Memory error with larger samples sizes

[keithjjones]

I tried to upload a 172MB file and I got this error:

Error: cuckoo1: unable to upload malware to analysis machine: <Fault 1: "<type 'exceptions.MemoryError'>:">

Is that an exception within cuckoo-modified? Or somewhere else?

[doomedraven]

there are limit 128mb

[keithjjones]

@doomedraven What mechanism limits this?

[doomedraven]

that one is in webgui so this probably now related

[keithjjones]

@doomedraven The web gui accepted it, it raised the exception when it tried to pass it to the running VM.

[doomedraven]

hm no idea then

[keithjjones]

@doomedraven

These are the relevant lines from the cuckoo.py process, if that helps:

2016-11-18 16:50:09,765 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=cuckoo1, ip=192.168.241.101)
2016-11-18 16:50:54,399 [lib.cuckoo.core.scheduler] ERROR: cuckoo1: unable to upload malware to analysis machine: <Fault 1: "<type 'exceptions.MemoryError'>:">
2016-11-18 16:50:55,522 [modules.processing.behavior] WARNING: Analysis results folder does not exist at path "/Source/cuckoo-modified/storage/analyses/16/logs".

[Nwinternights]

take a look there: https://github.com/cuckoosandbox/cuckoo/issues/754

[keithjjones]

Is that agent compatible?

[Nwinternights]

Nope, cuckoo mod uses XMLRPC. Probably this is the cause of upload size.

[keithjjones]

If it's not compatible, I'm not sure how this helps cuckoo mod? Am I missing something?

[KillerInstinct]

If I had to guess, it's probably an exception happening due to a memory leak somewhere on the guest (likely by the file you are trying to analyze)

Do you get the memory error immediately when it's trying to hit the VM? Or does it run for a little bit and you get some API logs back? Maybe try enabling the cpu/memory stats module. (Though it won't tell you what the problem is, just that it's happening)