process.popen change default shell

[wickywaka]

Hello, I need someone to verify this problem/bug:

The problem with subprocess.Popen(). By default it looks for shell in /bin/sh but avd it is /system/bin/sh. Have a look here at documentation This can be fixed by making minor changes in the command:

1. Make command a string(not a list)
2. Add parameters shell = True and executable = /system/bin/sh to subproccess.Popen()

Example: subprocess.Popen("/system/bin/am start -n "+ package + "/" + activity, stdout=subprocess.PIPE, shell=True, stderr=subprocess.PIPE, executable='/system/bin/sh')

Disclaimer: Its very well possible that my shell is not located in the right place because of some changes that I made so please verify the location of your shell before making these changes.

[wickywaka]

Here is another reference which I forgot to mention https://bugs.python.org/issue16255 not sure if its effecting python 2.7 also.

[wickywaka]

It seems like the only problem was in execute_sample() method, The only I could make it work is as below: subprocess.Popen("/system/bin/am start -n "+ package + "/" + activity, stdout=subprocess.PIPE, shell=True, stderr=subprocess.PIPE, executable='/system/bin/sh')

[anthonyjr2]

@waqarrashid33 Where exactly did you change that method? I'm guessing in agent.py, but the only agent I have been using is the precompiled CuckooAgent.apk which I don't think I can edit. I am having the same issue with analysis timing out at the moment.

[wickywaka]

You also have to change it in the analysis code. There are also some instances of os.popen which fails some time and would be nice to move them to subprocess.popen. I will make PR in a week or two so that it works just out of the box.

On 12 March 2018 at 21:42, Anthony Muratore notifications@github.com wrote:

@waqarrashid33 https://github.com/waqarrashid33 Where exactly did you change that method? I'm guessing in agent.py, but the only agent I have been using is the precompiled CuckooAgent.apk which I don't think I can edit. I am having the same issue with analysis timing out at the moment.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/idanr1986/cuckoo-droid/issues/53#issuecomment-372455446, or mute the thread https://github.com/notifications/unsubscribe-auth/AGo8A1UhRNytMZ12xmuFNHmo9LlexL36ks5tdt2egaJpZM4QZWBL .

-- Waqar Rashid

[anthonyjr2]

The current code is:

def execute(self):
    """Execute analysis.
    @return: analyzer PID.
    """
    global ERROR_MESSAGE
    global CURRENT_STATUS

    if not self.analyzer_path or not os.path.exists(self.analyzer_path):
        return False

    try:
        proc = subprocess.Popen([sys.executable, self.analyzer_path],
                                cwd=os.path.dirname(self.analyzer_path))
        self.analyzer_pid = proc.pid
    except OSError as e:
        ERROR_MESSAGE = str(e)
        return False

    CURRENT_STATUS = STATUS_RUNNING

    return self.analyzer_pid

In agent.py, and the analyzer code is similar. I'm not exactly sure how to fix it like you were stating though.

[anthonyjr2]

Disregard my last comment, I found the correct analyzer code to change in cuckoo/analyzer/android/lib/api/adb.py although making the change doesn't seem to let analysis finish still.

EDIT: Nevermind, forgot I had made a change in guest.py. Dynamic analysis works for me now! Thanks for the help. I only had to change it in the analyzer file, the agent seems to work fine.

[aryamsankar]

Hello, I was facing similar issue as in [GitHub] (https://github.com/idanr1986/cuckoo-droid/issues/14).

1. During analysis the Apk is installed but not launched
2. Hitting critical time out error, leading to analysis results = null

System setup followed,

• Host Machine: Ubuntu 16.04
• Guest Machine: Android API16, ARM EABI v7a System Image
• Cuckoo Sandbox 1.2

@waqarrashid33 : The suggestion of using subprocess.Popen() in adb.py did help the Apk to launch with startActivity() during analysis. But, the critical time out error is persistent with dynamic analysis results as null.

