBUG: |-- AntiAVSRP 2018-01-25 15:53:28,471 [cuckoo.core.startup] DEBUG: |-- AntiDBGDevices 2018-01-25 15:53:28,471 [cuckoo.core.startup] DEBUG: |-- AntiDBGWindows 2018-01-25 15:53:28,471 [cuckoo.core.startup] DEBUG: |-- AntiSandboxFile 2018-01-25 15:53:28,471 [cuckoo.core.startup] DEBUG: |-- AntiSandboxForegroundWindow 2018-01-25 15:53:28,471 [cuckoo.core.startup] DEBUG: |-- AntiSandboxIdleTime 2018-01-25 15:53:28,471 [cuckoo.core.startup] DEBUG: |-- AntiSandboxRestart 2018-01-25 15:53:28,472 [cuckoo.core.startup] DEBUG: |-- AntiSandboxSleep 2018-01-25 15:53:28,472 [cuckoo.core.startup] DEBUG: |-- AntiVMBios 2018-01-25 15:53:28,472 [cuckoo.core.startup] DEBUG: |-- AntiVMComputernameQuery 2018-01-25 15:53:28,472 [cuckoo.core.startup] DEBUG: |-- AntiVMCPU 2018-01-25 15:53:28,472 [cuckoo.core.startup] DEBUG: |-- AntiVMDiskSize 2018-01-25 15:53:28,472 [cuckoo.core.startup] DEBUG: |-- AntiVMIDE 2018-01-25 15:53:28,472 [cuckoo.core.startup] DEBUG: |-- AntiVMSCSI 2018-01-25 15:53:28,472 [cuckoo.core.startup] DEBUG: |-- AntiVMServices 2018-01-25 15:53:28,472 [cuckoo.core.startup] DEBUG: |-- AntiVMSharedDevice 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- AppLockerBypass 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- APT_Carbunak 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- APT_CloudAtlas 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_ip 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- apt_sandworm_url 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- ArdamaxMutexes 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- AthenaHttp 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- AthenaURL 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- Autorun 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- AvastDetectLibs 2018-01-25 15:53:28,473 [cuckoo.core.startup] DEBUG: |-- AVDetectionChinaKey 2018-01-25 15:53:28,474 [cuckoo.core.startup] DEBUG: |-- BadCerts 2018-01-25 15:53:28,474 [cuckoo.core.startup] DEBUG: |-- Bagle 2018-01-25 15:53:28,474 [cuckoo.core.startup] DEBUG: |-- Bandook 2018-01-25 15:53:28,474 [cuckoo.core.startup] DEBUG: |-- banker_bancos 2018-01-25 15:53:28,474 [cuckoo.core.startup] DEBUG: |-- BankingMutexes 2018-01-25 15:53:28,474 [cuckoo.core.startup] DEBUG: |-- Banload 2018-01-25 15:53:28,474 [cuckoo.core.startup] DEBUG: |-- Beastdoor 2018-01-25 15:53:28,474 [cuckoo.core.startup] DEBUG: |-- BeebusMutexes 2018-01-25 15:53:28,474 [cuckoo.core.startup] DEBUG: |-- BegseabugTDMutexes 2018-01-25 15:53:28,474 [cuckoo.core.startup] DEBUG: |-- BetabotURL 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- Bifrose 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- BitcoinOpenCL 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- BitcoinWallet 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- BitdefenderDetectLibs 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- BlackEnergyMutexes 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- Blackhole 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- BlackholeURL 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- Blackice 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- BlackposURL 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- BlackRevMutexes 2018-01-25 15:53:28,475 [cuckoo.core.startup] DEBUG: |-- Blackshades 2018-01-25 15:53:28,476 [cuckoo.core.startup] DEBUG: |-- BladabindiMutexes 2018-01-25 15:53:28,476 [cuckoo.core.startup] DEBUG: |-- BochsDetectKeys 2018-01-25 15:53:28,476 [cuckoo.core.startup] DEBUG: |-- Bootkit 2018-01-25 15:53:28,476 [cuckoo.core.startup] DEBUG: |-- Bottilda 2018-01-25 15:53:28,476 [cuckoo.core.startup] DEBUG: |-- BozokKey 2018-01-25 15:53:28,476 [cuckoo.core.startup] DEBUG: |-- browser_startpage 2018-01-25 15:53:28,476 [cuckoo.core.startup] DEBUG: |-- BrowserSecurity 2018-01-25 15:53:28,476 [cuckoo.core.startup] DEBUG: |-- BrowserStealer 2018-01-25 15:53:28,476 [cuckoo.core.startup] DEBUG: |-- Btcbotnet 2018-01-25 15:53:28,476 [cuckoo.core.startup] DEBUG: |-- Bublik 2018-01-25 15:53:28,477 [cuckoo.core.startup] DEBUG: |-- BuildLangID 2018-01-25 15:53:28,477 [cuckoo.core.startup] DEBUG: |-- BuzusMutexes 2018-01-25 15:53:28,477 [cuckoo.core.startup] DEBUG: |-- BypassFirewall 2018-01-25 15:53:28,477 [cuckoo.core.startup] DEBUG: |-- c24URL 2018-01-25 15:53:28,477 [cuckoo.core.startup] DEBUG: |-- CarberpMutexes 2018-01-25 15:53:28,477 [cuckoo.core.startup] DEBUG: |-- Ceatrg 2018-01-25 15:53:28,477 [cuckoo.core.startup] DEBUG: |-- ChanitorMutexes 2018-01-25 15:53:28,477 [cuckoo.core.startup] DEBUG: |-- CheckIP 2018-01-25 15:53:28,477 [cuckoo.core.startup] DEBUG: |-- cloud_mediafire 2018-01-25 15:53:28,477 [cuckoo.core.startup] DEBUG: |-- cloud_wetransfer 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- CloudFlare 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- CloudGoogle 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- CoinminerMutexes 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- ComRAT 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- Crash 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- CreatesAutorunInf 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- CreatesDocument 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- CreatesExe 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- CreatesLargeKey 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- CreatesService 2018-01-25 15:53:28,478 [cuckoo.core.startup] DEBUG: |-- CreatesShortcut 2018-01-25 15:53:28,479 [cuckoo.core.startup] DEBUG: |-- CreatesSuspiciousProcess 2018-01-25 15:53:28,479 [cuckoo.core.startup] DEBUG: |-- Cridex 2018-01-25 15:53:28,479 [cuckoo.core.startup] DEBUG: |-- CryptGenKey 2018-01-25 15:53:28,479 [cuckoo.core.startup] DEBUG: |-- Cryptolocker 2018-01-25 15:53:28,479 [cuckoo.core.startup] DEBUG: |-- CuckooDetectFiles 2018-01-25 15:53:28,479 [cuckoo.core.startup] DEBUG: |-- Cybergate 2018-01-25 15:53:28,479 [cuckoo.core.startup] DEBUG: |-- Dapato 2018-01-25 15:53:28,479 [cuckoo.core.startup] DEBUG: |-- Darkcloud 2018-01-25 15:53:28,479 [cuckoo.core.startup] DEBUG: |-- DarkddosMutexes 2018-01-25 15:53:28,479 [cuckoo.core.startup] DEBUG: |-- Darkshell 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- Ddos556 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- Decay 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- DecebalMutexes 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- DeletesSelf 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- DelfTrojan 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- DEPHeapBypass 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- DEPStackBypass 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- DerusbiMutexes 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- Dexter 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- Dibik 2018-01-25 15:53:28,480 [cuckoo.core.startup] DEBUG: |-- DirtJumper 2018-01-25 15:53:28,481 [cuckoo.core.startup] DEBUG: |-- DisableCmd 2018-01-25 15:53:28,481 [cuckoo.core.startup] DEBUG: |-- DisableRegedit 2018-01-25 15:53:28,481 [cuckoo.core.startup] DEBUG: |-- DisablesAppLaunch 2018-01-25 15:53:28,481 [cuckoo.core.startup] DEBUG: |-- DisablesBrowserWarn 2018-01-25 15:53:28,481 [cuckoo.core.startup] DEBUG: |-- DisablesSecurity 2018-01-25 15:53:28,481 [cuckoo.core.startup] DEBUG: |-- DisablesSPDY 2018-01-25 15:53:28,481 [cuckoo.core.startup] DEBUG: |-- DisablesSystemRestore 2018-01-25 15:53:28,481 [cuckoo.core.startup] DEBUG: |-- DisablesWER 2018-01-25 15:53:28,481 [cuckoo.core.startup] DEBUG: |-- DisablesWindowsUpdate 2018-01-25 15:53:28,481 [cuckoo.core.startup] DEBUG: |-- DisableTaskMgr 2018-01-25 15:53:28,482 [cuckoo.core.startup] DEBUG: |-- DiskInformation 2018-01-25 15:53:28,482 [cuckoo.core.startup] DEBUG: |-- DisplaysHTA 2018-01-25 15:53:28,482 [cuckoo.core.startup] DEBUG: |-- Dns_Freehosting_Domain 2018-01-25 15:53:28,482 [cuckoo.core.startup] DEBUG: |-- dnsserver_dynamic 2018-01-25 15:53:28,482 [cuckoo.core.startup] DEBUG: |-- DocumentClose 2018-01-25 15:53:28,482 [cuckoo.core.startup] DEBUG: |-- DocumentOpen 2018-01-25 15:53:28,482 [cuckoo.core.startup] DEBUG: |-- DoFoil 2018-01-25 15:53:28,482 [cuckoo.core.startup] DEBUG: |-- DownloaderCabby 2018-01-25 15:53:28,482 [cuckoo.core.startup] DEBUG: |-- Dridex_APIs 2018-01-25 15:53:28,482 [cuckoo.core.startup] DEBUG: |-- Drive 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- Drive2 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- DriverLoad 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- DropBox 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- Dropper 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- Dyreza 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- EclipseMutexes 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- Emotet 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- Emotet_APIs 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- Evilbot 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- ExecBitsAdmin 2018-01-25 15:53:28,483 [cuckoo.core.startup] DEBUG: |-- ExecWaitFor 2018-01-25 15:53:28,484 [cuckoo.core.startup] DEBUG: |-- exp_3322_dom 2018-01-25 15:53:28,484 [cuckoo.core.startup] DEBUG: |-- Expiro 2018-01-25 15:53:28,484 [cuckoo.core.startup] DEBUG: |-- ExploitHeapspray 2018-01-25 15:53:28,484 [cuckoo.core.startup] DEBUG: |-- ExploitKitMutexes 2018-01-25 15:53:28,484 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2018-01-25 15:53:28,484 [cuckoo.core.startup] DEBUG: |-- FakeAVMutexes 2018-01-25 15:53:28,484 [cuckoo.core.startup] DEBUG: |-- FakeRean 2018-01-25 15:53:28,484 [cuckoo.core.startup] DEBUG: |-- FarFli 2018-01-25 15:53:28,485 [cuckoo.core.startup] DEBUG: |-- FesberMutexes 2018-01-25 15:53:28,485 [cuckoo.core.startup] DEBUG: |-- Fingerprint 2018-01-25 15:53:28,485 [cuckoo.core.startup] DEBUG: |-- Flame 2018-01-25 15:53:28,485 [cuckoo.core.startup] DEBUG: |-- Flystudio 2018-01-25 15:53:28,485 [cuckoo.core.startup] DEBUG: |-- FortinetDetectFiles 2018-01-25 15:53:28,485 [cuckoo.core.startup] DEBUG: |-- FTPStealer 2018-01-25 15:53:28,485 [cuckoo.core.startup] DEBUG: |-- Fynloski 2018-01-25 15:53:28,485 [cuckoo.core.startup] DEBUG: |-- Gaelicum 2018-01-25 15:53:28,486 [cuckoo.core.startup] DEBUG: |-- Ghostbot 2018-01-25 15:53:28,486 [cuckoo.core.startup] DEBUG: |-- HasAuthenticode 2018-01-25 15:53:28,486 [cuckoo.core.startup] DEBUG: |-- HasOfficeEps 2018-01-25 15:53:28,486 [cuckoo.core.startup] DEBUG: |-- HasPdb 2018-01-25 15:53:28,486 [cuckoo.core.startup] DEBUG: |-- HasWMI 2018-01-25 15:53:28,486 [cuckoo.core.startup] DEBUG: |-- Hesperbot 2018-01-25 15:53:28,486 [cuckoo.core.startup] DEBUG: |-- Hidden_Window 2018-01-25 15:53:28,486 [cuckoo.core.startup] DEBUG: |-- Hikit 2018-01-25 15:53:28,486 [cuckoo.core.startup] DEBUG: |-- HookMouse 2018-01-25 15:53:28,487 [cuckoo.core.startup] DEBUG: |-- Hupigon 2018-01-25 15:53:28,487 [cuckoo.core.startup] DEBUG: |-- HyperVDetectKeys 2018-01-25 15:53:28,487 [cuckoo.core.startup] DEBUG: |-- IcePoint 2018-01-25 15:53:28,487 [cuckoo.core.startup] DEBUG: |-- im_btb 2018-01-25 15:53:28,487 [cuckoo.core.startup] DEBUG: |-- im_qq 2018-01-25 15:53:28,487 [cuckoo.core.startup] DEBUG: |-- IMStealer 2018-01-25 15:53:28,487 [cuckoo.core.startup] DEBUG: |-- InceptionAPT 2018-01-25 15:53:28,487 [cuckoo.core.startup] DEBUG: |-- Infinity 2018-01-25 15:53:28,487 [cuckoo.core.startup] DEBUG: |-- InjectionRunPE 2018-01-25 15:53:28,488 [cuckoo.core.startup] DEBUG: |-- InjectionThread 2018-01-25 15:53:28,488 [cuckoo.core.startup] DEBUG: |-- InstalledApps 2018-01-25 15:53:28,488 [cuckoo.core.startup] DEBUG: |-- InstallsAppInit 2018-01-25 15:53:28,488 [cuckoo.core.startup] DEBUG: |-- InstallsBHO 2018-01-25 15:53:28,488 [cuckoo.core.startup] DEBUG: |-- InstallsWinpcap 2018-01-25 15:53:28,488 [cuckoo.core.startup] DEBUG: |-- IPKillerMutexes 2018-01-25 15:53:28,488 [cuckoo.core.startup] DEBUG: |-- Ircbrute 2018-01-25 15:53:28,488 [cuckoo.core.startup] DEBUG: |-- ISRstealerURL 2018-01-25 15:53:28,488 [cuckoo.core.startup] DEBUG: |-- iStealerURL 2018-01-25 15:53:28,489 [cuckoo.core.startup] DEBUG: |-- JackPOSFile 2018-01-25 15:53:28,489 [cuckoo.core.startup] DEBUG: |-- JackposURL 2018-01-25 15:53:28,489 [cuckoo.core.startup] DEBUG: |-- JeefoMutexes 2018-01-25 15:53:28,489 [cuckoo.core.startup] DEBUG: |-- Jewdo 2018-01-25 15:53:28,489 [cuckoo.core.startup] DEBUG: |-- JintorMutexes 2018-01-25 15:53:28,489 [cuckoo.core.startup] DEBUG: |-- JorikTrojan 2018-01-25 15:53:28,489 [cuckoo.core.startup] DEBUG: |-- Karagany 2018-01-25 15:53:28,489 [cuckoo.core.startup] DEBUG: |-- Karakum 2018-01-25 15:53:28,489 [cuckoo.core.startup] DEBUG: |-- Katusha 2018-01-25 15:53:28,490 [cuckoo.core.startup] DEBUG: |-- KelihosBot 2018-01-25 15:53:28,490 [cuckoo.core.startup] DEBUG: |-- Keylogger 2018-01-25 15:53:28,490 [cuckoo.core.startup] DEBUG: |-- Kilim 2018-01-25 15:53:28,490 [cuckoo.core.startup] DEBUG: |-- Killdisk 2018-01-25 15:53:28,490 [cuckoo.core.startup] DEBUG: |-- KnownVirustotal 2018-01-25 15:53:28,490 [cuckoo.core.startup] DEBUG: |-- Koobface 2018-01-25 15:53:28,490 [cuckoo.core.startup] DEBUG: |-- Koutodoor 2018-01-25 15:53:28,490 [cuckoo.core.startup] DEBUG: |-- KovterBot 2018-01-25 15:53:28,490 [cuckoo.core.startup] DEBUG: |-- KrepperMutexes 2018-01-25 15:53:28,491 [cuckoo.core.startup] DEBUG: |-- KuluozMutexes 2018-01-25 15:53:28,491 [cuckoo.core.startup] DEBUG: |-- Likseput 2018-01-25 15:53:28,491 [cuckoo.core.startup] DEBUG: |-- LocatesBrowser 2018-01-25 15:53:28,491 [cuckoo.core.startup] DEBUG: |-- LocatesSniffer 2018-01-25 15:53:28,491 [cuckoo.core.startup] DEBUG: |-- Lockscreen 2018-01-25 15:53:28,491 [cuckoo.core.startup] DEBUG: |-- LolBot 2018-01-25 15:53:28,491 [cuckoo.core.startup] DEBUG: |-- Luder 2018-01-25 15:53:28,491 [cuckoo.core.startup] DEBUG: |-- Madness 2018-01-25 15:53:28,491 [cuckoo.core.startup] DEBUG: |-- Madness 2018-01-25 15:53:28,492 [cuckoo.core.startup] DEBUG: |-- MadnessURL 2018-01-25 15:53:28,492 [cuckoo.core.startup] DEBUG: |-- MaganiaMutexes 2018-01-25 15:53:28,492 [cuckoo.core.startup] DEBUG: |-- MailStealer 2018-01-25 15:53:28,492 [cuckoo.core.startup] DEBUG: |-- MaliciousDocumentURLs 2018-01-25 15:53:28,492 [cuckoo.core.startup] DEBUG: |-- MegaUpload 2018-01-25 15:53:28,492 [cuckoo.core.startup] DEBUG: |-- MemoryAvailable 2018-01-25 15:53:28,492 [cuckoo.core.startup] DEBUG: |-- MetasploitShellcode 2018-01-25 15:53:28,492 [cuckoo.core.startup] DEBUG: |-- Minerbot 2018-01-25 15:53:28,492 [cuckoo.core.startup] DEBUG: |-- miningpool 2018-01-25 15:53:28,493 [cuckoo.core.startup] DEBUG: |-- MircFile 2018-01-25 15:53:28,493 [cuckoo.core.startup] DEBUG: |-- ModifiesBootConfig 2018-01-25 15:53:28,493 [cuckoo.core.startup] DEBUG: |-- ModifiesCertificates 2018-01-25 15:53:28,493 [cuckoo.core.startup] DEBUG: |-- ModifiesDesktopWallpaper 2018-01-25 15:53:28,493 [cuckoo.core.startup] DEBUG: |-- ModifiesUACNotify 2018-01-25 15:53:28,493 [cuckoo.core.startup] DEBUG: |-- ModifySecurityCenterWarnings 2018-01-25 15:53:28,493 [cuckoo.core.startup] DEBUG: |-- Multiple_UA 2018-01-25 15:53:28,493 [cuckoo.core.startup] DEBUG: |-- MyBot 2018-01-25 15:53:28,493 [cuckoo.core.startup] DEBUG: |-- Nakbot 2018-01-25 15:53:28,494 [cuckoo.core.startup] DEBUG: |-- Napolar 2018-01-25 15:53:28,494 [cuckoo.core.startup] DEBUG: |-- Nebuler 2018-01-25 15:53:28,494 [cuckoo.core.startup] DEBUG: |-- Netobserve 2018-01-25 15:53:28,494 [cuckoo.core.startup] DEBUG: |-- Netshadow 2018-01-25 15:53:28,494 [cuckoo.core.startup] DEBUG: |-- Netwire 2018-01-25 15:53:28,494 [cuckoo.core.startup] DEBUG: |-- NetworkAdapters 2018-01-25 15:53:28,494 [cuckoo.core.startup] DEBUG: |-- NetworkC2Details 2018-01-25 15:53:28,494 [cuckoo.core.startup] DEBUG: |-- NetworkDocumentFile 2018-01-25 15:53:28,494 [cuckoo.core.startup] DEBUG: |-- NetworkEXE 2018-01-25 15:53:28,494 [cuckoo.core.startup] DEBUG: |-- Nitol 2018-01-25 15:53:28,495 [cuckoo.core.startup] DEBUG: |-- NjRat 2018-01-25 15:53:28,495 [cuckoo.core.startup] DEBUG: |-- ObfusMutexes 2018-01-25 15:53:28,495 [cuckoo.core.startup] DEBUG: |-- OfficeCheckName 2018-01-25 15:53:28,495 [cuckoo.core.startup] DEBUG: |-- OfficeCheckProjectName 2018-01-25 15:53:28,495 [cuckoo.core.startup] DEBUG: |-- OfficeCheckVersion 2018-01-25 15:53:28,495 [cuckoo.core.startup] DEBUG: |-- OfficeCheckWindow 2018-01-25 15:53:28,495 [cuckoo.core.startup] DEBUG: |-- OfficeCountDirectories 2018-01-25 15:53:28,495 [cuckoo.core.startup] DEBUG: |-- OfficeCreateObject 2018-01-25 15:53:28,495 [cuckoo.core.startup] DEBUG: |-- OfficeDDE 2018-01-25 15:53:28,496 [cuckoo.core.startup] DEBUG: |-- OfficeEpsStrings 2018-01-25 15:53:28,496 [cuckoo.core.startup] DEBUG: |-- OfficeHttpRequest 2018-01-25 15:53:28,496 [cuckoo.core.startup] DEBUG: |-- OfficeIndirectCall 2018-01-25 15:53:28,496 [cuckoo.core.startup] DEBUG: |-- OfficePackager 2018-01-25 15:53:28,496 [cuckoo.core.startup] DEBUG: |-- OfficePlatformDetect 2018-01-25 15:53:28,496 [cuckoo.core.startup] DEBUG: |-- OfficeRecentFiles 2018-01-25 15:53:28,496 [cuckoo.core.startup] DEBUG: |-- OfficeVulnerableGuid 2018-01-25 15:53:28,496 [cuckoo.core.startup] DEBUG: |-- OfficeVulnModules 2018-01-25 15:53:28,496 [cuckoo.core.startup] DEBUG: |-- Oldrea 2018-01-25 15:53:28,496 [cuckoo.core.startup] DEBUG: |-- OverwritesFiles 2018-01-25 15:53:28,497 [cuckoo.core.startup] DEBUG: |-- PackerEntropy 2018-01-25 15:53:28,497 [cuckoo.core.startup] DEBUG: |-- Palevo 2018-01-25 15:53:28,497 [cuckoo.core.startup] DEBUG: |-- ParallelsDetectKeys 2018-01-25 15:53:28,497 [cuckoo.core.startup] DEBUG: |-- Pasta 2018-01-25 15:53:28,497 [cuckoo.core.startup] DEBUG: |-- PcClientMutexes 2018-01-25 15:53:28,497 [cuckoo.core.startup] DEBUG: |-- PEFeatures 2018-01-25 15:53:28,497 [cuckoo.core.startup] DEBUG: |-- PEIDPacker 2018-01-25 15:53:28,497 [cuckoo.core.startup] DEBUG: |-- PerfLogger 2018-01-25 15:53:28,497 [cuckoo.core.startup] DEBUG: |-- PersistanceRegJavaScript 2018-01-25 15:53:28,498 [cuckoo.core.startup] DEBUG: |-- PersistenceBootexecute 2018-01-25 15:53:28,498 [cuckoo.core.startup] DEBUG: |-- Phorpiex 2018-01-25 15:53:28,498 [cuckoo.core.startup] DEBUG: |-- Pidief 2018-01-25 15:53:28,498 [cuckoo.core.startup] DEBUG: |-- Plugx 2018-01-25 15:53:28,498 [cuckoo.core.startup] DEBUG: |-- Poebot 2018-01-25 15:53:28,498 [cuckoo.core.startup] DEBUG: |-- PoisonIvy 2018-01-25 15:53:28,498 [cuckoo.core.startup] DEBUG: |-- Polymorphic 2018-01-25 15:53:28,498 [cuckoo.core.startup] DEBUG: |-- Ponfoy 2018-01-25 15:53:28,498 [cuckoo.core.startup] DEBUG: |-- PonyURL 2018-01-25 15:53:28,499 [cuckoo.core.startup] DEBUG: |-- PosCardStealerURL 2018-01-25 15:53:28,499 [cuckoo.core.startup] DEBUG: |-- Powerfun 2018-01-25 15:53:28,499 [cuckoo.core.startup] DEBUG: |-- PowershellBitsTransfer 2018-01-25 15:53:28,499 [cuckoo.core.startup] DEBUG: |-- PowershellCcDns 2018-01-25 15:53:28,499 [cuckoo.core.startup] DEBUG: |-- PowershellDdiRc4 2018-01-25 15:53:28,499 [cuckoo.core.startup] DEBUG: |-- PowershellDFSP 2018-01-25 15:53:28,499 [cuckoo.core.startup] DEBUG: |-- PowershellDI 2018-01-25 15:53:28,499 [cuckoo.core.startup] DEBUG: |-- PowershellDownload 2018-01-25 15:53:28,499 [cuckoo.core.startup] DEBUG: |-- PowershellEmpire 2018-01-25 15:53:28,499 [cuckoo.core.startup] DEBUG: |-- PowershellMeterpreter 2018-01-25 15:53:28,500 [cuckoo.core.startup] DEBUG: |-- PowershellRegAdd 2018-01-25 15:53:28,500 [cuckoo.core.startup] DEBUG: |-- PowershellRequest 2018-01-25 15:53:28,500 [cuckoo.core.startup] DEBUG: |-- PowershellUnicorn 2018-01-25 15:53:28,500 [cuckoo.core.startup] DEBUG: |-- Powerworm 2018-01-25 15:53:28,500 [cuckoo.core.startup] DEBUG: |-- Prinimalka 2018-01-25 15:53:28,500 [cuckoo.core.startup] DEBUG: |-- ProcessInterest 2018-01-25 15:53:28,500 [cuckoo.core.startup] DEBUG: |-- ProcessMartian 2018-01-25 15:53:28,500 [cuckoo.core.startup] DEBUG: |-- ProcessNeeded 2018-01-25 15:53:28,500 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpIPURLs 2018-01-25 15:53:28,501 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpTORURLs 2018-01-25 15:53:28,501 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpURLs 2018-01-25 15:53:28,501 [cuckoo.core.startup] DEBUG: |-- ProcMemDumpYara 2018-01-25 15:53:28,501 [cuckoo.core.startup] DEBUG: |-- Psyokym 2018-01-25 15:53:28,501 [cuckoo.core.startup] DEBUG: |-- PuceMutexes 2018-01-25 15:53:28,501 [cuckoo.core.startup] DEBUG: |-- PutterpandaMutexes 2018-01-25 15:53:28,501 [cuckoo.core.startup] DEBUG: |-- Putty 2018-01-25 15:53:28,501 [cuckoo.core.startup] DEBUG: |-- PWDumpFile 2018-01-25 15:53:28,501 [cuckoo.core.startup] DEBUG: |-- Pykse 2018-01-25 15:53:28,501 [cuckoo.core.startup] DEBUG: |-- Qakbot 2018-01-25 15:53:28,502 [cuckoo.core.startup] DEBUG: |-- Ragebot 2018-01-25 15:53:28,502 [cuckoo.core.startup] DEBUG: |-- RaisesException 2018-01-25 15:53:28,502 [cuckoo.core.startup] DEBUG: |-- Ramnit 2018-01-25 15:53:28,502 [cuckoo.core.startup] DEBUG: |-- RamsomwareFileMoves 2018-01-25 15:53:28,502 [cuckoo.core.startup] DEBUG: |-- ransomware_viruscoder 2018-01-25 15:53:28,502 [cuckoo.core.startup] DEBUG: |-- RansomwareAppendsExtension 2018-01-25 15:53:28,502 [cuckoo.core.startup] DEBUG: |-- RansomwareBcdedit 2018-01-25 15:53:28,502 [cuckoo.core.startup] DEBUG: |-- RansomwareDroppedFiles 2018-01-25 15:53:28,502 [cuckoo.core.startup] DEBUG: |-- RansomwareExtensions 2018-01-25 15:53:28,503 [cuckoo.core.startup] DEBUG: |-- RansomwareFiles 2018-01-25 15:53:28,503 [cuckoo.core.startup] DEBUG: |-- RansomwareMessage 2018-01-25 15:53:28,503 [cuckoo.core.startup] DEBUG: |-- RansomwareRecyclebin 2018-01-25 15:53:28,503 [cuckoo.core.startup] DEBUG: |-- RansomwareShadowcopy 2018-01-25 15:53:28,503 [cuckoo.core.startup] DEBUG: |-- RapidShare 2018-01-25 15:53:28,503 [cuckoo.core.startup] DEBUG: |-- rat_fexel_ip 2018-01-25 15:53:28,503 [cuckoo.core.startup] DEBUG: |-- rat_naid_ip 2018-01-25 15:53:28,503 [cuckoo.core.startup] DEBUG: |-- RatSiggen 2018-01-25 15:53:28,503 [cuckoo.core.startup] DEBUG: |-- RBot 2018-01-25 15:53:28,504 [cuckoo.core.startup] DEBUG: |-- RdpMutexes 2018-01-25 15:53:28,504 [cuckoo.core.startup] DEBUG: |-- Recon_Beacon 2018-01-25 15:53:28,504 [cuckoo.core.startup] DEBUG: |-- RemovesZoneIdADS 2018-01-25 15:53:28,504 [cuckoo.core.startup] DEBUG: |-- Renocide 2018-01-25 15:53:28,504 [cuckoo.core.startup] DEBUG: |-- RenosTrojan 2018-01-25 15:53:28,504 [cuckoo.core.startup] DEBUG: |-- Rovnix 2018-01-25 15:53:28,504 [cuckoo.core.startup] DEBUG: |-- Runbu 2018-01-25 15:53:28,504 [cuckoo.core.startup] DEBUG: |-- RunouceMutexes 2018-01-25 15:53:28,504 [cuckoo.core.startup] DEBUG: |-- Ruskill 2018-01-25 15:53:28,505 [cuckoo.core.startup] DEBUG: |-- Sadbot 2018-01-25 15:53:28,505 [cuckoo.core.startup] DEBUG: |-- SandboxieDetect 2018-01-25 15:53:28,505 [cuckoo.core.startup] DEBUG: |-- SandboxJoeAnubisDetectFiles 2018-01-25 15:53:28,505 [cuckoo.core.startup] DEBUG: |-- SDBot 2018-01-25 15:53:28,505 [cuckoo.core.startup] DEBUG: |-- SelfDeleteBat 2018-01-25 15:53:28,505 [cuckoo.core.startup] DEBUG: |-- Senna 2018-01-25 15:53:28,505 [cuckoo.core.startup] DEBUG: |-- Shadowbot 2018-01-25 15:53:28,505 [cuckoo.core.startup] DEBUG: |-- SharingRGhost 2018-01-25 15:53:28,505 [cuckoo.core.startup] DEBUG: |-- SharpStealerURL 2018-01-25 15:53:28,505 [cuckoo.core.startup] DEBUG: |-- ShellcodeWriteProcessMemory 2018-01-25 15:53:28,506 [cuckoo.core.startup] DEBUG: |-- Shiz 2018-01-25 15:53:28,506 [cuckoo.core.startup] DEBUG: |-- Shylock 2018-01-25 15:53:28,506 [cuckoo.core.startup] DEBUG: |-- SipStun 2018-01-25 15:53:28,506 [cuckoo.core.startup] DEBUG: |-- Smtp_GMail 2018-01-25 15:53:28,506 [cuckoo.core.startup] DEBUG: |-- Smtp_Live 2018-01-25 15:53:28,506 [cuckoo.core.startup] DEBUG: |-- Smtp_Mail_Ru 2018-01-25 15:53:28,506 [cuckoo.core.startup] DEBUG: |-- Smtp_Yahoo 2018-01-25 15:53:28,506 [cuckoo.core.startup] DEBUG: |-- SolarURL 2018-01-25 15:53:28,506 [cuckoo.core.startup] DEBUG: |-- SpyEyeMutexes 2018-01-25 15:53:28,507 [cuckoo.core.startup] DEBUG: |-- SpyeyeURL 2018-01-25 15:53:28,507 [cuckoo.core.startup] DEBUG: |-- SpynetRat 2018-01-25 15:53:28,507 [cuckoo.core.startup] DEBUG: |-- Spyrecorder 2018-01-25 15:53:28,507 [cuckoo.core.startup] DEBUG: |-- StackPivot 2018-01-25 15:53:28,507 [cuckoo.core.startup] DEBUG: |-- StackPivotDllLoad 2018-01-25 15:53:28,507 [cuckoo.core.startup] DEBUG: |-- Staser 2018-01-25 15:53:28,507 [cuckoo.core.startup] DEBUG: |-- StealthChildProc 2018-01-25 15:53:28,507 [cuckoo.core.startup] DEBUG: |-- StealthHiddenExtension 2018-01-25 15:53:28,507 [cuckoo.core.startup] DEBUG: |-- StealthHiddenFile 2018-01-25 15:53:28,508 [cuckoo.core.startup] DEBUG: |-- StealthHiddenIcons 2018-01-25 15:53:28,508 [cuckoo.core.startup] DEBUG: |-- StopsService 2018-01-25 15:53:28,508 [cuckoo.core.startup] DEBUG: |-- SunbeltDetectFiles 2018-01-25 15:53:28,508 [cuckoo.core.startup] DEBUG: |-- SunBeltSandboxDetect 2018-01-25 15:53:28,508 [cuckoo.core.startup] DEBUG: |-- SuspiciousCommandTools 2018-01-25 15:53:28,508 [cuckoo.core.startup] DEBUG: |-- SuspiciousPowershell 2018-01-25 15:53:28,508 [cuckoo.core.startup] DEBUG: |-- SuspiciousWriteEXE 2018-01-25 15:53:28,508 [cuckoo.core.startup] DEBUG: |-- SweetorangeMutexes 2018-01-25 15:53:28,508 [cuckoo.core.startup] DEBUG: |-- Swrort 2018-01-25 15:53:28,509 [cuckoo.core.startup] DEBUG: |-- SystemInfo 2018-01-25 15:53:28,509 [cuckoo.core.startup] DEBUG: |-- SystemMetrics 2018-01-25 15:53:28,509 [cuckoo.core.startup] DEBUG: |-- TapiDpMutexes 2018-01-25 15:53:28,509 [cuckoo.core.startup] DEBUG: |-- TDSSBackdoor 2018-01-25 15:53:28,509 [cuckoo.core.startup] DEBUG: |-- TeamviewerRat 2018-01-25 15:53:28,509 [cuckoo.core.startup] DEBUG: |-- ThreatTrackDetectFiles 2018-01-25 15:53:28,509 [cuckoo.core.startup] DEBUG: |-- TinbaMutexes 2018-01-25 15:53:28,509 [cuckoo.core.startup] DEBUG: |-- TnegaMutexes 2018-01-25 15:53:28,509 [cuckoo.core.startup] DEBUG: |-- Tor 2018-01-25 15:53:28,510 [cuckoo.core.startup] DEBUG: |-- TorHiddenService 2018-01-25 15:53:28,510 [cuckoo.core.startup] DEBUG: |-- Travnet 2018-01-25 15:53:28,510 [cuckoo.core.startup] DEBUG: |-- Trogbot 2018-01-25 15:53:28,510 [cuckoo.core.startup] DEBUG: |-- TrojanJorik 2018-01-25 15:53:28,510 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2018-01-25 15:53:28,510 [cuckoo.core.startup] DEBUG: |-- TrojanLethic 2018-01-25 15:53:28,510 [cuckoo.core.startup] DEBUG: |-- trojanmrblack 2018-01-25 15:53:28,510 [cuckoo.core.startup] DEBUG: |-- TrojanRedosru 2018-01-25 15:53:28,510 [cuckoo.core.startup] DEBUG: |-- TrojanSysn 2018-01-25 15:53:28,510 [cuckoo.core.startup] DEBUG: |-- trojanyoddos 2018-01-25 15:53:28,511 [cuckoo.core.startup] DEBUG: |-- TufikMutexes 2018-01-25 15:53:28,511 [cuckoo.core.startup] DEBUG: |-- Turkojan 2018-01-25 15:53:28,511 [cuckoo.core.startup] DEBUG: |-- TurlaCarbon 2018-01-25 15:53:28,511 [cuckoo.core.startup] DEBUG: |-- UFRStealer 2018-01-25 15:53:28,511 [cuckoo.core.startup] DEBUG: |-- Unhook 2018-01-25 15:53:28,511 [cuckoo.core.startup] DEBUG: |-- Upatre 2018-01-25 15:53:28,511 [cuckoo.core.startup] DEBUG: |-- UpatreTDMutexes 2018-01-25 15:53:28,511 [cuckoo.core.startup] DEBUG: |-- UPXCompressed 2018-01-25 15:53:28,511 [cuckoo.core.startup] DEBUG: |-- UrkShortCN 2018-01-25 15:53:28,512 [cuckoo.core.startup] DEBUG: |-- URLSpy 2018-01-25 15:53:28,512 [cuckoo.core.startup] DEBUG: |-- UroburosFile 2018-01-25 15:53:28,512 [cuckoo.core.startup] DEBUG: |-- UroburosMutexes 2018-01-25 15:53:28,512 [cuckoo.core.startup] DEBUG: |-- Urxbot 2018-01-25 15:53:28,512 [cuckoo.core.startup] DEBUG: |-- UsesWindowsUtilities 2018-01-25 15:53:28,512 [cuckoo.core.startup] DEBUG: |-- Vanbot 2018-01-25 15:53:28,512 [cuckoo.core.startup] DEBUG: |-- VBInject 2018-01-25 15:53:28,512 [cuckoo.core.startup] DEBUG: |-- VBoxDetectACPI 2018-01-25 15:53:28,512 [cuckoo.core.startup] DEBUG: |-- VBoxDetectDevices 2018-01-25 15:53:28,513 [cuckoo.core.startup] DEBUG: |-- VBoxDetectFiles 2018-01-25 15:53:28,513 [cuckoo.core.startup] DEBUG: |-- VBoxDetectKeys 2018-01-25 15:53:28,513 [cuckoo.core.startup] DEBUG: |-- VBoxDetectProvname 2018-01-25 15:53:28,513 [cuckoo.core.startup] DEBUG: |-- VBoxDetectWindow 2018-01-25 15:53:28,513 [cuckoo.core.startup] DEBUG: |-- Vertex 2018-01-25 15:53:28,513 [cuckoo.core.startup] DEBUG: |-- VertexSolarURL 2018-01-25 15:53:28,513 [cuckoo.core.startup] DEBUG: |-- VirtualPCDetect 2018-01-25 15:53:28,513 [cuckoo.core.startup] DEBUG: |-- VirtualPCIllegalInstruction 2018-01-25 15:53:28,513 [cuckoo.core.startup] DEBUG: |-- Virut 2018-01-25 15:53:28,514 [cuckoo.core.startup] DEBUG: |-- VMFirmware 2018-01-25 15:53:28,514 [cuckoo.core.startup] DEBUG: |-- VMPPacked 2018-01-25 15:53:28,514 [cuckoo.core.startup] DEBUG: |-- VMWareDetectFiles 2018-01-25 15:53:28,514 [cuckoo.core.startup] DEBUG: |-- VMWareDetectKeys 2018-01-25 15:53:28,514 [cuckoo.core.startup] DEBUG: |-- VMWareInInstruction 2018-01-25 15:53:28,514 [cuckoo.core.startup] DEBUG: |-- VncMutexes 2018-01-25 15:53:28,514 [cuckoo.core.startup] DEBUG: |-- VNLoaderURL 2018-01-25 15:53:28,514 [cuckoo.core.startup] DEBUG: |-- VolDevicetree1 2018-01-25 15:53:28,514 [cuckoo.core.startup] DEBUG: |-- VolHandles1 2018-01-25 15:53:28,514 [cuckoo.core.startup] DEBUG: |-- VolLdrModules1 2018-01-25 15:53:28,515 [cuckoo.core.startup] DEBUG: |-- VolLdrModules2 2018-01-25 15:53:28,515 [cuckoo.core.startup] DEBUG: |-- VolMalfind1 2018-01-25 15:53:28,515 [cuckoo.core.startup] DEBUG: |-- VolModscan1 2018-01-25 15:53:28,515 [cuckoo.core.startup] DEBUG: |-- VolSvcscan1 2018-01-25 15:53:28,515 [cuckoo.core.startup] DEBUG: |-- VolSvcscan2 2018-01-25 15:53:28,515 [cuckoo.core.startup] DEBUG: |-- VolSvcscan3 2018-01-25 15:53:28,515 [cuckoo.core.startup] DEBUG: |-- VPCDetectKeys 2018-01-25 15:53:28,515 [cuckoo.core.startup] DEBUG: |-- Wakbot 2018-01-25 15:53:28,516 [cuckoo.core.startup] DEBUG: |-- WarbotURL 2018-01-25 15:53:28,516 [cuckoo.core.startup] DEBUG: |-- Whimoo 2018-01-25 15:53:28,516 [cuckoo.core.startup] DEBUG: |-- Win32ProcessCreate 2018-01-25 15:53:28,516 [cuckoo.core.startup] DEBUG: |-- WineDetect 2018-01-25 15:53:28,516 [cuckoo.core.startup] DEBUG: |-- WinSCP 2018-01-25 15:53:28,516 [cuckoo.core.startup] DEBUG: |-- WinSxsBot 2018-01-25 15:53:28,516 [cuckoo.core.startup] DEBUG: |-- WMIAntiVM 2018-01-25 15:53:28,517 [cuckoo.core.startup] DEBUG: |-- WormAllaple 2018-01-25 15:53:28,517 [cuckoo.core.startup] DEBUG: |-- WormKolabc 2018-01-25 15:53:28,517 [cuckoo.core.startup] DEBUG: |-- XenDetectKeys 2018-01-25 15:53:28,517 [cuckoo.core.startup] DEBUG: |-- XtremeRAT 2018-01-25 15:53:28,517 [cuckoo.core.startup] DEBUG: |-- Xworm 2018-01-25 15:53:28,517 [cuckoo.core.startup] DEBUG: |-- Zegost 2018-01-25 15:53:28,517 [cuckoo.core.startup] DEBUG: |-- ZeusMutexes 2018-01-25 15:53:28,518 [cuckoo.core.startup] DEBUG: |-- ZeusP2P 2018-01-25 15:53:28,518 [cuckoo.core.startup] DEBUG: |-- ZeusURL 2018-01-25 15:53:28,518 [cuckoo.core.startup] DEBUG:-- ZoneID 2018-01-25 15:53:28,518 [cuckoo.core.startup] DEBUG: Imported "reporting" modules: 2018-01-25 15:53:28,518 [cuckoo.core.startup] DEBUG: |-- ElasticSearch 2018-01-25 15:53:28,518 [cuckoo.core.startup] DEBUG: |-- Feedback 2018-01-25 15:53:28,518 [cuckoo.core.startup] DEBUG: |-- JsonDump 2018-01-25 15:53:28,519 [cuckoo.core.startup] DEBUG: |-- Mattermost 2018-01-25 15:53:28,519 [cuckoo.core.startup] DEBUG: |-- MISP 2018-01-25 15:53:28,519 [cuckoo.core.startup] DEBUG: |-- Moloch 2018-01-25 15:53:28,519 [cuckoo.core.startup] DEBUG: |-- MongoDB 2018-01-25 15:53:28,519 [cuckoo.core.startup] DEBUG: |-- Notification 2018-01-25 15:53:28,519 [cuckoo.core.startup] DEBUG: `-- SingleFile 2018-01-25 15:53:28,527 [cuckoo.core.startup] DEBUG: Checking for locked tasks.. 2018-01-25 15:53:28,536 [cuckoo.core.startup] DEBUG: Checking for pending service tasks.. 2018-01-25 15:53:28,543 [cuckoo.core.startup] DEBUG: Initializing Yara... 2018-01-25 15:53:28,545 [cuckoo.core.startup] DEBUG: |-- binaries embedded.yar 2018-01-25 15:53:28,545 [cuckoo.core.startup] DEBUG: |-- binaries filetypes.yar 2018-01-25 15:53:28,546 [cuckoo.core.startup] DEBUG: |-- binaries shellcodes.yar 2018-01-25 15:53:28,546 [cuckoo.core.startup] DEBUG: |-- binaries vmdetect.yar 2018-01-25 15:53:28,548 [cuckoo.core.startup] DEBUG: |-- scripts applocker_bypass.yar 2018-01-25 15:53:28,548 [cuckoo.core.startup] DEBUG: |-- scripts powerfun.yar 2018-01-25 15:53:28,548 [cuckoo.core.startup] DEBUG: |-- scripts powershell_AMSI.yar 2018-01-25 15:53:28,548 [cuckoo.core.startup] DEBUG: |-- scripts powershell_BITS_transfer.yar 2018-01-25 15:53:28,548 [cuckoo.core.startup] DEBUG: |-- scripts powershell_ddi_rc4.yar 2018-01-25 15:53:28,548 [cuckoo.core.startup] DEBUG: |-- scripts powershell_dfsp.yar 2018-01-25 15:53:28,548 [cuckoo.core.startup] DEBUG: |-- scripts powershell_di.yar 2018-01-25 15:53:28,549 [cuckoo.core.startup] DEBUG: |-- scripts powershell_empire.yar 2018-01-25 15:53:28,549 [cuckoo.core.startup] DEBUG: |-- scripts powershell_meterpreter.yar 2018-01-25 15:53:28,549 [cuckoo.core.startup] DEBUG: |-- scripts powershell_txt_c2.yar 2018-01-25 15:53:28,549 [cuckoo.core.startup] DEBUG: |-- scripts powershell_unicorn.yar 2018-01-25 15:53:28,549 [cuckoo.core.startup] DEBUG: |-- scripts powerworm.yar 2018-01-25 15:53:28,550 [cuckoo.core.startup] DEBUG: |-- shellcode metasploit.yar 2018-01-25 15:53:28,550 [cuckoo.core.startup] DEBUG: |-- office dde.yar 2018-01-25 15:53:28,550 [cuckoo.core.startup] DEBUG: |-- office ole.yar 2018-01-25 15:53:28,551 [cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.1.8:2042. 2018-01-25 15:53:28,553 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2018-01-25 15:53:29,079 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo1 to Snapshot1 2018-01-25 15:53:29,389 [cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2018-01-25 15:53:29,400 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2018-01-25 15:53:30,481 [cuckoo.core.scheduler] DEBUG: Processing task #2 2018-01-25 15:53:30,492 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "Locky" (task #2, options "procmemdump=yes,route=none") 2018-01-25 15:53:30,553 [cuckoo.core.scheduler] INFO: Task #2: acquired machine cuckoo1 (label=cuckoo1) 2018-01-25 15:53:30,562 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 6116 (interface=vboxnet0, host=192.168.56.101) 2018-01-25 15:53:30,563 [cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2018-01-25 15:53:30,699 [cuckoo.machinery.virtualbox] DEBUG: Starting vm cuckoo1 2018-01-25 15:53:30,830 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine cuckoo1 to Snapshot1 2018-01-25 15:53:37,378 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101) 2018-01-25 15:53:38,382 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2018-01-25 15:53:39,390 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2018-01-25 15:53:40,396 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2018-01-25 15:53:41,403 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2018-01-25 15:53:42,413 [cuckoo.core.guest] DEBUG: cuckoo1: not ready yet 2018-01-25 15:53:46,916 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.8 (id=cuckoo1, ip=192.168.56.101) 2018-01-25 15:53:56,340 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=cuckoo1, ip=192.168.56.101, monitor=latest, size=3840773) 2018-01-25 15:54:14,677 [cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized. 2018-01-25 15:54:19,055 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:54:24,699 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:54:30,291 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:54:35,885 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:54:41,479 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:54:47,026 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:54:52,558 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:54:58,152 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:55:03,699 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:55:09,293 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:55:14,839 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:55:20,417 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:55:26,010 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:55:31,559 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:55:37,103 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:55:42,811 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:55:48,541 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:55:54,338 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:00,229 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:06,057 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:11,823 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:17,448 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:23,041 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:28,729 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:34,733 [cuckoo.core.guest] INFO: Virtual Machine /status failed (ReadTimeout(ReadTimeoutError("HTTPConnectionPool(host='192.168.56.101', port=8000): Read timed out. (read timeout=5)",),)) 2018-01-25 15:56:34,735 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:40,605 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:46,276 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:51,854 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:56:57,416 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:57:02,947 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:57:08,494 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:57:14,041 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:57:19,589 [cuckoo.core.guest] DEBUG: cuckoo1: analysis still processing 2018-01-25 15:57:20,590 [cuckoo.core.guest] INFO: cuckoo1: end of analysis reached! 2018-01-25 15:57:20,709 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2018-01-25 15:57:51,256 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label cuckoo1 to path /home/medusa/.cuckoo/storage/analyses/2/memory.dmp 2018-01-25 15:57:51,353 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm cuckoo1 2018-01-25 15:58:12,613 [cuckoo.core.scheduler] DEBUG: Released database task #2 2018-01-25 15:58:12,997 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" for task #2 2018-01-25 15:58:12,998 [cuckoo.processing.behavior] WARNING: Analysis results folder does not contain any behavior log files. 2018-01-25 15:58:12,998 [cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" for task #2 2018-01-25 15:58:12,999 [cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" for task #2 2018-01-25 15:58:12,999 [cuckoo.core.plugins] DEBUG: Executed processing module "DroppedBuffer" for task #2 2018-01-25 15:58:13,045 [cuckoo.core.plugins] DEBUG: Executed processing module "MetaInfo" for task #2 2018-01-25 15:58:13,045 [cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" for task #2 2018-01-25 15:58:13,046 [cuckoo.core.plugins] DEBUG: Executed processing module "Procmon" for task #2 2018-01-25 15:58:13,046 [cuckoo.core.plugins] DEBUG: Executed processing module "Screenshots" for task #2 2018-01-25 15:58:13,504 [cuckoo.core.plugins] DEBUG: Executed processing module "Static" for task #2 2018-01-25 15:58:13,518 [cuckoo.core.plugins] DEBUG: Executed processing module "Strings" for task #2 2018-01-25 15:58:13,524 [cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" for task #2 2018-01-25 15:58:16,761 [cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" for task #2 2018-01-25 15:58:16,762 [cuckoo.core.plugins] DEBUG: Executed processing module "Extracted" for task #2 2018-01-25 15:58:16,762 [cuckoo.core.plugins] DEBUG: Executed processing module "TLSMasterSecrets" for task #2 2018-01-25 15:58:16,834 [cuckoo.core.plugins] DEBUG: Executed processing module "Debug" for task #2 2018-01-25 15:58:16,838 [cuckoo.core.plugins] DEBUG: Running 473 signatures 2018-01-25 15:58:17,002 [cuckoo.core.plugins] DEBUG: Analysis matched signature: network_http 2018-01-25 15:58:17,002 [cuckoo.core.plugins] DEBUG: Analysis matched signature: network_icmp 2018-01-25 15:58:17,003 [cuckoo.core.plugins] DEBUG: Analysis matched signature: suspicious_tld 2018-01-25 15:58:17,003 [cuckoo.core.plugins] DEBUG: Analysis matched signature: packer_entropy 2018-01-25 15:58:17,003 [cuckoo.core.plugins] DEBUG: Analysis matched signature: peid_packer 2018-01-25 15:58:17,041 [cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump" 2018-01-25 15:58:17,257 [cuckoo.core.plugins] DEBUG: Executed reporting module "SingleFile" 2018-01-25 15:58:17,496 [cuckoo.core.plugins] DEBUG: Executed reporting module "MongoDB" 2018-01-25 15:58:17,497 [cuckoo.core.scheduler] INFO: Task #2: reports generation completed 2018-01-25 15:58:17,510 [cuckoo.core.scheduler] INFO: Task #2: analysis procedure completed

screenshot from 2018-01-25 15-56-44

wirehack7 commented 6 years ago

Referring issue #2091 See solution there, maybe it helps you.

jbremer commented 6 years ago

Your resultserver IP address seems odd, btw.