[prev in list] [next in list] [prev in thread] [next in thread]
List: cuckoo
Subject: [cuckoo] Error: Unsupported file format for Office files
From: testing4tester () ymail ! com (Alojzy Kleks)
Date: 2012-04-19 10:00:11
Message-ID: 1334829611.77826.YahooMailNeo () web132106 ! mail ! ird ! yahoo ! com
[Download RAW message or body]
Thank you. I read. I did not know that setting package name would force application to start.
________________________________
From: Claudio <claudio at shadowserver.org>
To: cuckoo at public.honeynet.org
Sent: Thursday, April 19, 2012 11:13 AM
Subject: Re: [cuckoo] Error: Unsupported file format for Office files
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Read the documentation!
http://cuckoobox.org/doc/0.3.2/html/usage/packages.html
On 4/19/12 11:11 AM, Alojzy Kleks wrote:
> Hello all, when trying to analyse Office files (Word and Excel),
> cuckoo throws errors on unsupported types of files. All files are
> confirmed malware. Below I attach track of the cuckoo. What's
> interesting, I didn't have any problems with PDF or exe files. Is
> there any way to walk around this problem? Best regards, AK
>
>
>
> cuckoo at malware-analysis:~/cuckoo$ ./cuckoo.py _ ____ _? _? ____| |
> _ ___? ___ / ___) | | |/ ___) |_/ ) _ \ / _ \ ( (___| |_| ( (___|
> _ (? |_| | |_| | \____)____/ \____)_| \_)___/ \___/ v0.3.2
> www.cuckoobox.org Copyright (C) 2010-2012
>
> [2012-04-19 09:59:59,563] [Core.Init] INFO: Started. [2012-04-19
> 10:00:00,115] [VirtualMachine.Check] INFO: Your VirtualBox version
> is: "4.1.12", good! [2012-04-19 10:00:00,116] [Core.Init] INFO:
> Populating virtual machines pool... [2012-04-19 10:00:00,826]
> [VirtualMachine.Restore] INFO: Virtual machine "MalwareAnalysis"
> successfully restored to current snapshot. [2012-04-19
> 10:00:01,327] [VirtualMachine.Infos] INFO: Virtual machine
> "MalwareAnalysis" information: [2012-04-19 10:00:01,328]
> [VirtualMachine.Infos] INFO: \_| Name: MalwareAnalysis [2012-04-19
> 10:00:01,328] [VirtualMachine.Infos] INFO: | ID:
> XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX [2012-04-19 10:00:01,329]
> [VirtualMachine.Infos] INFO: | CPU Count: 1 Core/s [2012-04-19
> 10:00:01,329] [VirtualMachine.Infos] INFO: | Memory Size: 1024 MB
> [2012-04-19 10:00:01,329] [VirtualMachine.Infos] INFO: | VRAM Size:
> 16 MB [2012-04-19 10:00:01,330] [VirtualMachine.Infos] INFO: |
> State: Saved [2012-04-19 10:00:01,330] [VirtualMachine.Infos] INFO:
> | Current Snapshot: "Snapshot 16" [2012-04-19 10:00:01,330]
> [VirtualMachine.Infos] INFO: | MAC Address: XX:XX:XX:XX:XX:XX
> [2012-04-19 10:00:01,331] [Core.Init] INFO: 1 virtual machine/s
> added to pool. [2012-04-19 10:00:27,510] [Core.Dispatcher] INFO:
> Acquired analysis task for target
> "/home/cuckoo/Desktop/office//[FILENAME1].doc". [2012-04-19
> 10:00:28,066] (Task #108) [Core.Analysis.Run] ERROR: Unsupported
> file format (rich text format data, unknown version) for target
> "/home/cuckoo/Desktop/office//[FILENAME1].doc". Abort. [2012-04-19
> 10:00:28,141] (Task #108) [Core.Analysis.Processing] INFO: Analysis
> results processor started with PID "1932". Cuckoo Operational
> Error: the target file's type is not supported [2012-04-19
> 10:00:28,628] [Core.Dispatcher] INFO: Acquired analysis task for
> target "/home/cuckoo/Desktop/office//[FILENAME2].doc". [2012-04-19
> 10:00:28,716] (Task #109) [Core.Analysis.Run] ERROR: Unsupported
> file format (rich text format data, version 1, unknown character
> set) for target "/home/cuckoo/Desktop/office//[FILENAME2].doc".
> Abort. [2012-04-19 10:00:28,898] (Task #109)
> [Core.Analysis.Processing] INFO: Analysis results processor started
> with PID "1940". Cuckoo Operational Error: the target file's type
> is not supported [2012-04-19 10:00:29,020] [Core.Dispatcher] INFO:
> Acquired analysis task for target
> "/home/cuckoo/Desktop/office//[FILENAME3].doc". [2012-04-19
> 10:00:29,098] (Task #110) [Core.Analysis.Run] ERROR: Unsupported
> file format (cdf v2 document, little endian, os: windows, version
> 5.1, code page: 936, author: mc system, template: normal.dot, last
> saved by: mc system, revision number: 2, name of creating
> application: microsoft office word, create time/date: sun mar 22
> 02:20:00 2009, last saved time/date: sun mar 22 02:20:00 2009,
> number of pages: 1, number of words: 1, number of characters: 11,
> security: 0) for target
> "/home/cuckoo/Desktop/office//[FILENAME3].doc". Abort. [2012-04-19
> 10:00:29,252] (Task #110) [Core.Analysis.Processing] INFO: Analysis
> results processor started with PID "1946". Cuckoo Operational
> Error: the target file's type is not supported [2012-04-19
> 10:00:29,368] [Core.Dispatcher] INFO: Acquired analysis task for
> target "/home/cuckoo/Desktop/office//[FILENAME4].xls". [2012-04-19
> 10:00:29,430] (Task #111) [Core.Analysis.Run] ERROR: Unsupported
> file format (cdf v2 document, little endian, os: windows, version
> 5.2, code page: 936, title: , last saved by: qq, name of creating
> application: microsoft excel, create time/date: mon dec 16 01:32:42
> 1996, last saved time/date: wed nov 25 03:35:15 2009, security: 0)
> for target "/home/cuckoo/Desktop/office//[FILENAME4].xls". Abort.
> [2012-04-19 10:00:29,598] (Task #111) [Core.Analysis.Processing]
> INFO: Analysis results processor started with PID "1952". Cuckoo
> Operational Error: the target file's type is not supported
> [2012-04-19 10:00:29,722] [Core.Dispatcher] INFO: Acquired analysis
> task for target "/home/cuckoo/Desktop/office//[FILENAME5].doc".
> [2012-04-19 10:00:29,837] (Task #112) [Core.Analysis.Run] ERROR:
> Unsupported file format (cdf v2 document, little endian, os:
> windows, version 5.1, code page: 936, template: normal.dot,
> revision number: 2, name of creating application: microsoft word
> 9.0, create time/date: sun dec 2 01:19:00 2007, last saved
> time/date: sun dec 2 01:19:00 2007, number of pages: 1, number of
> words: 0, number of characters: 5, security: 0) for target
> "/home/cuckoo/Desktop/office//[FILENAME5].doc". Abort. [2012-04-19
> 10:00:29,907] (Task #112) [Core.Analysis.Processing] INFO: Analysis
> results processor started with PID "1956". Cuckoo Operational
> Error: the target file's type is not supported [2012-04-19
> 10:00:30,033] [Core.Dispatcher] INFO: Acquired analysis task for
> target "/home/cuckoo/Desktop/office//[FILENAME6].xls". [2012-04-19
> 10:00:30,139] (Task #113) [Core.Analysis.Run] ERROR: Unsupported
> file format (cdf v2 document, little endian, os: windows, version
> 5.2, code page: 936, title: , last saved by: qq, name of creating
> application: microsoft excel, create time/date: mon dec 16 01:32:42
> 1996, last saved time/date: wed nov 25 03:35:15 2009, security: 0)
> for target "/home/cuckoo/Desktop/office//[FILENAME6].xls". Abort.
> [2012-04-19 10:00:30,209] (Task #113) [Core.Analysis.Processing]
> INFO: Analysis results processor started with PID "1960". Cuckoo
> Operational Error: the target file's type is not supported
> [2012-04-19 10:00:30,324] [Core.Dispatcher] INFO: Acquired analysis
> task for target "/home/cuckoo/Desktop/office//[FILENAME7].xls".
> [2012-04-19 10:00:30,389] (Task #114) [Core.Analysis.Run] ERROR:
> Unsupported file format (cdf v2 document, little endian, os:
> windows, version 5.1, code page: 1252, last saved by: dsfsa, name
> of creating application: microsoft excel, create time/date: mon oct
> 14 00:33:28 1996, last saved time/date: sun jul 19 07:06:08 2009,
> security: 0) for target
> "/home/cuckoo/Desktop/office//[FILENAME7].xls". Abort. [2012-04-19
> 10:00:30,459] (Task #114) [Core.Analysis.Processing] INFO: Analysis
> results processor started with PID "1964". Cuckoo Operational
> Error: the target file's type is not supported [2012-04-19
> 10:00:30,579] [Core.Dispatcher] INFO: Acquired analysis task for
> target "/home/cuckoo/Desktop/office//[FILENAME8].xls". [2012-04-19
> 10:00:30,647] (Task #115) [Core.Analysis.Run] ERROR: Unsupported
> file format (cdf v2 document, little endian, os: windows, version
> 5.2, code page: 936, title: , last saved by: qq, name of creating
> application: microsoft excel, create time/date: mon dec 16 01:32:42
> 1996, last saved time/date: wed nov 25 03:35:15 2009, security: 0)
> for target "/home/cuckoo/Desktop/office//[FILENAME8].xls". Abort.
> [2012-04-19 10:00:30,847] (Task #115) [Core.Analysis.Processing]
> INFO: Analysis results processor started with PID "1970". Cuckoo
> Operational Error: the target file's type is not supported
>
>
> _______________________________________________ Cuckoo mailing
> list Cuckoo at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/cuckoo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPj9dGAAoJEKLAxXCp+Dw4sBAH/RNPenmdrudqmaP/u8WsgV2i
LAWhK0nAeBPnFrrERmXGGWwJ8/cxXUjvxCUQ9vSf1dWHQW5AYeL/yNtRw/HwEzA3
W7NOCP7Wz/9O77vfuyhCQxo++Nu6dX7lZ7ubytkAq/QaJryqYVAcW8GYRd9Rqx8f
QcTcgEJXO/V+SHexjwLmLPS2BSCWUqS5pSDn/4SdgwY8lRoJmfshGSJYW1lP7XPI
rMd2RK2HzINk7n8NZFNM5u1s5oVYVpzJitEG9jdLt3+Azj3H4v/2oIyTBBCP+u2i
nFiciGAKiXYp4EJ7yZniwqkkMeSQAOMDmnoXQ1MP5R++EgM3FU4KXHRMXzefU50=
=haUL
-----END PGP SIGNATURE-----
_______________________________________________
Cuckoo mailing list
Cuckoo at public.honeynet.org
https://public.honeynet.org/mailman/listinfo/cuckoo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://public.honeynet.org/pipermail/cuckoo/attachments/20120419/8c0638ac/attachment-0001.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic