search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.54k stars 1.7k forks source link

[lib.cuckoo.core.plugins] ERROR: Failed to run 'on_call' of the modifies_firefox_configuration signature #2653

Open jasonkao51207 opened 5 years ago

jasonkao51207 commented 5 years ago
My issue is:

I just set up Cuckoo on Ubuntu, the report is created successfully, but my terminal show the following content. It let me confuse. Although the report is create successful, but I want to know, what wrong that i get this content.

My Cuckoo version and operating system are:

CUCKOO: Cuckoo Sandbox 2.0-dev UBUNTU: ubuntu-16.04.4-desktop-amd64 ##########my terminal show the following content########## labforcuckoo@ubuntu:~/Cuckoo-Sandbox$ ./cuckoo.py

                 _ 
____ _   _  ____| |  _ ___   ___

/ ) | | |/ ) |/ ) \ / _ \ ( (| || ( (| ( || | || | __)__/ ___)| _)_/ _/

Cuckoo Sandbox 2.0-dev www.cuckoosandbox.org Copyright (c) 2010-2015

Checking for updates... You are running a development version! Current stable is 2.0.6. 2019-02-11 23:03:15,793 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager 2019-02-11 23:03:16,523 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2019-02-11 23:03:16,584 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2019-02-11 23:03:46,204 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "2050bfd7-414b-11e8-8354-80e65024849a.file" (task #8, options "route=none,procmemdump=yes") 2019-02-11 23:03:46,260 [lib.cuckoo.core.scheduler] INFO: File already exists at "/home/labforcuckoo/Cuckoo-Sandbox/storage/binaries/3689ebcc2edfa4165b690b3618884ff8de15e1b8afc5793f6ffbad2448857513" 2019-02-11 23:03:46,296 [lib.cuckoo.core.scheduler] INFO: Task #8: acquired machine cuckoo1 (label=win7forcuckoo) 2019-02-11 23:03:46,308 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 92083 (interface=vboxnet0, host=192.168.56.101, pcap=/home/labforcuckoo/Cuckoo-Sandbox/storage/analyses/8/dump.pcap) 2019-02-11 23:04:00,996 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.56.101) 2019-02-11 23:09:38,434 [lib.cuckoo.core.guest] INFO: cuckoo1: analysis completed successfully 2019-02-11 23:09:45,254 [lib.cuckoo.core.plugins] ERROR: Failed to run 'on_call' of the modifies_firefox_configuration signature Traceback (most recent call last): File "/home/labforcuckoo/Cuckoo-Sandbox/lib/cuckoo/core/plugins.py", line 405, in call_signature if handler(*args, kwargs): File "/home/labforcuckoo/Cuckoo-Sandbox/modules/signatures/windows/infostealer_browser_modifications.py", line 82, in on_call key = call["arguments"]["filepath"].lower() KeyError: 'filepath' 2019-02-11 23:09:45,262 [lib.cuckoo.core.plugins] ERROR: Failed to run 'on_call' of the modifies_firefox_configuration signature Traceback (most recent call last): File "/home/labforcuckoo/Cuckoo-Sandbox/lib/cuckoo/core/plugins.py", line 405, in call_signature if handler(*args, *kwargs): File "/home/labforcuckoo/Cuckoo-Sandbox/modules/signatures/windows/infostealer_browser_modifications.py", line 82, in on_call key = call["arguments"]["filepath"].lower() KeyError: 'filepath' 2019-02-11 23:09:45,262 [lib.cuckoo.core.plugins] ERROR: Failed to run 'on_call' of the modifies_firefox_configuration signature Traceback (most recent call last): File "/home/labforcuckoo/Cuckoo-Sandbox/lib/cuckoo/core/plugins.py", line 405, in call_signature if handler(args, kwargs): File "/home/labforcuckoo/Cuckoo-Sandbox/modules/signatures/windows/infostealer_browser_modifications.py", line 82, in on_call key = call["arguments"]["filepath"].lower() KeyError: 'filepath' 2019-02-11 23:09:48,176 [lib.cuckoo.core.scheduler] INFO: Task #8: reports generation completed (path=/home/labforcuckoo/Cuckoo-Sandbox/storage/analyses/8) 2019-02-11 23:09:48,230 [lib.cuckoo.core.scheduler] INFO: Task #8: analysis procedure completed ##########my terminal show the above content##########

Thank you for reading the above questions.

wroersma commented 5 years ago

I assume basically call["arguments"]["filepath"] is not there so it throws a keyerror because it can't find it. If you want to share the report.json I could help a bit more! Thanks for the reporting this bug.

jasonkao51207 commented 5 years ago

@wroersma How can i share the report.json here. I try to upload here, but GitHub don't support that file type. And the report.json's content is too much that i can't post here, there are 960039 lines. Thank you for that comment my question.

wroersma commented 5 years ago

You can upload it to like google drive or something like that or just send me the md5 hash if it's on virustotal or something like that.

jasonkao51207 commented 5 years ago

The report.json file can download it here: https://www.sendspace.com/file/syg663 The MD5 is : c96c568e0a800995e69301783f844347 The SHA256 is : 5cbc69ec576b51beb75d0858686100dbcd772c255fa619bdd01be26692c7d513