error AttributeError: 'module' object has no attribute 'STARTF_USESTDHANDLES' on updation of cuckoo

[bipindubey]

hi, i have just updated my cuckoo sandbox to latest verstion i.e 2.0.6. On submitting any file, i am getting the following error in cuckoo log WARNING: cuckoo1: analysis caught an exception Traceback (most recent call last): File "C:/tmpjjvhvw/analyzer.py", line 800, in success = analyzer.run() File "C:/tmpjjvhvw/analyzer.py", line 652, in run pids = self.package.start(self.target) File "C:\tmpjjvhvw\modules\packages\exe.py", line 23, in start return self.execute(path, args=shlex.split(args)) File "C:\tmpjjvhvw\lib\common\abstracts.py", line 164, in execute maximize=maximize, env=env, trigger=trigger): File "C:\tmpjjvhvw\lib\api\process.py", line 300, in execute is32bit = self.is32bit(path=path) File "C:\tmpjjvhvw\lib\api\process.py", line 271, in is32bit bitsize = int(subprocess_checkoutput(args)) File "C:\tmpjjvhvw\lib\api\process.py", line 104, in subprocess_checkoutput args, stdin=subprocess.PIPE, stderr=subprocess.PIPE, env=env, File "C:\Python27\lib\subprocess.py", line 530, in check_output process = Popen(stdout=PIPE, *popenargs, kwargs) File "C:\Python27\lib\subprocess.py", line 672, in init errread, errwrite) File "C:\Python27\lib\subprocess.py", line 882, in _execute_child startupinfo) File "C:\tmpjjvhvw\lib\api\process.py", line 69, in spCreateProcessW if si.flags & subprocess.STARTF_USESTDHANDLES: AttributeError: 'module' object has no attribute 'STARTF_USESTDHANDLES'**

[RicoVZ]

Hi bipindubey,

Thanks for posting an issue.

Could you tell us how exactly you submitted this file, what file it was, did you use any options, etc? Also: what operating system does your guest VM have?

Lastly, could you share the file/hash that is being analysed? :smile:

EDIT: This issue was fixed in 2.0.6.2. See the last comments on this issue.

[jbremer]

The STARTF_USESTDHANDLES value has literally been defined in the subprocess module since it first got introduced in 2004, so there must somehow be something wrong with your setup. Did you alter anything in the Cuckoo Analyzer or do you have an odd setup in one way or another?

[bipindubey]

@jbremer i had updated cuckoo version 2.0.5 to 2.0.6 using command pip install -U cuckoo then, started cuckoo using command cuckoo -d then error got generated for which i did pip install requests==2.13.0 removed cuckoo database, after which it was created automatically. In previous version i had modified local_setting.py by editing debug=True, New version of cuckoo was throwing some error related to this file so i removed this file and then it was automatically created.

[bipindubey]

@RicoVZ As posted above, this problem has occurred after updation. It is happening for any file i am giving, i think there is some problem with the configuration. I did the the above mentioned things after updating the cuckoo version. I have four VMs - 2 windows XP and 2 windows 7.

[bipindubey]

@RicoVZ and @jbremer On running the file worldreport.pdf, i got the following error in analyzer log 2018-06-13 12:42:53,000 [analyzer] DEBUG: Starting analyzer from: C:\tmpjjvhvw 2018-06-13 12:42:53,015 [analyzer] DEBUG: Pipe server name: \.\PIPE\ysDcyDelmRuzBNXDlpWAnOID 2018-06-13 12:42:53,015 [analyzer] DEBUG: Log pipe server name: \.\PIPE\XWARcILmzxoCBAptwEPSFnYCDsEkzq 2018-06-13 12:42:53,390 [analyzer] DEBUG: Started auxiliary module DbgView 2018-06-13 12:42:54,780 [analyzer] DEBUG: Started auxiliary module Disguise 2018-06-13 12:42:54,780 [analyzer] ERROR: Auxiliary module DumpTLSMasterSecrets was not implemented Traceback (most recent call last): File "C:/tmpjjvhvw/analyzer.py", line 622, in run aux.start() File "C:\tmpjjvhvw\modules\auxiliary\dumptls.py", line 18, in start p.inject(track=False, mode="dumptls") File "C:\tmpjjvhvw\lib\api\process.py", line 437, in inject is32bit = self.is32bit(process_name=self.process_name) File "C:\tmpjjvhvw\lib\api\process.py", line 271, in is32bit bitsize = int(subprocess_checkoutput(args)) File "C:\tmpjjvhvw\lib\api\process.py", line 104, in subprocess_checkoutput args, stdin=subprocess.PIPE, stderr=subprocess.PIPE, env=env, File "C:\Python27\lib\subprocess.py", line 530, in check_output process = Popen(stdout=PIPE, *popenargs, **kwargs) File "C:\Python27\lib\subprocess.py", line 672, in init errread, errwrite) File "C:\Python27\lib\subprocess.py", line 882, in _execute_child startupinfo) File "C:\tmpjjvhvw\lib\api\process.py", line 69, in spCreateProcessW if si.flags & subprocess.STARTF_USESTDHANDLES: AttributeError: 'module' object has no attribute 'STARTF_USESTDHANDLES' 2018-06-13 12:42:54,780 [analyzer] DEBUG: Started auxiliary module Human 2018-06-13 12:42:54,780 [analyzer] DEBUG: Started auxiliary module InstallCertificate 2018-06-13 12:42:54,796 [analyzer] DEBUG: Started auxiliary module Reboot 2018-06-13 12:42:54,796 [analyzer] ERROR: Auxiliary module RecentFiles was not implemented Traceback (most recent call last): File "C:/tmpjjvhvw/analyzer.py", line 622, in run aux.start() File "C:\tmpjjvhvw\modules\auxiliary\recentfiles.py", line 55, in start dirpath = self.get_path() File "C:\tmpjjvhvw\modules\auxiliary\recentfiles.py", line 43, in get_path r = SHELL32.SHGetKnownFolderPath( File "C:\Python27\lib\ctypes__init.py", line 366, in getattr func = self.getitem(name) File "C:\Python27\lib\ctypes\init.py", line 371, in getitem__ func = self._FuncPtr((name_or_ordinal, self)) AttributeError: function 'SHGetKnownFolderPath' not found 2018-06-13 12:42:54,796 [analyzer] DEBUG: Started auxiliary module Screenshots 2018-06-13 12:42:54,796 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n 2018-06-13 12:42:54,921 [modules.auxiliary.human] INFO: Found button u'start', clicking it 2018-06-13 12:42:57,030 [modules.auxiliary.human] INFO: Found button u'start', clicking it 2018-06-13 12:42:59,108 [modules.auxiliary.human] INFO: Found button u'start', clicking it 2018-06-13 12:43:01,187 [modules.auxiliary.human] INFO: Found button u'start', clicking it

[bipindubey]

@RicoVZ and @jbremer this error is occuring while analysing all files in all the four VMs

[bipindubey]

I have also tried to revert to the previous version, as it was running good. but I am facing similar issues in that as well. you are requested to reply as i am struck. the analyzer log are ERROR: Auxiliary module RecentFiles was not implemented Traceback (most recent call last): File "C:/tmpf0a65f/analyzer.py", line 624, in run aux.start() File "C:\tmpf0a65f\modules\auxiliary\recentfiles.py", line 55, in start dirpath = self.get_path() File "C:\tmpf0a65f\modules\auxiliary\recentfiles.py", line 43, in get_path r = SHELL32.SHGetKnownFolderPath( File "C:\Python27\lib\ctypes__init.py", line 366, in getattr func = self.getitem(name) File "C:\Python27\lib\ctypes\init.py", line 371, in getitem__ func = self._FuncPtr((name_or_ordinal, self)) AttributeError: function 'SHGetKnownFolderPath' not found

Please reply to the problem, i am unable to resolve at my end.

[RicoVZ]

Hi bipindubey,

Sorry for the late reply. The error AttributeError: function 'SHGetKnownFolderPath' not found is correct on Windows XP. :smile:

A part of the recentfiles module does not work on Windows XP as it is curently implemented to use a Windows API call that is not available on Windows XP.

This does not/should not break the analysis. It is merely a notice that this module is not working to its full potential.

You should not get this error on your Windows 7 machines.

[bipindubey]

@RicoVZ hi, i have updated my cuckoo version to 2.0.6, but on submitting any kind of file, it gives error ERROR: Internal Server Error: /submit/api/submit Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response response = wrapped_callback(request, *callback_args, callback_kwargs) File "/usr/local/lib/python2.7/dist-packages/cuckoo/web/utils.py", line 47, in inner return func(request, *args, *kwargs) File "/usr/local/lib/python2.7/dist-packages/django/views/decorators/csrf.py", line 58, in wrapped_view return view_func(args, kwargs) File "/usr/local/lib/python2.7/dist-packages/django/views/decorators/http.py", line 45, in inner return func(request, args, kwargs) File "/usr/local/lib/python2.7/dist-packages/cuckoo/web/controllers/submission/api.py", line 108, in submit submit_id=submit_id, config=body File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/submit.py", line 256, in submit file_path=filepath, kw File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/database.py", line 1150, in add_path enforce_timeout, clock, "file", submit_id) File "/usr/local/lib/python2.7/dist-packages/cuckoo/common/utils.py", line 196, in inner return f(self, args, **kwargs) File "/usr/local/lib/python2.7/dist-packages/cuckoo/core/database.py", line 1041, in add file_type=obj.get_type(), File "/usr/local/lib/python2.7/dist-packages/cuckoo/common/objects.py", line 227, in get_type return sflock.magic.from_file( AttributeError: 'module' object has no attribute 'magic' [19/Jun/2018 11:44:34] "POST /submit/api/submit HTTP/1.1" 500 12976 ^CUnhandled exception in thread started by <function wrapper at 0x7f6aef190050> Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/django/utils/autoreload.py", line 228, in wrapper et, ev, tb = sys.exc_info() AttributeError: 'NoneType' object has no attribute 'exc_info' and in the web server, it shows "something went wrong, please try again"

[RicoVZ]

Hi @bipindubey,

Cuckoo 2.0.6 requires sflock >=0.3.5. I am not sure why it was not installed for you. Did you install/upgrade Cuckoo using pip install -U cuckoo?

To solve this specific issue, use pip install -U SFlock to update it to the latest version.

[arulraji]

@jbremer @RicoVZ

We have updated cuckoo to 2.0.6.1. After the update we are getting below error for all the submissions.

Tried pip install -U SFlock Requirement already up-to-date: SFlock in ./cuckoo/lib/python2.7/site-packages (0.3.5)

File submitted via REST API and just file & package were sent as options.

Host - CentOS7.4 machinery - kvm VM - Windows7 (cg1)

Help us to solve the issue. Below were the analysis.log and cuckoo.log for your reference.

analysis.log

2018-06-21 11:27:12,203 [analyzer] DEBUG: Started auxiliary module Disguise 2018-06-21 11:27:12,203 [analyzer] ERROR: Auxiliary module DumpTLSMasterSecrets was not implemented Traceback (most recent call last): File "C:/tmpsub006/analyzer.py", line 622, in run aux.start() File "C:\tmpsub006\modules\auxiliary\dumptls.py", line 18, in start p.inject(track=False, mode="dumptls") File "C:\tmpsub006\lib\api\process.py", line 437, in inject is32bit = self.is32bit(process_name=self.process_name) File "C:\tmpsub006\lib\api\process.py", line 271, in is32bit bitsize = int(subprocess_checkoutput(args)) File "C:\tmpsub006\lib\api\process.py", line 104, in subprocess_checkoutput args, stdin=subprocess.PIPE, stderr=subprocess.PIPE, env=env, File "C:\Python27\lib\subprocess.py", line 530, in check_output process = Popen(stdout=PIPE, *popenargs, **kwargs) File "C:\Python27\lib\subprocess.py", line 672, in init errread, errwrite) File "C:\Python27\lib\subprocess.py", line 882, in _execute_child startupinfo) File "C:\tmpsub006\lib\api\process.py", line 69, in spCreateProcessW if si.flags & subprocess.STARTF_USESTDHANDLES: AttributeError: 'module' object has no attribute 'STARTF_USESTDHANDLES'

cuckoo.log

2018-06-21 11:29:05,964 [cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized. 2018-06-21 11:29:06,453 [cuckoo.core.guest] DEBUG: cg1: analysis still processing 2018-06-21 11:29:08,023 [cuckoo.core.guest] WARNING: cg1: analysis caught an exception Traceback (most recent call last): File "C:/tmpsub006/analyzer.py", line 800, in success = analyzer.run() File "C:/tmpsub006/analyzer.py", line 652, in run pids = self.package.start(self.target) File "C:\tmpsub006\modules\packages\exe.py", line 23, in start return self.execute(path, args=shlex.split(args)) File "C:\tmpsub006\lib\common\abstracts.py", line 164, in execute maximize=maximize, env=env, trigger=trigger): File "C:\tmpsub006\lib\api\process.py", line 300, in execute is32bit = self.is32bit(path=path) File "C:\tmpsub006\lib\api\process.py", line 271, in is32bit bitsize = int(subprocess_checkoutput(args)) File "C:\tmpsub006\lib\api\process.py", line 104, in subprocess_checkoutput args, stdin=subprocess.PIPE, stderr=subprocess.PIPE, env=env, File "C:\Python27\lib\subprocess.py", line 530, in check_output process = Popen(stdout=PIPE, *popenargs, **kwargs) File "C:\Python27\lib\subprocess.py", line 672, in init errread, errwrite) File "C:\Python27\lib\subprocess.py", line 882, in _execute_child startupinfo) File "C:\tmpsub006\lib\api\process.py", line 69, in spCreateProcessW if si.flags & subprocess.STARTF_USESTDHANDLES: AttributeError: 'module' object has no attribute 'STARTF_USESTDHANDLES'

2018-06-21 11:29:08,063 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2018-06-21 11:29:08,063 [cuckoo.common.abstracts] DEBUG: Stopping machine cg1 2018-06-21 11:29:08,063 [cuckoo.common.abstracts] DEBUG: Getting status for cg1 2018-06-21 11:29:08,758 [cuckoo.common.abstracts] DEBUG: Getting status for cg1 2018-06-21 11:29:09,273 [cuckoo.core.scheduler] DEBUG: Released database task #4 2018-06-21 11:29:09,312 [cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" for task #4 2018-06-21 11:29:09,313 [cuckoo.processing.behavior] WARNING: Analysis results folder does not contain any behavior log files.

[jbremer]

@bipindubey @arulraji We've resolved the STARTF_USESTDHANDLES issue in Cuckoo 2.0.6.2, please upgrade (pip install -U cuckoo). Thanks for reporting! Will close this issue once you've confirmed the new version works as expected.

[arulraji]

@jbremer Thanks for the quick fix. Once upgraded to version 2.0.6.2, the STARTF_USESTDHANDLES related issue got fixed.