After making avd image like in your manual when it reboots first time with "soft reboot" option from Xposed framework it works great. But when you start it again Xposed framework failed to get root access. It's look like root exploit not working anymore. Maybe it's need to pass some parameters or use another root access app ? Or maybe use Android emulator snapshot. Cause for me it's work only if i delete system image and make all steps again.

@idanr1986 had some tricks to make the changes to system.img persistent. With those tricks it is possible to keep proper root etc. Unfortunately I don't remember the details exactly, so will have to wait for @idanr1986.

@jbremer so utils/android_emulator_creator/create_guest_avd.sh script must be called in utils/android_emulator_creator/ directory, add this to documentation, cause this script uses relative paths for files it's copy to avd.

I have same problem with @melonaerial did you solve the problem?

So i have found why Android AVD does start without any root access and Xposed Framework installed. So the problem is in that line from documentation:

emulator -avd aosx -qemu -nand -system,size=0x1f400000,file=/system-images/android-16/default/armeabi-v7a/system.img&

Writers of documentation expected that Android Emulator will not change, but Android SDK have been updated and this line doesn't work. System.img file doesn't change and all modification made to system dir haven't saved. So there are 2 solutions to that problem.

First, if you want just root working, modify AVD with YAFFEY2 https://code.google.com/p/yaffey/ and add replace there file /system/xbin/su with file from https://github.com/idanr1986/cuckoo-droid/tree/master/utils/android_emulator_creator/binaries with name su.

Second, if you want also Xposed Framework working, that is necessary for work of Droidmon, u need start Android emulator. Just "emulator -avd aosx" (all other parameters aren't necessary). After that do : "adb remount". Then, copy replace /system/xbin/su file, as I've said earlier. Then install Xposed Framework like it said in documentation. So, now the main part. If u will close emulator now, nothing will be saved. But all your changes already saved to temp file of system.img. This file located at /tmp/emulator-/emulator- on linux(on windows i don't know where it is, just try to find it from stackoverflow). Just copy this file somewhere and then replace your system.img in /system-images/android-16/default/armeabi-v7a (save your original file somewhere, maybe you will need it sometime) with it.

So this two method works for me on new Android SDK for modification system.img. All other methods that i've found on stackoverflow doesn't work. A lot of programs that modify yaffs files doesn't work except YAFFEY2. Nevertheless files from second method doesn't open correctly in YAFFEY2 program. But they work correctly with Android Emulator. I don't know why, maybe this depends on some changes in Android SDK and this program is nearly 3 years old.

As far as I know there should be no dash character ("-") in front of "system", so this might be a documentation glitch as well:

emulator -avd aosx -qemu -nand system,size=0x1f400000,file=/system-images/android-16/default/armeabi-v7a/system.img&

You can also make the system partition persistent if you just copy the initial system.img file to your .avd directory as system-qemu.img, then set the proper file ownership, and you are ready to go.

Hi, I'm trying to run cuckoo droid on Android emulator.

I got to the step of starting the emulator, but the step after that, which is the instructions for running the script is giving me a problem.

How and where do I run the script from? Do I open another terminal and run the script?

I tried that and the error message I got was

Can anyone help me with this?

edit: managed to solve it, issue was my Linux VM had not installed the adb package yet

Which android emulator are you using?

Sent from my iPhone

On 30 Oct 2016, at 16:25, HQLee notifications@github.com wrote:

Hi, I'm trying to run cuckoo droid on Android emulator.

I got to the step of starting the emulator, but the step after that, which is the instructions for running the script is giving me a problem.

How and where do I run the script from? Do I open another terminal and run the script?

I tried that and the error message I got was

adb has been found. Pushing /system/xbin/su binary ./create_guest_avd.sh: line 19: remount: command not found ./create_guest_avd.sh: line 20: push: command not found ./create_guest_avd.sh: line 21: shell: command not found Installing application Superuser install: missing destination file operand after 'apps/Superuser.apk' Try 'install --help' for more information. Installing Xposed Application install: missing destination file operand after 'apps/de.robv.android.xposed.installer_v33_36570c.apk' Try 'install --help' for more information. Installing Droidmon Application install: missing destination file operand after 'hooking/Droidmon.apk' Try 'install --help' for more information. Installing Anti Emulator Detection Application install: missing destination file operand after 'hooking/EmulatorAntiDetect.apk' Try 'install --help' for more information. ./create_guest_avd.sh: line 37: push: command not found ./create_guest_avd.sh: line 38: push: command not found ./create_guest_avd.sh: line 39: push: command not found Installing Content Generator install: missing destination file operand after 'apps/ImportContacts.apk' Try 'install --help' for more information. Installing Cuckoo Agent and Python for ARM ./create_guest_avd.sh: line 47: push: command not found ./create_guest_avd.sh: line 48: shell: command not found ./create_guest_avd.sh: line 49: shell: command not found ./create_guest_avd.sh: line 50: shell: command not found Device is ready!

Can anyone help me with this?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or mute the thread.

@melonaerial in the latest android sdk, i can't find the system.img in /tmp directory. i think maybe we should use YAFFEY2 to install xposed framework manually. but i don't know how, i do use YAFFEY2 to replace su binary successfully.

@shellbombs I will check today evening. Last Android SDK version that I checked was 25.3.0. Which Android SDK version are u using ? 26.0.2 ?

@melonaerial i have run it for android analysis successfully. do what the Cuckoo-droid documentation tells u, after soft reboot, copy the "su" and "/system/bin/app_process"(the xposed core file) to ur computer. then use YAFFEY2 to replace the orginal files in "/system-images/android-16/default/armeabi-v7a/system.img" with them. put the new system.img in ".android/avd/avd name/". rename it to system-qemu.img, thus the emulator will use this new image instead of the original one, and no bad effects for your other emulators.

Summing up: This problem occurs because emulator from android studio has been changed and partition /system is no longer writable between reboots. If you get some way to save changes in partition /system xposed/root/cuckoodroid works. One of the solution I found in another issues is this: https://justus.berlin/2015/02/make-persistent-changes-to-system-in-android-emulator/ although it was not working for me.

My solution :

I copied system.img to avd folder cp /home/a/Android/Sdk/system-images/android-16/default/armeabi-v7a/system.img ~/.android/avd/[avdname].avd/system-qemu.img
run emulator this way emulator -avd [avdname] -writable-system -qemu -nand system,size=0x1f400000,file=/home/a/.android/avd/[avdname].avd/system-qemu.img (it must to be full-path)
rooted android, installed everything, soft reboot
cp ~/.android/avd/[avdname].avd/system-qemu.img /home/a/Android/Sdk/system-images/android-16/default/armeabi-v7a/system.img before closing emulator

It is possible that some of these steps were unnecesary

Below are my results: I did cp /home/a/Android/Sdk/system-images/android-16/default/armeabi-v7a/system.img ~/.android/avd/[avdname].avd/system-qemu.img

When I try to run emulator mulator -avd [avdname] -writable-system -qemu -nand system,size=0x1f400000,file=~/.android/avd/[avdname].avd/system-qemu.img it gives some error about not finding system-qemu.img.

But when I run emulator using emulator using emulator -avd aosx -qemu it seems to remember its configuration. It stays rooted. I am not sure if the copying above has any effect on it. I will check it later and will update here.

Some new observations, For android 5.1 API 22, these steps are required: cp /home/a/Android/Sdk/system-images/android-16/default/x86/system.img ~/.android/avd/[avdname].avd/system-qemu.img But running the emulator just with emulator -avd [avdname] doesn't launch rooted version/copy. In order to boot into rooted rooted machine we need to add -writable-system parameter to this command.

When I try to run emulator mulator -avd [avdname] -writable-system -qemu -nand system,size=0x1f400000,file=~/.android/avd/[avdname].avd/system-qemu.img it gives some error about not finding system-qemu.img.

It should be fullpath. I updated my post now. thx

Greeting guys! I seem to be struggling to achieve the same in Windows 10. If I manually copy system.img to avd then try to run it I get this error: qemu-system-i386.exe: -drive if=none,index=0,id=system,file=(null): could not open disk image (null): Could not open '(null)': Invalid argument. If I try to create to create a softlink via adb (ln -s system.img system-qemu.img), the emulator says "read only". How I can boot avd off a system-qemu.img rather than system.img? See myStackOverflow post: https://stackoverflow.com/questions/48037715/cant-boot-avd-using-system-qemu-img

For those of you having trouble achieving this, I made this video of this procedure. This works on Android 4.1. video link

~/cuckoo$ ./utils/android_emulator_creator/create_guest_avd.sh adb has been found. Pushing /system/xbin/su binary remount succeeded adb: error: cannot stat 'binaries/su': No such file or directory Installing application Superuser adb: error: cannot stat 'apps/Superuser.apk': No such file or directory rm failed for -f, Read-only file system Installing Xposed Application adb: error: cannot stat 'apps/de.robv.android.xposed.installer_v33_36570c.apk': No such file or directory rm failed for -f, Read-only file system Installing Droidmon Application adb: error: cannot stat 'hooking/Droidmon.apk': No such file or directory rm failed for -f, Read-only file system Installing Anti Emulator Detection Application adb: error: cannot stat 'hooking/EmulatorAntiDetect.apk': No such file or directory rm failed for -f, Read-only file system adb: error: cannot stat 'anti-vm/fake-build.prop': No such file or directory adb: error: cannot stat 'anti-vm/fake-cpuinfo': No such file or directory adb: error: cannot stat 'anti-vm/fake-drivers': No such file or directory Installing Content Generator adb: error: cannot stat 'apps/ImportContacts.apk': No such file or directory rm failed for -f, Read-only file system Installing Cuckoo Agent and Python for ARM adb: error: cannot stat '../../agent/android/python_agent/': No such file or directory Unable to chmod /data/local/aapt: No such file or directory Unable to chmod /data/local/agent.sh: No such file or directory Unable to chmod /data/local/python/bin/python: No such file or directory Device is ready!

@melonaerial in the latest android sdk, i can't find the system.img in /tmp directory. i think maybe we should use YAFFEY2 to install xposed framework manually. but i don't know how, i do use YAFFEY2 to replace su binary successfully.

Did you get the solution ? I was also not able to find the temporary system.img in /tmp folder (Ubuntu 14.04 and Android Studio 2.3.2)

Summing up: This problem occurs because emulator from android studio has been changed and partition /system is no longer writable between reboots. If you get some way to save changes in partition /system xposed/root/cuckoodroid works. One of the solution I found in another issues is this: https://justus.berlin/2015/02/make-persistent-changes-to-system-in-android-emulator/ although it was not working for me.

My solution :

I copied system.img to avd folder cp /home/a/Android/Sdk/system-images/android-16/default/armeabi-v7a/system.img ~/.android/avd/[avdname].avd/system-qemu.img

run emulator this way emulator -avd [avdname] -writable-system -qemu -nand system,size=0x1f400000,file=/home/a/.android/avd/[avdname].avd/system-qemu.img (it must to be full-path)

rooted android, installed everything, soft reboot

cp ~/.android/avd/[avdname].avd/system-qemu.img /home/a/Android/Sdk/system-images/android-16/default/armeabi-v7a/system.img before closing emulator

It is possible that some of these steps were unnecesary

-nand option gives me invalid option error . Is it deprecated ?

I made some videos which include the process of rooting. Have a look at it on youtube.

I made some videos which include the process of rooting. Have a look at it on youtube.

Thank you so much. Unfortunately i was not able to get the video. Do you have link ??

I tried to install xposed in Nougat (24) x86 Android emulator. There are mainly two problems i have faced

Temporary root - /system modifications does not persist after reboot.
After installation of xposed , reboot results in bootloop. (critical)

Is there any way out there in the wild to install xposed in android emulator ? Does cuckoodroid supports emulator running Nougat 7 ?

I made some videos which include the process of rooting. Have a look at it on youtube.

The technique you mentioned in the video, does it work only for 4.1 ? I want to do the same for Nougat x86 emulator .

I think I tried to do that. Have a look at my internship report on my github profile. You might find something there. I don't remember it on top of my head.

On Mon, Jan 28, 2019, 14:58 bh0dhi <notifications@github.com wrote:

I made some videos which include the process of rooting. Have a look at it on youtube.

The technique you mentioned in the video, does it work only for 4.1 ? I want to do the same for Nougat x86 emulator .

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/idanr1986/cuckoo-droid/issues/4#issuecomment-458141644, or mute the thread https://github.com/notifications/unsubscribe-auth/AGo8A3ZWusaNpLodNSq9nJsvmBgmeiwGks5vHwHygaJpZM4GSEkx .

I think I tried to do that. Have a look at my internship report on my github profile. You might find something there. I don't remember it on top of my head. … On Mon, Jan 28, 2019, 14:58 bh0dhi @.*** wrote: I made some videos which include the process of rooting. Have a look at it on youtube. The technique you mentioned in the video, does it work only for 4.1 ? I want to do the same for Nougat x86 emulator . — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#4 (comment)>, or mute the thread https://github.com/notifications/unsubscribe-auth/AGo8A3ZWusaNpLodNSq9nJsvmBgmeiwGks5vHwHygaJpZM4GSEkx .

Thank you so much :)

I think I tried to do that. Have a look at my internship report on my github profile. You might find something there. I don't remember it on top of my head. … On Mon, Jan 28, 2019, 14:58 bh0dhi @.*** wrote: I made some videos which include the process of rooting. Have a look at it on youtube. The technique you mentioned in the video, does it work only for 4.1 ? I want to do the same for Nougat x86 emulator . — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#4 (comment)>, or mute the thread https://github.com/notifications/unsubscribe-auth/AGo8A3ZWusaNpLodNSq9nJsvmBgmeiwGks5vHwHygaJpZM4GSEkx .

Thank you so much :)

Have you solved this issie, nand seems abondoned.

I didnt used android avd instead I used android x86 oreo 8.1 for the analysis. We wrote another xposed module instead of droidmon to do the hooking

On Sat, Jun 15, 2019 at 8:10 AM stoude19961225 notifications@github.com wrote:

I think I tried to do that. Have a look at my internship report on my github profile. You might find something there. I don't remember it on top of my head. … <#m187118175543556589> On Mon, Jan 28, 2019, 14:58 bh0dhi @.*** wrote: I made some videos which include the process of rooting. Have a look at it on youtube. The technique you mentioned in the video, does it work only for 4.1 ? I want to do the same for Nougat x86 emulator . — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#4 (comment) https://github.com/idanr1986/cuckoo-droid/issues/4#issuecomment-458141644>, or mute the thread https://github.com/notifications/unsubscribe-auth/AGo8A3ZWusaNpLodNSq9nJsvmBgmeiwGks5vHwHygaJpZM4GSEkx .

Thank you so much :)

Have you solved this issie, nand seems abondoned.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/idanr1986/cuckoo-droid/issues/4?email_source=notifications&email_token=ABH5KVNF3SPJUSLKY2PVXH3P2RJDNA5CNFSM4BSIJEY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODXYOWFQ#issuecomment-502328086, or mute the thread https://github.com/notifications/unsubscribe-auth/ABH5KVPDQHPD3S7Z54CRP4DP2RJDNANCNFSM4BSIJEYQ .

Hi @code-error ! Do you know how to root the AVD persistently nowadays? -nand option and -system options are different...

Yes, after a lot of troubleshooting I managed to make the persistent rooting work with the recent version of AVD. I modified a python script as you can see here https://github.com/damianocupani/my_cuckoodroid/commit/b06a3b27bf8b75ef83ea0ce10fb7de3a4c667bb2

edit: @srivasd I noticed afterwards that your comment was referred to previus messages but I hope my reply can help you anyway

First of all thanks for your quick reply. I am trying to launch a complete analysis following these videos (https://www.youtube.com/watch?v=mUoz71KfwLg). My problem is that after copying the file system.img to avd folder and renaming to system-qemu.img I cannot execute the following command properly:

$ emulator -avd aosx -qemu -nand -system,size=0x1f400000,file=/system-images/android-16/default/armeabi-v7a/system.img&

This is because the options are deprecated. With your repo this problem is solved? How would be the process of getting root access with your modifications?

Thank you in advance.

First of all thanks for your quick reply. I am trying to launch a complete analysis following these videos (https://www.youtube.com/watch?v=mUoz71KfwLg). My problem is that after copying the file system.img to avd folder and renaming to system-qemu.img I cannot execute the following command properly:

$ emulator -avd aosx -qemu -nand -system,size=0x1f400000,file=/system-images/android-16/default/armeabi-v7a/system.img&

This is because the options are deprecated. With your repo this problem is solved? How would be the process of getting root access with your modifications?

Thank you in advance.

As you said there are some deprecated options in that command, so after some troubleshooting I solved using this command instead: ~/Android/Sdk/emulator/emulator -avd cuckoo-bird -writable-system -system ~/.android/avd/cuckoo-bird.avd/system-qemu.img -qemu where ~/Android/Sdk/ is your path to the folder where Android SDK is installed ( if this folder is into your $PATH environment variable, it may work without the need of typing the full path just like the command you writed ) and cuckoo-bird (in your case I think it is named aosx ) is the name of the virtual device.

However by doing this you have only a nonpermanent rooting that does not work when the virtual machine is started by cuckooDroid. In order to solve this problem I modified a Pyhton script of the CuckooDroid source code as you can see here https://github.com/damianocupani/my_cuckoodroid/commit/b06a3b27bf8b75ef83ea0ce10fb7de3a4c667bb2 . By doing this you every time that cuckoodroid start the reference machine for the analysis, the CuckooDroid agent can get root permissions and work properly

I hope that these step will solve your issue, if not you can ask me more information because it might be that I forget something

Thanks again, your responses help me a lot. I have tried to follow your steps but the following error appears. Do you know why?

error

Thanks again, your responses help me a lot. I have tried to follow your steps but the following error appears. Do you know why?

Unfortunately I don't remember having this problem but I see that the error may be caused by the changes that I told you to make in the avd.py script. Can you you send the whole /home/osboxes/workspace/cuckoo/module/machiney/avd.py file so I can compare it with the mine one?

Well the file is the same because this is the same file from idanr1986 original repo adding only one line right? It is the same as your file. I will try to compare your repo with my current implementation looking for the solution. We are in touch ;)

Well the file is the same because this is the same file from idanr1986 original repo adding only one line right? It is the same as your file. I will try to compare your repo with my current implementation looking for the solution. We are in touch ;)

If the two files are the same I also suggest you to double check the avd.conf configuration file and more specifically the lines beginning with _emulatorpath and _avdpath, note that relative path might not work. I hope you will solve your issue and let me know if you do

Well the file is the same because this is the same file from idanr1986 original repo adding only one line right? It is the same as your file. I will try to compare your repo with my current implementation looking for the solution. We are in touch ;)

If the two files are the same I also suggest you to double check the avd.conf configuration file and more specifically the lines beginning with _emulatorpath and _avdpath, note that relative path might not work. I hope you will solve your issue and let me know if you do

The current version of your repo is working? I am trying to setup your implementation. The avd is launched but the app is not uploaded to the emulator.

error

Maybe one of those two warnings is the problem?

warning

Well the file is the same because this is the same file from idanr1986 original repo adding only one line right? It is the same as your file. I will try to compare your repo with my current implementation looking for the solution. We are in touch ;)

If the two files are the same I also suggest you to double check the avd.conf configuration file and more specifically the lines beginning with _emulatorpath and _avdpath, note that relative path might not work. I hope you will solve your issue and let me know if you do

The current version of your repo is working? I am trying to setup your implementation. The avd is launched but the app is not uploaded to the emulator.

Maybe one of those two warnings is the problem?

Yes my repo is working( the last time I tested it was before the outbreak of the coronavirus now unlucky I do not longer have access to this machine) Howerver cuckooDroid do not work out of the box, for example you need to properly set the Android Virtual Device and install the required python libraries( I strongly reccomend you to use a python virtualenv).

In your case I think that the issue is the missing pydeep library, you can find the list of requirements that I used in my working environment here https://github.com/damianocupani/my_cuckoodroid/blob/master/requirements_modified.txt (note that although these are tested requirement they might be a superset of the needed one)

Hi @damianocupani , I am getting this error when installing requirements_modified.txt, Has it happened to you?

requirements_error

Also getting error from pydeep

pydeep

Hi @damianocupani , I am getting this error when installing requirements_modified.txt, Has it happened to you?

Also getting error from pydeep

I think I never experienced those issues before, but I can suggest trying this:

for the pkg-resources, you might try to remove that line from the requirements file or to remove the version number
for the second issue with pydeep, I suggest you double-check that you have installed all the system requirements listed in both the docs of cuckoo( https://cuckoo.sh/docs/installation/host/requirements.html#installing-python-libraries-on-ubuntu-debian-based-distributions ) and cuckooDroid ( https://cuckoo-droid.readthedocs.io/en/latest/installation/guest_android_on_linux/requirements/ )

Although it is a little messy, I am attaching a document with the steps that I followed in order to make cuckooDroid work CuckooDroid_setup_draft_EN.pdf

Hi @damianocupani , I am getting this error when installing requirements_modified.txt, Has it happened to you? Also getting error from pydeep

I think I never experienced those issues before, but I can suggest trying this:

for the pkg-resources, you might try to remove that line from the requirements file or to remove the version number

for the second issue with pydeep, I suggest you double-check that you have installed all the system requirements listed in both the docs of cuckoo( https://cuckoo.sh/docs/installation/host/requirements.html#installing-python-libraries-on-ubuntu-debian-based-distributions ) and cuckooDroid ( https://cuckoo-droid.readthedocs.io/en/latest/installation/guest_android_on_linux/requirements/ )

Although it is a little messy, I am attaching a document with the steps that I followed in order to make cuckooDroid work CuckooDroid_setup_draft_EN.pdf

I did it!! I need to make some changes in the create_guest_avd.sh according to quoscient/cuckoodroid repo and it is working!

Only one more question, have you tried it with API 17, 18 , 19 or 20 of SDK?

Hi @damianocupani , I am getting this error when installing requirements_modified.txt, Has it happened to you? Also getting error from pydeep

I think I never experienced those issues before, but I can suggest trying this:

for the pkg-resources, you might try to remove that line from the requirements file or to remove the version number

for the second issue with pydeep, I suggest you double-check that you have installed all the system requirements listed in both the docs of cuckoo( https://cuckoo.sh/docs/installation/host/requirements.html#installing-python-libraries-on-ubuntu-debian-based-distributions ) and cuckooDroid ( https://cuckoo-droid.readthedocs.io/en/latest/installation/guest_android_on_linux/requirements/ )

Although it is a little messy, I am attaching a document with the steps that I followed in order to make cuckooDroid work CuckooDroid_setup_draft_EN.pdf

I did it!! I need to make some changes in the create_guest_avd.sh according to quoscient/cuckoodroid repo and it is working!

Only one more question, have you tried it with API 17, 18 , 19 or 20 of SDK?

I am not sure. If I run Android/SDK/tools/bin/sdkmanager --version, I get: 26.1.1

@damianocupani Sorry, I was referring to if you had tried to perform analysis with cuckodroid in Android 4.2, 4.4 (KitKat), 5.0(Lollipop) ...

@damianocupani Sorry, I was referring to if you had tried to perform analysis with cuckodroid in Android 4.2, 4.4 (KitKat), 5.0(Lollipop) ...

I used Android 4.1 level 16 API without Google Play Services(because the Google play services image cannot be rooted)

As far as I know the newest version used for cuckoodroid analisys is 5.0 https://github.com/waqarrashid33/internship_report/blob/master/main.pdf

@damianocupani Sorry, I was referring to if you had tried to perform analysis with cuckodroid in Android 4.2, 4.4 (KitKat), 5.0(Lollipop) ...

I used Android 4.1 level 16 API without Google Play Services(because the Google play services image cannot be rooted)

As far as I know the newest version used for cuckoodroid analisys is 5.0 https://github.com/waqarrashid33/internship_report/blob/master/main.pdf

Wow, very helpful report! I will take a look to it. But there is no news for versions between 4.1 and 5.1. Do you know why? Thanks again for your help

@damianocupani Sorry, I was referring to if you had tried to perform analysis with cuckodroid in Android 4.2, 4.4 (KitKat), 5.0(Lollipop) ...

I used Android 4.1 level 16 API without Google Play Services(because the Google play services image cannot be rooted) As far as I know the newest version used for cuckoodroid analisys is 5.0 https://github.com/waqarrashid33/internship_report/blob/master/main.pdf

Wow, very helpful report! I will take a look to it. But there is no news for versions between 4.1 and 5.1. Do you know why? Thanks again for your help

You're very welcome, I am sorry but I never tried to use and I never read about versions between 4.1 and 5.0. The only think I know is that at the moment the only Android version officially supported by cuckooDroid is 4.1 .

@damianocupani Sorry, I was referring to if you had tried to perform analysis with cuckodroid in Android 4.2, 4.4 (KitKat), 5.0(Lollipop) ...

I used Android 4.1 level 16 API without Google Play Services(because the Google play services image cannot be rooted) As far as I know the newest version used for cuckoodroid analisys is 5.0 https://github.com/waqarrashid33/internship_report/blob/master/main.pdf

Wow, very helpful report! I will take a look to it. But there is no news for versions between 4.1 and 5.1. Do you know why? Thanks again for your help

You're very welcome, I am sorry but I never tried to use and I never read about versions between 4.1 and 5.0. The only think I know is that at the moment the only Android version officially supported by cuckooDroid is 4.1 .

Hi @damianocupani , I hope you are well. I tried to perform an analysis on a 5.0 virtual device like in the PDF you give me and I have one problem.

The dynamic analysis is not performed because the application is not installed in the AVD.

Here is my analysis.log:

2020-04-05 10:13:06,767 [root] INFO: Starting analyzer from: /data/local/tmp/czncmmg 2020-04-05 10:13:06,774 [root] INFO: Storing results at: /data/local/tmp/yadhseu 2020-04-05 10:13:06,776 [root] INFO: Target is: /data/local/tmp/ADBManager.apk 2020-04-05 10:13:06,778 [root] INFO: No analysis package specified, trying to detect it automagically 2020-04-05 10:13:06,779 [root] INFO: Automatically selected analysis package "apk" 2020-04-05 10:13:06,943 [root] INFO: Started auxiliary module FileCollector 2020-04-05 10:13:06,947 [root] INFO: Started auxiliary module Screenshots 2020-04-05 10:13:06,951 [root] INFO: Started auxiliary module TouchSimulator 2020-04-05 10:13:07,019 [root] INFO: installing sample on emulator: pm install /data/local/tmp/ADBManager.apk 2020-04-05 10:13:07,222 [root] INFO: 2020-04-05 10:13:07,222 [root] INFO: finished 2020-04-05 10:13:07,223 [root] INFO: executing sample on emulator:adb shell am start -n com.matoski.adbm/com.matoski.adbm.activity.MainActivity 2020-04-05 10:15:06,161 [root] INFO: Analysis timeout hit, terminating analysis 2020-04-05 10:15:06,167 [root] INFO: Analysis completed

And my cuckoo.log:

2020-04-05 10:11:39,269 [root] DEBUG: Importing modules... 2020-04-05 10:11:40,752 [root] DEBUG: Imported "signatures" modules: 2020-04-05 10:11:40,753 [root] DEBUG: |-- AndroidDynamicCode 2020-04-05 10:11:40,753 [root] DEBUG: |-- AndroidDynamicCode 2020-04-05 10:11:40,753 [root] DEBUG: |-- KnownVirustotal 2020-04-05 10:11:40,753 [root] DEBUG: |-- KnownVirustotalThreshold 2020-04-05 10:11:40,753 [root] DEBUG: |-- AndroidDangerousPermissions 2020-04-05 10:11:40,754 [root] DEBUG: |-- AndroidDynamicCode 2020-04-05 10:11:40,754 [root] DEBUG: |-- AndroidGooglePlayDiff 2020-04-05 10:11:40,754 [root] DEBUG: |-- Hidden_Payload 2020-04-05 10:11:40,754 [root] DEBUG: |-- SandroRat 2020-04-05 10:11:40,754 [root] DEBUG: |-- AndroratMalware 2020-04-05 10:11:40,754 [root] DEBUG: |-- IBankingMalware 2020-04-05 10:11:40,755 [root] DEBUG: |-- AndroidNativeCode 2020-04-05 10:11:40,755 [root] DEBUG: |-- AndroidDynamicCode 2020-04-05 10:11:40,755 [root] DEBUG: |-- AndroidReflectionCode 2020-04-05 10:11:40,755 [root] DEBUG: |-- AndroidAbortBroadcast 2020-04-05 10:11:40,755 [root] DEBUG: |-- Hidden_Payload 2020-04-05 10:11:40,756 [root] DEBUG: |-- Hidden_Payload 2020-04-05 10:11:40,756 [root] DEBUG: |-- ApplicationContainsDex 2020-04-05 10:11:40,756 [root] DEBUG: |-- ApplicationContainsJar 2020-04-05 10:11:40,756 [root] DEBUG: |-- ApplicationContainsSo 2020-04-05 10:11:40,756 [root] DEBUG: |-- AndroidInstalledApps 2020-04-05 10:11:40,756 [root] DEBUG: |-- ApplicationDroppedDex 2020-04-05 10:11:40,757 [root] DEBUG: |-- ApplicationDroppedFiles 2020-04-05 10:11:40,757 [root] DEBUG: |-- ApplicationDroppedSo 2020-04-05 10:11:40,757 [root] DEBUG: |-- AndroidShellCommands 2020-04-05 10:11:40,757 [root] DEBUG: |-- AndroidPhoneNumber 2020-04-05 10:11:40,757 [root] DEBUG: |-- AndroidInstalledApps 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidAccountInfo 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidAppInfo 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidPrivateInfoQuery 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidAudio 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidUsingReflection 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidRegisteredReceiver 2020-04-05 10:11:40,759 [root] DEBUG: |-- AndroidInstalledApps 2020-04-05 10:11:40,759 [root] DEBUG: |-- AndroidSMS 2020-04-05 10:11:40,759 [root] DEBUG: |-- AndroidComponentEnabledSetting 2020-04-05 10:11:40,759 [root] DEBUG: |-- AndroidStopProcess 2020-04-05 10:11:40,759 [root] DEBUG: |-- ApplicationUsesLocation 2020-04-05 10:11:40,760 [root] DEBUG: |-- AndroidCamera 2020-04-05 10:11:40,760 [root] DEBUG: |-- CreatesExe 2020-04-05 10:11:40,760 [root] DEBUG: |-- SystemMetrics 2020-04-05 10:11:40,760 [root] DEBUG: |-- NetworkHTTP 2020-04-05 10:11:40,760 [root] DEBUG: |-- NetworkICMP 2020-04-05 10:11:40,760 [root] DEBUG: |-- NetworkIRC 2020-04-05 10:11:40,761 [root] DEBUG:-- NetworkSMTP 2020-04-05 10:11:40,761 [root] DEBUG: Imported "processing" modules: 2020-04-05 10:11:40,761 [root] DEBUG: |-- AnalysisInfo 2020-04-05 10:11:40,761 [root] DEBUG: |-- ApkInfo 2020-04-05 10:11:40,761 [root] DEBUG: |-- BehaviorAnalysis 2020-04-05 10:11:40,762 [root] DEBUG: |-- Debug 2020-04-05 10:11:40,762 [root] DEBUG: |-- Droidmon 2020-04-05 10:11:40,762 [root] DEBUG: |-- Dropped 2020-04-05 10:11:40,762 [root] DEBUG: |-- GooglePlay 2020-04-05 10:11:40,762 [root] DEBUG: |-- Memory 2020-04-05 10:11:40,770 [root] DEBUG: |-- NetworkAnalysis 2020-04-05 10:11:40,770 [root] DEBUG: |-- ProcessMemory 2020-04-05 10:11:40,770 [root] DEBUG: |-- Static 2020-04-05 10:11:40,770 [root] DEBUG: |-- Strings 2020-04-05 10:11:40,770 [root] DEBUG: |-- TargetInfo 2020-04-05 10:11:40,771 [root] DEBUG: -- VirusTotal 2020-04-05 10:11:40,771 [root] DEBUG: Imported "auxiliary" modules: 2020-04-05 10:11:40,771 [root] DEBUG:-- Sniffer 2020-04-05 10:11:40,773 [root] DEBUG: Imported "reporting" modules: 2020-04-05 10:11:40,774 [root] DEBUG: |-- JsonDump 2020-04-05 10:11:40,774 [root] DEBUG: |-- MAEC40Report 2020-04-05 10:11:40,774 [root] DEBUG: |-- MMDef 2020-04-05 10:11:40,776 [root] DEBUG: |-- MongoDB 2020-04-05 10:11:40,777 [root] DEBUG: |-- ReportAndroidHTML 2020-04-05 10:11:40,777 [root] DEBUG: -- ReportHTML 2020-04-05 10:11:40,777 [root] DEBUG: Imported "machinery" modules: 2020-04-05 10:11:40,777 [root] DEBUG:-- Avd 2020-04-05 10:11:40,833 [root] DEBUG: Checking for locked tasks... 2020-04-05 10:11:40,927 [root] DEBUG: Initializing Yara... 2020-04-05 10:11:40,928 [root] DEBUG: |-- index_binaries.yar 2020-04-05 10:11:40,928 [root] DEBUG: -- index_memory.yar 2020-04-05 10:11:40,930 [lib.cuckoo.core.resultserver] WARNING: Cannot bind ResultServer on port 2042, trying another port. 2020-04-05 10:11:40,930 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 127.0.0.1:2043. 2020-04-05 10:11:40,931 [lib.cuckoo.core.scheduler] INFO: Using "avd" machine manager 2020-04-05 10:11:40,970 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2020-04-05 10:11:40,993 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2020-04-05 10:11:42,045 [lib.cuckoo.core.scheduler] DEBUG: Processing task #1 2020-04-05 10:11:42,047 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/home/osboxes/ADBManager.apk" (task=1) 2020-04-05 10:11:42,116 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine aosx_1 (label=aosx_1) 2020-04-05 10:11:42,153 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 33713 (interface=vboxnet0, host=127.0.0.1, dump path=/home/osboxes/cuckoo/storage/analyses/1/dump.pcap) 2020-04-05 10:11:42,154 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2020-04-05 10:11:42,200 [modules.machinery.avd] DEBUG: Starting vm aosx_1 2020-04-05 10:11:42,203 [modules.machinery.avd] DEBUG: Duplicate Reference Machine 'aosx'. 2020-04-05 10:11:42,203 [modules.machinery.avd] DEBUG: Deleting old emulator config file '/home/osboxes/.android/avd/aosx_1.ini' 2020-04-05 10:11:42,204 [modules.machinery.avd] DEBUG: Deleting old emulator FS '/home/osboxes/.android/avd/aosx_1.avd/' 2020-04-05 10:11:42,499 [modules.machinery.avd] DEBUG: Copy AVD reference config file '/home/osboxes/.android/avd/aosx.ini' in '/home/osboxes/.android/avd/aosx_1.ini'... 2020-04-05 10:11:42,500 [modules.machinery.avd] DEBUG: Duplicate the AVD internal content from '/home/osboxes/.android/avd/aosx.avd/' in '/home/osboxes/.android/avd/aosx_1.avd/'... 2020-04-05 10:12:24,081 [modules.machinery.avd] DEBUG: Replacing 'aosx' with 'aosx_1' in '/home/osboxes/.android/avd/aosx_1.ini' 2020-04-05 10:12:24,082 [modules.machinery.avd] DEBUG: Replacing 'aosx' with 'aosx_1' in '/home/osboxes/.android/avd/aosx_1.avd/hardware-qemu.ini' 2020-04-05 10:12:34,120 [modules.machinery.avd] DEBUG: Restarting ADB server... 2020-04-05 10:12:34,198 [modules.machinery.avd] DEBUG: ADB server has been killed. 2020-04-05 10:12:34,298 [modules.machinery.avd] DEBUG: ADB server has been restarted. 2020-04-05 10:12:34,299 [modules.machinery.avd] DEBUG: Waiting for device emulator-5554 to be ready. 2020-04-05 10:12:34,342 [modules.machinery.avd] DEBUG: Waiting for the emulator to be ready 2020-04-05 10:12:34,342 [modules.machinery.avd] DEBUG: - (dev.bootcomplete) 2020-04-05 10:12:59,872 [modules.machinery.avd] DEBUG: - (sys_bootcomplete) 2020-04-05 10:13:00,169 [modules.machinery.avd] DEBUG: - (init.svc.bootanim) 2020-04-05 10:13:05,226 [modules.machinery.avd] DEBUG: Emulator emulator-5554 is ready ! 2020-04-05 10:13:05,338 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=aosx_1, ip=127.0.0.1) 2020-04-05 10:13:05,338 [lib.cuckoo.core.guest] DEBUG: aosx_1: waiting for status 0x0001 2020-04-05 10:13:05,343 [lib.cuckoo.core.guest] DEBUG: aosx_1: not ready yet 2020-04-05 10:13:06,356 [lib.cuckoo.core.guest] DEBUG: aosx_1: status ready 2020-04-05 10:13:06,434 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=aosx_1, ip=127.0.0.1) 2020-04-05 10:13:06,779 [lib.cuckoo.core.guest] DEBUG: aosx_1: analyzer started with PID 2352 2020-04-05 10:13:06,780 [lib.cuckoo.core.guest] DEBUG: aosx_1: waiting for completion 2020-04-05 10:13:06,862 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52522 2020-04-05 10:13:06,865 [lib.cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized. 2020-04-05 10:13:07,796 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:08,805 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:09,261 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52530 2020-04-05 10:13:09,262 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0000.jpg 2020-04-05 10:13:09,449 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 177899 2020-04-05 10:13:09,449 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52530 2020-04-05 10:13:09,822 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:10,849 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:11,856 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:12,872 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:13,881 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:14,886 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:15,896 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:16,911 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:17,917 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:18,962 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:19,986 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:20,566 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52562 2020-04-05 10:13:20,570 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0001.jpg 2020-04-05 10:13:20,808 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 177763 2020-04-05 10:13:20,808 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52562 2020-04-05 10:13:20,996 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:22,006 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:23,011 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:24,016 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:25,024 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:26,031 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:27,037 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:28,043 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:29,054 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:30,065 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:31,070 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:32,084 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:33,098 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:34,104 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:35,117 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:36,123 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:37,140 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:38,147 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:39,151 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:40,163 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:41,176 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:42,198 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:43,218 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:44,225 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:45,231 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:46,237 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:47,242 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:48,260 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:49,266 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:50,274 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:51,285 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:52,289 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:53,294 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:54,303 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:55,312 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:56,318 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:57,334 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:58,350 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:59,360 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:00,365 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:01,380 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:02,355 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52674 2020-04-05 10:14:02,356 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0002.jpg 2020-04-05 10:14:02,394 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:02,586 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 177485 2020-04-05 10:14:02,586 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52674 2020-04-05 10:14:03,400 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:04,420 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:05,428 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:06,435 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:07,440 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:08,447 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:09,453 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:10,459 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:11,464 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:12,470 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:13,475 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:14,481 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:15,488 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:16,493 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:17,510 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:18,555 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:19,564 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:20,576 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:21,583 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:22,588 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:23,593 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:24,597 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:25,603 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:26,621 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:27,632 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:28,637 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:29,645 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:30,662 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:31,671 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:32,685 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:33,692 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:34,701 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:35,708 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:36,724 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:37,729 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:38,735 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:39,751 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:40,775 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:41,783 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:42,800 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:43,805 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:44,828 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:45,842 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:46,864 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:47,884 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:48,890 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:49,898 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:50,902 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:51,908 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:52,917 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:53,923 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:54,928 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:55,933 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:56,946 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:57,957 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:58,965 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:59,971 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:00,977 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:01,880 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52836 2020-04-05 10:15:01,881 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0003.jpg 2020-04-05 10:15:01,983 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:02,129 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 177052 2020-04-05 10:15:02,130 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52836 2020-04-05 10:15:02,999 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:04,012 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:05,028 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:06,032 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:06,641 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52850 2020-04-05 10:15:06,642 [lib.cuckoo.core.resultserver] DEBUG: File upload request for logs/droidmon.log 2020-04-05 10:15:06,649 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52850 2020-04-05 10:15:06,652 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52852 2020-04-05 10:15:06,661 [lib.cuckoo.core.resultserver] DEBUG: File upload request for logs/droidmon_error.log 2020-04-05 10:15:06,661 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52852 2020-04-05 10:15:07,053 [lib.cuckoo.core.guest] INFO: aosx_1: analysis completed successfully 2020-04-05 10:15:07,054 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2020-04-05 10:15:07,055 [modules.machinery.avd] DEBUG: Stopping vm aosx_1 2020-04-05 10:15:07,058 [modules.machinery.avd] INFO: Stopping AVD listening on port 5554 2020-04-05 10:15:08,182 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52522 2020-04-05 10:15:08,264 [lib.cuckoo.core.scheduler] DEBUG: Released database task #1 with status True 2020-04-05 10:15:08,347 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,252 [modules.processing.apkinfo] WARNING: Dex size bigger than: None 2020-04-05 10:15:09,253 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ApkInfo" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,255 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,260 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,261 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Droidmon" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,261 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,824 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,824 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,850 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,946 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:10,027 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:10,560 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "VirusTotal" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:10,565 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe 2020-04-05 10:15:10,567 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures 2020-04-05 10:15:10,567 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_AirPush_Adware" 2020-04-05 10:15:10,570 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_Umeng_Adware" 2020-04-05 10:15:10,571 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_antivirus_virustotal" 2020-04-05 10:15:10,582 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "android_antivirus_virustotal" 2020-04-05 10:15:10,586 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_antivirus_virustotal_threshold" 2020-04-05 10:15:10,587 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_dangerous_permissions" 2020-04-05 10:15:10,589 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "android_dangerous_permissions" 2020-04-05 10:15:10,590 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_dynamic_code" 2020-04-05 10:15:10,591 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_google_play_diff" 2020-04-05 10:15:10,599 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_hidden_payload" 2020-04-05 10:15:10,603 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_snadrorat" 2020-04-05 10:15:10,613 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_androrat" 2020-04-05 10:15:10,614 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_iBanking" 2020-04-05 10:15:10,614 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_native_code" 2020-04-05 10:15:10,614 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_packer" 2020-04-05 10:15:10,615 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_reflection_code" 2020-04-05 10:15:10,615 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_aborted_broadcast_receiver" 2020-04-05 10:15:10,615 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_apk" 2020-04-05 10:15:10,616 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_arm_binaries" 2020-04-05 10:15:10,616 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_dex" 2020-04-05 10:15:10,616 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_jar" 2020-04-05 10:15:10,616 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_so" 2020-04-05 10:15:10,617 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_device_admin" 2020-04-05 10:15:10,617 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_dex" 2020-04-05 10:15:10,617 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_files" 2020-04-05 10:15:10,618 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_so" 2020-04-05 10:15:10,619 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_executed_shell_command" 2020-04-05 10:15:10,619 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_fingerprint" 2020-04-05 10:15:10,619 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_installed_app" 2020-04-05 10:15:10,621 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_account_info" 2020-04-05 10:15:10,622 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_installed_apps" 2020-04-05 10:15:10,622 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_private_information" 2020-04-05 10:15:10,622 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_recording_audio" 2020-04-05 10:15:10,622 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_reflection" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_registered_receiver_runtime" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_root" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_sent_sms_messages" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_setComponentEnabledSetting" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_stopped_processes" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_uses_location" 2020-04-05 10:15:10,624 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_using_the_camera" 2020-04-05 10:15:10,624 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_exe" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_metrics" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "network_http" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp" 2020-04-05 10:15:10,755 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump" 2020-04-05 10:15:11,278 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "ReportAndroidHTML" 2020-04-05 10:15:11,279 [lib.cuckoo.core.scheduler] INFO: Task #1: reports generation completed (path=/home/osboxes/cuckoo/storage/analyses/1) 2020-04-05 10:15:11,287 [lib.cuckoo.core.scheduler] INFO: Task #1: analysis procedure completed

And also I think that the problem is in this method in the adb.py:

`def install_sample(path): """Install the sample on the emulator via adb""" log.info("installing sample on emulator: pm install "+path) str=""

proc = subprocess.Popen(["/system/bin/pm", "install", path], stdout=subprocess.PIPE, stderr=subprocess.PIPE)

str =os.popen("/system/bin/pm install "+path).read()
#for s in stdout:
#    str=str+s

log.info(str)
lines = str.split("\n")
for line in lines:
    #if in command output will appear "Failure" it means that the sample did not install
    if("Failure" in line):
        raise CuckooPackageError("failed to install sample on emulator:"+line)
log.info("finished")`

Any hints?

Thanks

@damianocupani Sorry, I was referring to if you had tried to perform analysis with cuckodroid in Android 4.2, 4.4 (KitKat), 5.0(Lollipop) ...

I used Android 4.1 level 16 API without Google Play Services(because the Google play services image cannot be rooted) As far as I know the newest version used for cuckoodroid analisys is 5.0 https://github.com/waqarrashid33/internship_report/blob/master/main.pdf

Wow, very helpful report! I will take a look to it. But there is no news for versions between 4.1 and 5.1. Do you know why? Thanks again for your help

You're very welcome, I am sorry but I never tried to use and I never read about versions between 4.1 and 5.0. The only think I know is that at the moment the only Android version officially supported by cuckooDroid is 4.1 .

Hi @damianocupani , I hope you are well. I tried to perform an analysis on a 5.0 virtual device like in the PDF you give me and I have one problem.

The dynamic analysis is not performed because the application is not installed in the AVD.

Here is my analysis.log:

2020-04-05 10:13:06,767 [root] INFO: Starting analyzer from: /data/local/tmp/czncmmg 2020-04-05 10:13:06,774 [root] INFO: Storing results at: /data/local/tmp/yadhseu 2020-04-05 10:13:06,776 [root] INFO: Target is: /data/local/tmp/ADBManager.apk 2020-04-05 10:13:06,778 [root] INFO: No analysis package specified, trying to detect it automagically 2020-04-05 10:13:06,779 [root] INFO: Automatically selected analysis package "apk" 2020-04-05 10:13:06,943 [root] INFO: Started auxiliary module FileCollector 2020-04-05 10:13:06,947 [root] INFO: Started auxiliary module Screenshots 2020-04-05 10:13:06,951 [root] INFO: Started auxiliary module TouchSimulator 2020-04-05 10:13:07,019 [root] INFO: installing sample on emulator: pm install /data/local/tmp/ADBManager.apk 2020-04-05 10:13:07,222 [root] INFO: 2020-04-05 10:13:07,222 [root] INFO: finished 2020-04-05 10:13:07,223 [root] INFO: executing sample on emulator:adb shell am start -n com.matoski.adbm/com.matoski.adbm.activity.MainActivity 2020-04-05 10:15:06,161 [root] INFO: Analysis timeout hit, terminating analysis 2020-04-05 10:15:06,167 [root] INFO: Analysis completed

And my cuckoo.log:

2020-04-05 10:11:39,269 [root] DEBUG: Importing modules... 2020-04-05 10:11:40,752 [root] DEBUG: Imported "signatures" modules: 2020-04-05 10:11:40,753 [root] DEBUG: |-- AndroidDynamicCode 2020-04-05 10:11:40,753 [root] DEBUG: |-- AndroidDynamicCode 2020-04-05 10:11:40,753 [root] DEBUG: |-- KnownVirustotal 2020-04-05 10:11:40,753 [root] DEBUG: |-- KnownVirustotalThreshold 2020-04-05 10:11:40,753 [root] DEBUG: |-- AndroidDangerousPermissions 2020-04-05 10:11:40,754 [root] DEBUG: |-- AndroidDynamicCode 2020-04-05 10:11:40,754 [root] DEBUG: |-- AndroidGooglePlayDiff 2020-04-05 10:11:40,754 [root] DEBUG: |-- Hidden_Payload 2020-04-05 10:11:40,754 [root] DEBUG: |-- SandroRat 2020-04-05 10:11:40,754 [root] DEBUG: |-- AndroratMalware 2020-04-05 10:11:40,754 [root] DEBUG: |-- IBankingMalware 2020-04-05 10:11:40,755 [root] DEBUG: |-- AndroidNativeCode 2020-04-05 10:11:40,755 [root] DEBUG: |-- AndroidDynamicCode 2020-04-05 10:11:40,755 [root] DEBUG: |-- AndroidReflectionCode 2020-04-05 10:11:40,755 [root] DEBUG: |-- AndroidAbortBroadcast 2020-04-05 10:11:40,755 [root] DEBUG: |-- Hidden_Payload 2020-04-05 10:11:40,756 [root] DEBUG: |-- Hidden_Payload 2020-04-05 10:11:40,756 [root] DEBUG: |-- ApplicationContainsDex 2020-04-05 10:11:40,756 [root] DEBUG: |-- ApplicationContainsJar 2020-04-05 10:11:40,756 [root] DEBUG: |-- ApplicationContainsSo 2020-04-05 10:11:40,756 [root] DEBUG: |-- AndroidInstalledApps 2020-04-05 10:11:40,756 [root] DEBUG: |-- ApplicationDroppedDex 2020-04-05 10:11:40,757 [root] DEBUG: |-- ApplicationDroppedFiles 2020-04-05 10:11:40,757 [root] DEBUG: |-- ApplicationDroppedSo 2020-04-05 10:11:40,757 [root] DEBUG: |-- AndroidShellCommands 2020-04-05 10:11:40,757 [root] DEBUG: |-- AndroidPhoneNumber 2020-04-05 10:11:40,757 [root] DEBUG: |-- AndroidInstalledApps 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidAccountInfo 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidAppInfo 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidPrivateInfoQuery 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidAudio 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidUsingReflection 2020-04-05 10:11:40,758 [root] DEBUG: |-- AndroidRegisteredReceiver 2020-04-05 10:11:40,759 [root] DEBUG: |-- AndroidInstalledApps 2020-04-05 10:11:40,759 [root] DEBUG: |-- AndroidSMS 2020-04-05 10:11:40,759 [root] DEBUG: |-- AndroidComponentEnabledSetting 2020-04-05 10:11:40,759 [root] DEBUG: |-- AndroidStopProcess 2020-04-05 10:11:40,759 [root] DEBUG: |-- ApplicationUsesLocation 2020-04-05 10:11:40,760 [root] DEBUG: |-- AndroidCamera 2020-04-05 10:11:40,760 [root] DEBUG: |-- CreatesExe 2020-04-05 10:11:40,760 [root] DEBUG: |-- SystemMetrics 2020-04-05 10:11:40,760 [root] DEBUG: |-- NetworkHTTP 2020-04-05 10:11:40,760 [root] DEBUG: |-- NetworkICMP 2020-04-05 10:11:40,760 [root] DEBUG: |-- NetworkIRC 2020-04-05 10:11:40,761 [root] DEBUG:-- NetworkSMTP 2020-04-05 10:11:40,761 [root] DEBUG: Imported "processing" modules: 2020-04-05 10:11:40,761 [root] DEBUG: |-- AnalysisInfo 2020-04-05 10:11:40,761 [root] DEBUG: |-- ApkInfo 2020-04-05 10:11:40,761 [root] DEBUG: |-- BehaviorAnalysis 2020-04-05 10:11:40,762 [root] DEBUG: |-- Debug 2020-04-05 10:11:40,762 [root] DEBUG: |-- Droidmon 2020-04-05 10:11:40,762 [root] DEBUG: |-- Dropped 2020-04-05 10:11:40,762 [root] DEBUG: |-- GooglePlay 2020-04-05 10:11:40,762 [root] DEBUG: |-- Memory 2020-04-05 10:11:40,770 [root] DEBUG: |-- NetworkAnalysis 2020-04-05 10:11:40,770 [root] DEBUG: |-- ProcessMemory 2020-04-05 10:11:40,770 [root] DEBUG: |-- Static 2020-04-05 10:11:40,770 [root] DEBUG: |-- Strings 2020-04-05 10:11:40,770 [root] DEBUG: |-- TargetInfo 2020-04-05 10:11:40,771 [root] DEBUG: -- VirusTotal 2020-04-05 10:11:40,771 [root] DEBUG: Imported "auxiliary" modules: 2020-04-05 10:11:40,771 [root] DEBUG:-- Sniffer 2020-04-05 10:11:40,773 [root] DEBUG: Imported "reporting" modules: 2020-04-05 10:11:40,774 [root] DEBUG: |-- JsonDump 2020-04-05 10:11:40,774 [root] DEBUG: |-- MAEC40Report 2020-04-05 10:11:40,774 [root] DEBUG: |-- MMDef 2020-04-05 10:11:40,776 [root] DEBUG: |-- MongoDB 2020-04-05 10:11:40,777 [root] DEBUG: |-- ReportAndroidHTML 2020-04-05 10:11:40,777 [root] DEBUG: -- ReportHTML 2020-04-05 10:11:40,777 [root] DEBUG: Imported "machinery" modules: 2020-04-05 10:11:40,777 [root] DEBUG:-- Avd 2020-04-05 10:11:40,833 [root] DEBUG: Checking for locked tasks... 2020-04-05 10:11:40,927 [root] DEBUG: Initializing Yara... 2020-04-05 10:11:40,928 [root] DEBUG: |-- index_binaries.yar 2020-04-05 10:11:40,928 [root] DEBUG: -- index_memory.yar 2020-04-05 10:11:40,930 [lib.cuckoo.core.resultserver] WARNING: Cannot bind ResultServer on port 2042, trying another port. 2020-04-05 10:11:40,930 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 127.0.0.1:2043. 2020-04-05 10:11:40,931 [lib.cuckoo.core.scheduler] INFO: Using "avd" machine manager 2020-04-05 10:11:40,970 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2020-04-05 10:11:40,993 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2020-04-05 10:11:42,045 [lib.cuckoo.core.scheduler] DEBUG: Processing task #1 2020-04-05 10:11:42,047 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/home/osboxes/ADBManager.apk" (task=1) 2020-04-05 10:11:42,116 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine aosx_1 (label=aosx_1) 2020-04-05 10:11:42,153 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 33713 (interface=vboxnet0, host=127.0.0.1, dump path=/home/osboxes/cuckoo/storage/analyses/1/dump.pcap) 2020-04-05 10:11:42,154 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2020-04-05 10:11:42,200 [modules.machinery.avd] DEBUG: Starting vm aosx_1 2020-04-05 10:11:42,203 [modules.machinery.avd] DEBUG: Duplicate Reference Machine 'aosx'. 2020-04-05 10:11:42,203 [modules.machinery.avd] DEBUG: Deleting old emulator config file '/home/osboxes/.android/avd/aosx_1.ini' 2020-04-05 10:11:42,204 [modules.machinery.avd] DEBUG: Deleting old emulator FS '/home/osboxes/.android/avd/aosx_1.avd/' 2020-04-05 10:11:42,499 [modules.machinery.avd] DEBUG: Copy AVD reference config file '/home/osboxes/.android/avd/aosx.ini' in '/home/osboxes/.android/avd/aosx_1.ini'... 2020-04-05 10:11:42,500 [modules.machinery.avd] DEBUG: Duplicate the AVD internal content from '/home/osboxes/.android/avd/aosx.avd/' in '/home/osboxes/.android/avd/aosx_1.avd/'... 2020-04-05 10:12:24,081 [modules.machinery.avd] DEBUG: Replacing 'aosx' with 'aosx_1' in '/home/osboxes/.android/avd/aosx_1.ini' 2020-04-05 10:12:24,082 [modules.machinery.avd] DEBUG: Replacing 'aosx' with 'aosx_1' in '/home/osboxes/.android/avd/aosx_1.avd/hardware-qemu.ini' 2020-04-05 10:12:34,120 [modules.machinery.avd] DEBUG: Restarting ADB server... 2020-04-05 10:12:34,198 [modules.machinery.avd] DEBUG: ADB server has been killed. 2020-04-05 10:12:34,298 [modules.machinery.avd] DEBUG: ADB server has been restarted. 2020-04-05 10:12:34,299 [modules.machinery.avd] DEBUG: Waiting for device emulator-5554 to be ready. 2020-04-05 10:12:34,342 [modules.machinery.avd] DEBUG: Waiting for the emulator to be ready 2020-04-05 10:12:34,342 [modules.machinery.avd] DEBUG: - (dev.bootcomplete) 2020-04-05 10:12:59,872 [modules.machinery.avd] DEBUG: - (sys_bootcomplete) 2020-04-05 10:13:00,169 [modules.machinery.avd] DEBUG: - (init.svc.bootanim) 2020-04-05 10:13:05,226 [modules.machinery.avd] DEBUG: Emulator emulator-5554 is ready ! 2020-04-05 10:13:05,338 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=aosx_1, ip=127.0.0.1) 2020-04-05 10:13:05,338 [lib.cuckoo.core.guest] DEBUG: aosx_1: waiting for status 0x0001 2020-04-05 10:13:05,343 [lib.cuckoo.core.guest] DEBUG: aosx_1: not ready yet 2020-04-05 10:13:06,356 [lib.cuckoo.core.guest] DEBUG: aosx_1: status ready 2020-04-05 10:13:06,434 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=aosx_1, ip=127.0.0.1) 2020-04-05 10:13:06,779 [lib.cuckoo.core.guest] DEBUG: aosx_1: analyzer started with PID 2352 2020-04-05 10:13:06,780 [lib.cuckoo.core.guest] DEBUG: aosx_1: waiting for completion 2020-04-05 10:13:06,862 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52522 2020-04-05 10:13:06,865 [lib.cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized. 2020-04-05 10:13:07,796 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:08,805 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:09,261 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52530 2020-04-05 10:13:09,262 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0000.jpg 2020-04-05 10:13:09,449 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 177899 2020-04-05 10:13:09,449 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52530 2020-04-05 10:13:09,822 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:10,849 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:11,856 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:12,872 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:13,881 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:14,886 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:15,896 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:16,911 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:17,917 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:18,962 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:19,986 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:20,566 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52562 2020-04-05 10:13:20,570 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0001.jpg 2020-04-05 10:13:20,808 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 177763 2020-04-05 10:13:20,808 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52562 2020-04-05 10:13:20,996 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:22,006 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:23,011 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:24,016 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:25,024 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:26,031 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:27,037 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:28,043 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:29,054 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:30,065 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:31,070 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:32,084 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:33,098 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:34,104 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:35,117 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:36,123 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:37,140 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:38,147 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:39,151 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:40,163 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:41,176 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:42,198 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:43,218 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:44,225 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:45,231 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:46,237 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:47,242 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:48,260 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:49,266 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:50,274 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:51,285 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:52,289 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:53,294 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:54,303 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:55,312 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:56,318 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:57,334 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:58,350 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:13:59,360 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:00,365 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:01,380 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:02,355 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52674 2020-04-05 10:14:02,356 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0002.jpg 2020-04-05 10:14:02,394 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:02,586 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 177485 2020-04-05 10:14:02,586 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52674 2020-04-05 10:14:03,400 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:04,420 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:05,428 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:06,435 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:07,440 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:08,447 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:09,453 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:10,459 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:11,464 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:12,470 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:13,475 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:14,481 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:15,488 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:16,493 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:17,510 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:18,555 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:19,564 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:20,576 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:21,583 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:22,588 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:23,593 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:24,597 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:25,603 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:26,621 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:27,632 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:28,637 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:29,645 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:30,662 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:31,671 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:32,685 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:33,692 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:34,701 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:35,708 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:36,724 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:37,729 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:38,735 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:39,751 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:40,775 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:41,783 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:42,800 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:43,805 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:44,828 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:45,842 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:46,864 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:47,884 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:48,890 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:49,898 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:50,902 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:51,908 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:52,917 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:53,923 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:54,928 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:55,933 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:56,946 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:57,957 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:58,965 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:14:59,971 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:00,977 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:01,880 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52836 2020-04-05 10:15:01,881 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0003.jpg 2020-04-05 10:15:01,983 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:02,129 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 177052 2020-04-05 10:15:02,130 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52836 2020-04-05 10:15:02,999 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:04,012 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:05,028 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:06,032 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2) 2020-04-05 10:15:06,641 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52850 2020-04-05 10:15:06,642 [lib.cuckoo.core.resultserver] DEBUG: File upload request for logs/droidmon.log 2020-04-05 10:15:06,649 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52850 2020-04-05 10:15:06,652 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52852 2020-04-05 10:15:06,661 [lib.cuckoo.core.resultserver] DEBUG: File upload request for logs/droidmon_error.log 2020-04-05 10:15:06,661 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52852 2020-04-05 10:15:07,053 [lib.cuckoo.core.guest] INFO: aosx_1: analysis completed successfully 2020-04-05 10:15:07,054 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2020-04-05 10:15:07,055 [modules.machinery.avd] DEBUG: Stopping vm aosx_1 2020-04-05 10:15:07,058 [modules.machinery.avd] INFO: Stopping AVD listening on port 5554 2020-04-05 10:15:08,182 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52522 2020-04-05 10:15:08,264 [lib.cuckoo.core.scheduler] DEBUG: Released database task #1 with status True 2020-04-05 10:15:08,347 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,252 [modules.processing.apkinfo] WARNING: Dex size bigger than: None 2020-04-05 10:15:09,253 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ApkInfo" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,255 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,260 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,261 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Droidmon" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,261 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,824 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,824 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,850 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:09,946 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:10,027 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:10,560 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "VirusTotal" on analysis at "/home/osboxes/cuckoo/storage/analyses/1" 2020-04-05 10:15:10,565 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe 2020-04-05 10:15:10,567 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures 2020-04-05 10:15:10,567 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_AirPush_Adware" 2020-04-05 10:15:10,570 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_Umeng_Adware" 2020-04-05 10:15:10,571 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_antivirus_virustotal" 2020-04-05 10:15:10,582 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "android_antivirus_virustotal" 2020-04-05 10:15:10,586 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_antivirus_virustotal_threshold" 2020-04-05 10:15:10,587 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_dangerous_permissions" 2020-04-05 10:15:10,589 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "android_dangerous_permissions" 2020-04-05 10:15:10,590 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_dynamic_code" 2020-04-05 10:15:10,591 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_google_play_diff" 2020-04-05 10:15:10,599 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_hidden_payload" 2020-04-05 10:15:10,603 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_snadrorat" 2020-04-05 10:15:10,613 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_androrat" 2020-04-05 10:15:10,614 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_iBanking" 2020-04-05 10:15:10,614 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_native_code" 2020-04-05 10:15:10,614 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_packer" 2020-04-05 10:15:10,615 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_reflection_code" 2020-04-05 10:15:10,615 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_aborted_broadcast_receiver" 2020-04-05 10:15:10,615 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_apk" 2020-04-05 10:15:10,616 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_arm_binaries" 2020-04-05 10:15:10,616 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_dex" 2020-04-05 10:15:10,616 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_jar" 2020-04-05 10:15:10,616 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_so" 2020-04-05 10:15:10,617 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_device_admin" 2020-04-05 10:15:10,617 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_dex" 2020-04-05 10:15:10,617 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_files" 2020-04-05 10:15:10,618 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_so" 2020-04-05 10:15:10,619 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_executed_shell_command" 2020-04-05 10:15:10,619 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_fingerprint" 2020-04-05 10:15:10,619 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_installed_app" 2020-04-05 10:15:10,621 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_account_info" 2020-04-05 10:15:10,622 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_installed_apps" 2020-04-05 10:15:10,622 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_private_information" 2020-04-05 10:15:10,622 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_recording_audio" 2020-04-05 10:15:10,622 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_reflection" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_registered_receiver_runtime" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_root" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_sent_sms_messages" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_setComponentEnabledSetting" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_stopped_processes" 2020-04-05 10:15:10,623 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_uses_location" 2020-04-05 10:15:10,624 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_using_the_camera" 2020-04-05 10:15:10,624 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_exe" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_metrics" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "network_http" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc" 2020-04-05 10:15:10,625 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp" 2020-04-05 10:15:10,755 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump" 2020-04-05 10:15:11,278 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "ReportAndroidHTML" 2020-04-05 10:15:11,279 [lib.cuckoo.core.scheduler] INFO: Task #1: reports generation completed (path=/home/osboxes/cuckoo/storage/analyses/1) 2020-04-05 10:15:11,287 [lib.cuckoo.core.scheduler] INFO: Task #1: analysis procedure completed

And also I think that the problem is in this method in the adb.py:

`def install_sample(path): """Install the sample on the emulator via adb""" log.info("installing sample on emulator: pm install "+path) str=""

proc = subprocess.Popen(["/system/bin/pm", "install", path], stdout=subprocess.PIPE, stderr=subprocess.PIPE)

str =os.popen("/system/bin/pm install "+path).read()

for s in stdout:

str=str+s
log.info(str)
lines = str.split("\n")
for line in lines:
    #if in command output will appear "Failure" it means that the sample did not install
    if("Failure" in line):
        raise CuckooPackageError("failed to install sample on emulator:"+line)
log.info("finished")`
Any hints?

Thanks

Hello. Sorry that is not quite on the topic. I installed your repository and configured avd, but dynamic analysis still doesn’t work for me, the application simply doesn’t start and after 10 minutes the cuckoo gives an error about time out. Do not know what could be the problem?

Hi, I'm using android avd emulator and need persistent root access for my testing. After installing xposed successfully, whenever i try to reboot(in order to enable the extensions) the device, it get stuck in bootloop. I have used API 23 to 27 (x86) for the same. Is there any solution to get device permanent rooted?

idanr1986 / cuckoo-droid

Android AVD root access fail. #4

proc = subprocess.Popen(["/system/bin/pm", "install", path], stdout=subprocess.PIPE, stderr=subprocess.PIPE)

proc = subprocess.Popen(["/system/bin/pm", "install", path], stdout=subprocess.PIPE, stderr=subprocess.PIPE)

for s in stdout:

str=str+s