search

spender-sandbox / cuckoo-modified

Modified edition of cuckoo
395 stars 178 forks source link

[lib.cuckoo.core.scheduler] ERROR: Analysis failed: invalid string pointer 0x03AF1C8000000000 #501

Closed usmanm259 closed 6 years ago

usmanm259 commented 6 years ago

config files

File: auxiliary.conf

https://pastebin.com/fCMyBBtf

File: cuckoo.conf

https://pastebin.com/c6ET1PX8

File: virtualbox.conf

https://pastebin.com/LqeSEgjv

When i run cuckoo in debug mode, this is the error which it shows

[lib.cuckoo.core.scheduler] ERROR: Analysis failed: invalid string pointer 0x03AF1C8000000000

sudo ./cuckoo.py -d

Cuckoo Sandbox 1.3-Optiv www.cuckoosandbox.org Copyright (c) 2010-2015

2018-02-20 18:34:21,838 [root] DEBUG: Importing modules... 2018-02-20 18:34:25,426 [root] DEBUG: Imported "signatures" modules: 2018-02-20 18:34:25,427 [root] DEBUG: |-- Andromeda_APIs 2018-02-20 18:34:25,427 [root] DEBUG: |-- AntiAnalysisDetectFile 2018-02-20 18:34:25,428 [root] DEBUG: |-- AntiAnalysisDetectReg 2018-02-20 18:34:25,428 [root] DEBUG: |-- AvastDetectLibs 2018-02-20 18:34:25,428 [root] DEBUG: |-- BitdefenderDetectLibs 2018-02-20 18:34:25,428 [root] DEBUG: |-- AntiAVDetectFile 2018-02-20 18:34:25,429 [root] DEBUG: |-- AntiAVDetectReg 2018-02-20 18:34:25,429 [root] DEBUG: |-- AntiAVServiceStop 2018-02-20 18:34:25,429 [root] DEBUG: |-- AntiAVSRP 2018-02-20 18:34:25,429 [root] DEBUG: |-- AntiDBGDevices 2018-02-20 18:34:25,430 [root] DEBUG: |-- AntiDBGWindows 2018-02-20 18:34:25,430 [root] DEBUG: |-- WineDetectReg 2018-02-20 18:34:25,430 [root] DEBUG: |-- WineDetectFunc 2018-02-20 18:34:25,430 [root] DEBUG: |-- AntiCuckoo 2018-02-20 18:34:25,431 [root] DEBUG: |-- SandboxJoeAnubisDetectFiles 2018-02-20 18:34:25,431 [root] DEBUG: |-- HookMouse 2018-02-20 18:34:25,431 [root] DEBUG: |-- GetProductID 2018-02-20 18:34:25,431 [root] DEBUG: |-- SandboxieDetectLibs 2018-02-20 18:34:25,432 [root] DEBUG: |-- AntisandboxSboxieMutex 2018-02-20 18:34:25,432 [root] DEBUG: |-- AntiSandboxSboxieObjects 2018-02-20 18:34:25,432 [root] DEBUG: |-- AntiSandboxSleep 2018-02-20 18:34:25,432 [root] DEBUG: |-- SunbeltDetectFiles 2018-02-20 18:34:25,432 [root] DEBUG: |-- SunbeltDetectLibs 2018-02-20 18:34:25,433 [root] DEBUG: |-- AntiSandboxSuspend 2018-02-20 18:34:25,433 [root] DEBUG: |-- Unhook 2018-02-20 18:34:25,433 [root] DEBUG: |-- KnownVirustotal 2018-02-20 18:34:25,433 [root] DEBUG: |-- AntiVMDirectoryObjects 2018-02-20 18:34:25,433 [root] DEBUG: |-- AntiVMBios 2018-02-20 18:34:25,433 [root] DEBUG: |-- AntiVMCPU 2018-02-20 18:34:25,433 [root] DEBUG: |-- DiskInformation 2018-02-20 18:34:25,434 [root] DEBUG: |-- SetupAPIDiskInformation 2018-02-20 18:34:25,434 [root] DEBUG: |-- AntiVMDiskReg 2018-02-20 18:34:25,434 [root] DEBUG: |-- AntiVMSCSI 2018-02-20 18:34:25,434 [root] DEBUG: |-- AntiVMServices 2018-02-20 18:34:25,434 [root] DEBUG: |-- AntiVMSystem 2018-02-20 18:34:25,434 [root] DEBUG: |-- VBoxDetectACPI 2018-02-20 18:34:25,434 [root] DEBUG: |-- VBoxDetectDevices 2018-02-20 18:34:25,434 [root] DEBUG: |-- VBoxDetectFiles 2018-02-20 18:34:25,435 [root] DEBUG: |-- VBoxDetectKeys 2018-02-20 18:34:25,435 [root] DEBUG: |-- VBoxDetectLibs 2018-02-20 18:34:25,435 [root] DEBUG: |-- VBoxDetectProvname 2018-02-20 18:34:25,435 [root] DEBUG: |-- VBoxDetectWindow 2018-02-20 18:34:25,435 [root] DEBUG: |-- VMwareDetectDevices 2018-02-20 18:34:25,435 [root] DEBUG: |-- VMwareDetectEvent 2018-02-20 18:34:25,435 [root] DEBUG: |-- VMwareDetectFiles 2018-02-20 18:34:25,435 [root] DEBUG: |-- VMwareDetectKeys 2018-02-20 18:34:25,436 [root] DEBUG: |-- VMwareDetectLibs 2018-02-20 18:34:25,436 [root] DEBUG: |-- VMwareDetectMutexes 2018-02-20 18:34:25,436 [root] DEBUG: |-- VPCDetectFiles 2018-02-20 18:34:25,436 [root] DEBUG: |-- VPCDetectKeys 2018-02-20 18:34:25,436 [root] DEBUG: |-- VPCDetectMutex 2018-02-20 18:34:25,436 [root] DEBUG: |-- BadCerts 2018-02-20 18:34:25,436 [root] DEBUG: |-- BadSSLCerts 2018-02-20 18:34:25,436 [root] DEBUG: |-- Cridex 2018-02-20 18:34:25,437 [root] DEBUG: |-- Geodo 2018-02-20 18:34:25,437 [root] DEBUG: |-- Prinimalka 2018-02-20 18:34:25,437 [root] DEBUG: |-- SpyEyeMutexes 2018-02-20 18:34:25,437 [root] DEBUG: |-- ZeusMutexes 2018-02-20 18:34:25,437 [root] DEBUG: |-- ZeusP2P 2018-02-20 18:34:25,437 [root] DEBUG: |-- ZeusURL 2018-02-20 18:34:25,437 [root] DEBUG: |-- BetaBot_APIs 2018-02-20 18:34:25,437 [root] DEBUG: |-- BitcoinOpenCL 2018-02-20 18:34:25,438 [root] DEBUG: |-- Bootkit 2018-02-20 18:34:25,438 [root] DEBUG: |-- AthenaHttp 2018-02-20 18:34:25,438 [root] DEBUG: |-- DirtJumper 2018-02-20 18:34:25,438 [root] DEBUG: |-- Drive 2018-02-20 18:34:25,438 [root] DEBUG: |-- Drive2 2018-02-20 18:34:25,438 [root] DEBUG: |-- Madness 2018-02-20 18:34:25,438 [root] DEBUG: |-- Ruskill 2018-02-20 18:34:25,438 [root] DEBUG: |-- BrowserAddon 2018-02-20 18:34:25,438 [root] DEBUG: |-- BrowserHelperObject 2018-02-20 18:34:25,439 [root] DEBUG: |-- ModifyProxy 2018-02-20 18:34:25,439 [root] DEBUG: |-- BrowserScanbox 2018-02-20 18:34:25,439 [root] DEBUG: |-- BrowserSecurity 2018-02-20 18:34:25,439 [root] DEBUG: |-- browser_startpage 2018-02-20 18:34:25,439 [root] DEBUG: |-- BypassFirewall 2018-02-20 18:34:25,439 [root] DEBUG: |-- CarberpMutexes 2018-02-20 18:34:25,439 [root] DEBUG: |-- Chimera_APIs 2018-02-20 18:34:25,439 [root] DEBUG: |-- ClickfraudCookies 2018-02-20 18:34:25,440 [root] DEBUG: |-- ClickfraudVolume 2018-02-20 18:34:25,440 [root] DEBUG: |-- CopiesSelf 2018-02-20 18:34:25,440 [root] DEBUG: |-- CreatesExe 2018-02-20 18:34:25,440 [root] DEBUG: |-- CreatesLargeKey 2018-02-20 18:34:25,440 [root] DEBUG: |-- CreatesNullValue 2018-02-20 18:34:25,440 [root] DEBUG: |-- CriticalProcess 2018-02-20 18:34:25,440 [root] DEBUG: |-- CryptoWall_APIs 2018-02-20 18:34:25,440 [root] DEBUG: |-- DarkCometRegkeys 2018-02-20 18:34:25,441 [root] DEBUG: |-- DeadLink 2018-02-20 18:34:25,441 [root] DEBUG: |-- DebugsSelf 2018-02-20 18:34:25,441 [root] DEBUG: |-- DeepFreezeMutex 2018-02-20 18:34:25,441 [root] DEBUG: |-- DeletesSelf 2018-02-20 18:34:25,441 [root] DEBUG: |-- DeletesShadowCopies 2018-02-20 18:34:25,441 [root] DEBUG: |-- DEPBypass 2018-02-20 18:34:25,441 [root] DEBUG: |-- DEPDisable 2018-02-20 18:34:25,441 [root] DEBUG: |-- DisablesBrowserWarn 2018-02-20 18:34:25,442 [root] DEBUG: |-- DisablesSPDY 2018-02-20 18:34:25,442 [root] DEBUG: |-- DisablesSystemRestore 2018-02-20 18:34:25,442 [root] DEBUG: |-- DisablesUAC 2018-02-20 18:34:25,442 [root] DEBUG: |-- DisablesWER 2018-02-20 18:34:25,442 [root] DEBUG: |-- DisablesWFP 2018-02-20 18:34:25,442 [root] DEBUG: |-- DisablesWindowsUpdate 2018-02-20 18:34:25,442 [root] DEBUG: |-- DownloaderCabby 2018-02-20 18:34:25,442 [root] DEBUG: |-- Dridex_APIs 2018-02-20 18:34:25,443 [root] DEBUG: |-- DriverLoad 2018-02-20 18:34:25,443 [root] DEBUG: |-- Dropper 2018-02-20 18:34:25,443 [root] DEBUG: |-- Dyre_APIs 2018-02-20 18:34:25,443 [root] DEBUG: |-- Angler_JS 2018-02-20 18:34:25,443 [root] DEBUG: |-- Gondad_JS 2018-02-20 18:34:25,443 [root] DEBUG: |-- HeapSpray_JS 2018-02-20 18:34:25,443 [root] DEBUG: |-- Java_JS 2018-02-20 18:34:25,443 [root] DEBUG: |-- Neutrino_JS 2018-02-20 18:34:25,443 [root] DEBUG: |-- Nuclear_JS 2018-02-20 18:34:25,444 [root] DEBUG: |-- RIG_JS 2018-02-20 18:34:25,444 [root] DEBUG: |-- Silverlight_JS 2018-02-20 18:34:25,444 [root] DEBUG: |-- Virtualcheck_JS 2018-02-20 18:34:25,444 [root] DEBUG: |-- EncryptedIOC 2018-02-20 18:34:25,444 [root] DEBUG: |-- Crash 2018-02-20 18:34:25,444 [root] DEBUG: |-- SystemMetrics 2018-02-20 18:34:25,444 [root] DEBUG: |-- Generic_Phish 2018-02-20 18:34:25,444 [root] DEBUG: |-- HawkEye_APIs 2018-02-20 18:34:25,445 [root] DEBUG: |-- BitcoinWallet 2018-02-20 18:34:25,445 [root] DEBUG: |-- BrowserStealer 2018-02-20 18:34:25,445 [root] DEBUG: |-- FTPStealer 2018-02-20 18:34:25,445 [root] DEBUG: |-- IMStealer 2018-02-20 18:34:25,445 [root] DEBUG: |-- KeyLogger 2018-02-20 18:34:25,445 [root] DEBUG: |-- EmailStealer 2018-02-20 18:34:25,445 [root] DEBUG: |-- InjectionCRT 2018-02-20 18:34:25,445 [root] DEBUG: |-- InjectionExplorer 2018-02-20 18:34:25,445 [root] DEBUG: |-- InjectionExtension 2018-02-20 18:34:25,446 [root] DEBUG: |-- InjectionRUNPE 2018-02-20 18:34:25,446 [root] DEBUG: |-- InjectionRWX 2018-02-20 18:34:25,446 [root] DEBUG: |-- Internet_Dropper 2018-02-20 18:34:25,446 [root] DEBUG: |-- JS_Phish 2018-02-20 18:34:25,446 [root] DEBUG: |-- KazyBot_APIs 2018-02-20 18:34:25,446 [root] DEBUG: |-- Kibex_APIs 2018-02-20 18:34:25,446 [root] DEBUG: |-- KrakenMutexes 2018-02-20 18:34:25,446 [root] DEBUG: |-- DisableRegedit 2018-02-20 18:34:25,446 [root] DEBUG: |-- DisableTaskMgr 2018-02-20 18:34:25,447 [root] DEBUG: |-- MartiansIE 2018-02-20 18:34:25,447 [root] DEBUG: |-- MimicsAgent 2018-02-20 18:34:25,447 [root] DEBUG: |-- MimicsExtension 2018-02-20 18:34:25,447 [root] DEBUG: |-- MimicsFiletime 2018-02-20 18:34:25,447 [root] DEBUG: |-- MimicsIcon 2018-02-20 18:34:25,447 [root] DEBUG: |-- ModifiesCerts 2018-02-20 18:34:25,447 [root] DEBUG: |-- Modifies_HostFile 2018-02-20 18:34:25,447 [root] DEBUG: |-- ModifySecurityCenterWarnings 2018-02-20 18:34:25,447 [root] DEBUG: |-- ModifiesUACNotify 2018-02-20 18:34:25,447 [root] DEBUG: |-- Multiple_UA 2018-02-20 18:34:25,448 [root] DEBUG: |-- NetworkAnomaly 2018-02-20 18:34:25,448 [root] DEBUG: |-- NetworkBIND 2018-02-20 18:34:25,448 [root] DEBUG: |-- NetworkCnCHTTP 2018-02-20 18:34:25,448 [root] DEBUG: |-- NetworkDGA 2018-02-20 18:34:25,448 [root] DEBUG: |-- NetworkHTTP 2018-02-20 18:34:25,448 [root] DEBUG: |-- NetworkICMP 2018-02-20 18:34:25,448 [root] DEBUG: |-- NetworkIRC 2018-02-20 18:34:25,448 [root] DEBUG: |-- NetworkSMTP 2018-02-20 18:34:25,448 [root] DEBUG: |-- Tor 2018-02-20 18:34:25,449 [root] DEBUG: |-- TorHiddenService 2018-02-20 18:34:25,449 [root] DEBUG: |-- TorGateway 2018-02-20 18:34:25,449 [root] DEBUG: |-- OfficeDLWritesEXE 2018-02-20 18:34:25,449 [root] DEBUG: |-- Office_Macro 2018-02-20 18:34:25,449 [root] DEBUG: |-- OfficeSecurity 2018-02-20 18:34:25,449 [root] DEBUG: |-- Office_Suspicious 2018-02-20 18:34:25,449 [root] DEBUG: |-- BuildLangID 2018-02-20 18:34:25,449 [root] DEBUG: |-- ResourceLangID 2018-02-20 18:34:25,449 [root] DEBUG: |-- ArmadilloMutex 2018-02-20 18:34:25,449 [root] DEBUG: |-- ArmadilloRegKey 2018-02-20 18:34:25,450 [root] DEBUG: |-- PackerEntropy 2018-02-20 18:34:25,450 [root] DEBUG: |-- ThemidaPacked 2018-02-20 18:34:25,450 [root] DEBUG: |-- UPXCompressed 2018-02-20 18:34:25,450 [root] DEBUG: |-- VMPPacked 2018-02-20 18:34:25,450 [root] DEBUG: |-- PDF_Annot_URLs 2018-02-20 18:34:25,450 [root] DEBUG: |-- PDF_EOF 2018-02-20 18:34:25,450 [root] DEBUG: |-- PDF_Page 2018-02-20 18:34:25,450 [root] DEBUG: |-- ADS 2018-02-20 18:34:25,450 [root] DEBUG: |-- Autorun 2018-02-20 18:34:25,451 [root] DEBUG: |-- PersistenceService 2018-02-20 18:34:25,451 [root] DEBUG: |-- Polymorphic 2018-02-20 18:34:25,451 [root] DEBUG: |-- Pony_APIs 2018-02-20 18:34:25,451 [root] DEBUG: |-- PowershellCommand 2018-02-20 18:34:25,451 [root] DEBUG: |-- PreventsSafeboot 2018-02-20 18:34:25,451 [root] DEBUG: |-- ProcessInterest 2018-02-20 18:34:25,451 [root] DEBUG: |-- ProcessNeeded 2018-02-20 18:34:25,451 [root] DEBUG: |-- Procmem_Yara 2018-02-20 18:34:25,451 [root] DEBUG: |-- RansomwareExtensions 2018-02-20 18:34:25,452 [root] DEBUG: |-- RansomwareFiles 2018-02-20 18:34:25,452 [root] DEBUG: |-- RansomwareRecyclebin 2018-02-20 18:34:25,452 [root] DEBUG: |-- BeebusMutexes 2018-02-20 18:34:25,452 [root] DEBUG: |-- FynloskiMutexes 2018-02-20 18:34:25,452 [root] DEBUG: |-- PcClientMutexes 2018-02-20 18:34:25,452 [root] DEBUG: |-- PlugxMutexes 2018-02-20 18:34:25,452 [root] DEBUG: |-- PoisonIvyMutexes 2018-02-20 18:34:25,452 [root] DEBUG: |-- SpynetRat 2018-02-20 18:34:25,452 [root] DEBUG: |-- XtremeMutexes 2018-02-20 18:34:25,452 [root] DEBUG: |-- ReadsSelf 2018-02-20 18:34:25,453 [root] DEBUG: |-- Recon_Beacon 2018-02-20 18:34:25,453 [root] DEBUG: |-- CheckIP 2018-02-20 18:34:25,453 [root] DEBUG: |-- Fingerprint 2018-02-20 18:34:25,453 [root] DEBUG: |-- InstalledApps 2018-02-20 18:34:25,453 [root] DEBUG: |-- SystemInfo 2018-02-20 18:34:25,453 [root] DEBUG: |-- RemovesZoneIdADS 2018-02-20 18:34:25,453 [root] DEBUG: |-- Secure_Login_Phish 2018-02-20 18:34:25,453 [root] DEBUG: |-- SetsAutoconfigURL 2018-02-20 18:34:25,453 [root] DEBUG: |-- Shifu_APIs 2018-02-20 18:34:25,454 [root] DEBUG: |-- InstallsWinpcap 2018-02-20 18:34:25,454 [root] DEBUG: |-- SpoofsProcname 2018-02-20 18:34:25,454 [root] DEBUG: |-- CreatesAutorunInf 2018-02-20 18:34:25,454 [root] DEBUG: |-- StackPivot 2018-02-20 18:34:25,454 [root] DEBUG: |-- Authenticode 2018-02-20 18:34:25,454 [root] DEBUG: |-- Static_Java 2018-02-20 18:34:25,455 [root] DEBUG: |-- PEAnomaly 2018-02-20 18:34:25,455 [root] DEBUG: |-- RATConfig 2018-02-20 18:34:25,455 [root] DEBUG: |-- VersionInfoAnomaly 2018-02-20 18:34:25,455 [root] DEBUG: |-- StealthChildProc 2018-02-20 18:34:25,455 [root] DEBUG: |-- StealthFile 2018-02-20 18:34:25,455 [root] DEBUG: |-- StealthHiddenReg 2018-02-20 18:34:25,455 [root] DEBUG: |-- StealthHideNotifications 2018-02-20 18:34:25,456 [root] DEBUG: |-- StealthNetwork 2018-02-20 18:34:25,456 [root] DEBUG: |-- StealthTimeout 2018-02-20 18:34:25,456 [root] DEBUG: |-- StealthWebHistory 2018-02-20 18:34:25,456 [root] DEBUG: |-- Hidden_Window 2018-02-20 18:34:25,456 [root] DEBUG: |-- SuricataAlert 2018-02-20 18:34:25,456 [root] DEBUG: |-- Flame 2018-02-20 18:34:25,456 [root] DEBUG: |-- Tinba_APIs 2018-02-20 18:34:25,456 [root] DEBUG: |-- FleerCivetMutexes 2018-02-20 18:34:25,457 [root] DEBUG: |-- Upatre_APIs 2018-02-20 18:34:25,457 [root] DEBUG: |-- Vawtrak_APIs 2018-02-20 18:34:25,457 [root] DEBUG: |-- Vawtrak_APIs 2018-02-20 18:34:25,457 [root] DEBUG: |-- Virus 2018-02-20 18:34:25,457 [root] DEBUG: |-- VolDevicetree1 2018-02-20 18:34:25,457 [root] DEBUG: |-- VolHandles1 2018-02-20 18:34:25,457 [root] DEBUG: |-- VolLdrModules1 2018-02-20 18:34:25,457 [root] DEBUG: |-- VolLdrModules2 2018-02-20 18:34:25,458 [root] DEBUG: |-- VolMalfind1 2018-02-20 18:34:25,458 [root] DEBUG: |-- VolMalfind2 2018-02-20 18:34:25,458 [root] DEBUG: |-- VolModscan1 2018-02-20 18:34:25,458 [root] DEBUG: |-- VolSvcscan1 2018-02-20 18:34:25,458 [root] DEBUG: |-- VolSvcscan2 2018-02-20 18:34:25,458 [root] DEBUG: |-- VolSvcscan3 2018-02-20 18:34:25,458 [root] DEBUG: |-- Webmail_Phish 2018-02-20 18:34:25,458 [root] DEBUG: -- WHOIS_Create 2018-02-20 18:34:25,459 [root] DEBUG: Imported "auxiliary" modules: 2018-02-20 18:34:25,459 [root] DEBUG: |-- Sniffer 2018-02-20 18:34:25,459 [root] DEBUG:-- Tor 2018-02-20 18:34:25,459 [root] DEBUG: Imported "processing" modules: 2018-02-20 18:34:25,459 [root] DEBUG: |-- AnalysisInfo 2018-02-20 18:34:25,459 [root] DEBUG: |-- BehaviorAnalysis 2018-02-20 18:34:25,459 [root] DEBUG: |-- CIF 2018-02-20 18:34:25,459 [root] DEBUG: |-- Debug 2018-02-20 18:34:25,460 [root] DEBUG: |-- Dropped 2018-02-20 18:34:25,460 [root] DEBUG: |-- Memory 2018-02-20 18:34:25,460 [root] DEBUG: |-- NetworkAnalysis 2018-02-20 18:34:25,460 [root] DEBUG: |-- ProcessMemory 2018-02-20 18:34:25,460 [root] DEBUG: |-- Static 2018-02-20 18:34:25,460 [root] DEBUG: |-- Strings 2018-02-20 18:34:25,460 [root] DEBUG: |-- Suricata 2018-02-20 18:34:25,460 [root] DEBUG: |-- TargetInfo 2018-02-20 18:34:25,461 [root] DEBUG: -- VirusTotal 2018-02-20 18:34:25,461 [root] DEBUG: Imported "machinery" modules: 2018-02-20 18:34:25,461 [root] DEBUG:-- VirtualBox 2018-02-20 18:34:25,461 [root] DEBUG: Imported "feeds" modules: 2018-02-20 18:34:25,461 [root] DEBUG: -- AbuseCH_SSL 2018-02-20 18:34:25,461 [root] DEBUG: Imported "reporting" modules: 2018-02-20 18:34:25,461 [root] DEBUG: |-- ElasticsearchDB 2018-02-20 18:34:25,461 [root] DEBUG: |-- IOCAware_STIX 2018-02-20 18:34:25,462 [root] DEBUG: |-- JsonDump 2018-02-20 18:34:25,462 [root] DEBUG: |-- MAEC41Report 2018-02-20 18:34:25,462 [root] DEBUG: |-- Malheur 2018-02-20 18:34:25,462 [root] DEBUG: |-- MMDef 2018-02-20 18:34:25,462 [root] DEBUG: |-- Moloch 2018-02-20 18:34:25,462 [root] DEBUG: |-- MongoDB 2018-02-20 18:34:25,462 [root] DEBUG: |-- ReportHTML 2018-02-20 18:34:25,462 [root] DEBUG: |-- ReportHTMLSummary 2018-02-20 18:34:25,463 [root] DEBUG: |-- ReportPDF 2018-02-20 18:34:25,463 [root] DEBUG: |-- ReSubmitExtractedEXE 2018-02-20 18:34:25,463 [root] DEBUG:-- Syslog 2018-02-20 18:34:25,856 [root] DEBUG: Checking for locked tasks... 2018-02-20 18:34:25,945 [root] DEBUG: Initializing Yara... 2018-02-20 18:34:25,982 [root] DEBUG: |-- index_binaries.yar 2018-02-20 18:34:25,982 [root] DEBUG: |-- index_memory.yar 2018-02-20 18:34:25,982 [root] DEBUG: |-- index_malware.yar 2018-02-20 18:34:25,983 [root] DEBUG: |-- index_Malicious_Documents.yar 2018-02-20 18:34:25,983 [root] DEBUG: |-- index_Exploit-Kits.yar 2018-02-20 18:34:25,983 [root] DEBUG: |-- index_Mobile_Malware.yar 2018-02-20 18:34:25,984 [root] DEBUG: |-- index_Webshells.yar 2018-02-20 18:34:25,984 [root] DEBUG: |-- index_Antidebug_AntiVM.yar 2018-02-20 18:34:25,984 [root] DEBUG: |-- index_Crypto.yar 2018-02-20 18:34:25,985 [root] DEBUG: |-- index_CVE_Rules.yar 2018-02-20 18:34:25,985 [root] DEBUG: |-- index_email.yar 2018-02-20 18:34:25,985 [root] DEBUG: `-- index_Packers.yar 2018-02-20 18:34:25,988 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042. 2018-02-20 18:34:25,990 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" machine manager with max_analysis_count=0, max_machines_count=0, and max_vmstartup_count=10 2018-02-20 18:34:26,462 [modules.machinery.virtualbox] DEBUG: Getting status for win7 2018-02-20 18:34:26,548 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved 2018-02-20 18:34:26,619 [modules.machinery.virtualbox] DEBUG: Stopping vm win7 2018-02-20 18:34:26,620 [modules.machinery.virtualbox] DEBUG: Getting status for win7 2018-02-20 18:34:26,701 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved 2018-02-20 18:34:27,768 [modules.machinery.virtualbox] DEBUG: VBoxManage exited with error powering off the machine 2018-02-20 18:34:27,769 [modules.machinery.virtualbox] DEBUG: Getting status for win7 2018-02-20 18:34:27,857 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved 2018-02-20 18:34:27,949 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s 2018-02-20 18:34:27,959 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.

2018-02-20 18:35:44,697 [lib.cuckoo.core.scheduler] DEBUG: Processing task #4 2018-02-20 18:35:44,700 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "/opt/cuckoo-tmp/uploadTVHMQD/09a18cd7e004ce10b0a6b11f11f3333a.exe" (task=4) 2018-02-20 18:35:44,729 [lib.cuckoo.core.scheduler] INFO: File already exists at "/opt/cuckoo/storage/binaries/77da6a1941ac1971785cc85657bb2301eaa3ca8969ec9dc8c9739e9d9fcb4903" 2018-02-20 18:35:44,800 [lib.cuckoo.core.scheduler] INFO: Task #4: acquired machine win7 (label=win7) 2018-02-20 18:35:44,864 [modules.machinery.virtualbox] DEBUG: Starting vm win7 2018-02-20 18:35:44,865 [modules.machinery.virtualbox] DEBUG: Getting status for win7 2018-02-20 18:35:44,948 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved 2018-02-20 18:35:45,009 [modules.machinery.virtualbox] DEBUG: Using current snapshot for virtual machine win7 2018-02-20 18:35:45,413 [modules.machinery.virtualbox] DEBUG: Getting status for win7 2018-02-20 18:35:45,486 [modules.machinery.virtualbox] DEBUG: Machine win7 status saved 2018-02-20 18:35:49,632 [modules.machinery.virtualbox] DEBUG: Getting status for win7 2018-02-20 18:35:49,743 [modules.machinery.virtualbox] DEBUG: Machine win7 status running 2018-02-20 18:35:49,966 [modules.auxiliary.sniffer] INFO: Started sniffer with PID 3180 (interface=vboxnet0, host=192.168.56.101, dump path=/opt/cuckoo/storage/analyses/4/dump.pcap) 2018-02-20 18:35:49,967 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer 2018-02-20 18:35:49,967 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Tor 2018-02-20 18:35:49,970 [lib.cuckoo.core.guest] INFO: Starting analysis on guest (id=win7, ip=192.168.56.101) 2018-02-20 18:35:49,970 [lib.cuckoo.core.guest] DEBUG: Automatically increased critical timeout to 60 2018-02-20 18:35:49,970 [lib.cuckoo.core.guest] DEBUG: win7: waiting for status 0x0001 2018-02-20 18:35:57,178 [lib.cuckoo.core.guest] DEBUG: win7: status ready 2018-02-20 18:35:57,347 [lib.cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7, ip=192.168.56.101) 2018-02-20 18:35:57,723 [lib.cuckoo.core.guest] DEBUG: win7: analyzer started with PID 2096 2018-02-20 18:35:57,723 [lib.cuckoo.core.guest] DEBUG: win7: waiting for completion 2018-02-20 18:35:58,730 [lib.cuckoo.core.guest] DEBUG: win7: analysis not completed yet (status=2) 2018-02-20 18:35:58,944 [lib.cuckoo.core.resultserver] DEBUG: New connection from: 192.168.56.101:49159 2018-02-20 18:35:58,945 [lib.cuckoo.core.resultserver] DEBUG: LogHandler for live analysis.log initialized. 2018-02-20 18:35:59,437 [lib.cuckoo.core.resultserver] DEBUG: Connection closed: 192.168.56.101:49159 2018-02-20 18:35:59,738 [lib.cuckoo.core.scheduler] ERROR: Analysis failed: invalid string pointer 0x03AF1C8000000000_ 2018-02-20 18:36:00,086 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer 2018-02-20 18:36:00,086 [lib.cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Tor 2018-02-20 18:36:00,086 [modules.machinery.virtualbox] DEBUG: Stopping vm win7 2018-02-20 18:36:00,086 [modules.machinery.virtualbox] DEBUG: Getting status for win7 2018-02-20 18:36:00,167 [modules.machinery.virtualbox] DEBUG: Machine win7 status running 2018-02-20 18:36:01,221 [modules.machinery.virtualbox] DEBUG: Getting status for win7 2018-02-20 18:36:01,305 [modules.machinery.virtualbox] DEBUG: Machine win7 status poweroff 2018-02-20 18:36:01,538 [lib.cuckoo.core.scheduler] DEBUG: Released database task #4 with status False 2018-02-20 18:36:01,540 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "AnalysisInfo" on analysis at "/opt/cuckoo/storage/analyses/4" 2018-02-20 18:36:01,598 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "BehaviorAnalysis" on analysis at "/opt/cuckoo/storage/analyses/4" 2018-02-20 18:36:01,599 [modules.processing.behavior] INFO: Analysis results folder does not contain any file or injection was disabled. 2018-02-20 18:36:01,599 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Debug" on analysis at "/opt/cuckoo/storage/analyses/4" 2018-02-20 18:36:01,602 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Dropped" on analysis at "/opt/cuckoo/storage/analyses/4" 2018-02-20 18:36:01,603 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "NetworkAnalysis" on analysis at "/opt/cuckoo/storage/analyses/4" 2018-02-20 18:36:02,615 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Static" on analysis at "/opt/cuckoo/storage/analyses/4" 2018-02-20 18:36:02,642 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "Strings" on analysis at "/opt/cuckoo/storage/analyses/4" 2018-02-20 18:36:02,642 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "TargetInfo" on analysis at "/opt/cuckoo/storage/analyses/4" 2018-02-20 18:36:02,670 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "VirusTotal" on analysis at "/opt/cuckoo/storage/analyses/4" 2018-02-20 18:36:04,995 [lib.cuckoo.core.plugins] DEBUG: Executing processing module "ProcessMemory" on analysis at "/opt/cuckoo/storage/analyses/4" 2018-02-20 18:36:05,043 [lib.cuckoo.core.plugins] DEBUG: Applying signature overlays for signatures: creates_exe 2018-02-20 18:36:05,043 [lib.cuckoo.core.plugins] DEBUG: Running 104 evented signatures 2018-02-20 18:36:05,043 [lib.cuckoo.core.plugins] DEBUG: |-- andromeda_behavior 2018-02-20 18:36:05,044 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_avast_libs 2018-02-20 18:36:05,044 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_bitdefender_libs 2018-02-20 18:36:05,044 [lib.cuckoo.core.plugins] DEBUG: |-- antiav_servicestop 2018-02-20 18:36:05,044 [lib.cuckoo.core.plugins] DEBUG: |-- antidbg_windows 2018-02-20 18:36:05,044 [lib.cuckoo.core.plugins] DEBUG: |-- antiemu_wine_func 2018-02-20 18:36:05,044 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_cuckoo 2018-02-20 18:36:05,044 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_mouse_hook 2018-02-20 18:36:05,044 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_libs 2018-02-20 18:36:05,044 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sboxie_objects 2018-02-20 18:36:05,045 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sleep 2018-02-20 18:36:05,045 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_sunbelt_libs 2018-02-20 18:36:05,045 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_suspend 2018-02-20 18:36:05,045 [lib.cuckoo.core.plugins] DEBUG: |-- antisandbox_unhook 2018-02-20 18:36:05,045 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_directory_objects 2018-02-20 18:36:05,045 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk 2018-02-20 18:36:05,045 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_disk_setupapi 2018-02-20 18:36:05,045 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_scsi 2018-02-20 18:36:05,045 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_generic_services 2018-02-20 18:36:05,046 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_libs 2018-02-20 18:36:05,046 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_provname 2018-02-20 18:36:05,046 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vbox_window 2018-02-20 18:36:05,046 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_events 2018-02-20 18:36:05,046 [lib.cuckoo.core.plugins] DEBUG: |-- antivm_vmware_libs 2018-02-20 18:36:05,046 [lib.cuckoo.core.plugins] DEBUG: |-- geodo_banking_trojan 2018-02-20 18:36:05,046 [lib.cuckoo.core.plugins] DEBUG: |-- banker_prinimalka 2018-02-20 18:36:05,046 [lib.cuckoo.core.plugins] DEBUG: |-- betabot_behavior 2018-02-20 18:36:05,046 [lib.cuckoo.core.plugins] DEBUG: |-- bootkit 2018-02-20 18:36:05,046 [lib.cuckoo.core.plugins] DEBUG: |-- browser_scanbox 2018-02-20 18:36:05,047 [lib.cuckoo.core.plugins] DEBUG: |-- chimera_behavior 2018-02-20 18:36:05,047 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_cookies 2018-02-20 18:36:05,047 [lib.cuckoo.core.plugins] DEBUG: |-- clickfraud_volume 2018-02-20 18:36:05,047 [lib.cuckoo.core.plugins] DEBUG: |-- creates_largekey 2018-02-20 18:36:05,047 [lib.cuckoo.core.plugins] DEBUG: |-- creates_nullvalue 2018-02-20 18:36:05,047 [lib.cuckoo.core.plugins] DEBUG: |-- critical_process 2018-02-20 18:36:05,047 [lib.cuckoo.core.plugins] DEBUG: |-- cryptowall_behavior 2018-02-20 18:36:05,047 [lib.cuckoo.core.plugins] DEBUG: |-- dead_link 2018-02-20 18:36:05,047 [lib.cuckoo.core.plugins] DEBUG: |-- debugs_self 2018-02-20 18:36:05,047 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_self 2018-02-20 18:36:05,048 [lib.cuckoo.core.plugins] DEBUG: |-- deletes_shadow_copies 2018-02-20 18:36:05,048 [lib.cuckoo.core.plugins] DEBUG: |-- dep_bypass 2018-02-20 18:36:05,048 [lib.cuckoo.core.plugins] DEBUG: |-- dep_disable 2018-02-20 18:36:05,048 [lib.cuckoo.core.plugins] DEBUG: |-- disables_spdy 2018-02-20 18:36:05,048 [lib.cuckoo.core.plugins] DEBUG: |-- disables_wfp 2018-02-20 18:36:05,048 [lib.cuckoo.core.plugins] DEBUG: |-- dridex_behavior 2018-02-20 18:36:05,048 [lib.cuckoo.core.plugins] DEBUG: |-- driver_load 2018-02-20 18:36:05,048 [lib.cuckoo.core.plugins] DEBUG: |-- dyre_behavior 2018-02-20 18:36:05,048 [lib.cuckoo.core.plugins] DEBUG: |-- angler_js 2018-02-20 18:36:05,049 [lib.cuckoo.core.plugins] DEBUG: |-- gondad_js 2018-02-20 18:36:05,049 [lib.cuckoo.core.plugins] DEBUG: |-- heapspray_js 2018-02-20 18:36:05,049 [lib.cuckoo.core.plugins] DEBUG: |-- java_js 2018-02-20 18:36:05,049 [lib.cuckoo.core.plugins] DEBUG: |-- Neutrino_js 2018-02-20 18:36:05,049 [lib.cuckoo.core.plugins] DEBUG: |-- nuclear_js 2018-02-20 18:36:05,049 [lib.cuckoo.core.plugins] DEBUG: |-- rig_js 2018-02-20 18:36:05,049 [lib.cuckoo.core.plugins] DEBUG: |-- silverlight_js 2018-02-20 18:36:05,049 [lib.cuckoo.core.plugins] DEBUG: |-- virtualcheck_js 2018-02-20 18:36:05,049 [lib.cuckoo.core.plugins] DEBUG: |-- encrypted_ioc 2018-02-20 18:36:05,049 [lib.cuckoo.core.plugins] DEBUG: |-- exec_crash 2018-02-20 18:36:05,050 [lib.cuckoo.core.plugins] DEBUG: |-- generic_phish 2018-02-20 18:36:05,050 [lib.cuckoo.core.plugins] DEBUG: |-- hawkeye_behavior 2018-02-20 18:36:05,050 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_browser 2018-02-20 18:36:05,050 [lib.cuckoo.core.plugins] DEBUG: |-- infostealer_keylog 2018-02-20 18:36:05,050 [lib.cuckoo.core.plugins] DEBUG: |-- injection_createremotethread 2018-02-20 18:36:05,050 [lib.cuckoo.core.plugins] DEBUG: |-- injection_explorer 2018-02-20 18:36:05,050 [lib.cuckoo.core.plugins] DEBUG: |-- injection_needextension 2018-02-20 18:36:05,050 [lib.cuckoo.core.plugins] DEBUG: |-- injection_runpe 2018-02-20 18:36:05,050 [lib.cuckoo.core.plugins] DEBUG: |-- injection_rwx 2018-02-20 18:36:05,050 [lib.cuckoo.core.plugins] DEBUG: |-- internet_dropper 2018-02-20 18:36:05,051 [lib.cuckoo.core.plugins] DEBUG: |-- js_phish 2018-02-20 18:36:05,051 [lib.cuckoo.core.plugins] DEBUG: |-- kazybot_behavior 2018-02-20 18:36:05,051 [lib.cuckoo.core.plugins] DEBUG: |-- kibex_behavior 2018-02-20 18:36:05,051 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_agent 2018-02-20 18:36:05,051 [lib.cuckoo.core.plugins] DEBUG: |-- mimics_filetime 2018-02-20 18:36:05,051 [lib.cuckoo.core.plugins] DEBUG: |-- multiple_useragents 2018-02-20 18:36:05,051 [lib.cuckoo.core.plugins] DEBUG: |-- network_anomaly 2018-02-20 18:36:05,051 [lib.cuckoo.core.plugins] DEBUG: |-- network_bind 2018-02-20 18:36:05,051 [lib.cuckoo.core.plugins] DEBUG: |-- network_tor 2018-02-20 18:36:05,052 [lib.cuckoo.core.plugins] DEBUG: |-- office_dl_write_exe 2018-02-20 18:36:05,052 [lib.cuckoo.core.plugins] DEBUG: |-- packer_themida 2018-02-20 18:36:05,052 [lib.cuckoo.core.plugins] DEBUG: |-- persistence_autorun 2018-02-20 18:36:05,052 [lib.cuckoo.core.plugins] DEBUG: |-- pony_behavior 2018-02-20 18:36:05,052 [lib.cuckoo.core.plugins] DEBUG: |-- powershell_command 2018-02-20 18:36:05,052 [lib.cuckoo.core.plugins] DEBUG: |-- process_interest 2018-02-20 18:36:05,052 [lib.cuckoo.core.plugins] DEBUG: |-- process_needed 2018-02-20 18:36:05,052 [lib.cuckoo.core.plugins] DEBUG: |-- reads_self 2018-02-20 18:36:05,052 [lib.cuckoo.core.plugins] DEBUG: |-- recon_beacon 2018-02-20 18:36:05,052 [lib.cuckoo.core.plugins] DEBUG: |-- recon_systeminfo 2018-02-20 18:36:05,053 [lib.cuckoo.core.plugins] DEBUG: |-- removes_zoneid_ads 2018-02-20 18:36:05,053 [lib.cuckoo.core.plugins] DEBUG: |-- secure_login_phish 2018-02-20 18:36:05,053 [lib.cuckoo.core.plugins] DEBUG: |-- sets_autoconfig_url 2018-02-20 18:36:05,053 [lib.cuckoo.core.plugins] DEBUG: |-- shifu_behavior 2018-02-20 18:36:05,053 [lib.cuckoo.core.plugins] DEBUG: |-- spoofs_procname 2018-02-20 18:36:05,053 [lib.cuckoo.core.plugins] DEBUG: |-- stack_pivot 2018-02-20 18:36:05,053 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_childproc 2018-02-20 18:36:05,053 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_file 2018-02-20 18:36:05,053 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_network 2018-02-20 18:36:05,053 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_timeout 2018-02-20 18:36:05,054 [lib.cuckoo.core.plugins] DEBUG: |-- stealth_window 2018-02-20 18:36:05,054 [lib.cuckoo.core.plugins] DEBUG: |-- tinba_behavior 2018-02-20 18:36:05,054 [lib.cuckoo.core.plugins] DEBUG: |-- upatre_behavior 2018-02-20 18:36:05,054 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior 2018-02-20 18:36:05,054 [lib.cuckoo.core.plugins] DEBUG: |-- vawtrak_behavior 2018-02-20 18:36:05,054 [lib.cuckoo.core.plugins] DEBUG: |-- virus 2018-02-20 18:36:05,054 [lib.cuckoo.core.plugins] DEBUG: `-- webmail_phish 2018-02-20 18:36:05,066 [lib.cuckoo.core.plugins] DEBUG: Running non-evented signatures 2018-02-20 18:36:05,067 [lib.cuckoo.core.plugins] DEBUG: Running signature "andromeda_behavior" 2018-02-20 18:36:05,067 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectfile" 2018-02-20 18:36:05,068 [lib.cuckoo.core.plugins] DEBUG: Running signature "antianalysis_detectreg" 2018-02-20 18:36:05,070 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_avast_libs" 2018-02-20 18:36:05,070 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_bitdefender_libs" 2018-02-20 18:36:05,071 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectfile" 2018-02-20 18:36:05,075 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_detectreg" 2018-02-20 18:36:05,085 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_servicestop" 2018-02-20 18:36:05,086 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiav_srp" 2018-02-20 18:36:05,086 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_devices" 2018-02-20 18:36:05,087 [lib.cuckoo.core.plugins] DEBUG: Running signature "antidbg_windows" 2018-02-20 18:36:05,087 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_reg" 2018-02-20 18:36:05,087 [lib.cuckoo.core.plugins] DEBUG: Running signature "antiemu_wine_func" 2018-02-20 18:36:05,087 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_cuckoo" 2018-02-20 18:36:05,087 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_joe_anubis_files" 2018-02-20 18:36:05,088 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_mouse_hook" 2018-02-20 18:36:05,088 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_productid" 2018-02-20 18:36:05,088 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_libs" 2018-02-20 18:36:05,088 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_mutex" 2018-02-20 18:36:05,089 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sboxie_objects" 2018-02-20 18:36:05,089 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sleep" 2018-02-20 18:36:05,089 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_files" 2018-02-20 18:36:05,089 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_sunbelt_libs" 2018-02-20 18:36:05,090 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_suspend" 2018-02-20 18:36:05,090 [lib.cuckoo.core.plugins] DEBUG: Running signature "antisandbox_unhook" 2018-02-20 18:36:05,090 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivirus_virustotal" 2018-02-20 18:36:05,090 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_directory_objects" 2018-02-20 18:36:05,090 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_bios" 2018-02-20 18:36:05,091 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_cpu" 2018-02-20 18:36:05,091 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk" 2018-02-20 18:36:05,091 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_disk_setupapi" 2018-02-20 18:36:05,091 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_diskreg" 2018-02-20 18:36:05,092 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_scsi" 2018-02-20 18:36:05,092 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_services" 2018-02-20 18:36:05,092 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_generic_system" 2018-02-20 18:36:05,093 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_acpi" 2018-02-20 18:36:05,093 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_devices" 2018-02-20 18:36:05,093 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_files" 2018-02-20 18:36:05,095 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_keys" 2018-02-20 18:36:05,096 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_libs" 2018-02-20 18:36:05,096 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_provname" 2018-02-20 18:36:05,096 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vbox_window" 2018-02-20 18:36:05,096 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_devices" 2018-02-20 18:36:05,096 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_events" 2018-02-20 18:36:05,097 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_files" 2018-02-20 18:36:05,097 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_keys" 2018-02-20 18:36:05,098 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_libs" 2018-02-20 18:36:05,098 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vmware_mutexes" 2018-02-20 18:36:05,098 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_files" 2018-02-20 18:36:05,099 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_keys" 2018-02-20 18:36:05,099 [lib.cuckoo.core.plugins] DEBUG: Running signature "antivm_vpc_mutex" 2018-02-20 18:36:05,099 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_certs" 2018-02-20 18:36:05,099 [lib.cuckoo.core.plugins] DEBUG: Running signature "bad_ssl_certs" 2018-02-20 18:36:05,100 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_cridex" 2018-02-20 18:36:05,100 [lib.cuckoo.core.plugins] DEBUG: Running signature "geodo_banking_trojan" 2018-02-20 18:36:05,102 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_prinimalka" 2018-02-20 18:36:05,102 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_spyeye_mutexes" 2018-02-20 18:36:05,103 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_mutex" 2018-02-20 18:36:05,104 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_p2p" 2018-02-20 18:36:05,104 [lib.cuckoo.core.plugins] DEBUG: Running signature "banker_zeus_url" 2018-02-20 18:36:05,104 [lib.cuckoo.core.plugins] DEBUG: Running signature "betabot_behavior" 2018-02-20 18:36:05,105 [lib.cuckoo.core.plugins] DEBUG: Running signature "bitcoin_opencl" 2018-02-20 18:36:05,105 [lib.cuckoo.core.plugins] DEBUG: Running signature "bootkit" 2018-02-20 18:36:05,105 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_athenahttp" 2018-02-20 18:36:05,106 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_dirtjumper" 2018-02-20 18:36:05,106 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive" 2018-02-20 18:36:05,107 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_drive2" 2018-02-20 18:36:05,108 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_madness" 2018-02-20 18:36:05,109 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_russkill" 2018-02-20 18:36:05,109 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_addon" 2018-02-20 18:36:05,110 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_helper_object" 2018-02-20 18:36:05,110 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_proxy" 2018-02-20 18:36:05,112 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_scanbox" 2018-02-20 18:36:05,112 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_security" 2018-02-20 18:36:05,115 [lib.cuckoo.core.plugins] DEBUG: Running signature "browser_startpage" 2018-02-20 18:36:05,116 [lib.cuckoo.core.plugins] DEBUG: Running signature "bypass_firewall" 2018-02-20 18:36:05,116 [lib.cuckoo.core.plugins] DEBUG: Running signature "carberp_mutex" 2018-02-20 18:36:05,117 [lib.cuckoo.core.plugins] DEBUG: Running signature "chimera_behavior" 2018-02-20 18:36:05,117 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_cookies" 2018-02-20 18:36:05,117 [lib.cuckoo.core.plugins] DEBUG: Running signature "clickfraud_volume" 2018-02-20 18:36:05,117 [lib.cuckoo.core.plugins] DEBUG: Running signature "copies_self" 2018-02-20 18:36:05,117 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_largekey" 2018-02-20 18:36:05,117 [lib.cuckoo.core.plugins] DEBUG: Running signature "creates_nullvalue" 2018-02-20 18:36:05,117 [lib.cuckoo.core.plugins] DEBUG: Running signature "critical_process" 2018-02-20 18:36:05,118 [lib.cuckoo.core.plugins] DEBUG: Running signature "cryptowall_behavior" 2018-02-20 18:36:05,118 [lib.cuckoo.core.plugins] DEBUG: Running signature "darkcomet_regkeys" 2018-02-20 18:36:05,118 [lib.cuckoo.core.plugins] DEBUG: Running signature "dead_link" 2018-02-20 18:36:05,118 [lib.cuckoo.core.plugins] DEBUG: Running signature "debugs_self" 2018-02-20 18:36:05,119 [lib.cuckoo.core.plugins] DEBUG: Running signature "deepfreeze_mutex" 2018-02-20 18:36:05,119 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_self" 2018-02-20 18:36:05,119 [lib.cuckoo.core.plugins] DEBUG: Running signature "deletes_shadow_copies" 2018-02-20 18:36:05,119 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_bypass" 2018-02-20 18:36:05,119 [lib.cuckoo.core.plugins] DEBUG: Running signature "dep_disable" 2018-02-20 18:36:05,119 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_browser_warn" 2018-02-20 18:36:05,122 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_spdy" 2018-02-20 18:36:05,122 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_system_restore" 2018-02-20 18:36:05,123 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_uac" 2018-02-20 18:36:05,123 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wer" 2018-02-20 18:36:05,124 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_wfp" 2018-02-20 18:36:05,124 [lib.cuckoo.core.plugins] DEBUG: Running signature "disables_windowsupdate" 2018-02-20 18:36:05,125 [lib.cuckoo.core.plugins] DEBUG: Running signature "downloader_cabby" 2018-02-20 18:36:05,125 [lib.cuckoo.core.plugins] DEBUG: Running signature "dridex_behavior" 2018-02-20 18:36:05,125 [lib.cuckoo.core.plugins] DEBUG: Running signature "driver_load" 2018-02-20 18:36:05,125 [lib.cuckoo.core.plugins] DEBUG: Running signature "dropper" 2018-02-20 18:36:05,125 [lib.cuckoo.core.plugins] DEBUG: Running signature "dyre_behavior" 2018-02-20 18:36:05,125 [lib.cuckoo.core.plugins] DEBUG: Running signature "angler_js" 2018-02-20 18:36:05,126 [lib.cuckoo.core.plugins] DEBUG: Running signature "gondad_js" 2018-02-20 18:36:05,126 [lib.cuckoo.core.plugins] DEBUG: Running signature "heapspray_js" 2018-02-20 18:36:05,126 [lib.cuckoo.core.plugins] DEBUG: Running signature "java_js" 2018-02-20 18:36:05,126 [lib.cuckoo.core.plugins] DEBUG: Running signature "Neutrino_js" 2018-02-20 18:36:05,126 [lib.cuckoo.core.plugins] DEBUG: Running signature "nuclear_js" 2018-02-20 18:36:05,126 [lib.cuckoo.core.plugins] DEBUG: Running signature "rig_js" 2018-02-20 18:36:05,126 [lib.cuckoo.core.plugins] DEBUG: Running signature "silverlight_js" 2018-02-20 18:36:05,127 [lib.cuckoo.core.plugins] DEBUG: Running signature "virtualcheck_js" 2018-02-20 18:36:05,127 [lib.cuckoo.core.plugins] DEBUG: Running signature "encrypted_ioc" 2018-02-20 18:36:05,127 [lib.cuckoo.core.plugins] DEBUG: Running signature "exec_crash" 2018-02-20 18:36:05,127 [lib.cuckoo.core.plugins] DEBUG: Running signature "generic_phish" 2018-02-20 18:36:05,128 [lib.cuckoo.core.plugins] DEBUG: Running signature "hawkeye_behavior" 2018-02-20 18:36:05,128 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_bitcoin" 2018-02-20 18:36:05,131 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_browser" 2018-02-20 18:36:05,131 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_ftp" 2018-02-20 18:36:05,136 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_im" 2018-02-20 18:36:05,139 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_keylog" 2018-02-20 18:36:05,139 [lib.cuckoo.core.plugins] DEBUG: Running signature "infostealer_mail" 2018-02-20 18:36:05,142 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_createremotethread" 2018-02-20 18:36:05,142 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_explorer" 2018-02-20 18:36:05,142 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_needextension" 2018-02-20 18:36:05,143 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_runpe" 2018-02-20 18:36:05,143 [lib.cuckoo.core.plugins] DEBUG: Running signature "injection_rwx" 2018-02-20 18:36:05,143 [lib.cuckoo.core.plugins] DEBUG: Running signature "internet_dropper" 2018-02-20 18:36:05,143 [lib.cuckoo.core.plugins] DEBUG: Running signature "js_phish" 2018-02-20 18:36:05,143 [lib.cuckoo.core.plugins] DEBUG: Running signature "kazybot_behavior" 2018-02-20 18:36:05,143 [lib.cuckoo.core.plugins] DEBUG: Running signature "kibex_behavior" 2018-02-20 18:36:05,143 [lib.cuckoo.core.plugins] DEBUG: Running signature "bot_kraken_mutexes" 2018-02-20 18:36:05,144 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_regedit" 2018-02-20 18:36:05,144 [lib.cuckoo.core.plugins] DEBUG: Running signature "locker_taskmgr" 2018-02-20 18:36:05,145 [lib.cuckoo.core.plugins] DEBUG: Running signature "ie_martian_children" 2018-02-20 18:36:05,145 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_agent" 2018-02-20 18:36:05,145 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_extension" 2018-02-20 18:36:05,145 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_filetime" 2018-02-20 18:36:05,146 [lib.cuckoo.core.plugins] DEBUG: Running signature "mimics_icon" 2018-02-20 18:36:05,146 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_certs" 2018-02-20 18:36:05,146 [lib.cuckoo.core.plugins] DEBUG: Running signature "modifies_hostfile" 2018-02-20 18:36:05,146 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_security_center_warnings" 2018-02-20 18:36:05,147 [lib.cuckoo.core.plugins] DEBUG: Running signature "modify_uac_prompt" 2018-02-20 18:36:05,148 [lib.cuckoo.core.plugins] DEBUG: Running signature "multiple_useragents" 2018-02-20 18:36:05,148 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_anomaly" 2018-02-20 18:36:05,149 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_bind" 2018-02-20 18:36:05,149 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_cnc_http" 2018-02-20 18:36:05,149 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_dga" 2018-02-20 18:36:05,149 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_http" 2018-02-20 18:36:05,149 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_icmp" 2018-02-20 18:36:05,149 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_irc" 2018-02-20 18:36:05,149 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_smtp" 2018-02-20 18:36:05,150 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor" 2018-02-20 18:36:05,150 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_tor_service" 2018-02-20 18:36:05,150 [lib.cuckoo.core.plugins] DEBUG: Running signature "network_torgateway" 2018-02-20 18:36:05,153 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_dl_write_exe" 2018-02-20 18:36:05,153 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_macro" 2018-02-20 18:36:05,153 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_security" 2018-02-20 18:36:05,154 [lib.cuckoo.core.plugins] DEBUG: Running signature "office_suspicious" 2018-02-20 18:36:05,154 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_langid" 2018-02-20 18:36:05,154 [lib.cuckoo.core.plugins] DEBUG: Running signature "origin_resource_langid" 2018-02-20 18:36:05,154 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_mutex" 2018-02-20 18:36:05,154 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_armadillo_regkey" 2018-02-20 18:36:05,155 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_entropy" 2018-02-20 18:36:05,155 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_themida" 2018-02-20 18:36:05,155 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_upx" 2018-02-20 18:36:05,155 [lib.cuckoo.core.plugins] DEBUG: Running signature "packer_vmprotect" 2018-02-20 18:36:05,155 [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_annot_urls" 2018-02-20 18:36:05,155 [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_eof" 2018-02-20 18:36:05,156 [lib.cuckoo.core.plugins] DEBUG: Running signature "pdf_page" 2018-02-20 18:36:05,156 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_ads" 2018-02-20 18:36:05,156 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_autorun" 2018-02-20 18:36:05,156 [lib.cuckoo.core.plugins] DEBUG: Running signature "persistence_service" 2018-02-20 18:36:05,156 [lib.cuckoo.core.plugins] DEBUG: Running signature "polymorphic" 2018-02-20 18:36:05,156 [lib.cuckoo.core.plugins] DEBUG: Running signature "pony_behavior" 2018-02-20 18:36:05,156 [lib.cuckoo.core.plugins] DEBUG: Running signature "powershell_command" 2018-02-20 18:36:05,157 [lib.cuckoo.core.plugins] DEBUG: Running signature "prevents_safeboot" 2018-02-20 18:36:05,157 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_interest" 2018-02-20 18:36:05,157 [lib.cuckoo.core.plugins] DEBUG: Running signature "process_needed" 2018-02-20 18:36:05,157 [lib.cuckoo.core.plugins] DEBUG: Running signature "procmem_yara" 2018-02-20 18:36:05,157 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_extensions" 2018-02-20 18:36:05,158 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_files" 2018-02-20 18:36:05,160 [lib.cuckoo.core.plugins] DEBUG: Running signature "ransomware_recyclebin" 2018-02-20 18:36:05,160 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_beebus_mutexes" 2018-02-20 18:36:05,160 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_fynloski_mutexes" 2018-02-20 18:36:05,161 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_pcclient" 2018-02-20 18:36:05,161 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_plugx_mutexes" 2018-02-20 18:36:05,162 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_poisonivy_mutexes" 2018-02-20 18:36:05,162 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_spynet" 2018-02-20 18:36:05,162 [lib.cuckoo.core.plugins] DEBUG: Running signature "rat_xtreme_mutexes" 2018-02-20 18:36:05,163 [lib.cuckoo.core.plugins] DEBUG: Running signature "reads_self" 2018-02-20 18:36:05,163 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_beacon" 2018-02-20 18:36:05,163 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_checkip" 2018-02-20 18:36:05,163 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_fingerprint" 2018-02-20 18:36:05,164 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_programs" 2018-02-20 18:36:05,164 [lib.cuckoo.core.plugins] DEBUG: Running signature "recon_systeminfo" 2018-02-20 18:36:05,165 [lib.cuckoo.core.plugins] DEBUG: Running signature "removes_zoneid_ads" 2018-02-20 18:36:05,165 [lib.cuckoo.core.plugins] DEBUG: Running signature "secure_login_phish" 2018-02-20 18:36:05,165 [lib.cuckoo.core.plugins] DEBUG: Running signature "sets_autoconfig_url" 2018-02-20 18:36:05,165 [lib.cuckoo.core.plugins] DEBUG: Running signature "shifu_behavior" 2018-02-20 18:36:05,165 [lib.cuckoo.core.plugins] DEBUG: Running signature "sniffer_winpcap" 2018-02-20 18:36:05,166 [lib.cuckoo.core.plugins] DEBUG: Running signature "spoofs_procname" 2018-02-20 18:36:05,166 [lib.cuckoo.core.plugins] DEBUG: Running signature "spreading_autoruninf" 2018-02-20 18:36:05,166 [lib.cuckoo.core.plugins] DEBUG: Running signature "stack_pivot" 2018-02-20 18:36:05,166 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_authenticode" 2018-02-20 18:36:05,166 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_java" 2018-02-20 18:36:05,166 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_pe_anomaly" 2018-02-20 18:36:05,167 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_rat_config" 2018-02-20 18:36:05,167 [lib.cuckoo.core.plugins] DEBUG: Running signature "static_versioninfo_anomaly" 2018-02-20 18:36:05,167 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_childproc" 2018-02-20 18:36:05,167 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_file" 2018-02-20 18:36:05,167 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hiddenreg" 2018-02-20 18:36:05,168 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_hide_notifications" 2018-02-20 18:36:05,169 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_network" 2018-02-20 18:36:05,169 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_timeout" 2018-02-20 18:36:05,169 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_webhistory" 2018-02-20 18:36:05,169 [lib.cuckoo.core.plugins] DEBUG: Running signature "stealth_window" 2018-02-20 18:36:05,170 [lib.cuckoo.core.plugins] DEBUG: Running signature "suricata_alert" 2018-02-20 18:36:05,170 [lib.cuckoo.core.plugins] DEBUG: Running signature "targeted_flame" 2018-02-20 18:36:05,170 [lib.cuckoo.core.plugins] DEBUG: Running signature "tinba_behavior" 2018-02-20 18:36:05,170 [lib.cuckoo.core.plugins] DEBUG: Running signature "fleercivet_mutex" 2018-02-20 18:36:05,171 [lib.cuckoo.core.plugins] DEBUG: Running signature "upatre_behavior" 2018-02-20 18:36:05,171 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior" 2018-02-20 18:36:05,171 [lib.cuckoo.core.plugins] DEBUG: Running signature "vawtrak_behavior" 2018-02-20 18:36:05,171 [lib.cuckoo.core.plugins] DEBUG: Running signature "virus" 2018-02-20 18:36:05,171 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_devicetree_1" 2018-02-20 18:36:05,171 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_handles_1" 2018-02-20 18:36:05,172 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_1" 2018-02-20 18:36:05,172 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_ldrmodules_2" 2018-02-20 18:36:05,172 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_1" 2018-02-20 18:36:05,172 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_malfind_2" 2018-02-20 18:36:05,172 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_modscan_1" 2018-02-20 18:36:05,172 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_1" 2018-02-20 18:36:05,172 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_2" 2018-02-20 18:36:05,173 [lib.cuckoo.core.plugins] DEBUG: Running signature "volatility_svcscan_3" 2018-02-20 18:36:05,173 [lib.cuckoo.core.plugins] DEBUG: Running signature "webmail_phish" 2018-02-20 18:36:05,173 [lib.cuckoo.core.plugins] DEBUG: Running signature "whois_create" 2018-02-20 18:36:05,175 [lib.cuckoo.core.plugins] DEBUG: Reporting module iocaware_stix not found in configuration file 2018-02-20 18:36:05,176 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "JsonDump" 2018-02-20 18:36:05,188 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "Malheur" 2018-02-20 18:36:05,414 [lib.cuckoo.core.plugins] DEBUG: Executing reporting module "MongoDB" 2018-02-20 18:36:05,652 [lib.cuckoo.core.scheduler] INFO: Task #4: reports generation completed (path=/opt/cuckoo/storage/analyses/4) 2018-02-20 18:36:05,742 [lib.cuckoo.core.scheduler] INFO: Task #4: analysis procedure completed