I tried changing the critical time to 600 but didn't help. Analyzed the Apk on another Machine with cuckooDroid installed (Host: Linux 14.04 & Guest: Linux 12.04) and it worked.

Any suggestions would be really helpful.

[wickywaka]

Can you please your logs, that might give me some clue about whats going on. It is probably related to the same issue. Do a grep on os.popen in all the analysis code and replace it with subprocess.popen. I also faced some issues with executable parameter, as sometimes it works without that and some times it doesn't. It would be nice if you can write down all the modifications you make to make it work so that we can submit a patch. I know about some changes that are required but I need someone to verify it. If didn't figure it out till this weekend, let me know and I will try to compile a list of those of changes.

[aryamsankar]

Thank you for your suggestions.

Reference with [Python Software Foundataion] (https://docs.python.org/2/library/subprocess.html), I used the subprocess32 module instead of version included in python2.7. As you mentioned I tried replacing all the os.popen with subprocess.Popen in the analysis code (adb.py), but didn't help with the critical time out error.

I couldn't exactly understand the part you mentioned about executable parameter. I am documenting the try outs as you mentioned. Would definitely get back to you if I could get this working.

Attaching the log of ./cuckoo.py -d

                          ::                 
    .-.     ,  :   .-.    ;;.-.  .-.   .-.   
   ;       ;   ;  ;       ;; .' ;   ;';   ;' 
   `;;;;'.'`..:;._`;;;;'_.'`  `.`;;'  `;;'

 Cuckoo Sandbox 1.2
 www.cuckoosandbox.org
 Copyright (c) 2010-2015

 Checking for updates...
 Outdated! Cuckoo Sandbox version 2.0.5 is available now.

