search

spender-sandbox / cuckoo-modified

Modified edition of cuckoo
393 stars 178 forks source link

host not communicating with agent.py #285

Closed nate-ray closed 7 years ago

nate-ray commented 7 years ago

Clean install cuckoo-modified with changes made to virtualbox.conf, cuckoo.conf, and auxillary.conf.

When submitting a sample there does not appear to be any communication with the agent.py on the guest system. Cuckoo, ran with --debug shows the guest does not respond with 0x0001. Monitoring traffic on vboxnet0 shows there is no network communications attempted from the cuckoo host.

Within the guests OS the firewall is disabled, agent.py is running as SYSTEM, UAC is disabled, and I can ping to the vboxnet0 gateway as well as the physical host nic and vice-a-versa.

Is there any configuration issue or log that might help identify the problem?

notice the timestam of the logs and the guest VM clock showing that all content was generated from the same analysis.

virtualbox.conf

[virtualbox] # Specify which VirtualBox mode you want to run your machines on. # Can be "gui", "sdl" or "headless". Refer to VirtualBox's official # documentation to understand the differences. mode = sdl

# Path to the local installation of the VBoxManage utility. path = /usr/bin/VBoxManage

# Specify a comma-separated list of available machines to be used. For each # specified ID you have to define a dedicated section containing the details # on the respective machine. (E.g. cuckoo1,cuckoo2,cuckoo3) machines = Malware_Hunter

[Malware_Hunter] # Specify the label name of the current machine as specified in your # VirtualBox configuration. label = Malware_Hunter

# Specify the operating system platform used by current machine # [windows/darwin/linux]. platform = windows

# Specify the IP address of the current virtual machine. Make sure that the # IP address is valid and that the host machine is able to reach it. If not, # the analysis will fail. ip = 192.168.56.100

# (Optional) Specify the snapshot name to use. If you do not specify a snapshot # name, the VirtualBox MachineManager will use the current snapshot. # Example (Snapshot1 is the snapshot name): snapshot = Snapshot_9

# (Optional) Specify the name of the network interface that should be used # when dumping network traffic from this machine with tcpdump. If specified, # overrides the default interface specified in auxiliary.conf # Example (vboxnet0 is the interface name): interface = vboxnet0

# (Optional) Specify the IP of the Result Server, as your virtual machine sees it. # The Result Server will always bind to the address and port specified in cuckoo.conf, # however you could set up your virtual network to use NAT/PAT, so you can specify here # the IP address for the Result Server as your machine sees it. If you don't specify an # address here, the machine will use the default value from cuckoo.conf. # NOTE: if you set this option you have to set result server IP to 0.0.0.0 in cuckoo.conf. # Example: # resultserver_ip = 0.0.0.0

# (Optional) Specify the port for the Result Server, as your virtual machine sees it. # The Result Server will always bind to the address and port specified in cuckoo.conf, # however you could set up your virtual network to use NAT/PAT, so you can specify here # the port for the Result Server as your machine sees it. If you don't specify a port # here, the machine will use the default value from cuckoo.conf. # Example: # resultserver_port = 2042

# (Optional) Set your own tags. These are comma separated and help to identify specific VMs. You can run samples on VMs with tag you require. # Note that the 64_bit tag is currently special. For submitted 64-bit PE files, # the 64_bit tag will automatically be added, forcing them to be run on a 64-bit # VM. For this reason, make sure all 64-bit VMs have the 64_bit tag. tags=windows_7,java7u40,utorrent_3.4.2,silverlight_5.1,flashplayer_16.0.0,acrobat_reader_11,office_2010

# (Optional) Specify a memory profile to be used by volatility for this # virtual machine. This will override the guest_profile variable in # memory.conf which solves the problem of having multiple types of VM's # and properly determining which profile to use. Examples below: #mem_profile = WinXPSP2x86 mem_profile = Win7SP0x86 #mem_profile = Win7SP1x64

cuckoo.conf [cuckoo] # If turned on, Cuckoo will delete the original file after its analysis # has been completed. delete_original = off

# If turned on, Cuckoo will delete the copy of the original file in the # local binaries repository after the analysis has finished. (On *nix this # will also invalidate the file called "binary" in each analysis directory, # as this is a symlink.) delete_bin_copy = off

# Specify the name of the machinery module to use, this module will # define the interaction between Cuckoo and your virtualization software # of choice. machinery = virtualbox

# Enable creation of memory dump of the analysis machine before shutting # down. Even if turned off, this functionality can also be enabled at # submission. Currently available for: VirtualBox and libvirt modules (KVM). memory_dump = off

# When the timeout of an analysis is hit, the VM is just killed by default. # For some long-running setups it might be interesting to terminate the # moinitored processes before killing the VM so that connections are closed. terminate_processes = on

# Enable automatically re-schedule of "broken" tasks each startup. # Each task found in status "processing" is re-queued for analysis. reschedule = off

# Enable processing of results within the main cuckoo process. # This is the default behavior but can be switched off for setups that # require high stability and process the results in a separate task. process_results = on

# Limit the amount of analysis jobs a Cuckoo process goes through. # This can be used together with a watchdog to mitigate risk of memory leaks. max_analysis_count = 5

# Limit the number of concurrently executing analysis machines. # This may be useful on systems with limited resources. # Set to 0 to disable any limits. max_machines_count = 4

# Limit the amount of VMs that are allowed to start in parallel. Generally # speaking starting the VMs is one of the more CPU intensive parts of the # actual analysis. This option tries to avoid maxing out the CPU completely. max_vmstartup_count = 10

# Minimum amount of free space (in MB) available before starting a new task. # This tries to avoid failing an analysis because the reports can't be written # due out-of-diskspace errors. Setting this value to 0 disables the check. # (Note: this feature is currently not supported under Windows.) freespace = 128

# Temporary directory containing the files uploaded through Cuckoo interfaces # (web.py, api.py, Django web interface). tmppath = /tmp

# Delta in days from current time to set the guest clocks to for file analyses # Since some malware families are increasingly using time expirations, it # is best for automation purposes to set the clock back a number of months. # By default we now set the clock back 4 months. To disable this change, # set daydelta to 0 # Note that this can still be overridden by the per-analysis clock setting # and it is not performed by default for URL analysis as it will generally # result in SSL errors daydelta = -120

[resultserver] # The Result Server is used to receive in real time the behavioral logs # produced by the analyzer. # Specify the IP address of the host. The analysis machines should be able # to contact the host through such address, so make sure it's valid. # NOTE: if you set resultserver IP to 0.0.0.0 you have to set the option #resultserver_ipfor all your virtual machines in machinery configuration. ip = 192.168.0.201

# Specify a port number to bind the result server on. port = 2042

# Should the server write the legacy CSV format? # (if you have any custom processing on those, switch this on) store_csvs = off

# Maximum size of uploaded files from VM (screenshots, dropped files, log) # The value is expressed in bytes, by default 10Mb. upload_max_size = 10485760

[processing] # Set the maximum size of analyses generated files to process. This is used # to avoid the processing of big files which may take a lot of processing # time. The value is expressed in bytes, by default 100Mb. analysis_size_limit = 104857600

# The number of calls per process to process. 0 switches the limit off. # 10000 api calls should be processed in less than 2 minutes analysis_call_limit = 0

# Enable or disable DNS lookups. resolve_dns = on

# Enable or disable reverse DNS lookups # This information currently is not displayed in the web interface reverse_dns = off

# Use ram to boost processing speed. You will need more than 20GB of RAM for this feature. # Please read "performance" section in the documentation. ram_boost = off

# Enable PCAP sorting, needed for the connection content view in the web interface. sort_pcap = on

[database] # Specify the database connection string. # Examples, see documentation for more: # sqlite:///foo.db # postgresql://foo:bar@localhost:5432/mydatabase # mysql://foo:bar@localhost/mydatabase # If empty, default is a SQLite in db/cuckoo.db. connection =

# Database connection timeout in seconds. # If empty, default is set to 60 seconds. timeout =

[timeouts] # Set the default analysis timeout expressed in seconds. This value will be # used to define after how many seconds the analysis will terminate unless # otherwise specified at submission. default = 300

# Set the critical timeout expressed in (relative!) seconds. It will be added # to the default timeout above and after this timeout is hit # Cuckoo will consider the analysis failed and it will shutdown the machine # no matter what. When this happens the analysis results will most likely # be lost. critical = 60

# Maximum time to wait for virtual machine status change. For example when # shutting down a vm. Default is 300 seconds. vm_state = 300

Auxillary [sniffer] # Enable or disable the use of an external sniffer (tcpdump) [yes/no]. enabled = yes

# Specify the path to your local installation of tcpdump. Make sure this # path is correct. tcpdump = /usr/sbin/tcpdump

# Specify the network interface name on which tcpdump should monitor the # traffic. Make sure the interface is active. # interface = vboxnet0

# Specify a Berkeley packet filter to pass to tcpdump. # bpf = not arp

[tor] # Enable or disable the use of Tor transparent proxying # Note that this is a global enable/disable. It is still required that # you specifically enable Tor for each analyzed sample from the # web interface. # # Please note that in order to implement this functionality securely # without any additional privilege on the part of Cuckoo, the below # scripts should simply pass the IP address of the VM used for analysis # to a daemon running as root, which can run the # iptables rules itself. For a working example, see # https://github.com/seanthegeek/routetor #enabled = yes

# Specify the path to a binary or script that will initiate the firewall # rules to redirect traffic to the Tor transparent proxy. The file # will be executed with the argument of the static IP of the VM used # for analysis. #torstart = /usr/sbin/torstart

# Specify the path to a binary or script that will eliminate the firewall # rules used to redirect traffic to the Tor transparent proxy. The file # will be executed with the argument of the static IP of the VM used # for analysis. torstop = /usr/sbin/torstop

[gateways] #RTR1 = 192.168.0.1 #RTR2 = 192.168.0.1 #INETSIM = 192.168.1.2

[virustotaldl] # adds an option in the web interface to upload samples via VirusTotal # downloads for a comma-separated list of MD5/SHA1/SHA256 hashes enabled = no # note that unlike the VirusTotal processing module, the key required # here is a Private API key, not a Public API key #dlprivkey = SomeKeyWithDLAccess # alternatively if you have VirusTotal Intelligence access, you can # supply your Public API key below. Only one of these keys may be # uncommented at a time. dlintelkey = SomeKeyWithDLAccess dlpath = /tmp/

# Web UI settings

[display_browser_martians] enabled = no

[display_office_martians] enabled = no

[display_shrike] enabled = no

[expanded_dashboard] # displays package, custom field, malfamily, clamav, PCAP link, and extended suricata results enabled = no

[display_et_portal] enabled = no

[display_pt_portal] enabled = no

Cuckoo.log 2016-09-14 11:49:11,134 [root] DEBUG: Importing modules... 2016-09-14 11:49:11,666 [root] DEBUG: Imported "signatures" modules: 2016-09-14 11:49:11,667 [root] DEBUG: |-- Alphacrypt_APIs 2016-09-14 11:49:11,667 [root] DEBUG: |-- Andromeda_APIs 2016-09-14 11:49:11,667 [root] DEBUG: |-- AntiAnalysisDetectFile 2016-09-14 11:49:11,667 [root] DEBUG: |-- AntiAnalysisDetectReg 2016-09-14 11:49:11,667 [root] DEBUG: |-- AvastDetectLibs 2016-09-14 11:49:11,667 [root] DEBUG: |-- BitdefenderDetectLibs 2016-09-14 11:49:11,667 [root] DEBUG: |-- AntiAVDetectFile 2016-09-14 11:49:11,667 [root] DEBUG: |-- AntiAVDetectReg 2016-09-14 11:49:11,668 [root] DEBUG: |-- AntiAVServiceStop 2016-09-14 11:49:11,668 [root] DEBUG: |-- AntiAVSRP 2016-09-14 11:49:11,668 [root] DEBUG: |-- AntiDBGDevices 2016-09-14 11:49:11,668 [root] DEBUG: |-- AntiDBGWindows 2016-09-14 11:49:11,668 [root] DEBUG: |-- WineDetectReg 2016-09-14 11:49:11,668 [root] DEBUG: |-- WineDetectFunc 2016-09-14 11:49:11,668 [root] DEBUG: |-- AntiCuckoo 2016-09-14 11:49:11,668 [root] DEBUG: |-- CuckooDetectFiles 2016-09-14 11:49:11,668 [root] DEBUG: |-- CuckooCrash 2016-09-14 11:49:11,668 [root] DEBUG: |-- FortinetDetectFiles 2016-09-14 11:49:11,668 [root] DEBUG: |-- SandboxJoeAnubisDetectFiles 2016-09-14 11:49:11,669 [root] DEBUG: |-- HookMouse 2016-09-14 11:49:11,669 [root] DEBUG: |-- AntiSandboxRestart 2016-09-14 11:49:11,669 [root] DEBUG: |-- SandboxieDetectLibs 2016-09-14 11:49:11,669 [root] DEBUG: |-- AntisandboxSboxieMutex 2016-09-14 11:49:11,669 [root] DEBUG: |-- AntiSandboxSboxieObjects 2016-09-14 11:49:11,669 [root] DEBUG: |-- AntiSandboxSleep 2016-09-14 11:49:11,669 [root] DEBUG: |-- SunbeltDetectFiles 2016-09-14 11:49:11,669 [root] DEBUG: |-- SunbeltDetectLibs 2016-09-14 11:49:11,669 [root] DEBUG: |-- AntiSandboxSuspend 2016-09-14 11:49:11,669 [root] DEBUG: |-- ThreatTrackDetectFiles 2016-09-14 11:49:11,669 [root] DEBUG: |-- Unhook 2016-09-14 11:49:11,670 [root] DEBUG: |-- KnownVirustotal 2016-09-14 11:49:11,670 [root] DEBUG: |-- BochsDetectKeys 2016-09-14 11:49:11,670 [root] DEBUG: |-- AntiVMDirectoryObjects 2016-09-14 11:49:11,670 [root] DEBUG: |-- AntiVMBios 2016-09-14 11:49:11,670 [root] DEBUG: |-- AntiVMCPU 2016-09-14 11:49:11,670 [root] DEBUG: |-- DiskInformation 2016-09-14 11:49:11,670 [root] DEBUG: |-- SetupAPIDiskInformation 2016-09-14 11:49:11,670 [root] DEBUG: |-- AntiVMDiskReg 2016-09-14 11:49:11,670 [root] DEBUG: |-- AntiVMSCSI 2016-09-14 11:49:11,670 [root] DEBUG: |-- AntiVMServices 2016-09-14 11:49:11,670 [root] DEBUG: |-- AntiVMSystem 2016-09-14 11:49:11,671 [root] DEBUG: |-- HyperVDetectKeys 2016-09-14 11:49:11,671 [root] DEBUG: |-- ParallelsDetectKeys 2016-09-14 11:49:11,671 [root] DEBUG: |-- VBoxDetectDevices 2016-09-14 11:49:11,671 [root] DEBUG: |-- VBoxDetectFiles 2016-09-14 11:49:11,671 [root] DEBUG: |-- VBoxDetectKeys 2016-09-14 11:49:11,671 [root] DEBUG: |-- VBoxDetectLibs 2016-09-14 11:49:11,671 [root] DEBUG: |-- VBoxDetectProvname 2016-09-14 11:49:11,671 [root] DEBUG: |-- VBoxDetectWindow 2016-09-14 11:49:11,671 [root] DEBUG: |-- VMwareDetectDevices 2016-09-14 11:49:11,671 [root] DEBUG: |-- VMwareDetectEvent 2016-09-14 11:49:11,671 [root] DEBUG: |-- VMwareDetectFiles 2016-09-14 11:49:11,672 [root] DEBUG: |-- VMwareDetectKeys 2016-09-14 11:49:11,672 [root] DEBUG: |-- VMwareDetectLibs 2016-09-14 11:49:11,672 [root] DEBUG: |-- VMwareDetectMutexes 2016-09-14 11:49:11,672 [root] DEBUG: |-- VPCDetectFiles 2016-09-14 11:49:11,672 [root] DEBUG: |-- VPCDetectKeys 2016-09-14 11:49:11,672 [root] DEBUG: |-- VPCDetectMutex 2016-09-14 11:49:11,672 [root] DEBUG: |-- XenDetectKeys 2016-09-14 11:49:11,672 [root] DEBUG: |-- APISpamming 2016-09-14 11:49:11,672 [root] DEBUG: |-- BadCerts 2016-09-14 11:49:11,672 [root] DEBUG: |-- BadSSLCerts 2016-09-14 11:49:11,672 [root] DEBUG: |-- Cridex 2016-09-14 11:49:11,673 [root] DEBUG: |-- Geodo 2016-09-14 11:49:11,673 [root] DEBUG: |-- Prinimalka 2016-09-14 11:49:11,673 [root] DEBUG: |-- SpyEyeMutexes 2016-09-14 11:49:11,673 [root] DEBUG: |-- ZeusMutexes 2016-09-14 11:49:11,673 [root] DEBUG: |-- ZeusP2P 2016-09-14 11:49:11,673 [root] DEBUG: |-- ZeusURL 2016-09-14 11:49:11,673 [root] DEBUG: |-- BCDEditCommand 2016-09-14 11:49:11,673 [root] DEBUG: |-- BetaBot_APIs 2016-09-14 11:49:11,673 [root] DEBUG: |-- BitcoinOpenCL 2016-09-14 11:49:11,673 [root] DEBUG: |-- Bootkit 2016-09-14 11:49:11,673 [root] DEBUG: |-- AthenaHttp 2016-09-14 11:49:11,674 [root] DEBUG: |-- DirtJumper 2016-09-14 11:49:11,674 [root] DEBUG: |-- Drive 2016-09-14 11:49:11,674 [root] DEBUG: |-- Drive2 2016-09-14 11:49:11,674 [root] DEBUG: |-- Madness 2016-09-14 11:49:11,674 [root] DEBUG: |-- Ruskill 2016-09-14 11:49:11,674 [root] DEBUG: |-- BrowserAddon 2016-09-14 11:49:11,674 [root] DEBUG: |-- BrowserHelperObject 2016-09-14 11:49:11,674 [root] DEBUG: |-- BrowserNeeded 2016-09-14 11:49:11,674 [root] DEBUG: |-- ModifyProxy 2016-09-14 11:49:11,674 [root] DEBUG: |-- BrowserScanbox 2016-09-14 11:49:11,674 [root] DEBUG: |-- BrowserSecurity 2016-09-14 11:49:11,675 [root] DEBUG: |-- browser_startpage 2016-09-14 11:49:11,675 [root] DEBUG: |-- BypassFirewall 2016-09-14 11:49:11,675 [root] DEBUG: |-- CarberpMutexes 2016-09-14 11:49:11,675 [root] DEBUG: |-- Cerber_APIs 2016-09-14 11:49:11,675 [root] DEBUG: |-- Chimera_APIs 2016-09-14 11:49:11,675 [root] DEBUG: |-- ClamAV 2016-09-14 11:49:11,675 [root] DEBUG: |-- ClickfraudCookies 2016-09-14 11:49:11,675 [root] DEBUG: |-- ClickfraudVolume 2016-09-14 11:49:11,675 [root] DEBUG: |-- CodeLux_APIs 2016-09-14 11:49:11,675 [root] DEBUG: |-- CopiesSelf 2016-09-14 11:49:11,675 [root] DEBUG: |-- CreatesExe 2016-09-14 11:49:11,676 [root] DEBUG: |-- CreatesLargeKey 2016-09-14 11:49:11,676 [root] DEBUG: |-- CreatesNullValue 2016-09-14 11:49:11,676 [root] DEBUG: |-- CriticalProcess 2016-09-14 11:49:11,676 [root] DEBUG: |-- CryptoWall_APIs 2016-09-14 11:49:11,676 [root] DEBUG: |-- CVE_2014_6332 2016-09-14 11:49:11,676 [root] DEBUG: |-- DarkCometRegkeys 2016-09-14 11:49:11,676 [root] DEBUG: |-- DeadLink 2016-09-14 11:49:11,676 [root] DEBUG: |-- DebugsSelf 2016-09-14 11:49:11,676 [root] DEBUG: |-- DecoyDocument 2016-09-14 11:49:11,676 [root] DEBUG: |-- DeepFreezeMutex 2016-09-14 11:49:11,676 [root] DEBUG: |-- DeletesSelf 2016-09-14 11:49:11,677 [root] DEBUG: |-- DeletesShadowCopies 2016-09-14 11:49:11,677 [root] DEBUG: |-- DEPBypass 2016-09-14 11:49:11,677 [root] DEBUG: |-- DEPDisable 2016-09-14 11:49:11,677 [root] DEBUG: |-- DisablesAppLaunch 2016-09-14 11:49:11,677 [root] DEBUG: |-- DisablesBrowserWarn 2016-09-14 11:49:11,677 [root] DEBUG: |-- DisablesSPDY 2016-09-14 11:49:11,677 [root] DEBUG: |-- DisablesSystemRestore 2016-09-14 11:49:11,677 [root] DEBUG: |-- DisablesUAC 2016-09-14 11:49:11,677 [root] DEBUG: |-- DisablesWER 2016-09-14 11:49:11,677 [root] DEBUG: |-- DisablesWFP 2016-09-14 11:49:11,677 [root] DEBUG: |-- DisablesWindowsDefender 2016-09-14 11:49:11,678 [root] DEBUG: |-- DisablesWindowsUpdate 2016-09-14 11:49:11,678 [root] DEBUG: |-- DownloaderCabby 2016-09-14 11:49:11,678 [root] DEBUG: |-- Dridex_APIs 2016-09-14 11:49:11,678 [root] DEBUG: |-- DriverLoad 2016-09-14 11:49:11,678 [root] DEBUG: |-- Dropper 2016-09-14 11:49:11,678 [root] DEBUG: |-- EXEDropper_JS 2016-09-14 11:49:11,678 [root] DEBUG: |-- Dyre_APIs 2016-09-14 11:49:11,678 [root] DEBUG: |-- Angler_JS 2016-09-14 11:49:11,678 [root] DEBUG: |-- CVE2015_2419_JS 2016-09-14 11:49:11,678 [root] DEBUG: |-- Gondad_JS 2016-09-14 11:49:11,678 [root] DEBUG: |-- HeapSpray_JS 2016-09-14 11:49:11,679 [root] DEBUG: |-- Java_JS 2016-09-14 11:49:11,679 [root] DEBUG: |-- Neutrino_JS 2016-09-14 11:49:11,679 [root] DEBUG: |-- Nuclear_JS 2016-09-14 11:49:11,679 [root] DEBUG: |-- RIG_JS 2016-09-14 11:49:11,679 [root] DEBUG: |-- Silverlight_JS 2016-09-14 11:49:11,679 [root] DEBUG: |-- Virtualcheck_JS 2016-09-14 11:49:11,679 [root] DEBUG: |-- EncryptedIOC 2016-09-14 11:49:11,679 [root] DEBUG: |-- Crash 2016-09-14 11:49:11,679 [root] DEBUG: |-- FamilyProxyBack 2016-09-14 11:49:11,679 [root] DEBUG: |-- SystemMetrics 2016-09-14 11:49:11,679 [root] DEBUG: |-- Generic_Phish 2016-09-14 11:49:11,680 [root] DEBUG: |-- Gootkit_APIs 2016-09-14 11:49:11,680 [root] DEBUG: |-- H1N1_APIs 2016-09-14 11:49:11,680 [root] DEBUG: |-- Hancitor_APIs 2016-09-14 11:49:11,680 [root] DEBUG: |-- HawkEye_APIs 2016-09-14 11:49:11,680 [root] DEBUG: |-- BitcoinWallet 2016-09-14 11:49:11,680 [root] DEBUG: |-- BrowserStealer 2016-09-14 11:49:11,680 [root] DEBUG: |-- InfostealerBrowserPassword 2016-09-14 11:49:11,680 [root] DEBUG: |-- FTPStealer 2016-09-14 11:49:11,680 [root] DEBUG: |-- IMStealer 2016-09-14 11:49:11,680 [root] DEBUG: |-- KeyLogger 2016-09-14 11:49:11,680 [root] DEBUG: |-- EmailStealer 2016-09-14 11:49:11,681 [root] DEBUG: |-- InjectionCRT 2016-09-14 11:49:11,681 [root] DEBUG: |-- InjectionExplorer 2016-09-14 11:49:11,681 [root] DEBUG: |-- InjectionExtension 2016-09-14 11:49:11,681 [root] DEBUG: |-- InjectionRUNPE 2016-09-14 11:49:11,681 [root] DEBUG: |-- InjectionRWX 2016-09-14 11:49:11,681 [root] DEBUG: |-- Internet_Dropper 2016-09-14 11:49:11,681 [root] DEBUG: |-- IPC_NamedPipe 2016-09-14 11:49:11,681 [root] DEBUG: |-- JS_Phish 2016-09-14 11:49:11,681 [root] DEBUG: |-- JS_SuspiciousRedirect 2016-09-14 11:49:11,681 [root] DEBUG: |-- KazyBot_APIs 2016-09-14 11:49:11,681 [root] DEBUG: |-- Kibex_APIs 2016-09-14 11:49:11,682 [root] DEBUG: |-- Kovter_APIs 2016-09-14 11:49:11,682 [root] DEBUG: |-- KrakenMutexes 2016-09-14 11:49:11,682 [root] DEBUG: |-- DisableRegedit 2016-09-14 11:49:11,682 [root] DEBUG: |-- DisableTaskMgr 2016-09-14 11:49:11,682 [root] DEBUG: |-- Locky_APIs 2016-09-14 11:49:11,682 [root] DEBUG: |-- MartiansIE 2016-09-14 11:49:11,682 [root] DEBUG: |-- MartiansOffice 2016-09-14 11:49:11,682 [root] DEBUG: |-- MimicsAgent 2016-09-14 11:49:11,682 [root] DEBUG: |-- MimicsExtension 2016-09-14 11:49:11,682 [root] DEBUG: |-- MimicsFiletime 2016-09-14 11:49:11,682 [root] DEBUG: |-- MimicsIcon 2016-09-14 11:49:11,683 [root] DEBUG: |-- ModifiesCerts 2016-09-14 11:49:11,683 [root] DEBUG: |-- Modifies_HostFile 2016-09-14 11:49:11,683 [root] DEBUG: |-- ModifySecurityCenterWarnings 2016-09-14 11:49:11,683 [root] DEBUG: |-- ModifiesUACNotify 2016-09-14 11:49:11,683 [root] DEBUG: |-- ModifiesDesktopWallpaper 2016-09-14 11:49:11,683 [root] DEBUG: |-- Multiple_UA 2016-09-14 11:49:11,683 [root] DEBUG: |-- NetworkAnomaly 2016-09-14 11:49:11,683 [root] DEBUG: |-- NetworkBIND 2016-09-14 11:49:11,683 [root] DEBUG: |-- NetworkCnCHTTP 2016-09-14 11:49:11,683 [root] DEBUG: |-- NetworkDGA 2016-09-14 11:49:11,683 [root] DEBUG: |-- NetworkDocumentHTTP 2016-09-14 11:49:11,684 [root] DEBUG: |-- NetworkHTTP 2016-09-14 11:49:11,684 [root] DEBUG: |-- NetworkICMP 2016-09-14 11:49:11,684 [root] DEBUG: |-- NetworkIRC 2016-09-14 11:49:11,684 [root] DEBUG: |-- NetworkSMTP 2016-09-14 11:49:11,684 [root] DEBUG: |-- Tor 2016-09-14 11:49:11,684 [root] DEBUG: |-- TorHiddenService 2016-09-14 11:49:11,684 [root] DEBUG: |-- TorGateway 2016-09-14 11:49:11,684 [root] DEBUG: |-- Nymaim_APIs 2016-09-14 11:49:11,684 [root] DEBUG: |-- Office_Code_Page 2016-09-14 11:49:11,684 [root] DEBUG: |-- Office_Macro 2016-09-14 11:49:11,684 [root] DEBUG: |-- OfficeSecurity 2016-09-14 11:49:11,685 [root] DEBUG: |-- OfficeWriteEXE 2016-09-14 11:49:11,685 [root] DEBUG: |-- BuildLangID 2016-09-14 11:49:11,685 [root] DEBUG: |-- ResourceLangID 2016-09-14 11:49:11,685 [root] DEBUG: |-- ArmadilloMutex 2016-09-14 11:49:11,685 [root] DEBUG: |-- ArmadilloRegKey 2016-09-14 11:49:11,685 [root] DEBUG: |-- ConfuserPacked 2016-09-14 11:49:11,685 [root] DEBUG: |-- PackerEntropy 2016-09-14 11:49:11,685 [root] DEBUG: |-- SmartAssemblyPacked 2016-09-14 11:49:11,685 [root] DEBUG: |-- ThemidaPacked 2016-09-14 11:49:11,685 [root] DEBUG: |-- UPXCompressed 2016-09-14 11:49:11,685 [root] DEBUG: |-- VMPPacked 2016-09-14 11:49:11,686 [root] DEBUG: |-- PDF_Annot_URLs 2016-09-14 11:49:11,686 [root] DEBUG: |-- ADS 2016-09-14 11:49:11,686 [root] DEBUG: |-- Autorun 2016-09-14 11:49:11,686 [root] DEBUG: |-- PersistenceBootexecute 2016-09-14 11:49:11,686 [root] DEBUG: |-- PersistenceService 2016-09-14 11:49:11,686 [root] DEBUG: |-- Polymorphic 2016-09-14 11:49:11,686 [root] DEBUG: |-- Pony_APIs 2016-09-14 11:49:11,686 [root] DEBUG: |-- PowershellCommand 2016-09-14 11:49:11,686 [root] DEBUG: |-- PunchPlusPlusPCREs 2016-09-14 11:49:11,686 [root] DEBUG: |-- PreventsSafeboot 2016-09-14 11:49:11,686 [root] DEBUG: |-- ProcessInterest 2016-09-14 11:49:11,687 [root] DEBUG: |-- ProcessNeeded 2016-09-14 11:49:11,687 [root] DEBUG: |-- Procmem_Yara 2016-09-14 11:49:11,687 [root] DEBUG: |-- RansomwareDMALocker 2016-09-14 11:49:11,687 [root] DEBUG: |-- RansomwareExtensions 2016-09-14 11:49:11,687 [root] DEBUG: |-- RansomwareFileModifications 2016-09-14 11:49:11,687 [root] DEBUG: |-- RansomwareFiles 2016-09-14 11:49:11,687 [root] DEBUG: |-- RansomwareMessage 2016-09-14 11:49:11,687 [root] DEBUG: |-- RansomwareRadamant 2016-09-14 11:49:11,687 [root] DEBUG: |-- RansomwareRecyclebin 2016-09-14 11:49:11,687 [root] DEBUG: |-- BeebusMutexes 2016-09-14 11:49:11,687 [root] DEBUG: |-- FynloskiMutexes 2016-09-14 11:49:11,688 [root] DEBUG: |-- LuminosityRAT 2016-09-14 11:49:11,688 [root] DEBUG: |-- NanocoreRAT 2016-09-14 11:49:11,688 [root] DEBUG: |-- PcClientMutexes 2016-09-14 11:49:11,688 [root] DEBUG: |-- PlugxMutexes 2016-09-14 11:49:11,688 [root] DEBUG: |-- PoisonIvyMutexes 2016-09-14 11:49:11,688 [root] DEBUG: |-- QuasarMutexes 2016-09-14 11:49:11,688 [root] DEBUG: |-- SpynetRat 2016-09-14 11:49:11,688 [root] DEBUG: |-- XtremeMutexes 2016-09-14 11:49:11,688 [root] DEBUG: |-- ReadsSelf 2016-09-14 11:49:11,688 [root] DEBUG: |-- Recon_Beacon 2016-09-14 11:49:11,688 [root] DEBUG: |-- CheckIP 2016-09-14 11:49:11,689 [root] DEBUG: |-- Fingerprint 2016-09-14 11:49:11,689 [root] DEBUG: |-- InstalledApps 2016-09-14 11:49:11,689 [root] DEBUG: |-- SystemInfo 2016-09-14 11:49:11,689 [root] DEBUG: |-- RemovesZoneIdADS 2016-09-14 11:49:11,689 [root] DEBUG: |-- Secure_Login_Phish 2016-09-14 11:49:11,689 [root] DEBUG: |-- SecurityXploded_Modules 2016-09-14 11:49:11,689 [root] DEBUG: |-- SetsAutoconfigURL 2016-09-14 11:49:11,689 [root] DEBUG: |-- Shifu_APIs 2016-09-14 11:49:11,689 [root] DEBUG: |-- InstallsWinpcap 2016-09-14 11:49:11,689 [root] DEBUG: |-- SpoofsProcname 2016-09-14 11:49:11,689 [root] DEBUG: |-- CreatesAutorunInf 2016-09-14 11:49:11,690 [root] DEBUG: |-- StackPivot 2016-09-14 11:49:11,690 [root] DEBUG: |-- Authenticode 2016-09-14 11:49:11,690 [root] DEBUG: |-- DotNetAnomaly 2016-09-14 11:49:11,690 [root] DEBUG: |-- Static_Java 2016-09-14 11:49:11,690 [root] DEBUG: |-- Static_PDF 2016-09-14 11:49:11,690 [root] DEBUG: |-- PEAnomaly 2016-09-14 11:49:11,690 [root] DEBUG: |-- RATConfig 2016-09-14 11:49:11,690 [root] DEBUG: |-- VersionInfoAnomaly 2016-09-14 11:49:11,690 [root] DEBUG: |-- StealthChildProc 2016-09-14 11:49:11,690 [root] DEBUG: |-- StealthFile 2016-09-14 11:49:11,690 [root] DEBUG: |-- StealthHiddenExtension 2016-09-14 11:49:11,691 [root] DEBUG: |-- StealthHiddenReg 2016-09-14 11:49:11,691 [root] DEBUG: |-- StealthHideNotifications 2016-09-14 11:49:11,691 [root] DEBUG: |-- StealthNetwork 2016-09-14 11:49:11,691 [root] DEBUG: |-- StealthTimeout 2016-09-14 11:49:11,691 [root] DEBUG: |-- StealthWebHistory 2016-09-14 11:49:11,691 [root] DEBUG: |-- Hidden_Window 2016-09-14 11:49:11,691 [root] DEBUG: |-- SuricataAlert 2016-09-14 11:49:11,691 [root] DEBUG: |-- Flame 2016-09-14 11:49:11,691 [root] DEBUG: |-- Tinba_APIs 2016-09-14 11:49:11,691 [root] DEBUG: |-- FleerCivetMutexes 2016-09-14 11:49:11,691 [root] DEBUG: |-- Troldesh_APIs 2016-09-14 11:49:11,691 [root] DEBUG: |-- Upatre_APIs 2016-09-14 11:49:11,692 [root] DEBUG: |-- Ursnif_APIs 2016-09-14 11:49:11,692 [root] DEBUG: |-- UserEnum 2016-09-14 11:49:11,692 [root] DEBUG: |-- Vawtrak_APIs 2016-09-14 11:49:11,692 [root] DEBUG: |-- Vawtrak_APIs 2016-09-14 11:49:11,692 [root] DEBUG: |-- Virus 2016-09-14 11:49:11,692 [root] DEBUG: |-- VolDevicetree1 2016-09-14 11:49:11,692 [root] DEBUG: |-- VolHandles1 2016-09-14 11:49:11,692 [root] DEBUG: |-- VolLdrModules1 2016-09-14 11:49:11,692 [root] DEBUG: |-- VolLdrModules2 2016-09-14 11:49:11,692 [root] DEBUG: |-- VolMalfind1 2016-09-14 11:49:11,692 [root] DEBUG: |-- VolMalfind2 2016-09-14 11:49:11,693 [root] DEBUG: |-- VolModscan1 2016-09-14 11:49:11,693 [root] DEBUG: |-- VolSvcscan1 2016-09-14 11:49:11,693 [root] DEBUG: |-- VolSvcscan2 2016-09-14 11:49:11,693 [root] DEBUG: |-- VolSvcscan3 2016-09-14 11:49:11,693 [root] DEBUG: |-- Webmail_Phish 2016-09-14 11:49:11,693 [root] DEBUG: |-- WHOIS_Create 2016-09-14 11:49:11,693 [root] DEBUG:-- WscriptDownloaderHTTP 2016-09-14 11:49:11,693 [root] DEBUG: Imported "auxiliary" modules: 2016-09-14 11:49:11,693 [root] DEBUG: |-- Sniffer 2016-09-14 11:49:11,693 [root] DEBUG: -- Tor 2016-09-14 11:49:11,693 [root] DEBUG: Imported "processing" modules: 2016-09-14 11:49:11,694 [root] DEBUG: |-- AnalysisInfo 2016-09-14 11:49:11,694 [root] DEBUG: |-- BehaviorAnalysis 2016-09-14 11:49:11,694 [root] DEBUG: |-- CIF 2016-09-14 11:49:11,694 [root] DEBUG: |-- Debug 2016-09-14 11:49:11,694 [root] DEBUG: |-- Decompression 2016-09-14 11:49:11,694 [root] DEBUG: |-- Dropped 2016-09-14 11:49:11,694 [root] DEBUG: |-- Memory 2016-09-14 11:49:11,694 [root] DEBUG: |-- NetworkAnalysis 2016-09-14 11:49:11,694 [root] DEBUG: |-- ProcessMemory 2016-09-14 11:49:11,694 [root] DEBUG: |-- Static 2016-09-14 11:49:11,694 [root] DEBUG: |-- Strings 2016-09-14 11:49:11,695 [root] DEBUG: |-- Suricata 2016-09-14 11:49:11,695 [root] DEBUG: |-- TargetInfo 2016-09-14 11:49:11,695 [root] DEBUG: |-- Usage 2016-09-14 11:49:11,695 [root] DEBUG:-- VirusTotal 2016-09-14 11:49:11,695 [root] DEBUG: Imported "machinery" modules: 2016-09-14 11:49:11,695 [root] DEBUG: -- VirtualBox 2016-09-14 11:49:11,695 [root] DEBUG: Imported "feeds" modules: 2016-09-14 11:49:11,695 [root] DEBUG: |-- AbuseCH_SSL 2016-09-14 11:49:11,695 [root] DEBUG:-- Punch_Plus_Plus_PCREs 2016-09-14 11:49:11,695 [root] DEBUG: Imported "reporting" modules: 2016-09-14 11:49:11,695 [root] DEBUG: |-- Compression 2016-09-14 11:49:11,696 [root] DEBUG: |-- ElasticsearchDB 2016-09-14 11:49:11,696 [root] DEBUG: |-- JsonDump 2016-09-14 11:49:11,696 [root] DEBUG: |-- MAEC41Report 2016-09-14 11:49:11,696 [root] DEBUG: |-- Malheur 2016-09-14 11:49:11,696 [root] DEBUG: |-- MISP 2016-09-14 11:49:11,696 [root] DEBUG: |-- MMDef 2016-09-14 11:49:11,696 [root] DEBUG: |-- Moloch 2016-09-14 11:49:11,696 [root] DEBUG: |-- MongoDB 2016-09-14 11:49:11,696 [root] DEBUG: |-- ReportHTML 2016-09-14 11:49:11,696 [root] DEBUG: |-- ReportHTMLSummary 2016-09-14 11:49:11,696 [root] DEBUG: |-- ReportPDF 2016-09-14 11:49:11,697 [root] DEBUG: |-- ReSubmitExtractedEXE 2016-09-14 11:49:11,697 [root] DEBUG: |-- Retention 2016-09-14 11:49:11,697 [root] DEBUG: -- Syslog 2016-09-14 11:49:11,698 [root] DEBUG: Checking for locked tasks... 2016-09-14 11:49:11,786 [root] DEBUG: Initializing Yara... 2016-09-14 11:49:11,786 [root] DEBUG: |-- index_binaries.yar 2016-09-14 11:49:11,786 [root] DEBUG:-- index_memory.yar 2016-09-14 11:49:11,788 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.0.201:2042. 2016-09-14 11:49:11,791 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" machine manager with max_analysis_count=5, max_machines_count=4, and max_vmstartup_count=10 2016-09-14 11:49:11,930 [modules.machinery.virtualbox] DEBUG: Getting status for Malware_Hunter 2016-09-14 11:49:12,018 [modules.machinery.virtualbox] DEBUG: Machine Malware_Hunter status poweroff 2016-09-14 11:49:12,052 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2016-09-14 11:49:12,062 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks. 2016-09-14 11:50:07,603 [lib.cuckoo.core.scheduler] DEBUG: Task #7: Processing task 2016-09-14 11:50:07,605 [lib.cuckoo.core.scheduler] INFO: Task #7: Starting analysis of FILE '/root/Desktop/signed_invoice_4801021.doc' 2016-09-14 11:50:07,652 [lib.cuckoo.core.scheduler] INFO: Task #7: acquired machine Malware_Hunter (label=Malware_Hunter) 2016-09-14 11:50:07,680 [modules.machinery.virtualbox] DEBUG: Starting vm Malware_Hunter 2016-09-14 11:50:07,681 [modules.machinery.virtualbox] DEBUG: Getting status for Malware_Hunter 2016-09-14 11:50:07,776 [modules.machinery.virtualbox] DEBUG: Machine Malware_Hunter status poweroff 2016-09-14 11:50:07,810 [modules.machinery.virtualbox] DEBUG: Using current snapshot for virtual machine Malware_Hunter 2016-09-14 11:50:07,899 [modules.machinery.virtualbox] DEBUG: Getting status for Malware_Hunter 2016-09-14 11:50:07,994 [modules.machinery.virtualbox] DEBUG: Machine Malware_Hunter status saved 2016-09-14 11:50:11,429 [modules.machinery.virtualbox] DEBUG: Getting status for Malware_Hunter 2016-09-14 11:50:11,946 [modules.machinery.virtualbox] DEBUG: Machine Malware_Hunter status running 2016-09-14 11:50:11,986 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2016-09-14 11:50:11,988 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=Malware_Hunter, ip=192.168.56.100 snapshot = Snapshot_9 interface = vboxnet0) 2016-09-14 11:50:11,989 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: waiting for status 0x0001 2016-09-14 11:50:11,989 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:12,991 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:13,992 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:14,994 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:15,995 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:16,997 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:17,998 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:18,999 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:20,000 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:21,002 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:22,003 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:23,005 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:24,005 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:25,007 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:26,009 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:27,010 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:28,012 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:29,013 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:30,014 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:31,016 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:32,017 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:33,017 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:34,022 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:35,029 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:36,030 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:37,031 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:38,033 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:39,034 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:40,035 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:41,036 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:42,037 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:43,038 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:44,040 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:45,040 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:46,042 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:47,042 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:48,043 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:49,045 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:50,045 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:51,046 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:52,047 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:53,048 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:54,049 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:55,049 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:56,051 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:57,052 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:58,054 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:50:59,054 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:00,055 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:01,057 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:02,059 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:03,060 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:04,061 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:05,062 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:06,064 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:07,065 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:08,067 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:09,068 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:10,069 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:11,071 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:12,073 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:13,074 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:14,075 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:15,076 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:16,078 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:17,078 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:18,079 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:19,081 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:20,083 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:21,083 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:22,084 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:23,085 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:24,086 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:25,088 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:26,088 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:27,090 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:28,091 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:29,093 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:30,094 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:31,095 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:32,096 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:33,098 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:34,098 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:35,100 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:36,102 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:37,103 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:38,105 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:39,106 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:40,107 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:41,109 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:42,110 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:43,112 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:44,112 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:45,114 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:46,115 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:47,115 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:48,116 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:49,117 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:50,118 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:51,119 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:52,119 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:53,121 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:54,122 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:55,124 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:56,126 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:57,127 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:58,128 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:51:59,130 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:00,131 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:01,132 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:02,133 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:03,135 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:04,137 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:05,138 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:06,139 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:07,141 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:08,142 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:09,144 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:10,144 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:11,145 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:12,147 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:13,147 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:14,149 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:15,151 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:16,153 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:17,154 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:18,155 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:19,156 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:20,158 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:21,158 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:22,159 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:23,161 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:24,163 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:25,163 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:26,165 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:27,166 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:28,168 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:29,169 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:30,170 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:31,172 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:32,172 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:33,174 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:34,176 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:35,178 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:36,179 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:37,181 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:38,182 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:39,183 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:40,185 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:41,186 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:42,186 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:43,187 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:44,189 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:45,190 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:46,192 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:47,193 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:48,195 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:49,198 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:50,205 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:51,207 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:52,209 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:53,210 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:54,212 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:55,214 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:56,215 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:57,217 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:58,219 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:52:59,221 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:00,222 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:01,224 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:02,226 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:03,227 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:04,228 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:05,230 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:06,231 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:07,231 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:08,232 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:09,234 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:10,235 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:11,237 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:12,238 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:13,240 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:14,241 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:15,243 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:16,244 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:17,246 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:18,247 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:19,249 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:20,251 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:21,252 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:22,254 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:23,254 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:24,256 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:25,257 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:26,259 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:27,261 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:28,262 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:29,264 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:30,265 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:31,267 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:32,268 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:33,269 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:34,269 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:35,270 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:36,272 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:37,273 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:38,275 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:39,277 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:40,278 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:41,280 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:42,281 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:43,282 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:44,283 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:45,284 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:46,285 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:47,286 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:48,288 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:49,289 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:50,291 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:51,293 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:52,294 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:53,295 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:54,297 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:55,297 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:56,302 