We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When i use karton-config-extractor it throws error
{ "error": [ "Traceback (most recent call last):\n", " File "/usr/local/lib/python3.9/site-packages/karton/core/karton.py", line 181, in internal_process\n self.process(self.current_task)\n", " File "/usr/local/lib/python3.9/site-packages/karton/config_extractor/config_extractor.py", line 259, in process\n self.analyze_sample(task, sample)\n", " File "/usr/local/lib/python3.9/site-packages/karton/config_extractor/config_extractor.py", line 171, in analyze_sample\n extractor.push_file(temp.name)\n", " File "/usr/local/lib/python3.9/site-packages/malduck/extractor/extract_manager.py", line 200, in push_file\n return self.push_procmem(p, rip_binaries=True)\n", " File "/usr/local/lib/python3.9/site-packages/malduck/extractor/extract_manager.py", line 234, in push_procmem\n matches = p.yarav(self.rules, extended=True)\n", " File "/usr/local/lib/python3.9/site-packages/malduck/procmem/procmem.py", line 815, in yarav\n return ruleset.match(\n", " File "/usr/local/lib/python3.9/site-packages/malduck/yara.py", line 191, in match\n matches = YaraRulesetMatch(\n", " File "/usr/local/lib/python3.9/site-packages/malduck/yara.py", line 245, in init\n super().init(elements=self._map_matches(matches, offset_mapper))\n", " File "/usr/local/lib/python3.9/site-packages/malduck/yara.py", line 248, in _map_matches\n mapped_matches = [\n", " File "/usr/local/lib/python3.9/site-packages/malduck/yara.py", line 249, in \n (match, self._map_strings(match.strings, offset_mapper))\n", " File "/usr/local/lib/python3.9/site-packages/malduck/yara.py", line 262, in _map_strings\n for offset, identifier, content in strings:\n", "TypeError: cannot unpack non-iterable yara.StringMatch object\n" ], "headers": { "extension": "exe", "kind": "runnable", "mime": "application/vnd.microsoft.portable-executable", "origin": "karton.classifier", "platform": "win32", "quality": "high", "receiver": "karton.config-extractor", "share_3rd_party": true, "stage": "recognized", "type": "sample" }, "last_update": 1703428860.771125, "orig_uid": "25857092-d448-4e9d-bfa5-ae780188a527", "parent_uid": "757777d1-3d09-4c35-94c1-ae883071accb", "payload": { "extraction_level": 1, "magic": "PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections", "parent": { "karton_resource": { "bucket": "karton", "flags": [], "metadata": { "sha256": "f4959f2caaa616704c7810840e6fabe646b2be27e728c2363d721b42771bbac6" }, "name": "f4959f2caaa616704c7810840e6fabe646b2be27e728c2363d721b42771bbac6", "sha256": "f4959f2caaa616704c7810840e6fabe646b2be27e728c2363d721b42771bbac6", "size": 14794523, "uid": "97db86c1-438f-4799-84c7-57e6706e9aeb" } }, "sample": { "karton_resource": { "bucket": "karton", "flags": [], "metadata": { "sha256": "8ac3491b1b780ca4a8d27e0f729b123473f1eab7f6e918a803197769467ddb91" }, "name": "DarkComet Fixed.exe", "sha256": "8ac3491b1b780ca4a8d27e0f729b123473f1eab7f6e918a803197769467ddb91", "size": 12767232, "uid": "3c085be9-028c-42f8-8b5d-e9d3e080aeef" } }, "tags": [ "runnable:win32:exe" ] }, "payload_persistent": { "__headers_persistent": { "quality": "high", "share_3rd_party": true } }, "priority": "normal", "root_uid": "4fe01bc1-1742-4496-a960-13f3a9a718e0", "status": "Crashed", "uid": "73191965-3baf-4f2c-bb75-a48056649838" }
The text was updated successfully, but these errors were encountered:
The solution was downgrading the yara-python to 4.2.0
Sorry, something went wrong.
I think you may be running an outdated version of malduck. The issue you encountered was fixed in v4.3.2 - #94
Could you verify/confirm it so we can close this issue?
It is malduck 4.3.0 We can close issue now
No branches or pull requests
When i use karton-config-extractor it throws error
{
"error": [
"Traceback (most recent call last):\n",
" File "/usr/local/lib/python3.9/site-packages/karton/core/karton.py", line 181, in internal_process\n self.process(self.current_task)\n",
" File "/usr/local/lib/python3.9/site-packages/karton/config_extractor/config_extractor.py", line 259, in process\n self.analyze_sample(task, sample)\n",
" File "/usr/local/lib/python3.9/site-packages/karton/config_extractor/config_extractor.py", line 171, in analyze_sample\n extractor.push_file(temp.name)\n",
" File "/usr/local/lib/python3.9/site-packages/malduck/extractor/extract_manager.py", line 200, in push_file\n return self.push_procmem(p, rip_binaries=True)\n",
" File "/usr/local/lib/python3.9/site-packages/malduck/extractor/extract_manager.py", line 234, in push_procmem\n matches = p.yarav(self.rules, extended=True)\n",
" File "/usr/local/lib/python3.9/site-packages/malduck/procmem/procmem.py", line 815, in yarav\n return ruleset.match(\n",
" File "/usr/local/lib/python3.9/site-packages/malduck/yara.py", line 191, in match\n matches = YaraRulesetMatch(\n",
" File "/usr/local/lib/python3.9/site-packages/malduck/yara.py", line 245, in init\n super().init(elements=self._map_matches(matches, offset_mapper))\n",
" File "/usr/local/lib/python3.9/site-packages/malduck/yara.py", line 248, in _map_matches\n mapped_matches = [\n",
" File "/usr/local/lib/python3.9/site-packages/malduck/yara.py", line 249, in \n (match, self._map_strings(match.strings, offset_mapper))\n",
" File "/usr/local/lib/python3.9/site-packages/malduck/yara.py", line 262, in _map_strings\n for offset, identifier, content in strings:\n",
"TypeError: cannot unpack non-iterable yara.StringMatch object\n"
],
"headers": {
"extension": "exe",
"kind": "runnable",
"mime": "application/vnd.microsoft.portable-executable",
"origin": "karton.classifier",
"platform": "win32",
"quality": "high",
"receiver": "karton.config-extractor",
"share_3rd_party": true,
"stage": "recognized",
"type": "sample"
},
"last_update": 1703428860.771125,
"orig_uid": "25857092-d448-4e9d-bfa5-ae780188a527",
"parent_uid": "757777d1-3d09-4c35-94c1-ae883071accb",
"payload": {
"extraction_level": 1,
"magic": "PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections",
"parent": {
"karton_resource": {
"bucket": "karton",
"flags": [],
"metadata": {
"sha256": "f4959f2caaa616704c7810840e6fabe646b2be27e728c2363d721b42771bbac6"
},
"name": "f4959f2caaa616704c7810840e6fabe646b2be27e728c2363d721b42771bbac6",
"sha256": "f4959f2caaa616704c7810840e6fabe646b2be27e728c2363d721b42771bbac6",
"size": 14794523,
"uid": "97db86c1-438f-4799-84c7-57e6706e9aeb"
}
},
"sample": {
"karton_resource": {
"bucket": "karton",
"flags": [],
"metadata": {
"sha256": "8ac3491b1b780ca4a8d27e0f729b123473f1eab7f6e918a803197769467ddb91"
},
"name": "DarkComet Fixed.exe",
"sha256": "8ac3491b1b780ca4a8d27e0f729b123473f1eab7f6e918a803197769467ddb91",
"size": 12767232,
"uid": "3c085be9-028c-42f8-8b5d-e9d3e080aeef"
}
},
"tags": [
"runnable:win32:exe"
]
},
"payload_persistent": {
"__headers_persistent": {
"quality": "high",
"share_3rd_party": true
}
},
"priority": "normal",
"root_uid": "4fe01bc1-1742-4496-a960-13f3a9a718e0",
"status": "Crashed",
"uid": "73191965-3baf-4f2c-bb75-a48056649838"
}
The text was updated successfully, but these errors were encountered: