Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error running script #9

Open
dmoore44 opened this issue Sep 3, 2020 · 7 comments
Open

Error running script #9

dmoore44 opened this issue Sep 3, 2020 · 7 comments

Comments

@dmoore44
Copy link
Contributor

dmoore44 commented Sep 3, 2020
edited
Loading

I was attempting to analyze a file in Ghidra, but the following set of errors were returned instead, and I'm not real sure where to begin troubleshooting.

intezer_analyze_gh_community.py> Running...
>>> Program Info:
>>>	winta.exe:
	x86:LE:64:default_windows
	(Wed Sep 02 14:52:52 CDT 2020)
	/Users/dmoore/Documents/repository/samples/gotroj/winta.exe
>>> file SHA : 57150938be45c4d9c742ab24c693acc14cc071d23b088a1facc2a7512af89414
>>> Start analyzing file...
Traceback (most recent call last):
  File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 284, in run
    helper.create_function_map(sha256)
  File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 242, in create_function_map
    function_map = self._get_function_map(sha256)
  File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 166, in _get_function_map
    result_url = self._proxy.create_plugin_report(sha256, functions_data)
  File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 104, in create_plugin_report
    response = self._post(URLS['create_ghidra_plugin_report'].format(sha256), json={'functions_data': functions_data})
  File "/Users/dmoore/ghidra_scripts/analyze-community-ghidra-plugin/intezer_analyze_gh_community.py", line 91, in _post
    response = self.session.post(url_path, **kwargs)
  File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/sessions.py", line 578, in post
    return self.request('POST', url, data=data, json=json, **kwargs)
  File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
  File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
  File "/Users/dmoore/Library/Python/2.7/lib/python/site-packages/requests/adapters.py", line 498, in send
    raise ConnectionError(err, request=request)
ConnectionError: ('Connection aborted.', BadStatusLine("''",))
intezer_analyze_gh_community.py> Finished!
@davidt99
Copy link
Contributor

davidt99 commented Sep 6, 2020

Is it consistent? The error suggests network error.

@themyops
Copy link

themyops commented Sep 7, 2020

I have a number of emotet samples, and for some the script works, for others I consistently get the error above. All have been uploaded to intezer and the difference is reproducible.

@dmoore44
Copy link
Contributor Author

@davidt99 I've encountered that error on a few samples I've attempted to analyze, so in that regard, yes, it is constant.

@davidt99
Copy link
Contributor

@dmoore44 have you analyzed the file in the platform before executing the plugin?

@dmoore44
Copy link
Contributor Author

I did - yes.

@davidt99
Copy link
Contributor

if you can share the sha256, I will be able to take a look for any errors on the backend side.

@davidt99
Copy link
Contributor

davidt99 commented Oct 6, 2020

@dmoore44 if you wish, you can contact our support with the hashes so we can pin point the problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dmoore44 @davidt99 @themyops