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:57,303 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:58,304 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:53:59,306 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:00,308 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:01,310 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:02,311 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:03,313 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:04,314 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:05,315 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:06,316 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:07,317 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:08,319 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:09,320 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:10,321 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:11,322 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:12,324 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:13,325 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:14,327 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:15,329 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:16,331 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:17,332 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:18,333 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:19,334 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:20,335 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:21,336 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:22,337 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:23,338 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:24,340 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:25,341 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:26,343 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:27,345 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:28,346 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:29,347 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:30,349 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:31,350 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:32,352 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:33,353 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:34,354 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:35,355 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:36,356 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:37,357 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:38,357 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:39,359 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:40,360 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:41,360 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:42,362 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:43,363 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:44,365 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:45,366 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:46,367 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:47,368 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:48,370 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:49,372 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:50,374 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:51,375 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:52,377 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:53,379 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:54,381 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:55,382 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:56,384 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:57,385 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:58,387 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:54:59,388 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:00,390 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:01,392 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:02,401 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:03,403 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:04,404 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:05,406 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:06,408 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:07,408 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:08,409 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:09,410 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:10,411 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:11,413 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:12,415 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:13,415 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:14,416 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:15,418 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:16,419 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:17,421 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:18,422 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:19,422 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:20,424 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:21,426 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:22,427 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:23,429 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:24,430 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:25,432 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:26,433 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:27,434 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:28,435 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:29,436 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:30,437 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:31,438 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:32,440 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:33,442 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:34,444 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:35,445 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:36,445 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:37,446 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:38,447 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:39,447 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:40,449 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:41,450 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:42,452 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:43,454 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:44,454 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:45,456 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:46,457 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:47,458 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:48,459 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:49,461 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:50,463 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:51,465 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:52,466 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:53,467 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:54,468 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:55,469 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:56,470 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:57,471 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:58,472 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:55:59,473 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:00,473 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:01,475 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:02,475 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:03,477 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:04,478 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:05,478 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:06,480 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:07,488 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:08,490 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:09,491 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:10,492 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:11,494 [lib.cuckoo.core.guest] DEBUG: Malware_Hunter: not ready yet 2016-09-14 11:56:12,495 [lib.cuckoo.core.scheduler] ERROR: Malware_Hunter: the guest initialization hit the critical timeout, analysis aborted. 2016-09-14 11:56:12,515 [lib.cuckoo.core.plugins] WARNING: Unable to stop auxiliary module: 'Sniffer' object has no attribute 'proc' 2016-09-14 11:56:12,515 [modules.machinery.virtualbox] DEBUG: Stopping vm Malware_Hunter 2016-09-14 11:56:12,515 [modules.machinery.virtualbox] DEBUG: Getting status for Malware_Hunter 2016-09-14 11:56:13,038 [modules.machinery.virtualbox] DEBUG: Machine Malware_Hunter status running 2016-09-14 11:56:14,069 [modules.machinery.virtualbox] DEBUG: Getting status for Malware_Hunter 2016-09-14 11:56:14,173 [modules.machinery.virtualbox] DEBUG: Machine Malware_Hunter status poweroff 2016-09-14 11:56:14,259 [lib.cuckoo.core.scheduler] DEBUG: Task #7: Released database task with status False 2016-09-14 11:56:14,262 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Decompression" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:14,262 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:14,274 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:14,276 [modules.processing.behavior] WARNING: Analysis results folder does not exist at path "/opt/cuckoo-modified/storage/analyses/7/logs". 2016-09-14 11:56:14,276 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:14,278 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Dropped" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:14,278 [lib.cuckoo.core.plugins] ERROR: Failed to run the processing module "Dropped": Traceback (most recent call last): File "/opt/cuckoo-modified/lib/cuckoo/core/plugins.py", line 197, in process data = current.run() File "/opt/cuckoo-modified/modules/processing/dropped.py", line 26, in run file_names = os.listdir(self.dropped_path) OSError: [Errno 2] No such file or directory: '/opt/cuckoo-modified/storage/analyses/7/files' 2016-09-14 11:56:14,279 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:14,279 [modules.processing.network] WARNING: The PCAP file does not exist at path "/opt/cuckoo-modified/storage/analyses/7/dump.pcap". 2016-09-14 11:56:14,279 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Static" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:14,280 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Strings" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:14,897 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TargetInfo" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:14,942 [lib.cuckoo.common.objects] WARNING: failed to scan file with clamav Error 2 connecting /var/run/clamav/clamd.ctl. No such file or directory. 