Sample causes weird error and missing report (bytearray(b'') is not JSON serializable)

[DigiAngel]

So this is weird. First, the sample: https://www.virustotal.com/en/file/a75ba0ab78cf494d7505b2f4b4e6a452f5909b1c68bb619be01daf22ee0c6d19/analysis/

And the log entries:

2016-06-30 07:04:17,711 [lib.cuckoo.core.scheduler] INFO: Task #4: reports generation completed (path=/opt/cuckoo/storage/analyses/4)
2016-06-30 07:04:17,729 [lib.cuckoo.core.scheduler] INFO: Task #4: analysis procedure completed
2016-06-30 07:06:00,096 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/tmp/cuckoo-tmp/upload_UvD0kk/dust4.exe" (task=5)
2016-06-30 07:06:00,222 [lib.cuckoo.core.scheduler] INFO: Task #5: acquired machine cuckoo1 (label=win7)
2016-06-30 07:06:12,446 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 10498 (interface=vnet0, host=192.168.100.101, dump path=/opt/cuckoo/storage/analyses/5/dump.pcap)
2016-06-30 07:06:12,490 [modules.auxiliary.tor] INFO: Started Tor transparent proxy for 192.168.100.101
2016-06-30 07:06:12,492 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.100.101)
2016-06-30 07:10:32,057 [lib.cuckoo.core.guest] INFO: cuckoo1: analysis completed successfully
2016-06-30 07:10:32,101 [modules.auxiliary.tor] INFO: Shutdown Tor transparent proxy for 192.168.100.101
2016-06-30 07:11:12,151 [requests.packages.urllib3.connectionpool] INFO: Starting new HTTPS connection (1): www.virustotal.com
2016-06-30 07:14:42,129 [lib.cuckoo.core.plugins] WARNING: The reporting module "JsonDump" returned the following error: Failed to generate JSON report: bytearray(b'') is not JSON serializable
2016-06-30 07:14:42,739 [modules.reporting.resubmitexe] INFO: Resubmitexe file "/opt/cuckoo/storage/analyses/5/files/110bd48f6b1431eda303d5b10b7aa9e0ce0aba13cc5fc4dc7e696dfd79390dfb_link/VIEWS.exe" added as task with ID 6
2016-06-30 07:14:42,764 [modules.reporting.resubmitexe] INFO: Resubmitexe file "/opt/cuckoo/storage/analyses/5/files/4854f1b303839091262999e4378771765a8a1fe28de5ea51e0df5a16cd132d7c_link/VIEW.exe" added as task with ID 7
2016-06-30 07:14:42,921 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/opt/cuckoo/storage/analyses/5/files/110bd48f6b1431eda303d5b10b7aa9e0ce0aba13cc5fc4dc7e696dfd79390dfb_link/VIEWS.exe" (task=6)
2016-06-30 07:14:42,946 [lib.cuckoo.core.scheduler] INFO: Task #6: acquired machine cuckoo1 (label=win7)
2016-06-30 07:14:45,571 [modules.reporting.mongodb] WARNING: results['behavior']['summary'] deleted due to >16MB size (0MB)
2016-06-30 07:14:45,627 [modules.reporting.mongodb] ERROR: Cannot encode object: bytearray(b'')
2016-06-30 07:14:45,627 [modules.reporting.mongodb] ERROR: Largest parent key: behavior (0 MB)
2016-06-30 07:14:45,627 [modules.reporting.mongodb] ERROR: Largest child key: enhanced (0 MB)
2016-06-30 07:14:45,627 [modules.reporting.mongodb] WARNING: results['behavior']['enhanced'] deleted due to >16MB size (0MB)
2016-06-30 07:14:45,657 [lib.cuckoo.core.plugins] ERROR: Failed to run the reporting module "MongoDB":
Traceback (most recent call last):
  File "/opt/cuckoo/lib/cuckoo/core/plugins.py", line 628, in process
    current.run(self.results)
  File "/opt/cuckoo/modules/reporting/mongodb.py", line 202, in run
    child_key, csize = self.debug_dict_size(report[parent_key])[0]
  File "/opt/cuckoo/modules/reporting/mongodb.py", line 46, in debug_dict_size
    totals = dict((k, 0) for k in dct)
TypeError: unhashable type: 'dict'
2016-06-30 07:14:45,657 [lib.cuckoo.core.scheduler] INFO: Task #5: reports generation completed (path=/opt/cuckoo/storage/analyses/5)
2016-06-30 07:14:45,686 [lib.cuckoo.core.scheduler] INFO: Task #5: analysis procedure completed
2016-06-30 07:14:58,069 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 26583 (interface=vnet0, host=192.168.100.101, dump path=/opt/cuckoo/storage/analyses/6/dump.pcap)
2016-06-30 07:14:58,149 [modules.auxiliary.tor] INFO: Started Tor transparent proxy for 192.168.100.101
2016-06-30 07:14:58,151 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.100.101)
2016-06-30 07:18:56,865 [lib.cuckoo.core.guest] INFO: cuckoo1: analysis completed successfully
2016-06-30 07:18:56,918 [modules.auxiliary.tor] INFO: Shutdown Tor transparent proxy for 192.168.100.101
2016-06-30 07:19:20,564 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/opt/cuckoo/storage/analyses/5/files/4854f1b303839091262999e4378771765a8a1fe28de5ea51e0df5a16cd132d7c_link/VIEW.exe" (task=7)
2016-06-30 07:19:20,970 [lib.cuckoo.core.scheduler] INFO: Task #7: acquired machine cuckoo1 (label=win7)
2016-06-30 07:19:26,533 [requests.packages.urllib3.connectionpool] INFO: Starting new HTTPS connection (1): www.virustotal.com
2016-06-30 07:21:10,980 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 5578 (interface=vnet0, host=192.168.100.101, dump path=/opt/cuckoo/storage/analyses/7/dump.pcap)
2016-06-30 07:21:11,051 [modules.auxiliary.tor] INFO: Started Tor transparent proxy for 192.168.100.101
2016-06-30 07:21:11,076 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.100.101)
2016-06-30 07:22:03,789 [lib.cuckoo.core.scheduler] INFO: Task #6: reports generation completed (path=/opt/cuckoo/storage/analyses/6)
2016-06-30 07:22:03,810 [lib.cuckoo.core.scheduler] INFO: Task #6: analysis procedure completed
2016-06-30 07:25:06,239 [lib.cuckoo.core.guest] INFO: cuckoo1: analysis completed successfully
2016-06-30 07:25:06,284 [modules.auxiliary.tor] INFO: Shutdown Tor transparent proxy for 192.168.100.101
2016-06-30 07:25:36,355 [requests.packages.urllib3.connectionpool] INFO: Starting new HTTPS connection (1): www.virustotal.com
2016-06-30 07:28:26,529 [lib.cuckoo.core.scheduler] INFO: Task #7: reports generation completed (path=/opt/cuckoo/storage/analyses/7)
2016-06-30 07:28:26,550 [lib.cuckoo.core.scheduler] INFO: Task #7: analysis procedure completed

This appears to be two packed exe's which cuckoo analyses just fine. But the initial file analysis gets hosed up:

and after clicking:

git status:

On branch master
Your branch is up-to-date with 'origin/master'.

Thanks for any assistance you can give.

[doomedraven]

works fine here, with no errors

[DigiAngel]

Awesome....so what's my next step with troubleshooting?

[doomedraven]

No idea, i just did git pull as i wasn't in last one and everything was analyzed correctly

[DigiAngel]

Ok then...thanks.

[jbremer]

Probably a pefile version 2016.3.28 issue ;-)