search

cuckoosandbox / cuckoo

Cuckoo Sandbox is an automated dynamic malware analysis system
http://www.cuckoosandbox.org
Other
5.57k stars 1.71k forks source link

TypeError after clean git clone #632

Closed pch3 closed 9 years ago

pch3 commented 9 years ago

Hi

I just cloned cuckoo, configured it based on my 1.2 configuration (which worked fine), did community update, but when I submit new tasks it crashes (it can talk to ESXi as I see it is looking for VM during startup). Here's the log. Please let me know if you need anything else (config files?) root@cuckoo:/opt/cuckoo# ./cuckoo.py -d

| | | | |/ | | | | |____ || | | |____| ||

Cuckoo Sandbox 2.0-dev www.cuckoosandbox.org Copyright (c) 2010-2015

Checking for updates... Good! You have the latest version available.

2015-08-27 07:57:24,916 [root] DEBUG: Importing modules... 2015-08-27 07:57:25,176 [root] DEBUG: Imported "signatures" modules: 2015-08-27 07:57:25,176 [root] DEBUG: |-- AntiDBGDevices 2015-08-27 07:57:25,177 [root] DEBUG: |-- AntiDBGWindows 2015-08-27 07:57:25,178 [root] DEBUG: |-- WineDetect 2015-08-27 07:57:25,178 [root] DEBUG: |-- HookMouse 2015-08-27 07:57:25,178 [root] DEBUG: |-- GetProductID 2015-08-27 07:57:25,179 [root] DEBUG: |-- AntiSandboxSleep 2015-08-27 07:57:25,179 [root] DEBUG: |-- Unhook 2015-08-27 07:57:25,179 [root] DEBUG: |-- KnownVirustotal 2015-08-27 07:57:25,180 [root] DEBUG: |-- AntiVMBios 2015-08-27 07:57:25,180 [root] DEBUG: |-- DiskInformation 2015-08-27 07:57:25,180 [root] DEBUG: |-- AntiVMIDE 2015-08-27 07:57:25,180 [root] DEBUG: |-- AntiVMSCSI 2015-08-27 07:57:25,181 [root] DEBUG: |-- AntiVMServices 2015-08-27 07:57:25,181 [root] DEBUG: |-- VBoxDetectACPI 2015-08-27 07:57:25,181 [root] DEBUG: |-- VBoxDetectDevices 2015-08-27 07:57:25,182 [root] DEBUG: |-- VBoxDetectFiles 2015-08-27 07:57:25,182 [root] DEBUG: |-- VBoxDetectKeys 2015-08-27 07:57:25,182 [root] DEBUG: |-- VBoxDetectLibs 2015-08-27 07:57:25,182 [root] DEBUG: |-- VBoxDetectWindow 2015-08-27 07:57:25,183 [root] DEBUG: |-- Flame 2015-08-27 07:57:25,183 [root] DEBUG: |-- TurlaCarbon 2015-08-27 07:57:25,183 [root] DEBUG: |-- ComRAT 2015-08-27 07:57:25,184 [root] DEBUG: |-- Cridex 2015-08-27 07:57:25,184 [root] DEBUG: |-- Prinimalka 2015-08-27 07:57:25,184 [root] DEBUG: |-- SpyEyeMutexes 2015-08-27 07:57:25,184 [root] DEBUG: |-- ZeusMutexes 2015-08-27 07:57:25,185 [root] DEBUG: |-- ZeusP2P 2015-08-27 07:57:25,185 [root] DEBUG: |-- ZeusURL 2015-08-27 07:57:25,185 [root] DEBUG: |-- BitcoinOpenCL 2015-08-27 07:57:25,186 [root] DEBUG: |-- AthenaHttp 2015-08-27 07:57:25,186 [root] DEBUG: |-- DirtJumper 2015-08-27 07:57:25,186 [root] DEBUG: |-- Drive 2015-08-27 07:57:25,186 [root] DEBUG: |-- Drive2 2015-08-27 07:57:25,187 [root] DEBUG: |-- Madness 2015-08-27 07:57:25,187 [root] DEBUG: |-- Ruskill 2015-08-27 07:57:25,187 [root] DEBUG: |-- BypassFirewall 2015-08-27 07:57:25,188 [root] DEBUG: |-- CarberpMutexes 2015-08-27 07:57:25,188 [root] DEBUG: |-- CreatesExe 2015-08-27 07:57:25,188 [root] DEBUG: |-- DownloaderCabby 2015-08-27 07:57:25,188 [root] DEBUG: |-- Crash 2015-08-27 07:57:25,189 [root] DEBUG: |-- SystemMetrics 2015-08-27 07:57:25,189 [root] DEBUG: |-- BrowserStealer 2015-08-27 07:57:25,189 [root] DEBUG: |-- FTPStealer 2015-08-27 07:57:25,190 [root] DEBUG: |-- Keylogger 2015-08-27 07:57:25,190 [root] DEBUG: |-- InjectionCRT 2015-08-27 07:57:25,190 [root] DEBUG: |-- InjectionRUNPE 2015-08-27 07:57:25,190 [root] DEBUG: |-- DisableRegedit 2015-08-27 07:57:25,191 [root] DEBUG: |-- DisableTaskMgr 2015-08-27 07:57:25,191 [root] DEBUG: |-- NetworkBIND 2015-08-27 07:57:25,191 [root] DEBUG: |-- NetworkHTTP 2015-08-27 07:57:25,192 [root] DEBUG: |-- NetworkICMP 2015-08-27 07:57:25,192 [root] DEBUG: |-- NetworkIRC 2015-08-27 07:57:25,192 [root] DEBUG: |-- NetworkSMTP 2015-08-27 07:57:25,192 [root] DEBUG: |-- Tor 2015-08-27 07:57:25,193 [root] DEBUG: |-- Tor2Web 2015-08-27 07:57:25,193 [root] DEBUG: |-- TorHiddenService 2015-08-27 07:57:25,193 [root] DEBUG: |-- BuildLangID 2015-08-27 07:57:25,194 [root] DEBUG: |-- PackerEntropy 2015-08-27 07:57:25,194 [root] DEBUG: |-- Polymorphic 2015-08-27 07:57:25,194 [root] DEBUG: |-- UPXCompressed 2015-08-27 07:57:25,194 [root] DEBUG: |-- VMPPacked 2015-08-27 07:57:25,195 [root] DEBUG: |-- ADS 2015-08-27 07:57:25,195 [root] DEBUG: |-- Autorun 2015-08-27 07:57:25,195 [root] DEBUG: |-- RansomwareFiles 2015-08-27 07:57:25,196 [root] DEBUG: |-- BeebusMutexes 2015-08-27 07:57:25,196 [root] DEBUG: |-- ComRAT 2015-08-27 07:57:25,196 [root] DEBUG: |-- FynloskiMutexes 2015-08-27 07:57:25,196 [root] DEBUG: |-- PcClientMutexes 2015-08-27 07:57:25,197 [root] DEBUG: |-- PlugxMutexes 2015-08-27 07:57:25,197 [root] DEBUG: |-- SpynetRat 2015-08-27 07:57:25,197 [root] DEBUG: |-- XtremeMutexes 2015-08-27 07:57:25,198 [root] DEBUG: |-- CheckIP 2015-08-27 07:57:25,198 [root] DEBUG: |-- Fingerprint 2015-08-27 07:57:25,198 [root] DEBUG: |-- SystemInfo 2015-08-27 07:57:25,198 [root] DEBUG: |-- InstallsWinpcap 2015-08-27 07:57:25,199 [root] DEBUG: |-- CreatesAutorunInf 2015-08-27 07:57:25,199 [root] DEBUG: |-- VolDevicetree1 2015-08-27 07:57:25,199 [root] DEBUG: |-- VolHandles1 2015-08-27 07:57:25,200 [root] DEBUG: |-- VolLdrModules1 2015-08-27 07:57:25,200 [root] DEBUG: |-- VolLdrModules2 2015-08-27 07:57:25,200 [root] DEBUG: |-- VolMalfind1 2015-08-27 07:57:25,200 [root] DEBUG: |-- VolMalfind2 2015-08-27 07:57:25,201 [root] DEBUG: |-- VolModscan1 2015-08-27 07:57:25,201 [root] DEBUG: |-- VolSvcscan1 2015-08-27 07:57:25,202 [root] DEBUG: |-- VolSvcscan2 2015-08-27 07:57:25,202 [root] DEBUG: -- VolSvcscan3 2015-08-27 07:57:25,202 [root] DEBUG: Imported "processing" modules: 2015-08-27 07:57:25,203 [root] DEBUG: |-- AnalysisInfo 2015-08-27 07:57:25,203 [root] DEBUG: |-- ApkInfo 2015-08-27 07:57:25,203 [root] DEBUG: |-- BehaviorAnalysis 2015-08-27 07:57:25,204 [root] DEBUG: |-- Debug 2015-08-27 07:57:25,204 [root] DEBUG: |-- Droidmon 2015-08-27 07:57:25,204 [root] DEBUG: |-- Dropped 2015-08-27 07:57:25,205 [root] DEBUG: |-- TLSMasterSecrets 2015-08-27 07:57:25,205 [root] DEBUG: |-- GooglePlay 2015-08-27 07:57:25,205 [root] DEBUG: |-- Memory 2015-08-27 07:57:25,207 [root] DEBUG: |-- NetworkAnalysis 2015-08-27 07:57:25,207 [root] DEBUG: |-- ProcessMemory 2015-08-27 07:57:25,207 [root] DEBUG: |-- Screenshots 2015-08-27 07:57:25,207 [root] DEBUG: |-- Static 2015-08-27 07:57:25,208 [root] DEBUG: |-- Strings 2015-08-27 07:57:25,208 [root] DEBUG: |-- TargetInfo 2015-08-27 07:57:25,208 [root] DEBUG:-- VirusTotal 2015-08-27 07:57:25,209 [root] DEBUG: Imported "auxiliary" modules: 2015-08-27 07:57:25,209 [root] DEBUG: |-- MITM 2015-08-27 07:57:25,209 [root] DEBUG: -- Sniffer 2015-08-27 07:57:25,209 [root] DEBUG: Imported "reporting" modules: 2015-08-27 07:57:25,210 [root] DEBUG: |-- JsonDump 2015-08-27 07:57:25,210 [root] DEBUG: |-- MongoDB 2015-08-27 07:57:25,210 [root] DEBUG:-- ReportHTML 2015-08-27 07:57:25,211 [root] DEBUG: Imported "machinery" modules: 2015-08-27 07:57:25,211 [root] DEBUG: -- ESX 2015-08-27 07:57:25,271 [root] DEBUG: Checking for locked tasks... 2015-08-27 07:57:25,278 [root] DEBUG: Initializing Yara... 2015-08-27 07:57:25,279 [root] DEBUG: |-- index_binaries.yar 2015-08-27 07:57:25,280 [root] DEBUG:-- index_memory.yar 2015-08-27 07:57:25,461 [root] WARNING: The binary analyzer/windows/bin/is32bit.exe is more than a week old! 2015-08-27 07:57:25,462 [root] CRITICAL: It is recommended that you update the binaries used for Windows analysis (if you have not done so already, it is possible that there was no update - in that case this error will persist). To do so, please run the following command: ./utils/community.py -wafb monitor 2015-08-27 07:57:25,464 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 10.10.10.1:2042. 2015-08-27 07:57:25,467 [lib.cuckoo.core.scheduler] INFO: Using "esx" machine manager with max_analysis_count=1, max_machines_count=1, and max_vmstartup_count=1 2015-08-27 07:57:25,703 [lib.cuckoo.common.abstracts] DEBUG: Getting status for GenericWin7 2015-08-27 07:57:25,729 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2015-08-27 07:57:25,738 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.