2018-05-15 17:54:25,795 [root] DEBUG: Importing modules...
2018-05-15 17:54:27,018 [root] DEBUG: Imported "signatures" modules:
2018-05-15 17:54:27,018 [root] DEBUG:    |-- AndroidDynamicCode
2018-05-15 17:54:27,019 [root] DEBUG:    |-- AndroidDynamicCode
2018-05-15 17:54:27,019 [root] DEBUG:    |-- KnownVirustotal
2018-05-15 17:54:27,019 [root] DEBUG:    |-- KnownVirustotalThreshold
2018-05-15 17:54:27,019 [root] DEBUG:    |-- AndroidDangerousPermissions
2018-05-15 17:54:27,019 [root] DEBUG:    |-- AndroidDynamicCode
2018-05-15 17:54:27,020 [root] DEBUG:    |-- AndroidGooglePlayDiff
2018-05-15 17:54:27,020 [root] DEBUG:    |-- Hidden_Payload
2018-05-15 17:54:27,020 [root] DEBUG:    |-- SandroRat
2018-05-15 17:54:27,020 [root] DEBUG:    |-- AndroratMalware
2018-05-15 17:54:27,020 [root] DEBUG:    |-- IBankingMalware
2018-05-15 17:54:27,021 [root] DEBUG:    |-- AndroidNativeCode
2018-05-15 17:54:27,021 [root] DEBUG:    |-- AndroidDynamicCode
2018-05-15 17:54:27,021 [root] DEBUG:    |-- AndroidReflectionCode
2018-05-15 17:54:27,021 [root] DEBUG:    |-- AndroidAbortBroadcast
2018-05-15 17:54:27,021 [root] DEBUG:    |-- Hidden_Payload
2018-05-15 17:54:27,021 [root] DEBUG:    |-- Hidden_Payload
2018-05-15 17:54:27,022 [root] DEBUG:    |-- ApplicationContainsDex
2018-05-15 17:54:27,022 [root] DEBUG:    |-- ApplicationContainsJar
2018-05-15 17:54:27,022 [root] DEBUG:    |-- ApplicationContainsSo
2018-05-15 17:54:27,022 [root] DEBUG:    |-- AndroidInstalledApps
2018-05-15 17:54:27,022 [root] DEBUG:    |-- ApplicationDroppedDex
2018-05-15 17:54:27,022 [root] DEBUG:    |-- ApplicationDroppedFiles
2018-05-15 17:54:27,022 [root] DEBUG:    |-- ApplicationDroppedSo
2018-05-15 17:54:27,023 [root] DEBUG:    |-- AndroidShellCommands
2018-05-15 17:54:27,023 [root] DEBUG:    |-- AndroidPhoneNumber
2018-05-15 17:54:27,023 [root] DEBUG:    |-- AndroidInstalledApps
2018-05-15 17:54:27,023 [root] DEBUG:    |-- AndroidAccountInfo
2018-05-15 17:54:27,023 [root] DEBUG:    |-- AndroidAppInfo
2018-05-15 17:54:27,023 [root] DEBUG:    |-- AndroidPrivateInfoQuery
2018-05-15 17:54:27,024 [root] DEBUG:    |-- AndroidAudio
2018-05-15 17:54:27,024 [root] DEBUG:    |-- AndroidUsingReflection
2018-05-15 17:54:27,024 [root] DEBUG:    |-- AndroidRegisteredReceiver
2018-05-15 17:54:27,024 [root] DEBUG:    |-- AndroidInstalledApps
2018-05-15 17:54:27,024 [root] DEBUG:    |-- AndroidSMS
2018-05-15 17:54:27,024 [root] DEBUG:    |-- AndroidComponentEnabledSetting
2018-05-15 17:54:27,025 [root] DEBUG:    |-- AndroidStopProcess
2018-05-15 17:54:27,025 [root] DEBUG:    |-- ApplicationUsesLocation
2018-05-15 17:54:27,025 [root] DEBUG:    |-- AndroidCamera
2018-05-15 17:54:27,025 [root] DEBUG:    |-- CreatesExe
2018-05-15 17:54:27,025 [root] DEBUG:    |-- SystemMetrics
2018-05-15 17:54:27,025 [root] DEBUG:    |-- NetworkHTTP
2018-05-15 17:54:27,025 [root] DEBUG:    |-- NetworkICMP
2018-05-15 17:54:27,026 [root] DEBUG:    |-- NetworkIRC
2018-05-15 17:54:27,026 [root] DEBUG:    `-- NetworkSMTP
2018-05-15 17:54:27,026 [root] DEBUG: Imported "processing" modules:
2018-05-15 17:54:27,026 [root] DEBUG:    |-- AnalysisInfo
2018-05-15 17:54:27,026 [root] DEBUG:    |-- ApkInfo
2018-05-15 17:54:27,026 [root] DEBUG:    |-- BehaviorAnalysis
2018-05-15 17:54:27,027 [root] DEBUG:    |-- Debug
2018-05-15 17:54:27,027 [root] DEBUG:    |-- Droidmon
2018-05-15 17:54:27,027 [root] DEBUG:    |-- Dropped
2018-05-15 17:54:27,027 [root] DEBUG:    |-- GooglePlay
2018-05-15 17:54:27,027 [root] DEBUG:    |-- Memory
2018-05-15 17:54:27,027 [root] DEBUG:    |-- NetworkAnalysis
2018-05-15 17:54:27,027 [root] DEBUG:    |-- ProcessMemory
2018-05-15 17:54:27,028 [root] DEBUG:    |-- Static
2018-05-15 17:54:27,028 [root] DEBUG:    |-- Strings
2018-05-15 17:54:27,028 [root] DEBUG:    |-- TargetInfo
2018-05-15 17:54:27,028 [root] DEBUG:    `-- VirusTotal
2018-05-15 17:54:27,028 [root] DEBUG: Imported "auxiliary" modules:
2018-05-15 17:54:27,028 [root] DEBUG:    `-- Sniffer
2018-05-15 17:54:27,028 [root] DEBUG: Imported "reporting" modules:
2018-05-15 17:54:27,029 [root] DEBUG:    |-- JsonDump
2018-05-15 17:54:27,029 [root] DEBUG:    |-- MAEC40Report
2018-05-15 17:54:27,029 [root] DEBUG:    |-- MMDef
2018-05-15 17:54:27,029 [root] DEBUG:    |-- MongoDB
2018-05-15 17:54:27,029 [root] DEBUG:    |-- ReportAndroidHTML
2018-05-15 17:54:27,029 [root] DEBUG:    `-- ReportHTML
2018-05-15 17:54:27,029 [root] DEBUG: Imported "machinery" modules:
2018-05-15 17:54:27,030 [root] DEBUG:    `-- Avd
2018-05-15 17:54:27,056 [root] DEBUG: Checking for locked tasks...
/usr/lib/python2.7/dist-packages/sqlalchemy/sql/compiler.py:572: SAWarning: Can't resolve label reference 'added_on desc'; converting to text() (this warning may be suppressed after 10 occurrences)
  util.ellipses_string(element.element))
2018-05-15 17:54:27,107 [root] DEBUG: Initializing Yara...
2018-05-15 17:54:27,108 [root] DEBUG:    |-- index_binaries.yar
2018-05-15 17:54:27,108 [root] DEBUG:    `-- index_memory.yar
2018-05-15 17:54:27,108 [lib.cuckoo.core.resultserver] WARNING: Cannot bind ResultServer on port 2042, trying another port.
2018-05-15 17:54:27,109 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 127.0.0.1 #loopback address - in case of virtualbox the ip of vboxnet0 interface 192.168.x.101:2043.
2018-05-15 17:54:27,109 [lib.cuckoo.core.scheduler] INFO: Using "avd" machine manager
2018-05-15 17:54:27,306 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s
2018-05-15 17:54:27,312 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
/usr/lib/python2.7/dist-packages/sqlalchemy/sql/compiler.py:572: SAWarning: Can't resolve label reference 'priority desc, added_on'; converting to text() (this warning may be suppressed after 10 occurrences)
  util.ellipses_string(element.element))
2018-05-15 17:54:28,394 [lib.cuckoo.core.scheduler] DEBUG: Processing task #82
2018-05-15 17:54:28,396 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/home/cuckoo/fr.telemaque.horoscope.apk" (task=82)
2018-05-15 17:54:28,890 [lib.cuckoo.core.scheduler] INFO: File already exists at "/home/cuckoo/cuckoo/storage/binaries/212770b11c9734178066a3288b4a253094251b9d10b2386090de04320f1c1d8b"
2018-05-15 17:54:28,965 [lib.cuckoo.core.scheduler] INFO: Task #82: acquired machine aosx_1 (label=aosx_1)
2018-05-15 17:54:29,074 [modules.machinery.avd] DEBUG: Starting vm aosx_1
2018-05-15 17:54:29,074 [modules.machinery.avd] DEBUG: Duplicate Reference Machine 'aosx'.
2018-05-15 17:54:29,075 [modules.machinery.avd] DEBUG: Deleting old emulator config file '/home/cuckoo/.android/avd/aosx_1.ini'
2018-05-15 17:54:29,075 [modules.machinery.avd] DEBUG: Deleting old emulator FS '/home/cuckoo/.android/avd/aosx_1.avd/'
2018-05-15 17:54:29,128 [modules.machinery.avd] DEBUG: Copy AVD reference config file '/home/cuckoo/.android/avd/aosx.ini' in '/home/cuckoo/.android/avd/aosx_1.ini'...
2018-05-15 17:54:29,129 [modules.machinery.avd] DEBUG: Duplicate the AVD internal content from '/home/cuckoo/.android/avd/aosx.avd/' in '/home/cuckoo/.android/avd/aosx_1.avd/'...
2018-05-15 17:54:29,233 [modules.machinery.avd] DEBUG: Replacing 'aosx' with 'aosx_1' in '/home/cuckoo/.android/avd/aosx_1.ini'
2018-05-15 17:54:29,233 [modules.machinery.avd] DEBUG: Replacing 'aosx' with 'aosx_1' in '/home/cuckoo/.android/avd/aosx_1.avd/hardware-qemu.ini'
********************* ['/home/cuckoo/Android/Sdk/emulator/emulator', '@aosx_1', '-no-snapshot-save', '-netspeed', 'full', '-netdelay', 'none', '-port', '5554', '-tcpdump', '/home/cuckoo/cuckoo/storage/analyses/82/dump.pcap']
2018-05-15 17:54:39,275 [modules.machinery.avd] DEBUG: Restarting ADB server...
2018-05-15 17:54:39,279 [modules.machinery.avd] DEBUG: ADB server has been killed.
2018-05-15 17:54:42,285 [modules.machinery.avd] DEBUG: ADB server has been restarted.
2018-05-15 17:54:42,285 [modules.machinery.avd] DEBUG: Waiting for device emulator-5554 to be ready.
2018-05-15 17:54:42,290 [modules.machinery.avd] DEBUG: Waiting for the emulator to be ready
2018-05-15 17:54:42,290 [modules.machinery.avd] DEBUG:  - (dev.bootcomplete)
2018-05-15 17:54:48,551 [modules.machinery.avd] DEBUG: - (sys_bootcomplete)
2018-05-15 17:54:48,585 [modules.machinery.avd] DEBUG:  - (init.svc.bootanim)
2018-05-15 17:54:53,623 [modules.machinery.avd] DEBUG: Emulator emulator-5554 is ready !
2018-05-15 17:54:53,631 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=aosx_1, ip=127.0.0.1)
2018-05-15 17:54:53,631 [lib.cuckoo.core.guest] DEBUG: aosx_1: waiting for status 0x0001
2018-05-15 17:54:53,638 [lib.cuckoo.core.guest] DEBUG: aosx_1: not ready yet
2018-05-15 17:54:54,644 [lib.cuckoo.core.guest] DEBUG: aosx_1: not ready yet
2018-05-15 17:54:55,647 [lib.cuckoo.core.guest] DEBUG: aosx_1: not ready yet
2018-05-15 17:54:56,653 [lib.cuckoo.core.guest] DEBUG: aosx_1: not ready yet
2018-05-15 17:54:57,710 [lib.cuckoo.core.guest] DEBUG: aosx_1: status ready
2018-05-15 17:54:57,761 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=aosx_1, ip=127.0.0.1)
2018-05-15 17:55:27,567 [lib.cuckoo.core.guest] DEBUG: aosx_1: analyzer started with PID 584
2018-05-15 17:55:27,567 [lib.cuckoo.core.guest] DEBUG: aosx_1: waiting for completion
2018-05-15 17:55:28,010 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52800
2018-05-15 17:55:28,011 [lib.cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized.
2018-05-15 17:55:28,578 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:29,587 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:30,596 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:31,364 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52810
2018-05-15 17:55:31,371 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0000.jpg
2018-05-15 17:55:31,475 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 65468
2018-05-15 17:55:31,475 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52810
2018-05-15 17:55:31,605 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:32,613 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:33,622 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:34,631 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:35,639 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:36,648 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:37,657 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:38,666 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:39,675 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:40,684 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:41,692 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:42,703 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:43,712 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:44,267 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52846
2018-05-15 17:55:44,275 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0001.jpg
2018-05-15 17:55:44,370 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 63820
2018-05-15 17:55:44,370 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52846
2018-05-15 17:55:44,719 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:45,728 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:46,737 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:47,002 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52860
2018-05-15 17:55:47,012 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0002.jpg
2018-05-15 17:55:47,294 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 216061
2018-05-15 17:55:47,295 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52860
2018-05-15 17:55:47,751 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:48,760 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:49,770 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:50,779 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:51,789 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:52,683 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52886
2018-05-15 17:55:52,693 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0003.jpg
2018-05-15 17:55:52,696 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 7350
2018-05-15 17:55:52,697 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52886
2018-05-15 17:55:52,798 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:53,806 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:54,815 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:55,275 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52898
2018-05-15 17:55:55,275 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0004.jpg
2018-05-15 17:55:55,377 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 68506
2018-05-15 17:55:55,377 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52898
2018-05-15 17:55:55,824 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:56,833 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:57,842 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:58,851 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:55:59,901 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:00,912 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:01,920 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:02,919 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52924
2018-05-15 17:56:02,929 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:02,937 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0005.jpg
2018-05-15 17:56:03,028 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 68724
2018-05-15 17:56:03,028 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52924
2018-05-15 17:56:03,938 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:04,948 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:05,956 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:06,966 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:07,975 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:08,993 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:10,003 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:10,748 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52956
2018-05-15 17:56:10,749 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0006.jpg
2018-05-15 17:56:10,839 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 73966
2018-05-15 17:56:10,839 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52956
2018-05-15 17:56:11,011 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:12,020 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:13,028 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:13,153 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:52968
2018-05-15 17:56:13,153 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0007.jpg
2018-05-15 17:56:13,200 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 73348
2018-05-15 17:56:13,201 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52968
2018-05-15 17:56:14,044 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:15,052 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:16,060 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:17,075 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:18,091 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:19,108 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:20,117 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:21,134 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:22,142 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:23,158 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:24,168 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:25,185 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:26,201 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:27,214 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:28,229 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:29,238 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:30,249 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:31,264 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:32,280 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:33,295 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:34,310 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:35,321 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:36,330 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:37,345 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:38,354 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:39,368 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:40,383 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:41,394 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:42,409 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:43,418 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:44,434 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:45,451 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:46,467 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:47,485 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:48,497 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:49,512 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:50,520 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:51,530 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:52,540 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:53,557 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:54,572 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:55,588 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:56,605 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:57,614 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:58,622 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:56:59,631 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:00,639 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:01,649 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:02,091 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:53102
2018-05-15 17:57:02,092 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0008.jpg
2018-05-15 17:57:02,146 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 73253
2018-05-15 17:57:02,146 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:53102
2018-05-15 17:57:02,658 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:03,666 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:04,678 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:05,686 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:06,694 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:07,710 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:08,725 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:09,736 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:10,752 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:11,763 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:12,780 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:13,789 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:14,800 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:15,808 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:16,824 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:17,838 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:18,854 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:19,870 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:20,880 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:21,888 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:22,898 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:23,906 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:24,915 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:25,931 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:26,948 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:27,956 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:28,972 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:29,990 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:31,002 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:32,013 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:33,022 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:34,038 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:35,046 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:36,062 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:37,079 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:38,086 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:39,094 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:40,103 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:41,116 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:42,126 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:43,141 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:44,157 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:45,176 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:46,191 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:47,200 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:48,215 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:49,224 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:50,241 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:51,258 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:52,268 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:53,279 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:54,289 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:55,299 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:56,307 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:57,323 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:58,339 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:57:59,354 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:00,365 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:01,095 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 127.0.0.1:53304
2018-05-15 17:58:01,095 [lib.cuckoo.core.resultserver] DEBUG: File upload request for shots/0009.jpg
2018-05-15 17:58:01,148 [lib.cuckoo.core.resultserver] DEBUG: Uploaded file length: 73383
2018-05-15 17:58:01,148 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:53304
2018-05-15 17:58:01,380 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:02,397 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:03,406 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:04,413 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:05,422 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:06,430 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:07,446 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:08,455 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:09,471 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:10,480 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:11,491 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:12,508 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:13,523 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:14,531 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:15,539 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:16,554 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:17,562 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:18,572 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:19,583 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:20,608 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:21,623 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:22,637 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:23,649 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:24,658 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:25,669 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:26,681 [lib.cuckoo.core.guest] DEBUG: aosx_1: analysis not completed yet (status=2)
2018-05-15 17:58:27,682 [lib.cuckoo.core.scheduler] ERROR: The analysis hit the critical timeout, terminating.
2018-05-15 17:58:27,795 [modules.machinery.avd] DEBUG: Stopping vm aosx_1
2018-05-15 17:58:27,795 [modules.machinery.avd] INFO: Stopping AVD listening on port 5554
2018-05-15 17:58:28,847 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 127.0.0.1:52800
2018-05-15 17:58:29,061 [lib.cuckoo.core.scheduler] DEBUG: Released database task #82 with status False
2018-05-15 17:58:29,111 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "AnalysisInfo" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:30,590 [modules.processing.apkinfo] WARNING: Dex size bigger than: None
2018-05-15 17:58:30,591 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ApkInfo" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:30,592 [modules.processing.behavior] INFO: Analysis results folder does not contain any file or injection was disabled.
2018-05-15 17:58:30,592 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "BehaviorAnalysis" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:30,594 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Debug" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:30,594 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Droidmon" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:30,594 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Dropped" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:30,595 [Processing.Pcap] ERROR: Python DPKT is not installed, aborting PCAP analysis.
2018-05-15 17:58:30,610 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "NetworkAnalysis" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:30,610 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "ProcessMemory" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:30,610 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Static" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:31,839 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "Strings" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:32,084 [lib.cuckoo.common.objects] WARNING: Unable to import pydeep (install with `pip install pydeep`)
2018-05-15 17:58:32,090 [lib.cuckoo.common.objects] WARNING: Unable to import yara (please compile from sources)
2018-05-15 17:58:32,090 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "TargetInfo" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:34,354 [lib.cuckoo.core.plugins] DEBUG: Executed processing module "VirusTotal" on analysis at "/home/cuckoo/cuckoo/storage/analyses/82"
2018-05-15 17:58:34,355 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe
2018-05-15 17:58:34,355 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures
2018-05-15 17:58:34,355 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_AirPush_Adware"
2018-05-15 17:58:34,368 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_Umeng_Adware"
2018-05-15 17:58:34,369 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_antivirus_virustotal"
2018-05-15 17:58:34,369 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "android_antivirus_virustotal"
2018-05-15 17:58:34,369 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_antivirus_virustotal_threshold"
2018-05-15 17:58:34,369 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_dangerous_permissions"
2018-05-15 17:58:34,369 [lib.cuckoo.core.plugins] DEBUG: Analysis matched signature "android_dangerous_permissions"
2018-05-15 17:58:34,369 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_dynamic_code"
2018-05-15 17:58:34,370 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_google_play_diff"
2018-05-15 17:58:34,370 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_hidden_payload"
2018-05-15 17:58:34,370 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_snadrorat"
2018-05-15 17:58:34,401 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_androrat"
2018-05-15 17:58:34,401 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_maware_iBanking"
2018-05-15 17:58:34,404 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_native_code"
2018-05-15 17:58:34,405 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_packer"
2018-05-15 17:58:34,411 [lib.cuckoo.core.plugins] DEBUG: Running signature "android_reflection_code"
2018-05-15 17:58:34,411 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_aborted_broadcast_receiver"
2018-05-15 17:58:34,411 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_apk"
2018-05-15 17:58:34,411 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_arm_binaries"
2018-05-15 17:58:34,411 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_dex"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_jar"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_contains_so"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_device_admin"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_dex"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_files"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_dropped_so"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_executed_shell_command"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_fingerprint"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_installed_app"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_account_info"
2018-05-15 17:58:34,412 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_installed_apps"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_queried_private_information"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_recording_audio"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_reflection"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_registered_receiver_runtime"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_root"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_sent_sms_messages"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_setComponentEnabledSetting"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_stopped_processes"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_uses_location"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "application_using_the_camera"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_exe"
2018-05-15 17:58:34,413 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_metrics"
2018-05-15 17:58:34,414 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http"
2018-05-15 17:58:34,414 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp"
2018-05-15 17:58:34,414 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc"
2018-05-15 17:58:34,414 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp"
2018-05-15 17:58:34,746 [lib.cuckoo.core.plugins] DEBUG: Executed reporting module "JsonDump"
2018-05-15 17:58:34,746 [lib.cuckoo.core.plugins] WARNING: The reporting module "ReportAndroidHTML" returned the following error: Failed to generate HTML report: Jinja2 Python library is not installed
2018-05-15 17:58:34,746 [lib.cuckoo.core.scheduler] INFO: Task #82: reports generation completed (path=/home/cuckoo/cuckoo/storage/analyses/82)
2018-05-15 17:58:34,828 [lib.cuckoo.core.scheduler] INFO: Task #82: analysis procedure completed

[wickywaka]

The part about executable parameter is described at the top of this page, here

[wickywaka]

In your case, analysis is working fine, just some function is not returning resulting in time out. You can also put some log/debug messages in the analysis code to figure out the section where it is stuck.

[aryamsankar]

Ok, about the executable parameter: I haven’t tried without mentioning it. I would check the analysis in debug mode and get back to you. Thank you.

[idanr1986]

hey everyone, first I would have to say that I believe that the best option of using cuckoodroid is with virtual box + android x86 and not android emulator. it runs x86 and also has libhoudini that does arm translation. about the current problem with the path of 'sh' we need to check if this is something that changed between os versions and also in android x86 port.

[aryamsankar]

Verified about the executable parameters: Unless I specify the parameter it doesn't work.

I am still stuck with issue of critical time out, the clue I had is 2018-05-15 17:58:30,592 [modules.processing.behavior] INFO: Analysis results folder does not contain any file or injection was disabled.

The issue is droidmon.log file is not getting generated, still trying to fix it up.

[aryamsankar]

Yup, got the cuckoodroid working with Android on Emulator. The critical timeout error was due to change in default time in cuckoo.config file. Previously the default time was same as critical time, making default time < critical time fixed the issue.

I have noticed something new, would like to know if someone else also faces the same issue. I would also like to know if a patch already exists for this. During analysis the droidmon.apk within clone machine goes to a sleep state. And so the dynamic analysis results are always null(in the system I am working on). After analysis began, the manual start of droidmon.apk fixed the issue of generating null files for dynamic analysis.

[wickywaka]

I just uploaded a video demonstrating this change. You can find it here: https://www.youtube.com/watch?v=HRBIZaA5N-w

I hope it will make it easier for beginners to get started with cuckoodroid.

[h20190011]

I haved Fixed the bug related to process.popen()

I have reproduced the issue on my local system.

Setup: - Ubuntu 18.04 Python 3.8 Android API 18 Android Linux kernel version 4.4

We need to make below chages to analyzer/android/lib/api/adb.py file :-

search for function execute_sample(package,activity)

proc = subprocess.Popen("["/system/bin/am", "start","-n ", package + "/" + activity], stdout=subprocess.PIPE, shell=True, stderr=subprocess.PIPE)

to subprocess.Popen("/system/bin/am start -n "+ package + "/" + activity, stdout=subprocess.PIPE, shell=True, stderr=subprocess.PIPE, executable='/system/bin/sh')

The issue is with subprocess.Popen() functions parameter. Reference:- https://docs.python.org/3/library/subprocess.html

Changed in version 3.6: args parameter accepts a path-like object if shell is False and a sequence containing path-like objects on POSIX.

I have throughly tested the fixed. After fixing the issue, I didn't get bug.

Please merge the pull request: - https://github.com/idanr1986/cuckoo-droid/pull/101