-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IE11 errors on 64-bit Win 7 VM #26
Comments
add debug=1 to options, and check your cuckoo log -Brad |
Here's the debug output: 2017-01-23 13:51:57,345 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, ntdll.dll+1a5db ntdll.dll+18e62 ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d 2017-01-23 13:51:57,345 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, kernel32.dll+99460 ntdll.dll+93398 ntdll.dll+185c8 ntdll.dll+29d2d ntdll.dll+191cf ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d 2017-01-23 13:52:32,856 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, ntdll.dll+1a5db ntdll.dll+18e62 ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d 2017-01-23 13:52:32,856 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, kernel32.dll+99460 ntdll.dll+93398 ntdll.dll+185c8 ntdll.dll+29d2d ntdll.dll+191cf ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d 2017-01-23 13:52:40,264 [requests.packages.urllib3.connectionpool] INFO: Starting new HTTPS connection (1): www.virustotal.com 2017-01-23 13:52:41,523 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, kernel32.dll+99460 ntdll.dll+93398 ntdll.dll+185c8 ntdll.dll+29d2d ntdll.dll+191cf ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d 2017-01-23 13:55:43,142 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, ntdll.dll+1a5db ntdll.dll+18e62 ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d 2017-01-23 13:55:43,143 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, kernel32.dll+99460 ntdll.dll+93398 ntdll.dll+185c8 ntdll.dll+29d2d ntdll.dll+191cf ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d 2017-01-23 13:55:43,586 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, ntdll.dll+1a5db ntdll.dll+18e62 ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d 2017-01-23 13:55:43,587 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, kernel32.dll+99460 ntdll.dll+93398 ntdll.dll+185c8 ntdll.dll+29d2d ntdll.dll+191cf ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d 2017-01-23 13:55:48,812 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, ntdll.dll+1a5db ntdll.dll+18e62 ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d 2017-01-23 13:55:48,813 [lib.cuckoo.common.netlog] INFO: Debug message from monitor: Exception Caught! PID: 1144 EIP: ntdll.dll+5339d 77a2339d, Fault Address: 00000074, Esp: 0022f290, Exception Code: c0000005, kernel32.dll+99460 ntdll.dll+93398 ntdll.dll+185c8 ntdll.dll+29d2d ntdll.dll+191cf ntdll.dll+51248 ntdll.dll+5339d WININET.dll+1742 WININET.dll+f71c7 IEFRAME.dll+402ea IEFRAME.dll+40546 IEFRAME.dll+404a7 IEFRAME.dll+1092da IEFRAME.dll+109922 IEXPLORE.EXE+11e9 IEXPLORE.EXE+129d kernel32.dll+1652d ntdll.dll+2c541 Bytes at EIP: 8b 41 74 44 8b b1 98 00 00 00 33 db 0b e8 4c 8d |
See if the problem persists with disable_hook_content=1 passed in options -Brad |
Problem persists, same exceptions. |
I had forgotten about this issue thread. You may want to ensure all security-related stuff is disabled: |
I disabled all security settings that I am aware of, however, I'll go back and verify that I didn't miss something or revert to a snapshot that wasn't setup properly. Otherwise, it looks like I installed IE the same way as what is described in issue #235 thread. |
I’m having an issue when submitting a task that runs Internet Explorer 11 in a 64-bit Windows 7 VM. IE throws an error popup and doesn’t run. This issue doesn’t happen in my 32-bit VM. However, if I disable injection, then IE runs.
IE Version - 11.0.9600.16428 (KB2841134)
2017-01-20 09:21:25,812 [lib.api.process] INFO: Successfully executed process from path "C:\Program Files (x86)\Internet Explorer\iexplore.exe" with arguments ""http://"" with pid 2848
2017-01-20 09:21:25,812 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2017-01-20 09:21:25,921 [lib.api.process] INFO: Injected into suspended 32-bit process with pid 2848
2017-01-20 09:21:27,921 [lib.api.process] INFO: Successfully resumed process with pid 2848
2017-01-20 09:21:27,921 [root] INFO: Added new process to list with pid: 2848
2017-01-20 09:21:28,015 [root] INFO: Cuckoomon successfully loaded in process with pid 2848.
2017-01-20 09:21:28,046 [root] INFO: Announced 64-bit process name: iexplore.exe pid: 2688
2017-01-20 09:21:28,046 [lib.api.process] DEBUG: Using QueueUserAPC injection.
2017-01-20 09:21:28,092 [lib.api.process] INFO: Injected into suspended 64-bit process with pid 2688
2017-01-20 09:21:28,092 [root] INFO: Disabling sleep skipping.
2017-01-20 09:21:28,187 [root] INFO: Disabling sleep skipping.
2017-01-20 09:21:28,203 [root] INFO: Added new process to list with pid: 2688
2017-01-20 09:21:28,203 [root] INFO: Cuckoomon successfully loaded in process with pid 2688.
2017-01-20 09:21:29,875 [modules.auxiliary.human] INFO: Found button "Close the program", clicking it
2017-01-20 09:21:30,937 [root] INFO: Notified of termination of process with pid 2688.
2017-01-20 09:21:30,937 [root] INFO: Notified of termination of process with pid 2848.
2017-01-20 09:21:31,921 [root] INFO: Process with pid 2848 has terminated
2017-01-20 09:21:32,921 [root] INFO: Process with pid 2688 has terminated
2
The text was updated successfully, but these errors were encountered: