Cuckoo文件分析问题
Cuckoo文件分析问题
提问于 2016-05-06 02:48:25
当提交一个二进制文件用于在布谷鸟中进行分析时,它似乎没有做任何事情。我可以在虚拟机和主机操作系统(Ubuntu 14.04 LTS)之间执行ping,python 2.7和PIL安装在虚拟机(Windows 7 32位)上。Cuckoo能够旋转VM快照,但是它似乎并没有真正将文件发送过来。从主机操作系统执行curl可以在Windows7VM中运行的agent.py上获得输出。以下是在调试模式下运行cuckoo.py时获得的输出,以及来自submit.py的输出
cuckoo@cuckoo-virtual-machine:~/Downloads/cuckoo$ ./cuckoo.py -d
Cuckoo Sandbox 2.0-rc1
www.cuckoosandbox.org
Copyright (c) 2010-2015
Checking for updates...
Good! You have the latest version available.
2016-05-05 14:18:34,079 [root] DEBUG: Importing modules...
2016-05-05 14:18:34,168 [root] DEBUG: Imported "signatures" modules:
2016-05-05 14:18:34,168 [root] DEBUG: |-- CreatesExe
2016-05-05 14:18:34,168 [root] DEBUG: `-- SystemMetrics
2016-05-05 14:18:34,169 [root] DEBUG: Imported "processing" modules:
2016-05-05 14:18:34,169 [root] DEBUG: |-- AnalysisInfo
2016-05-05 14:18:34,169 [root] DEBUG: |-- ApkInfo
2016-05-05 14:18:34,169 [root] DEBUG: |-- Baseline
2016-05-05 14:18:34,169 [root] DEBUG: |-- BehaviorAnalysis
2016-05-05 14:18:34,169 [root] DEBUG: |-- DroppedBuffer
2016-05-05 14:18:34,169 [root] DEBUG: |-- Debug
2016-05-05 14:18:34,170 [root] DEBUG: |-- Droidmon
2016-05-05 14:18:34,170 [root] DEBUG: |-- Dropped
2016-05-05 14:18:34,170 [root] DEBUG: |-- TLSMasterSecrets
2016-05-05 14:18:34,170 [root] DEBUG: |-- GooglePlay
2016-05-05 14:18:34,170 [root] DEBUG: |-- Memory
2016-05-05 14:18:34,170 [root] DEBUG: |-- NetworkAnalysis
2016-05-05 14:18:34,171 [root] DEBUG: |-- ProcessMemory
2016-05-05 14:18:34,171 [root] DEBUG: |-- Screenshots
2016-05-05 14:18:34,171 [root] DEBUG: |-- Snort
2016-05-05 14:18:34,171 [root] DEBUG: |-- Static
2016-05-05 14:18:34,171 [root] DEBUG: |-- Strings
2016-05-05 14:18:34,171 [root] DEBUG: |-- Suricata
2016-05-05 14:18:34,171 [root] DEBUG: |-- TargetInfo
2016-05-05 14:18:34,171 [root] DEBUG: `-- VirusTotal
2016-05-05 14:18:34,172 [root] DEBUG: Imported "auxiliary" modules:
2016-05-05 14:18:34,172 [root] DEBUG: |-- MITM
2016-05-05 14:18:34,172 [root] DEBUG: |-- Services
2016-05-05 14:18:34,172 [root] DEBUG: `-- Sniffer
2016-05-05 14:18:34,172 [root] DEBUG: Imported "reporting" modules:
2016-05-05 14:18:34,172 [root] DEBUG: |-- JsonDump
2016-05-05 14:18:34,172 [root] DEBUG: |-- Moloch
2016-05-05 14:18:34,173 [root] DEBUG: |-- MongoDB
2016-05-05 14:18:34,173 [root] DEBUG: `-- ReportHTML
2016-05-05 14:18:34,173 [root] DEBUG: Imported "machinery" modules:
2016-05-05 14:18:34,173 [root] DEBUG: `-- VirtualBox
2016-05-05 14:18:34,175 [root] DEBUG: Checking for locked tasks..
2016-05-05 14:18:34,181 [root] DEBUG: Checking for pending service tasks..
2016-05-05 14:18:34,184 [root] DEBUG: Initializing Yara...
2016-05-05 14:18:34,185 [root] DEBUG: |-- index_binaries.yar
2016-05-05 14:18:34,185 [root] DEBUG: `-- index_memory.yar
2016-05-05 14:18:34,190 [lib.cuckoo.core.resultserver] DEBUG: ResultServer running on 192.168.56.1:2042.
2016-05-05 14:18:34,192 [lib.cuckoo.core.scheduler] INFO: Using "virtualbox" as machine manager
2016-05-05 14:18:34,266 [modules.machinery.virtualbox] DEBUG: Getting status for Windows_7
2016-05-05 14:18:34,340 [modules.machinery.virtualbox] DEBUG: Machine Windows_7 status poweroff
2016-05-05 14:18:34,358 [lib.cuckoo.core.scheduler] INFO: Loaded 1 machine/s
2016-05-05 14:18:34,368 [lib.cuckoo.core.scheduler] INFO: Waiting for analysis tasks.
2016-05-05 14:19:31,411 [lib.cuckoo.core.scheduler] DEBUG: Processing task #1
2016-05-05 14:19:31,413 [lib.cuckoo.core.scheduler] INFO: Starting analysis of FILE "XXX.exe" (task #1, options "")
2016-05-05 14:19:31,468 [lib.cuckoo.core.scheduler] INFO: Task #1: acquired machine Windows_7 (label=Windows_7)
2016-05-05 14:19:31,469 [lib.cuckoo.core.plugins] DEBUG: Started auxiliary module: Sniffer
2016-05-05 14:19:31,523 [modules.machinery.virtualbox] DEBUG: Starting vm Windows_7
2016-05-05 14:19:31,523 [modules.machinery.virtualbox] DEBUG: Getting status for Windows_7
2016-05-05 14:19:31,600 [modules.machinery.virtualbox] DEBUG: Machine Windows_7 status poweroff
2016-05-05 14:19:31,621 [modules.machinery.virtualbox] DEBUG: Using current snapshot for virtual machine Windows_7
2016-05-05 14:19:31,684 [modules.machinery.virtualbox] DEBUG: Getting status for Windows_7
2016-05-05 14:19:31,771 [modules.machinery.virtualbox] DEBUG: Machine Windows_7 status saved
2016-05-05 14:19:34,167 [modules.machinery.virtualbox] DEBUG: Getting status for Windows_7
2016-05-05 14:19:34,289 [modules.machinery.virtualbox] DEBUG: Machine Windows_7 status running
cuckoo@cuckoo-virtual-machine:~/Downloads/cuckoo/utils$ ./submit.py -d /home/cuckoo/Downloads/XXX.exe
Success: File "/home/cuckoo/Downloads/XXX.exe" added as task with ID 1
cuckoo@cuckoo-virtual-machine:~/Downloads/cuckoo/utils$回答 1
Stack Overflow用户
发布于 2016-06-07 04:15:46
可能是VM检测器恶意软件。它会检测虚拟机环境,但不会开始运行。尝试将其提交到virustotal或其他网站,看看结果如何。你还可以增加分析时间和上传大小,分析时间越长,布谷鸟的机会就越大。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/37058091
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号