Using the flare-floss analysis module results in terminated by signal SIGKILL (Forced quit) #2440
Comments
|
ouch wow, could you share hash to try to reproduce it? |
|
Gladly. You can find it on VirusTotal https://www.virustotal.com/gui/file/ed0074c644b448eda3a6fa4b3fd83bdcbebe958cae85b759b1c621cd9162fcc0 |
|
i was able to reproduce it, i guess we can add handling but it would be good to report that to flare so they can investigate it properly |
|
ok i even have added sigterm handling, it still kills console, so i can't do much here, sadly is out of cape control, i don't want to intercept all linux signals |
|
i have tried with sigint and sigterm handling, still kills the console |
|
so far it only happens to dotnet file 8961fee08f2fd802c671b00dd845f7dfad9748c317e57aa675774a034319d89e if deobfusacte strings enabled, if deobfuscation is not enabled it works fine |
|
Where did that second hash come from? I can't find it on VT. |
|
Reported. mandiant/flare-floss#1087 |
|
that file was captured by cape fro me malware execution/de4dot, i would need to check, i just disabled floss for dotnet and no crashes anymore. closing this as this is not cape issue, thanks for reporting it to floss. update cape, restart procesign and it won't happend anymore |
|
Thanks, reported it further upstream to vivisect. Disabling FLOSS specific extractions for .NET samples makes sense as the tool doesn't do any .NET specific handling currently. |
'sudo -u cape poetry run python…' terminated by signal SIGKILL (Forced quit)
The text was updated successfully, but these errors were encountered: