search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.52k stars 1.7k forks source link

cuckoo submit utility not working and other issues #2218

Open me0ne0 opened 6 years ago

me0ne0 commented 6 years ago

Thanks for creating an issue! But first: did you read our community guidelines? https://cuckoo.sh/docs/introduction/community.html

My issue is:

cuckoo submit utility for folder is not working and other errors produced while using web interface

My Cuckoo version and operating system are:

cuckoo version 2.0.5 and host OS ubuntu 16.04.5

This can be reproduced by:
The log, error, files etc can be found at:

Task # 39 VirusShare_04d56751f25d6169005395ccd13eae55

2018-04-04 20:39:23,675 [cuckoo.core.scheduler] INFO: Task #39: acquired machine cuckoo1 (label=win764-1) 2018-04-04 20:39:23,782 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 30233 (interface=vboxnet1, host=10.10.10.11) 2018-04-04 20:39:34,172 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=10.10.10.11) 2018-04-04 20:39:48,183 [cuckoo.common.netlog] CRITICAL: BsonParser lacking data. 2018-04-04 20:40:18,756 [cuckoo.processing.screenshots] ERROR: Could not find tesseract binary, screenshot OCR aborted. 2018-04-04 20:40:33,923 [cuckoo.core.guest] INFO: cuckoo1: analysis completed successfully

Task # 40 VirusShare_4d796194d32a6beeebeab0c96159602d

INFO: Task #40: acquired machine cuckoo1 (label=win764-1) 2018-04-04 20:40:39,192 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 30511 (interface=vboxnet1, host=10.10.10.11) 2018-04-04 20:40:51,189 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=10.10.10.11) 2018-04-04 20:40:51,409 [cuckoo.processing.screenshots] ERROR: Could not find tesseract binary, screenshot OCR aborted. 2018-04-04 20:41:04,826 [cuckoo.processing.static] CRITICAL: You do not have the m2crypto library installed preventing certificate extraction. Please read the Cuckoo documentation on installing m2crypto (you need SWIG installed and then pip install m2crypto==0.24.0)! 2018-04-04 20:43:20,881 [cuckoo.core.guest] INFO: cuckoo1: analysis completed successfully

The m2crypto library is already installed

i guess these errors are produced when a malware is packed and obfuscated? Whats your opinion

2nd error:

VirusShare_4cea477a5ed4fef9bcfa4d940e64a681

2018-04-04 20:43:24,643 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "VirusShare_4cea477a5ed4fef9bcfa4d940e64a681" (task #41, options "procmemdump=yes,route=none") 2018-04-04 20:43:25,139 [cuckoo.core.scheduler] INFO: Task #41: acquired machine cuckoo1 (label=win764-1) 2018-04-04 20:43:25,262 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 30836 (interface=vboxnet1, host=10.10.10.11) 2018-04-04 20:43:27,057 [cuckoo.common.netlog] CRITICAL: BsonParser lacking data. 2018-04-04 20:43:37,627 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=10.10.10.11) 2018-04-04 20:43:52,998 [cuckoo.processing.screenshots] ERROR: Could not find tesseract binary, screenshot OCR aborted. 2018-04-04 20:43:58,914 [cuckoo.core.scheduler] ERROR: Error from the Cuckoo Guest: Analysis failed: Unable to execute the initial process, analysis aborted. Traceback (most recent call last): File "C:\flmgvwoii\analyzer.py", line 798, in success = analyzer.run() File "C:\flmgvwoii\analyzer.py", line 650, in run pids = self.package.start(self.target) File "C:\flmgvwoii\modules\packages\exe.py", line 23, in start return self.execute(path, args=shlex.split(args)) File "C:\flmgvwoii\lib\common\abstracts.py", line 166, in execute "Unable to execute the initial process, analysis aborted." CuckooPackageError: Unable to execute the initial process, analysis aborted.

2018-04-04 20:44:06,630 [cuckoo.processing.screenshots] ERROR: Could not find tesseract binary, screenshot OCR aborted.

VirusShare_4cef2e575f765f9d2e847cee1af02b28

2018-04-04 20:44:06,909 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "VirusShare_4cef2e575f765f9d2e847cee1af02b28" (task #42, options "procmemdump=yes,route=none") 2018-04-04 20:44:07,331 [cuckoo.core.scheduler] INFO: Task #42: acquired machine cuckoo1 (label=win764-1) 2018-04-04 20:44:07,595 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 31089 (interface=vboxnet1, host=10.10.10.11) 2018-04-04 20:44:11,889 [cuckoo.processing.static] CRITICAL: You do not have the m2crypto library installed preventing certificate extraction. Please read the Cuckoo documentation on installing m2crypto (you need SWIG installed and then pip install m2crypto==0.24.0)! 2018-04-04 20:44:19,853 [cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=10.10.10.11) 2018-04-04 20:44:29,693 [weasyprint] WARNING: Ignored -ms-text-size-adjust: 100% at 21:3, unknown property. 2018-04-04 20:44:29,791 [weasyprint] WARNING: Ignored -webkit-text-size-adjust: 100% at 22:3, unknown property. 2018-04-04 20:44:29,830 [weasyprint] WARNING: Ignored -webkit-text-decoration-skip: objects at 112:3, unknown property. 2018-04-04 20:44:29,855 [weasyprint] WARNING: Ignored text-decoration: underline dotted at 133:3, invalid value. 2018-04-04 20:44:29,925 [weasyprint] WARNING: Ignored -webkit-appearance: button at 298:3, unknown property. 2018-04-04 20:44:29,963 [weasyprint] WARNING: Invalid or unsupported selector 'button::-moz-focus-inner,

[type="submit"]::-moz-focus-inner ', Unknown pseudo-element: -moz-focus-inner 2018-04-04 20:44:29,969 [weasyprint] WARNING: Ignored outline: 1px dotted ButtonText at 321:3, invalid value. 2018-04-04 20:44:30,011 [weasyprint] WARNING: Invalid or unsupported selector '[type="number"]::-webkit-inner-spin-button, [type="number"]::-webkit-outer-spin-button ', Unknown pseudo-element: -webkit-inner-spin-button 2018-04-04 20:44:30,020 [weasyprint] WARNING: Ignored -webkit-appearance: textfield at 394:3, unknown property. 2018-04-04 20:44:30,035 [weasyprint] WARNING: Ignored outline-offset: -2px at 395:3, unknown property. 2018-04-04 20:44:30,060 [weasyprint] WARNING: Ignored -webkit-appearance: none at 404:3, unknown property. 2018-04-04 20:44:30,079 [weasyprint] WARNING: Ignored -webkit-appearance: button at 413:3, unknown property. 2018-04-04 20:44:30,090 [weasyprint] WARNING: Invalid or unsupported selector '::-webkit-file-upload-button ', Unknown pseudo-element: -webkit-file-upload-button 2018-04-04 20:44:30,108 [weasyprint] WARNING: Invalid or unsupported selector 'details, / 1 / menu ', (<Comment 1 >, u'expected a compound selector, got comment') 2018-04-04 20:44:30,133 [weasyprint] WARNING: Ignored -webkit-font-smoothing: antialiased at 472:2, unknown property. 2018-04-04 20:44:30,148 [weasyprint] WARNING: Ignored -webkit-box-sizing: border-box at 478:2, unknown property. 2018-04-04 20:44:30,157 [weasyprint] WARNING: Ignored -moz-box-sizing: border-box at 479:2, unknown property. 2018-04-04 20:44:30,193 [weasyprint] WARNING: Ignored display: flex at 508:2, invalid value. 2018-04-04 20:44:30,201 [weasyprint] WARNING: Ignored align-items: center at 509:2, unknown property. 2018-04-04 20:44:30,213 [weasyprint] WARNING: Ignored flex-basis: 93px at 516:2, unknown property. 2018-04-04 20:44:30,235 [weasyprint] WARNING: Ignored display: flex at 551:25, invalid value. 2018-04-04 20:44:30,247 [weasyprint] WARNING: Ignored flex-basis: 100% at 552:29, unknown property. 2018-04-04 20:44:30,256 [weasyprint] WARNING: Ignored flex-grow: 0 at 553:39, unknown property. 2018-04-04 20:44:30,273 [weasyprint] WARNING: Ignored cursor: pointer at 565:39, the property does not apply for the print media. 2018-04-04 20:44:30,297 [weasyprint] WARNING: Ignored box-shadow: 0px 1px 0px rgba(255,255,255,1) at 580:2, unknown property. 2018-04-04 20:44:30,334 [weasyprint] WARNING: Ignored display: flex at 621:2, invalid value. 2018-04-04 20:44:30,339 [weasyprint] WARNING: Ignored flex-direction: column at 622:2, unknown property.

41--42...Error from the Cuckoo Guest:Analysis failed: Unable to execute the initial process, analysis aborted. Traceback (most recent call last): as seen from cuckoo web.

========================================================

3rd ERROR and Main issue

(cuckoo) mxn@mxn-Latitude-E6510:~$ cuckoo submit --machine cuckoo1 /home/mxn/Downloads/test0 Success: File "/home/mxn/Downloads/test0/1.exe" added as task with ID #112 Success: File "/home/mxn/Downloads/test0/0.exe" added as task with ID #113 Success: File "/home/mxn/Downloads/test0/newbos2.exe" added as task with ID #114 Success: File "/home/mxn/Downloads/test0/2d.exe" added as task with ID #115 Success: File "/home/mxn/Downloads/test0/340s.exe" added as task with ID #116

2018-04-04 22:45:39,512 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "1.exe" (task #112, options "") 2018-04-04 22:45:39,592 [cuckoo.core.scheduler] ERROR: Cannot acquire machine: No machines match selection criteria. 2018-04-04 22:45:39,733 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/mxn/.cuckoo/storage/analyses/112/logs'. 2018-04-04 22:45:40,787 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "0.exe" (task #113, options "") 2018-04-04 22:45:40,998 [cuckoo.core.scheduler] ERROR: Cannot acquire machine: No machines match selection criteria. 2018-04-04 22:45:41,167 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/mxn/.cuckoo/storage/analyses/113/logs'. 2018-04-04 22:45:41,244 [cuckoo.processing.network] WARNING: The PCAP file does not exist at path "/home/mxn/.cuckoo/storage/analyses/112/dump.pcap". 2018-04-04 22:45:42,076 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "newbos2.exe" (task #114, options "") 2018-04-04 22:45:42,258 [cuckoo.core.scheduler] ERROR: Cannot acquire machine: No machines match selection criteria. 2018-04-04 22:45:42,444 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/mxn/.cuckoo/storage/analyses/114/logs'. 2018-04-04 22:45:43,539 [cuckoo.processing.network] WARNING: The PCAP file does not exist at path "/home/mxn/.cuckoo/storage/analyses/113/dump.pcap". 2018-04-04 22:45:43,704 [cuckoo.core.scheduler] INFO: Starting analysis of FILE "2d.exe" (task #115, options "") 2018-04-04 22:45:43,999 [cuckoo.core.scheduler] ERROR: Cannot acquire machine: No machines match selection criteria. 2018-04-04 22:45:44,159 [cuckoo.processing.behavior] WARNING: Analysis results folder does not exist at path '/home/mxn/.cuckoo/storage/analyses/115/logs'. 2018-04-04 22:45:44,805 [cuckoo.processing.debug] ERROR: Error processing task #112: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration

When submitting malwares via submit utility, i get above errors, while when i use web interface no errors occur and above files are successfully run as seen below

5 | 2018-04-04 17:54 | eb93600c45e8d7cf13c3ae86aa4d4999 | newbos2.exe | reported | score: 11.2 4 | 2018-04-04 17:51 | 48cd89827939b3a8976d9bb0993bc338 | 340s.exe | reported | score: 11.2 3 | 2018-04-04 17:47 | 38b50102f941b4f4cba161408cf20933 | 2d.exe | reported | score: 4.8 2 | 2018-04-04 17:45 | 60bcb0e1b9ae5a9b50dcff7decd656ae | 1.exe | reported | score: 2.8 1 | 2018-04-04 17:44 | 2a9d0d06d292a4cbbe4a95da4650ed54 | 0.exe | reported | score: 4.6

why is it happening?

me0ne0 commented 6 years ago

A few information notes required. If i want to run 2 Guest Windows VM, should i use process_instance 1 and instance 2? Can i do it from web interface or not ? 2) If i have 2 Guest windows VM, 2 Guest Linux VM and 2 Android VM, If i submit 10 samples through web which machine will process them? the first machine as in cuckoo1 or all of them from cuckoo1 to cuckoo6? Can is specify through web to use particular VM e.g only windows guest VM? 3) Is there a way around for Guest VM in virtual box not to be shut down after analysis and instead revert to snapshot?

me0ne0 commented 6 years ago

4) Is there any way to get consolidated report of all run e.g 10 malwares at the same time?

me0ne0 commented 6 years ago

hello anyone care to respond?

doomedraven commented 6 years ago

read the manual

  1. process instances can't be started from webgui, you should start them manually or supervisor
  2. you need manually specify vm, the part of recon arch still doesn't implemented but it easy can be done by you, i have done that using tags injection
  3. modify code for that
  4. you can get them if you start enough processing instances and have many cores for it
me0ne0 commented 6 years ago

alrite, and what about the samples output? why they are not being analyzed in the guest machine? even if they are packed they should run.

me0ne0 commented 6 years ago

i am not being able to utilize submit utility. It gives me above mentioned errors while from gui the samples run fine.

doomedraven commented 6 years ago

did you at least read the ouput ?

2018-04-04 22:45:44,805 [cuckoo.processing.debug] ERROR: Error processing task #112: it appears that the Virtual Machine hasn't been able to contact back to the Cuckoo Host. There could be a few reasons for this, please refer to our documentation on the matter: https://cuckoo.sh/docs/faq/index.html#troubleshooting-vm-network-configuration
doomedraven commented 6 years ago

and for that you can search on issues you will have tons of my responses and suggestions how to test

me0ne0 commented 6 years ago

yes i did read that and i understood it.

I am saying that "when VM's are up and i try to use the submit utility, they produce errors, while if i use the web utility they perform well as mentioned above"

I will give it a one more try and get back to u on this, but i m pretty sure submit utility did not work even though VMs were up when i raised this issue.

doomedraven commented 6 years ago

vms shouldn't be started, cuckoo stars them, if that works from webgui, should works for submit, you see what task was created successfully?

me0ne0 commented 6 years ago

hi, sorry for late reply. i was out of town for a few days. The vm guest machines are in snapshot state of resume. When i type following command it appears that submit utility has successfully submitted the required files

(cuckoo) mxn@mxn-Latitude-E6510:~$ cuckoo submit --machine cuckoo1 /home/mxn/Downloads/test0 Success: File "/home/mxn/Downloads/test0/1.exe" added as task with ID #112 Success: File "/home/mxn/Downloads/test0/0.exe" added as task with ID #113 Success: File "/home/mxn/Downloads/test0/newbos2.exe" added as task with ID #114 Success: File "/home/mxn/Downloads/test0/2d.exe" added as task with ID #115 Success: File "/home/mxn/Downloads/test0/340s.exe" added as task with ID #116

however, it appears that following error is causing the problem

[cuckoo.core.scheduler] ERROR: Cannot acquire machine: No machines match selection criteria.

may be machine names like cuckoo1 is causing the problem. Can i try it using the --label argument? I could not find it in the documentation that i could use --label.

me0ne0 commented 6 years ago

Its my understanding that for all the versions of cuckoo guest VM's should be in snapshot resume mode. As all guest VM's should be started by Cuckoo itself as mentioned by you. But in snapshot resume mode neither curl works nor guest VM IP's are pingable. Is that could be problem ?

doomedraven commented 6 years ago

about the --machine cuckoo1 can you post part of your hypervisor conf so i can point you to correct option

me0ne0 commented 6 years ago

i am using virtualbox 5.1 in ubuntu 16.04 as host OS. Following is the config of virtualbox.

[virtualbox]

Specify which VirtualBox mode you want to run your machines on.

Can be "gui" or "headless". Please refer to VirtualBox's official

documentation to understand the differences.

mode = headless

Path to the local installation of the VBoxManage utility.

path = /usr/bin/VBoxManage

If you are running Cuckoo on Mac OS X you have to change the path as follows:

path = /Applications/VirtualBox.app/Contents/MacOS/VBoxManage

Default network interface.

interface = vboxnet1

Specify a comma-separated list of available machines to be used. For each

specified ID you have to define a dedicated section containing the details

on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3)

machines = cuckoo1,cuckoo2

[cuckoo1]

Specify the label name of the current machine as specified in your

VirtualBox configuration.

label = win764-1

Specify the operating system platform used by current machine

[windows/darwin/linux/android_device].

platform = windows

Specify the IP address of the current virtual machine. Make sure that the

IP address is valid and that the host machine is able to reach it. If not,

the analysis will fail.

ip = 10.10.10.11

(Optional) Specify the snapshot name to use. If you do not specify a snapshot

name, the VirtualBox MachineManager will use the current snapshot.

Example (Snapshot1 is the snapshot name):

snapshot = snapshot1

(Optional) Specify the name of the network interface that should be used

when dumping network traffic from this machine with tcpdump. If specified,

overrides the default interface specified in auxiliary.conf

Example (vboxnet0 is the interface name):

interface = vboxnet1

(Optional) Specify the IP of the Result Server, as your virtual machine sees it.

The Result Server will always bind to the address and port specified in cuckoo.conf,

however you could set up your virtual network to use NAT/PAT, so you can specify here

the IP address for the Result Server as your machine sees it. If you don't specify an

address here, the machine will use the default value from cuckoo.conf.

NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.

Example:

resultserver_ip =

(Optional) Specify the port for the Result Server, as your virtual machine sees it.

The Result Server will always bind to the address and port specified in cuckoo.conf,

however you could set up your virtual network to use NAT/PAT, so you can specify here

the port for the Result Server as your machine sees it. If you don't specify a port

here, the machine will use the default value from cuckoo.conf.

Example:

resultserver_port =

(Optional) Set your own tags. These are comma separated and help to identify

specific VMs. You can run samples on VMs with tag you require.

tags =

Mostly unused for now. Please don't fill it out.

options =

(Optional) Specify the OS profile to be used by volatility for this

virtual machine. This will override the guest_profile variable in

memory.conf which solves the problem of having multiple types of VMs

and properly determining which profile to use.

osprofile = Win7SP1x64

[cuckoo2]

Specify the label name of the current machine as specified in your

VirtualBox configuration.

label = win732-1

Specify the operating system platform used by current machine

[windows/darwin/linux/android_device].

platform = windows

Specify the IP address of the current virtual machine. Make sure that the

IP address is valid and that the host machine is able to reach it. If not,

the analysis will fail.

ip = 10.10.10.21

(Optional) Specify the snapshot name to use. If you do not specify a snapshot

name, the VirtualBox MachineManager will use the current snapshot.

Example (Snapshot1 is the snapshot name):

snapshot = snapshot1

(Optional) Specify the name of the network interface that should be used

when dumping network traffic from this machine with tcpdump. If specified,

overrides the default interface specified in auxiliary.conf

Example (vboxnet0 is the interface name):

interface = vboxnet1

(Optional) Specify the IP of the Result Server, as your virtual machine sees it.

The Result Server will always bind to the address and port specified in cuckoo.conf,

however you could set up your virtual network to use NAT/PAT, so you can specify here

the IP address for the Result Server as your machine sees it. If you don't specify an

address here, the machine will use the default value from cuckoo.conf.

NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf.

Example:

resultserver_ip =

(Optional) Specify the port for the Result Server, as your virtual machine sees it.

The Result Server will always bind to the address and port specified in cuckoo.conf,

however you could set up your virtual network to use NAT/PAT, so you can specify here

the port for the Result Server as your machine sees it. If you don't specify a port

here, the machine will use the default value from cuckoo.conf.

Example:

resultserver_port =

(Optional) Set your own tags. These are comma separated and help to identify

specific VMs. You can run samples on VMs with tag you require.

tags =

Mostly unused for now. Please don't fill it out.

options =

(Optional) Specify the OS profile to be used by volatility for this

virtual machine. This will override the guest_profile variable in

memory.conf which solves the problem of having multiple types of VMs

and properly determining which profile to use.

osprofile = Win7SP1x86

[honeyd]

For more information on this VM please refer to the "services" section of

the conf/auxiliary.conf configuration file. This machine is a bit special

in the way that its used as an additional VM for an analysis.

NOTE that if this functionality is used, the VM should be registered in

the "machines" list in the beginning of this file.

label = honeyd platform = linux ip = 192.168.56.102

The tags should at least contain "service" and the name of this service.

This way the services auxiliary module knows how to find this particular VM.

tags = service, honeyd

Not all services actually have a Cuckoo Agent running in the VM, for those

services one can specify the "noagent" option so Cuckoo will just wait until

the end of the analysis instead of trying to connect to the non-existing

Cuckoo Agent. We can't really intercept any inter-VM communication from the

host / gateway so in order to dump traffic between VMs we have to use a

different network dumping approach. For this machine we use the "nictrace"

functionality from VirtualBox (which is basically their internal tcpdump)

and thus properly dumps inter-VM traffic.

options = nictrace noagent

doomedraven commented 6 years ago

when you start cuckoo it shows you what it found the vms with names cuckoo1 and cuckoo2 no?

me0ne0 commented 6 years ago

yes it shows me, that loaded 2 virtual machines

me0ne0 commented 6 years ago

no errors

me0ne0 commented 6 years ago

Cuckoo Sandbox 2.0.5 www.cuckoosandbox.org Copyright (c) 2010-2017

Checking for updates... You're good to go!

Our latest blogposts:

2018-04-16 22:57:52,662 [cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2018-04-16 22:57:55,802 [cuckoo.core.scheduler] INFO: Loaded 2 machine/s 2018-04-16 22:57:55,827 [cuckoo.core.scheduler] INFO: Waiting for analysis tasks.

doomedraven commented 6 years ago

weird, that should works then

me0ne0 commented 6 years ago

yeah :( i have been banding my head around it for weeks now. But its not working. I think issue will persist. As a way around of it, i will use GUI, or i tried to use submit utility without --machine argument and it worked fine but it loaded all available machines.

me0ne0 commented 6 years ago

@doomedraven can you please provide me your valuable input on another matter in hand. As i run packed malwares in cuckoo, they were not executed and terminated with error "Error from the Cuckoo Guest: Analysis failed: Unable to execute the initial process, analysis aborted."

in my opinion packed malwares should run in the guest VM as long as they are not VMaware.

I ran sample of 100 malwares at a time and out of 100 only 10 ran successfully with some output. Rest all were showing the above mentioned error.

doomedraven commented 6 years ago

thats weird, they should be started anyway without care if there packer or not, can you provide hash for testing?

me0ne0 commented 6 years ago

@doomedraven already mentioned in the start of this thread. btw 2 of them are following

VirusShare_04d56751f25d6169005395ccd13eae55 VirusShare_4d796194d32a6beeebeab0c96159602d

me0ne0 commented 6 years ago

VirusShare_6efb83de57620f423d797bffccc174fb

doomedraven commented 6 years ago

thanks, sorry lost track of it, idk what is packed there, if you referring to js/html code, but it works just fine in my cuckoo, y suppouse you have something wrong in configuration

me0ne0 commented 6 years ago

can you check this file VirusShare_6efb83de57620f423d797bffccc174fb and let me know if it gives you analysis failed error?

doomedraven commented 6 years ago

i will check it tomorrow

me0ne0 commented 6 years ago

ok :-) will be waiting for your reply

me0ne0 commented 6 years ago

@doomedraven did you check it ?

doomedraven commented 6 years ago

i need update my x64 vm for testing, i will do that on weekend

me0ne0 commented 6 years ago

alrite

RicoVZ commented 6 years ago

Hi me0ne0,

To solve the "No machines match selection criteria", try using the same name in the label fields. Or use --machine win764-1 when submitting a new task.

So in the virtualbox.conf:

[cuckoo1]
label = cuckoo1