Giters

packing-box / docker-packing-box

Docker image gathering packers and tools for making datasets of packed executables and training machine learning models for packing detection

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

`detector` tool hangs on sample

dhondta opened this issue · comments

commented

Steps to reproduce:

$ dataset update test-upx -s dataset-packed-pe/packed/UPX -l dataset-packed-pe/labels.json 
$ detector test-upx -f
00:00:02.550 [INFO] Superdetector: DIE, PEiD, PyPackerDetect, RetDec
 39%|███████████████████████████████████████████████████████████████▌                                                                                                     | 47/122 [04:45<07:35,  6.07s/executable]
$ detector test-upx
00:00:04.914 [INFO] Superdetector: DIE, PEiD, PyPackerDetect, RetDec
  0%|                                                                                                                                                                              | 0/122 [00:00<?, ?executable/s]
00:00:06.840 [SUCCESS] /home/user/.packing-box/datasets/test-upx/files/020cc7f74cce5b28bace85ecc131558c1d18cb9b5d2e465362c3a6cb784fee9f: upx
00:00:08.570 [SUCCESS] /home/user/.packing-box/datasets/test-upx/files/06d65e9cbe358818389a21bd91e2d7de997e52f7deaee964a18f9110760548e2: upx
  2%|██▋                                                                                                                                                                   | 2/122 [00:01<01:43,  1.16executable/s]
[...]
00:01:30.036 [SUCCESS] /home/user/.packing-box/datasets/test-upx/files/62c117fb6dca6dbabc261c75873f5f6d577c1c9a02c1264cb31ec4dcfc1413d8: upx
 39%|███████████████████████████████████████████████████████████████▌                                                                                                     | 47/122 [01:24<02:16,  1.82s/executable]

Execution hangs on the 47th sample, this after 62c117fb6dca6dbabc261c75873f5f6d577c1c9a02c1264cb31ec4dcfc1413d8, that is sample :
/home/user/.packing-box/datasets/test-upx/files/63634c32b9b4f28b600de543b5d703a7b6b8c838c78cbf2a4f7dee2ed51df8ae

When trying detection on this particular sample with the verbose mode, we see :

$ detector ~/.packing-box/datasets/test-upx/files/63634c32b9b4f28b600de543b5d703a7b6b8c838c78cbf2a4f7dee2ed51df8ae -v
00:00:02.019 [DEBUG   ] analyze-pe         - disabled (status: useless)
00:00:02.021 [DEBUG   ] asl                - disabled (status: useless)
00:00:02.021 [DEBUG   ] bintropy           - not allowed to vote
00:00:02.023 [DEBUG   ] exescan            - disabled (status: info)
00:00:02.024 [DEBUG   ] language-2000      - disabled (status: info)
00:00:02.025 [DEBUG   ] manalyze           - not allowed to vote
00:00:02.026 [DEBUG   ] mpesm              - disabled (status: info)
00:00:02.028 [DEBUG   ] mrc                - disabled (status: info)
00:00:02.029 [DEBUG   ] packerid           - disabled (status: info)
00:00:02.030 [DEBUG   ] peframe            - disabled (status: broken)
00:00:02.031 [DEBUG   ] pepack             - not allowed to vote
00:00:02.032 [DEBUG   ] pypeid             - not allowed to vote
00:00:02.033 [DEBUG   ] rdg                - disabled (status: info)
00:00:02.033 [DEBUG   ] reminder           - not allowed to vote
00:00:02.035 [DEBUG   ] studpe             - disabled (status: info)
00:00:02.035 [INFO    ] superdetector      - Superdetector: DIE, PEiD, PyPackerDetect, RetDec
00:00:02.035 [DEBUG   ] detector           - input is a single executable
00:00:02.049 [DEBUG   ] die                - die '/home/user/.packing-box/datasets/test-upx/files/63634c32b9b4f28b600de543b5d703a7b6b8c838c78cbf2a4f7dee2ed51df8ae'

It hangs on the execution of DIE.

commented

Fixed with 21d24de.
Added timeout to item execution. The default timeout is set to 10 seconds and is configurable under the exec_timeout option in the Packing Box's general configuration (~/.packing-box.conf).