2015-08-27 07:57:46,216 [lib.cuckoo.core.scheduler] DEBUG: Processing task #4 2015-08-27 07:57:46,218 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/tmp/cuckoo-tmp/upload_aaCLUW/1DB5476C766555C9995B25D19F97B9BC.EXE" (task=4) 2015-08-27 07:57:46,249 [lib.cuckoo.core.scheduler] INFO: Task #4: acquired machine GenericWin7 (label=GenericWin7) 2015-08-27 07:57:46,254 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 10202 (interface=eth1, host=10.10.10.10, dump path=/opt/cuckoo/storage/analyses/4/dump.pcap) 2015-08-27 07:57:46,255 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 2015-08-27 07:57:46,271 [lib.cuckoo.core.scheduler] ERROR: Failure in AnalysisManager.run Traceback (most recent call last): File "/opt/cuckoo/lib/cuckoo/core/scheduler.py", line 417, in run success = self.launch_analysis() File "/opt/cuckoo/lib/cuckoo/core/scheduler.py", line 282, in launch_analysis options = self.build_options() File "/opt/cuckoo/lib/cuckoo/core/scheduler.py", line 231, in build_options ",".join(self._get_pe_exports(self.task.target)) TypeError

jbremer commented 9 years ago

If you could please check whether the following commit did the trick for you, that'd be great. https://github.com/cuckoobox/cuckoo/commit/73114bc50418cffdb60aad7ca9b2710e2d51d6eb.

Thanks for reporting this issue btw ;)

pch3 commented 9 years ago

yeap, this issue is solved. Many thanks.

jbremer commented 9 years ago

Great :)