Cuckoo: agent.py can be abused for ending analysis through XMLRPC method (Agent.complete())

Created on 29 Jun 2016  路  1Comment  路  Source: cuckoosandbox/cuckoo

As introduced in #984 a malware sample can proceed to XMLRPC calls for illegitimately call methods.
Calling Agent.complete() leads to ending the analysis and kind of forces the Supervisor into believing the analysis is clean (& complete).

Most helpful comment

You can also call ExitProcess() and actually make the analysis terminate.

>All comments

You can also call ExitProcess() and actually make the analysis terminate.

Was this page helpful?
0 / 5 - 0 ratings