2016-09-14 11:56:14,943 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "VirusTotal" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:14,948 [requests.packages.urllib3.connectionpool] INFO: Starting new HTTPS connection (1): www.virustotal.com 2016-09-14 11:56:20,846 [requests.packages.urllib3.connectionpool] DEBUG: "GET /vtapi/v2/file/report?apikey=a0283a2c3d55728300d064874239b5346fb991317e8449fe43c902879d758088&resource=0ed2cfed0b690c9d3d1d0eac9ee7cf803fbb2bce700869a5df4c07f529e552f3 HTTP/1.1" 200 192 2016-09-14 11:56:20,851 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/cuckoo-modified/storage/analyses/7" 2016-09-14 11:56:20,860 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe 2016-09-14 11:56:20,860 [lib.cuckoo.core.plugins] DEBUG: Running 136 evented signatures 2016-09-14 11:56:20,860 [lib.cuckoo.core.plugins] DEBUG: |-- alphacrypt_behavior 2016-09-14 11:56:20,860 [lib.cuckoo.core.plugins] DEBUG: |-- andromeda_behavior 2016-09-14 11:56:20,860 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_avast_libs 2016-09-14 11:56:20,861 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bitdefender_libs 2016-09-14 11:56:20,861 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_servicestop 2016-09-14 11:56:20,861 [lib.cuckoo.core.plugins] DEBUG: |-- antidbg_windows 2016-09-14 11:56:20,861 [lib.cuckoo.core.plugins] DEBUG: |-- antiemu_wine_func 2016-09-14 11:56:20,861 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoo 2016-09-14 11:56:20,861 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoocrash 2016-09-14 11:56:20,861 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_mouse_hook 2016-09-14 11:56:20,861 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_restart 2016-09-14 11:56:20,861 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_libs 2016-09-14 11:56:20,861 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_objects 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sleep 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sunbelt_libs 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_suspend 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_unhook 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_directory_objects 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk_setupapi 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_scsi 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_services 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_libs 2016-09-14 11:56:20,862 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_provname 2016-09-14 11:56:20,863 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_window 2016-09-14 11:56:20,863 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_events 2016-09-14 11:56:20,863 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_libs 2016-09-14 11:56:20,863 [lib.cuckoo.core.plugins] DEBUG: |-- api_spamming 2016-09-14 11:56:20,863 [lib.cuckoo.core.plugins] DEBUG: |-- banker_prinimalka 2016-09-14 11:56:20,863 [lib.cuckoo.core.plugins] DEBUG: |-- bcdedit_command 2016-09-14 11:56:20,863 [lib.cuckoo.core.plugins] DEBUG: |-- betabot_behavior 2016-09-14 11:56:20,863 [lib.cuckoo.core.plugins] DEBUG: |-- bootkit 2016-09-14 11:56:20,863 [lib.cuckoo.core.plugins] DEBUG: |-- browser_needed 2016-09-14 11:56:20,863 [lib.cuckoo.core.plugins] DEBUG: |-- browser_scanbox 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- cerber_behavior 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- chimera_behavior 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_cookies 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_volume 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- creates_largekey 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- creates_nullvalue 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- critical_process 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- cryptowall_behavior 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2014_6332 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- dead_link 2016-09-14 11:56:20,864 [lib.cuckoo.core.plugins] DEBUG: |-- debugs_self 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- decoy_document 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_self 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_shadow_copies 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- dep_bypass 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- dep_disable 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- disables_spdy 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- disables_wfp 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- dridex_behavior 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- driver_load 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- exe_dropper_js 2016-09-14 11:56:20,865 [lib.cuckoo.core.plugins] DEBUG: |-- dyre_behavior 2016-09-14 11:56:20,866 [lib.cuckoo.core.plugins] DEBUG: |-- angler_js 2016-09-14 11:56:20,866 [lib.cuckoo.core.plugins] DEBUG: |-- cve_2015_2419_js 2016-09-14 11:56:20,866 [lib.cuckoo.core.plugins] DEBUG: |-- gondad_js 2016-09-14 11:56:20,866 [lib.cuckoo.core.plugins] DEBUG: |-- heapspray_js 2016-09-14 11:56:20,866 [lib.cuckoo.core.plugins] DEBUG: |-- java_js 2016-09-14 11:56:20,866 [lib.cuckoo.core.plugins] DEBUG: |-- Neutrino_js 2016-09-14 11:56:20,866 [lib.cuckoo.core.plugins] DEBUG: |-- nuclear_js 2016-09-14 11:56:20,866 [lib.cuckoo.core.plugins] DEBUG: |-- rig_js 2016-09-14 11:56:20,866 [lib.cuckoo.core.plugins] DEBUG: |-- silverlight_js 2016-09-14 11:56:20,866 [lib.cuckoo.core.plugins] DEBUG: |-- virtualcheck_js 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- encrypted_ioc 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- exec_crash 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- generic_phish 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- gootkit_behavior 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- h1n1_behavior 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- hancitor_behavior 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- hawkeye_behavior 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser_password 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_keylog 2016-09-14 11:56:20,867 [lib.cuckoo.core.plugins] DEBUG: |-- injection_createremotethread 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- injection_explorer 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- injection_needextension 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- injection_runpe 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- injection_rwx 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- internet_dropper 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- ipc_namedpipe 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- js_phish 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- js_suspicious_redirect 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- kazybot_behavior 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- kibex_behavior 2016-09-14 11:56:20,868 [lib.cuckoo.core.plugins] DEBUG: |-- kovter_behavior 2016-09-14 11:56:20,869 [lib.cuckoo.core.plugins] DEBUG: |-- Locky_behavior 2016-09-14 11:56:20,869 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_agent 2016-09-14 11:56:20,869 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_filetime 2016-09-14 11:56:20,869 [lib.cuckoo.core.plugins] DEBUG: |-- modifies_desktop_wallpaper 2016-09-14 11:56:20,869 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_useragents 2016-09-14 11:56:20,869 [lib.cuckoo.core.plugins] DEBUG: |-- network_anomaly 2016-09-14 11:56:20,869 [lib.cuckoo.core.plugins] DEBUG: |-- network_bind 2016-09-14 11:56:20,869 [lib.cuckoo.core.plugins] DEBUG: |-- network_document_http 2016-09-14 11:56:20,869 [lib.cuckoo.core.plugins] DEBUG: |-- network_tor 2016-09-14 11:56:20,869 [lib.cuckoo.core.plugins] DEBUG: |-- nymaim_behavior 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- office_write_exe 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- packer_themida 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_bootexecute 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- pony_behavior 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_command 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- process_interest 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- process_needed 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_dmalocker 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_file_modifications 2016-09-14 11:56:20,870 [lib.cuckoo.core.plugins] DEBUG: |-- ransomware_message 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- rat_luminosity 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- rat_nanocore 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- reads_self 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- recon_beacon 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- recon_programs 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- recon_systeminfo 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- removes_zoneid_ads 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- secure_login_phish 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- securityxploded_modules 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- sets_autoconfig_url 2016-09-14 11:56:20,871 [lib.cuckoo.core.plugins] DEBUG: |-- shifu_behavior 2016-09-14 11:56:20,872 [lib.cuckoo.core.plugins] DEBUG: |-- spoofs_procname 2016-09-14 11:56:20,872 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot 2016-09-14 11:56:20,872 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_childproc 2016-09-14 11:56:20,872 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_file 2016-09-14 11:56:20,872 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_network 2016-09-14 11:56:20,872 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_timeout 2016-09-14 11:56:20,872 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_window 2016-09-14 11:56:20,872 [lib.cuckoo.core.plugins] DEBUG: |-- tinba_behavior 2016-09-14 11:56:20,872 [lib.cuckoo.core.plugins] DEBUG: |-- upatre_behavior 2016-09-14 11:56:20,872 [lib.cuckoo.core.plugins] DEBUG: |-- ursnif_behavior 2016-09-14 11:56:20,873 [lib.cuckoo.core.plugins] DEBUG: |-- user_enum 2016-09-14 11:56:20,873 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior 2016-09-14 11:56:20,873 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior 2016-09-14 11:56:20,873 [lib.cuckoo.core.plugins] DEBUG: |-- virus 2016-09-14 11:56:20,873 [lib.cuckoo.core.plugins] DEBUG: |-- webmail_phish 2016-09-14 11:56:20,873 [lib.cuckoo.core.plugins] DEBUG: -- wscript_downloader_http 2016-09-14 11:56:20,894 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures 2016-09-14 11:56:20,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "alphacrypt_behavior" 2016-09-14 11:56:20,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromeda_behavior" 2016-09-14 11:56:20,894 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile" 2016-09-14 11:56:20,897 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg" 2016-09-14 11:56:20,900 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_avast_libs" 2016-09-14 11:56:20,900 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bitdefender_libs" 2016-09-14 11:56:20,900 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile" 2016-09-14 11:56:20,906 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg" 2016-09-14 11:56:20,919 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_servicestop" 2016-09-14 11:56:20,919 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp" 2016-09-14 11:56:20,919 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_devices" 2016-09-14 11:56:20,920 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_windows" 2016-09-14 11:56:20,920 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg" 2016-09-14 11:56:20,920 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_func" 2016-09-14 11:56:20,921 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo" 2016-09-14 11:56:20,921 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo_files" 2016-09-14 11:56:20,921 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoocrash" 2016-09-14 11:56:20,921 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_fortinet_files" 2016-09-14 11:56:20,922 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files" 2016-09-14 11:56:20,922 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_mouse_hook" 2016-09-14 11:56:20,922 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_restart" 2016-09-14 11:56:20,922 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_libs" 2016-09-14 11:56:20,922 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex" 2016-09-14 11:56:20,922 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_objects" 2016-09-14 11:56:20,923 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sleep" 2016-09-14 11:56:20,923 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files" 2016-09-14 11:56:20,923 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_libs" 2016-09-14 11:56:20,923 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_suspend" 2016-09-14 11:56:20,923 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_threattrack_files" 2016-09-14 11:56:20,924 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_unhook" 2016-09-14 11:56:20,924 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal" 2016-09-14 11:56:20,924 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys" 2016-09-14 11:56:20,924 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_directory_objects" 2016-09-14 11:56:20,924 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios" 2016-09-14 11:56:20,925 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu" 2016-09-14 11:56:20,925 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk" 2016-09-14 11:56:20,925 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk_setupapi" 2016-09-14 11:56:20,926 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg" 2016-09-14 11:56:20,926 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_scsi" 2016-09-14 11:56:20,926 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_services" 2016-09-14 11:56:20,926 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_system" 2016-09-14 11:56:20,927 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_hyperv_keys" 2016-09-14 11:56:20,927 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_parallels_keys" 2016-09-14 11:56:20,929 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices" 2016-09-14 11:56:20,929 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files" 2016-09-14 11:56:20,931 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys" 2016-09-14 11:56:20,933 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_libs" 2016-09-14 11:56:20,933 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_provname" 2016-09-14 11:56:20,934 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_window" 2016-09-14 11:56:20,934 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices" 2016-09-14 11:56:20,934 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_events" 2016-09-14 11:56:20,934 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files" 2016-09-14 11:56:20,935 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys" 2016-09-14 11:56:20,936 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_libs" 2016-09-14 11:56:20,936 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes" 2016-09-14 11:56:20,937 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files" 2016-09-14 11:56:20,937 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys" 2016-09-14 11:56:20,938 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex" 2016-09-14 11:56:20,938 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_xen_keys" 2016-09-14 11:56:20,939 [lib.cuckoo.core.plugins] DEBUG: Running signature "api_spamming" 2016-09-14 11:56:20,939 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs" 2016-09-14 11:56:20,940 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs" 2016-09-14 11:56:20,940 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex" 2016-09-14 11:56:20,940 [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan" 2016-09-14 11:56:20,942 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_prinimalka" 2016-09-14 11:56:20,942 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes" 2016-09-14 11:56:20,943 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex" 2016-09-14 11:56:20,944 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p" 2016-09-14 11:56:20,945 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url" 2016-09-14 11:56:20,945 [lib.cuckoo.core.plugins] DEBUG: Running signature "bcdedit_command" 2016-09-14 11:56:20,945 [lib.cuckoo.core.plugins] DEBUG: Running signature "betabot_behavior" 2016-09-14 11:56:20,945 [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl" 2016-09-14 11:56:20,945 [lib.cuckoo.core.plugins] DEBUG: Running signature "bootkit" 2016-09-14 11:56:20,945 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp" 2016-09-14 11:56:20,946 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper" 2016-09-14 11:56:20,946 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive" 2016-09-14 11:56:20,948 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2" 2016-09-14 11:56:20,949 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness" 2016-09-14 11:56:20,950 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill" 2016-09-14 11:56:20,950 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon" 2016-09-14 11:56:20,951 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object" 2016-09-14 11:56:20,952 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_needed" 2016-09-14 11:56:20,952 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_proxy" 2016-09-14 11:56:20,953 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_scanbox" 2016-09-14 11:56:20,954 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security" 2016-09-14 11:56:20,957 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage" 2016-09-14 11:56:20,958 [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall" 2016-09-14 11:56:20,958 [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex" 2016-09-14 11:56:20,959 [lib.cuckoo.core.plugins] DEBUG: Running signature "cerber_behavior" 2016-09-14 11:56:20,959 [lib.cuckoo.core.plugins] DEBUG: Running signature "chimera_behavior" 2016-09-14 11:56:20,959 [lib.cuckoo.core.plugins] DEBUG: Running signature "clamav" 2016-09-14 11:56:20,959 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_cookies" 2016-09-14 11:56:20,959 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_volume" 2016-09-14 11:56:20,959 [lib.cuckoo.core.plugins] DEBUG: Running signature "codelux_behavior" 2016-09-14 11:56:20,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self" 2016-09-14 11:56:20,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_largekey" 2016-09-14 11:56:20,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_nullvalue" 2016-09-14 11:56:20,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "critical_process" 2016-09-14 11:56:20,960 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptowall_behavior" 2016-09-14 11:56:20,961 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2014_6332" 2016-09-14 11:56:20,961 [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys" 2016-09-14 11:56:20,961 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_link" 2016-09-14 11:56:20,961 [lib.cuckoo.core.plugins] DEBUG: Running signature "debugs_self" 2016-09-14 11:56:20,961 [lib.cuckoo.core.plugins] DEBUG: Running signature "decoy_document" 2016-09-14 11:56:20,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex" 2016-09-14 11:56:20,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_self" 2016-09-14 11:56:20,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_shadow_copies" 2016-09-14 11:56:20,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_bypass" 2016-09-14 11:56:20,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_disable" 2016-09-14 11:56:20,962 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_app_launch" 2016-09-14 11:56:20,963 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn" 2016-09-14 11:56:20,966 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_spdy" 2016-09-14 11:56:20,966 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore" 2016-09-14 11:56:20,967 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac" 2016-09-14 11:56:20,967 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer" 2016-09-14 11:56:20,968 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wfp" 2016-09-14 11:56:20,968 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windows_defender" 2016-09-14 11:56:20,969 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate" 2016-09-14 11:56:20,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby" 2016-09-14 11:56:20,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "dridex_behavior" 2016-09-14 11:56:20,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_load" 2016-09-14 11:56:20,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper" 2016-09-14 11:56:20,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "exe_dropper_js" 2016-09-14 11:56:20,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "dyre_behavior" 2016-09-14 11:56:20,970 [lib.cuckoo.core.plugins] DEBUG: Running signature "angler_js" 2016-09-14 11:56:20,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "cve_2015_2419_js" 2016-09-14 11:56:20,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "gondad_js" 2016-09-14 11:56:20,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "heapspray_js" 2016-09-14 11:56:20,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "java_js" 2016-09-14 11:56:20,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "Neutrino_js" 2016-09-14 11:56:20,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "nuclear_js" 2016-09-14 11:56:20,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "rig_js" 2016-09-14 11:56:20,971 [lib.cuckoo.core.plugins] DEBUG: Running signature "silverlight_js" 2016-09-14 11:56:20,972 [lib.cuckoo.core.plugins] DEBUG: Running signature "virtualcheck_js" 2016-09-14 11:56:20,972 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypted_ioc" 2016-09-14 11:56:20,972 [lib.cuckoo.core.plugins] DEBUG: Running signature "exec_crash" 2016-09-14 11:56:20,972 [lib.cuckoo.core.plugins] DEBUG: Running signature "family_proxyback" 2016-09-14 11:56:20,973 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_phish" 2016-09-14 11:56:20,973 [lib.cuckoo.core.plugins] DEBUG: Running signature "gootkit_behavior" 2016-09-14 11:56:20,973 [lib.cuckoo.core.plugins] DEBUG: Running signature "h1n1_behavior" 2016-09-14 11:56:20,973 [lib.cuckoo.core.plugins] DEBUG: Running signature "hancitor_behavior" 2016-09-14 11:56:20,973 [lib.cuckoo.core.plugins] DEBUG: Running signature "hawkeye_behavior" 2016-09-14 11:56:20,973 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin" 2016-09-14 11:56:20,977 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser" 2016-09-14 11:56:20,977 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser_password" 2016-09-14 11:56:20,978 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp" 2016-09-14 11:56:20,984 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im" 2016-09-14 11:56:20,988 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_keylog" 2016-09-14 11:56:20,988 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail" 2016-09-14 11:56:20,991 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_createremotethread" 2016-09-14 11:56:20,991 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_explorer" 2016-09-14 11:56:20,991 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_needextension" 2016-09-14 11:56:20,992 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_runpe" 2016-09-14 11:56:20,992 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_rwx" 2016-09-14 11:56:20,992 [lib.cuckoo.core.plugins] DEBUG: Running signature "internet_dropper" 2016-09-14 11:56:20,992 [lib.cuckoo.core.plugins] DEBUG: Running signature "ipc_namedpipe" 2016-09-14 11:56:20,992 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_phish" 2016-09-14 11:56:20,992 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_suspicious_redirect" 2016-09-14 11:56:20,992 [lib.cuckoo.core.plugins] DEBUG: Running signature "kazybot_behavior" 2016-09-14 11:56:20,992 [lib.cuckoo.core.plugins] DEBUG: Running signature "kibex_behavior" 2016-09-14 11:56:20,993 [lib.cuckoo.core.plugins] DEBUG: Running signature "kovter_behavior" 2016-09-14 11:56:20,993 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_kraken_mutexes" 2016-09-14 11:56:20,993 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_regedit" 2016-09-14 11:56:20,993 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_taskmgr" 2016-09-14 11:56:20,994 [lib.cuckoo.core.plugins] DEBUG: Running signature "Locky_behavior" 2016-09-14 11:56:20,994 [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children" 2016-09-14 11:56:20,994 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_martian_children" 2016-09-14 11:56:20,994 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_agent" 2016-09-14 11:56:20,994 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension" 2016-09-14 11:56:20,995 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_filetime" 2016-09-14 11:56:20,995 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon" 2016-09-14 11:56:20,995 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_certs" 2016-09-14 11:56:20,996 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_hostfile" 2016-09-14 11:56:20,996 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings" 2016-09-14 11:56:20,997 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt" 2016-09-14 11:56:20,998 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_desktop_wallpaper" 2016-09-14 11:56:20,999 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_useragents" 2016-09-14 11:56:20,999 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_anomaly" 2016-09-14 11:56:20,999 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_bind" 2016-09-14 11:56:20,999 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_http" 2016-09-14 11:56:20,999 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga" 2016-09-14 11:56:20,999 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_document_http" 2016-09-14 11:56:20,999 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http" 2016-09-14 11:56:20,999 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp" 2016-09-14 11:56:21,000 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc" 2016-09-14 11:56:21,000 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp" 2016-09-14 11:56:21,000 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor" 2016-09-14 11:56:21,000 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service" 2016-09-14 11:56:21,000 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway" 2016-09-14 11:56:21,000 [lib.cuckoo.core.plugins] DEBUG: Running signature "nymaim_behavior" 2016-09-14 11:56:21,001 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_code_page" 2016-09-14 11:56:21,001 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro" 2016-09-14 11:56:21,001 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security" 2016-09-14 11:56:21,002 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_write_exe" 2016-09-14 11:56:21,002 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid" 2016-09-14 11:56:21,002 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid" 2016-09-14 11:56:21,002 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex" 2016-09-14 11:56:21,002 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey" 2016-09-14 11:56:21,003 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_confuser" 2016-09-14 11:56:21,003 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy" 2016-09-14 11:56:21,003 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_smartassembly" 2016-09-14 11:56:21,003 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida" 2016-09-14 11:56:21,003 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx" 2016-09-14 11:56:21,003 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect" 2016-09-14 11:56:21,003 [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_annot_urls" 2016-09-14 11:56:21,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads" 2016-09-14 11:56:21,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun" 2016-09-14 11:56:21,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_bootexecute" 2016-09-14 11:56:21,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service" 2016-09-14 11:56:21,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "polymorphic" 2016-09-14 11:56:21,004 [lib.cuckoo.core.plugins] ERROR: Failed to run signature "polymorphic": Traceback (most recent call last): File "/opt/cuckoo-modified/lib/cuckoo/core/plugins.py", line 351, in process data = current.run() File "/opt/cuckoo-modified/modules/signatures/polymorphic.py", line 47, in run if self.results["dropped"]: KeyError: 'dropped' 2016-09-14 11:56:21,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "pony_behavior" 2016-09-14 11:56:21,004 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command" 2016-09-14 11:56:21,005 [lib.cuckoo.core.plugins] DEBUG: Running signature "punch_plus_plus_pcres" 2016-09-14 11:56:21,005 [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot" 2016-09-14 11:56:21,005 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_interest" 2016-09-14 11:56:21,005 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_needed" 2016-09-14 11:56:21,005 [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara" 2016-09-14 11:56:21,006 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_dmalocker" 2016-09-14 11:56:21,006 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions" 2016-09-14 11:56:21,009 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_file_modifications" 2016-09-14 11:56:21,009 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files" 2016-09-14 11:56:21,014 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_message" 2016-09-14 11:56:21,014 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_radamant" 2016-09-14 11:56:21,014 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin" 2016-09-14 11:56:21,015 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes" 2016-09-14 11:56:21,015 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes" 2016-09-14 11:56:21,015 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_luminosity" 2016-09-14 11:56:21,015 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_nanocore" 2016-09-14 11:56:21,015 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient" 2016-09-14 11:56:21,016 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes" 2016-09-14 11:56:21,016 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes" 2016-09-14 11:56:21,016 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_quasar_mutexes" 2016-09-14 11:56:21,017 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet" 2016-09-14 11:56:21,017 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes" 2016-09-14 11:56:21,018 [lib.cuckoo.core.plugins] DEBUG: Running signature "reads_self" 2016-09-14 11:56:21,018 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_beacon" 2016-09-14 11:56:21,018 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip" 2016-09-14 11:56:21,018 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint" 2016-09-14 11:56:21,019 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_programs" 2016-09-14 11:56:21,019 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_systeminfo" 2016-09-14 11:56:21,019 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_zoneid_ads" 2016-09-14 11:56:21,020 [lib.cuckoo.core.plugins] DEBUG: Running signature "secure_login_phish" 2016-09-14 11:56:21,020 [lib.cuckoo.core.plugins] DEBUG: Running signature "securityxploded_modules" 2016-09-14 11:56:21,020 [lib.cuckoo.core.plugins] DEBUG: Running signature "sets_autoconfig_url" 2016-09-14 11:56:21,020 [lib.cuckoo.core.plugins] DEBUG: Running signature "shifu_behavior" 2016-09-14 11:56:21,020 [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap" 2016-09-14 11:56:21,020 [lib.cuckoo.core.plugins] DEBUG: Running signature "spoofs_procname" 2016-09-14 11:56:21,021 [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf" 2016-09-14 11:56:21,021 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot" 2016-09-14 11:56:21,021 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode" 2016-09-14 11:56:21,021 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_dotnet_anomaly" 2016-09-14 11:56:21,021 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java" 2016-09-14 11:56:21,021 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pdf" 2016-09-14 11:56:21,021 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly" 2016-09-14 11:56:21,022 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config" 2016-09-14 11:56:21,022 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly" 2016-09-14 11:56:21,022 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_childproc" 2016-09-14 11:56:21,022 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_file" 2016-09-14 11:56:21,022 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hidden_extension" 2016-09-14 11:56:21,023 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg" 2016-09-14 11:56:21,024 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications" 2016-09-14 11:56:21,025 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_network" 2016-09-14 11:56:21,025 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_timeout" 2016-09-14 11:56:21,025 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory" 2016-09-14 11:56:21,025 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_window" 2016-09-14 11:56:21,025 [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert" 2016-09-14 11:56:21,026 [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame" 2016-09-14 11:56:21,026 [lib.cuckoo.core.plugins] DEBUG: Running signature "tinba_behavior" 2016-09-14 11:56:21,026 [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex" 2016-09-14 11:56:21,027 [lib.cuckoo.core.plugins] DEBUG: Running signature "troldesh_behavior" 2016-09-14 11:56:21,027 [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_behavior" 2016-09-14 11:56:21,027 [lib.cuckoo.core.plugins] DEBUG: Running signature "ursnif_behavior" 2016-09-14 11:56:21,027 [lib.cuckoo.core.plugins] DEBUG: Running signature "user_enum" 2016-09-14 11:56:21,027 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior" 2016-09-14 11:56:21,027 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior" 2016-09-14 11:56:21,027 [lib.cuckoo.core.plugins] DEBUG: Running signature "virus" 2016-09-14 11:56:21,028 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1" 2016-09-14 11:56:21,028 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1" 2016-09-14 11:56:21,028 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1" 2016-09-14 11:56:21,028 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2" 2016-09-14 11:56:21,028 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1" 2016-09-14 11:56:21,028 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2" 2016-09-14 11:56:21,028 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1" 2016-09-14 11:56:21,028 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1" 2016-09-14 11:56:21,029 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2" 2016-09-14 11:56:21,029 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3" 2016-09-14 11:56:21,029 [lib.cuckoo.core.plugins] DEBUG: Running signature "webmail_phish" 2016-09-14 11:56:21,029 [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create" 2016-09-14 11:56:21,029 [lib.cuckoo.core.plugins] DEBUG: Running signature "wscript_downloader_http" 2016-09-14 11:56:21,033 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "Compression" 2016-09-14 11:56:21,033 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump" 2016-09-14 11:56:21,039 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "ReportHTML" 2016-09-14 11:56:21,548 [lib.cuckoo.core.scheduler] INFO: Task #7: reports generation completed (path=/opt/cuckoo-modified/storage/analyses/7) 2016-09-14 11:56:21,569 [lib.cuckoo.core.scheduler] INFO: Task #7: analysis procedure completed

host_net_config successful_ping guest_fw_disabled tcpdump_no_communication agent_no_communication

nate-ray commented 7 years ago

the result server IP was set to the physical IP of the host (192.168.0.201). Changing it to the default gateway of vboxnet0 (192.168.56.1) resolved the issue.