Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A bug was found #13

Open
0x0019 opened this issue Aug 14, 2022 · 1 comment
Open

A bug was found #13

0x0019 opened this issue Aug 14, 2022 · 1 comment

Comments

@0x0019
Copy link

0x0019 commented Aug 14, 2022

When I submit a Trojan file for analysis, the analysis function will be suspended in Finding URLs patterns.
The operation log is as follows:
analyzer-service-1 | 2022-08-14 03:01:23.541910 > Default timeout 120s for the task, and 100s for each logic analyzer-service-1 | 2022-08-14 03:01:23.544042 > Task 7547c51f-437d-4ff1-a55a-c46c78d412aa (Started) analyzer-service-1 | 2022-08-14 03:01:23.545319 > Setting up task 7547c51f-437d-4ff1-a55a-c46c78d412aa logger analyzer-service-1 | 2022-08-14 03:01:23.578170 X Starting Analyzing analyzer-service-1 | 2022-08-14 03:01:23.580749 > Start analyzing /analyzer/folders/malware/11111 analyzer-service-1 | 2022-08-14 03:01:23.582937 X Getting file details analyzer-service-1 | 2022-08-14 03:01:23.693783 X Setting up ouput folder analyzer-service-1 | 2022-08-14 03:01:23.696655 X Checking file encoding analyzer-service-1 | 2022-08-14 03:01:23.705208 X Analyzing PE file analyzer-service-1 | 2022-08-14 03:01:24.729926 X Adding descriptions to strings analyzer-service-1 | 2022-08-14 03:01:26.035348 X Adding descriptions to strings analyzer-service-1 | 2022-08-14 03:01:28.143096 X Adding descriptions to strings analyzer-service-1 | 2022-08-14 03:01:28.152995 X Adding descriptions to strings analyzer-service-1 | 2022-08-14 03:01:28.159991 X Adding descriptions to strings analyzer-service-1 | 2022-08-14 03:01:28.234146 X Analyzing behaviors analyzer-service-1 | 2022-08-14 03:01:29.986047 X Making symbol xrefs analyzer-service-1 | 2022-08-14 03:01:34.009601 X Checking whitelist analyzer-service-1 | 2022-08-14 03:01:34.293063 X Finding english strings analyzer-service-1 | 2022-08-14 03:01:34.516280 X Finding phishing patterns analyzer-service-1 | 2022-08-14 03:01:34.518208 X Finding URLs patterns
This situation will stay for a long time, about 5 minutes. During this period, if other file analysis work is submitted, it will not run.
After that, the operation log is displayed as follows
analyzer-service-1 | 2022-08-14 03:01:34.293063 X Finding english strings analyzer-service-1 | 2022-08-14 03:01:34.516280 X Finding phishing patterns analyzer-service-1 | 2022-08-14 03:01:34.518208 X Finding URLs patterns analyzer-service-1 | 2022-08-14 03:36:07.608959 X Finding IP4s patterns analyzer-mongodb-1 | 2022-08-14T03:36:07.610+0000 I - [conn2] end connection 172.18.0.4:55576 (6 connections now open) analyzer-service-1 | 2022-08-14 03:36:07.610510 > analyzer.intell.qbpatterns.analyze > 100s.. Timeout analyzer-mongodb-1 | 2022-08-14T03:36:07.612+0000 I NETWORK [thread1] connection accepted from 172.18.0.4:38360 #7 (6 connections now open) analyzer-mongodb-1 | 2022-08-14T03:36:07.612+0000 I NETWORK [conn7] received client metadata from 172.18.0.4:38360 conn7: { driver: { name: "PyMongo", version: "3.12.1" }, os: { type: "Linux", name: "Linux", architecture: "x86_64", version: "5.4.0-124-generic" }, platform: "CPython 3.8.10.final.0" } analyzer-mongodb-1 | 2022-08-14T03:36:07.613+0000 I ACCESS [conn7] Successfully authenticated as principal changeme_9620eh26sfvka017fx on admin analyzer-service-1 | 2022-08-14 03:36:07.614948 X Finding suspicious strings analyzer-service-1 | 2022-08-14 03:36:07.631111 X Analyzing URLs
Moreover, this analysis task is not displayed in the task on the web page.No HTML and JSON analysis reports were generated.
After that, all files could not be analyzed.
The sample file download link:https://mega.nz/file/JLUQlBwL#KTmo3wD7jtHkvfwZq4Zv4gO9ijN7Fjwc3gIxa0CiPU0

@giga-a
Copy link
Member

giga-a commented Aug 14, 2022

Hey @0x0019, thanks for opening this issue, I will take a look..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants