I'm seeing character encoding issues again in v2.0.3 /w the filedir plugin; unclear it's good to force ascii rather than unicode encoding...
[2019-04-23 14:45:37,645 ERROR] stoq: Failed to save results using filedir: {
"results": [
{
"payload_id": "3bf03de9-cf75-431a-80e1-52c45a8d71fe",
"size": 72704,
"payload_meta": {
"should_archive": true,
"extra_data": {
"filename": "file.224"
},
"dispatch_to": []
},
"workers": [
{
"hash": {
"sha256": "09a1c17ac55cde962b4f3bcd61140d752d86362296ee74736000a6a647c73d8c",
"md5": "2a9d0d06d292a4cbbe4a95da4650ed54",
"sha1": "44c32dfae9ac971c3651adbd82c821971a5400dc"
},
"trid": {
"EXE": [
{
"likely": "48.1%",
"type": "Win32 Executable MS Visual C++ (generic) (31206/45/13)"
},
{
"likely": "25.4%",
"type": "Microsoft Visual C++ compiled executable (generic) (16529/12/5)"
},
{
"likely": "6.9%",
"type": "Win32 Executable (generic) (4508/7/1)"
},
{
"likely": "3.1%",
"type": "OS/2 Executable (generic) (2029/13)"
}
],
"DLL": [
{
"likely": "10.1%",
"type": "Win32 Dynamic Link Library (generic) (6578/25/2)"
}
]
},
"clamav": {
"found": true,
"result": "Win.Trojan.Farfli-444"
},
"mimetype": {
"mimetype": "application/x-dosexec"
}
},
{
"vtmis-search": [
{
"vhash": "07402d556095z100131mz3fz",
"submission_names": [
"SogouPY Config",
"Config.exe",
"854137.exe",
"0.exe",
"/854137.exe",
"/root/Desktop/0.exe",
"Malware.ex___",
"08.exe",
"uncompressed",
"C:\\Documents and Settings\\Administrator\\My Documents\\Downloads\\malware samples\\854137.exe\\854137.exe",
"41414221412rddwqdqw.exe",
"DSA9B0.dscapture.net_2017-01-16T09.44.38+0700_192.168.81.70-64866_192.168.81.140-80_2a9d0d06d292a4cbbe4a95da4650ed54_1.exe",
"D:\\0xFFFFFFFFFF\\\ucef4\ud4e8\ud130\\\uc545\uc131\ucf54\ub4dc\ubd84\uc11d\\0.exe\\0.exe",
"Lab1.exe",
"\ub4dc\ub86d\ud37c.exe",
"sample.exe",
"Ghost.exe",
"evil-shit.exe",
"C:\\Users\\hrd\\0.exe",
"854137.exe.vir",
"0.exe.vir",
"Trojan.W32.Downloader-Uad.Farfli-444.exe",
"2a9d0d06d292a4cbbe4a95da4650ed54",
"23f82686258760c273af981b69cf4251041b8f0b",
"2A9D0D06D292A4CBBE4A95DA4650ED54.VIR",
"9100173",
"/var/www/clean-mx/virusesevidence/output.9100173.txt",
"C:\\Downloads\\Files1\\0.exe",
"c:\\downloads\\files1\\0.exe",
"E:\\TEKDEFENSE\\854137.exe"
],
"scan_date": "2019-03-24 23:35:14",
"first_seen": "2013-01-14 22:05:50",
"times_submitted": 136,
"additional_info": {
"magic": "PE32 executable for MS Windows (GUI) Intel 80386 32-bit",
"exiftool": {
"UninitializedDataSize": "0",
"LinkerVersion": "6.0",
"ImageVersion": "0.0",
"FileVersionNumber": "1.0.0.1",
"LanguageCode": "Chinese (Simplified)",
"FileFlagsMask": "0x003f",
"ImageFileCharacteristics": "No relocs, Executable, No line numbers, No symbols, 32-bit",
"CharacterSet": "Unicode",
"InitializedDataSize": "71680",
"EntryPoint": "0x15a2",
"OriginalFileName": "Config.exe",
"MIMEType": "application/octet-stream",
"LegalCopyright": "? 2010 Sogou.com Inc. All rights reserved.",
"FileVersion": "5.0.0.3787",
"TimeStamp": "2011:03:22 16:36:10+01:00",
"FileType": "Win32 EXE",
"PEType": "PE32",
"InternalName": "SogouPY Config",
"ProductVersion": "5.0.0.3787",
"SubsystemVersion": "4.0",
"OSVersion": "4.0",
"FileOS": "Windows NT 32-bit",
"Subsystem": "Windows GUI",
"MachineType": "Intel 386 or later, and compatibles",
"CompanyName": "Sogou.com Inc.",
"CodeSize": "0",
"FileSubtype": "0",
"ProductVersionNumber": "1.0.0.1",
"FileTypeExtension": "exe",
"ObjectFileType": "Executable application"
},
"trid": "Win32 Executable MS Visual C++ (generic) (48.1%)\nMicrosoft Visual C++ compiled executable (generic) (25.4%)\nWin32 Dynamic Link Library (generic) (10.1%)\nWin32 Executable (generic) (6.9%)\nOS/2 Executable (generic) (3.1%)",
"pe-imphash": "03f2c2376dbaab48c69a23e5f572970b",
"pe-resource-list": {
"934bff4e3799007028d2fb8ecf30013dec9fcfdd91cf4ec2e15ec1120683ee7e": "ASCII text",
"96e3d5cf15f4ad9ae0abe2c55e485b7b9a072ae4748f0f58f9ee9cf8498de1d2": "data",
"dd69a739e398ce71ee9e05b92db9e9b12447c23eba896ac3f73adf50ca9071de": "data",
"a92f60b25322592e7ddd13d88e4006c097666f4d87c8cb0c21ffdccd53b31d78": "Lotus 1-2-3",
"9ee45783d72da6e3ca955b6333b50d4512695c99209c2b11fd675184cc9b1ca6": "data",
"0717dfca923df0beca176f2cb47bdf066cd80d7365dac55184d1a6282bb81b26": "data",
"391109432ba2df9f3ebc74e0144f42a490405f7c8ecb51da01b4ce793be72f25": "application/x-ms-dos-executable",
"35b7d03732d6f5834ca165995ac2985880c2ac0c13b0d9c60a23edc9e0ae11e3": "ASCII text",
"519122f5886bcca7e78f1537961c526d3128675006ed0c04b459ac49409176be": "data"
},
"peid": "Armadillo v1.71",
"pe-resource-langs": {
"CHINESE SIMPLIFIED": 9
},
"contacted_domains": [
"www.wikiplum.com"
],
"contacted_ips": [
"208.91.197.46"
],
"deepguard": "Suspicious:W32/Malware!Online",
"sigcheck": {
"product": "\u641c\u72d7\u62fc\u97f3\u8f93\u5165\u6cd5",
"description": "\u641c\u72d7\u62fc\u97f3\u8f93\u5165\u6cd5 \u8bbe\u7f6e\u7a0b\u5e8f",
"copyright": "? 2010 Sogou.com Inc. All rights reserved.",
"original name": "Config.exe",
"authentihash": "3bad0e636b23c59cbf300ebbf3df53380288b7035f8c2ba130f3735ab3b3a2d1",
"file version": "5.0.0.3787",
"internal name": "SogouPY Config",
"link date": "4:36 PM 3/22/2011"
},
"compressed_parents": [
"ccac5ae298c791f3fc3c7e98817e318ee86694c0ab02936c61a8933828761f48",
"35f8662cfae89266708e5faaeb539db4ac9158a2a379cd3b283c97278d669034",
"86bdb2ca9cabab6335ce2c2ff8204d7e6f2a342471aaf7856c0c0494f099dde0",
"19d5b3d83bb2c366f7daf443e07492d406708f2cef4b73396f087b569b059693",
"c79ac8a613c7a25793b2a0167d48a6a5e8e7c811ccdaf01d0a47efc7dff99dbd",
"4967fa8105bb39ff58c2ebd2dcb9e3767f7ccc8713f36f73627eaaeaad28a1f6",
"c60373d02dc3309de283fc9081e23d78caa152cc420727351b6693e3cd5331f3",
"e3443db4619946094b683d1290b02b38266b7844053562bd612b0a497e7eb6ad",
"0425e34cae3f701cf17dd64155f29cca0a77799a4029df42320ab741c2e96ed1",
"66797f88850ce377c6ddf41856799ab47644a277b982e11994ec7e2a40415c3e",
"780d3b7a7427bf86190722c24b483a6b0866a0fd0e1c3000e196c5109ccd6ec6",
"ac3084a0404db903e66796ff7adfbb078c8b8285d0bc73721f1e85d1101a0339",
"1dd806fc41e7ce89609e056301a150945e88b47331e523e46fbcd8de9cc9f193",
"a81d15158decfd7bc39870714a7f5053bcff14150529f80e3e80416242675eba",
"ef13fa473820ec1b67851ace3338ef486bfa4f7acfdddd1e2249010a32006799",
"56ab6024ac67cabbafb80a5839a83f45a611d58604944a53c3d5a44578c63c37",
"8e7b4017a0e0702627835f0ef853bfa86d97b3a4e4d9cbe7ebc4162ff67fd37f"
],
"positives_delta": 1,
"pe-resource-detail": [
{
"lang": "CHINESE SIMPLIFIED",
"chi2": 987762.3125,
"filetype": "application/x-ms-dos-executable",
"entropy": 6.1942267417907715,
"sha256": "391109432ba2df9f3ebc74e0144f42a490405f7c8ecb51da01b4ce793be72f25",
"type": "CPP"
},
{
"lang": "CHINESE SIMPLIFIED",
"chi2": 56994.4375,
"filetype": "data",
"entropy": 0.7523787021636963,
"sha256": "519122f5886bcca7e78f1537961c526d3128675006ed0c04b459ac49409176be",
"type": "RT_CURSOR"
},
{
"lang": "CHINESE SIMPLIFIED",
"chi2": 12890.708984375,
"filetype": "data",
"entropy": 1.92000412940979,
"sha256": "9ee45783d72da6e3ca955b6333b50d4512695c99209c2b11fd675184cc9b1ca6",
"type": "RT_BITMAP"
},
{
"lang": "CHINESE SIMPLIFIED",
"chi2": 1830.888671875,
"filetype": "data",
"entropy": 1.9447168111801147,
"sha256": "0717dfca923df0beca176f2cb47bdf066cd80d7365dac55184d1a6282bb81b26",
"type": "RT_MENU"
},
{
"lang": "CHINESE SIMPLIFIED",
"chi2": 11565.8759765625,
"filetype": "data",
"entropy": 2.8630785942077637,
"sha256": "96e3d5cf15f4ad9ae0abe2c55e485b7b9a072ae4748f0f58f9ee9cf8498de1d2",
"type": "RT_DIALOG"
},
{
"lang": "CHINESE SIMPLIFIED",
"chi2": 7893.99951171875,
"filetype": "ASCII text",
"entropy": 0.9609531760215759,
"sha256": "934bff4e3799007028d2fb8ecf30013dec9fcfdd91cf4ec2e15ec1120683ee7e",
"type": "RT_STRING"
},
{
"lang": "CHINESE SIMPLIFIED",
"chi2": 1797.600341796875,
"filetype": "Lotus 1-2-3",
"entropy": 2.0192408561706543,
"sha256": "a92f60b25322592e7ddd13d88e4006c097666f4d87c8cb0c21ffdccd53b31d78",
"type": "RT_GROUP_CURSOR"
},
{
"lang": "CHINESE SIMPLIFIED",
"chi2": 68214.3046875,
"filetype": "data",
"entropy": 3.580381155014038,
"sha256": "dd69a739e398ce71ee9e05b92db9e9b12447c23eba896ac3f73adf50ca9071de",
"type": "RT_VERSION"
},
{
"lang": "CHINESE SIMPLIFIED",
"chi2": 4716.19970703125,
"filetype": "ASCII text",
"entropy": 5.106089115142822,
"sha256": "35b7d03732d6f5834ca165995ac2985880c2ac0c13b0d9c60a23edc9e0ae11e3",
"type": "RT_MANIFEST"
}
],
"first_seen_itw": "2011-03-22 08:36:10",
"pe-resource-types": {
"RT_DIALOG": 1,
"RT_GROUP_CURSOR": 1,
"RT_STRING": 1,
"RT_MANIFEST": 1,
"RT_MENU": 1,
"CPP": 1,
"RT_BITMAP": 1,
"RT_CURSOR": 1,
"RT_VERSION": 1
},
"pe-timestamp": 1300808170,
"imports": {
"ADVAPI32.dll": [
"RegOpenKeyA",
"RegCloseKey",
"OpenServiceA",
"ChangeServiceConfigA",
"RegSetValueExA",
"ControlService",
"StartServiceA",
"RegCreateKeyExA",
"OpenSCManagerA"
],
"KERNEL32.dll": [
"GetStartupInfoA",
"SizeofResource",
"GetWindowsDirectoryA",
"Sleep",
"GetModuleHandleA",
"LoadResource",
"LockResource",
"WaitForSingleObject",
"DeleteFileA",
"CreateEventA",
"WriteFile",
"GetTickCount",
"CloseHandle",
"CreateFileA",
"GetModuleFileNameA",
"GetProcAddress",
"FindResourceA",
"LoadLibraryA",
"FreeResource"
],
"MSVCRT.dll": [
"_except_handler3",
"rand",
"_acmdln",
"_adjust_fdiv",
"srand",
"__p__commode",
"__p__fmode",
"_controlfp",
"__setusermatherr",
"exit",
"sprintf",
"__getmainargs",
"_exit",
"__set_app_type",
"_initterm",
"_XcptFilter"
],
"USER32.dll": [
"LoadCursorA",
"RegisterClassA",
"LoadIconA"
],
"GDI32.dll": [
"GetStockObject"
]
},
"pe-entry-point": 5538,
"sections": [
[
".data",
4096,
3020,
3072,
"5.82",
"2a6a06117a251a3d3aef8f00b73876a2"
],
[
".rsrc",
8192,
69632,
68608,
"6.13",
"74a468373ff0f87c6a068b0bfbcb969b"
]
],
"pe-machine-type": 332
},
"size": 72704,
"scan_id": "09a1c17ac55cde962b4f3bcd61140d752d86362296ee74736000a6a647c73d8c-1553470514",
"total": 71,
"harmless_votes": 0,
"verbose_msg": "Scan finished, information embedded",
"sha256": "09a1c17ac55cde962b4f3bcd61140d752d86362296ee74736000a6a647c73d8c",
"type": "Win32 EXE",
"scans": {
"Bkav": {
"detected": true,
"version": "1.3.0.9899",
"result": "W32.SogouQhupgfLnr.Trojan",
"update": "20190320"
},
"MicroWorld-eScan": {
"detected": true,
"version": "14.0.297.0",
"result": "Gen:Variant.Symmi.72359",
"update": "20190324"
},
"CMC": {
"detected": true,
"version": "1.1.0.977",
"result": "Trojan-GameThief.Win32.Magania!O",
"update": "20190321"
},
"CAT-QuickHeal": {
"detected": true,
"version": "14.00",
"result": "Backdoor.Farfli.O",
"update": "20190324"
},
"McAfee": {
"detected": true,
"version": "6.0.6.653",
"result": "Generic Dropper.abs",
"update": "20190324"
},
"Cylance": {
"detected": true,
"version": "2.3.1.101",
"result": "Unsafe",
"update": "20190325"
},
"Zillya": {
"detected": true,
"version": "2.0.0.3781",
"result": "Trojan.Magania.Win32.59362",
"update": "20190324"
},
"TheHacker": {
"detected": true,
"version": "6.8.0.5.4098",
"result": "Trojan/Magania.enxs",
"update": "20190324"
},
"BitDefender": {
"detected": true,
"version": "7.2",
"result": "Gen:Variant.Symmi.72359",
"update": "20190324"
},
"K7GW": {
"detected": true,
"version": "11.34.30381",
"result": "Password-Stealer ( 0022e0431 )",
"update": "20190324"
},
"K7AntiVirus": {
"detected": true,
"version": "11.34.30381",
"result": "Password-Stealer ( 0022e0431 )",
"update": "20190324"
},
"Arcabit": {
"detected": true,
"version": "1.0.0.844",
"result": "Trojan.Symmi.D11AA7",
"update": "20190324"
},
"TrendMicro": {
"detected": true,
"version": "10.0.0.1040",
"result": "TROJ_SPNR.15JQ11",
"update": "20190324"
},
"Baidu": {
"detected": true,
"version": "1.0.0.2",
"result": "Win32.Backdoor.DarkAngle.a",
"update": "20190318"
},
"Babable": {
"detected": false,
"version": "9107201",
"result": null,
"update": "20180918"
},
"F-Prot": {
"detected": true,
"version": "4.7.1.166",
"result": "W32/Backdoor.Q.gen!Eldorado",
"update": "20190324"
},
"Symantec": {
"detected": true,
"version": "1.8.0.0",
"result": "Trojan.Dropper",
"update": "20190324"
},
"TotalDefense": {
"detected": false,
"version": "37.1.62.1",
"result": null,
"update": "20190324"
},
"TrendMicro-HouseCall": {
"detected": true,
"version": "10.0.0.1040",
"result": "TROJ_SPNR.15JQ11",
"update": "20190324"
},
"Paloalto": {
"detected": true,
"version": "1.0",
"result": "generic.ml",
"update": "20190325"
},
"ClamAV": {
"detected": true,
"version": "0.101.1.0",
"result": "Win.Trojan.Farfli-444",
"update": "20190324"
},
"Kaspersky": {
"detected": true,
"version": "15.0.1.13",
"result": "Trojan-GameThief.Win32.Magania.ensu",
"update": "20190324"
},
"Alibaba": {
"detected": false,
"version": "0.2.0.3",
"result": null,
"update": "20190306"
},
"NANO-Antivirus": {
"detected": true,
"version": "1.0.134.24576",
"result": "Trojan.Win32.Dwn.tshuf",
"update": "20190324"
},
"ViRobot": {
"detected": true,
"version": "2014.3.20.0",
"result": "Trojan.Win32.PSW-Magania.72704",
"update": "20190324"
},
"SUPERAntiSpyware": {
"detected": true,
"version": "5.6.0.1032",
"result": "Trojan.Agent/Gen-Farfli",
"update": "20190321"
},
"Avast": {
"detected": true,
"version": "18.4.3895.0",
"result": "Win32:Downloader-UAD [Trj]",
"update": "20190324"
},
"Rising": {
"detected": true,
"version": "25.0.0.24",
"result": "Backdoor.Farfli!1.64A3 (CLOUD)",
"update": "20190324"
},
"Endgame": {
"detected": true,
"version": "3.0.8",
"result": "malicious (high confidence)",
"update": "20190322"
},
"Trustlook": {
"detected": false,
"version": "1.0",
"result": null,
"update": "20190325"
},
"Sophos": {
"detected": true,
"version": "4.98.0",
"result": "Troj/Farfli-Gen",
"update": "20190322"
},
"Comodo": {
"detected": true,
"version": "30620",
"result": "TrojWare.Win32.Farfli.~hon@4k8xs5",
"update": "20190325"
},
"F-Secure": {
"detected": true,
"version": "12.0.86.52",
"result": "Trojan.TR/Spy.Gen",
"update": "20190324"
},
"DrWeb": {
"detected": true,
"version": "7.0.34.11020",
"result": "Trojan.DownLoader4.44699",
"update": "20190324"
},
"VIPRE": {
"detected": true,
"version": "73920",
"result": "Trojan-Dropper.Win32.Farfli.e (v)",
"update": "20190324"
},
"Invincea": {
"detected": true,
"version": "6.3.6.26157",
"result": "heuristic",
"update": "20190313"
},
"McAfee-GW-Edition": {
"detected": true,
"version": "v2017.3010",
"result": "Generic Dropper.abs",
"update": "20190324"
},
"Trapmine": {
"detected": true,
"version": "3.1.48.748",
"result": "malicious.high.ml.score",
"update": "20190301"
},
"Emsisoft": {
"detected": true,
"version": "2018.4.0.1029",
"result": "Gen:Variant.Symmi.72359 (B)",
"update": "20190324"
},
"SentinelOne": {
"detected": true,
"version": "1.0.24.302",
"result": "DFI - Malicious PE",
"update": "20190317"
},
"Cyren": {
"detected": true,
"version": "6.2.0.1",
"result": "W32/Backdoor.Q.gen!Eldorado",
"update": "20190324"
},
"Jiangmin": {
"detected": true,
"version": "16.0.100",
"result": "Trojan/PSW.Magania.auqv",
"update": "20190324"
},
"Webroot": {
"detected": true,
"version": "1.0.0.403",
"result": "W32.Backdoor.Gen",
"update": "20190325"
},
"Avira": {
"detected": true,
"version": "8.3.3.8",
"result": "TR/Spy.Gen",
"update": "20190324"
},
"MAX": {
"detected": true,
"version": "2018.9.12.1",
"result": "malware (ai score=100)",
"update": "20190325"
},
"Antiy-AVL": {
"detected": true,
"version": "3.0.0.1",
"result": "Trojan[GameThief]/Win32.Magania",
"update": "20190324"
},
"Kingsoft": {
"detected": true,
"version": "2013.8.14.323",
"result": "Win32.Troj.Generic.(kcloud)",
"update": "20190325"
},
"Microsoft": {
"detected": true,
"version": "1.1.15800.1",
"result": "TrojanDropper:Win32/Farfli.E",
"update": "20190324"
},
"AegisLab": {
"detected": true,
"version": "4.2",
"result": "Trojan.Win32.Magania.4!c",
"update": "20190324"
},
"ZoneAlarm": {
"detected": true,
"version": "1.0",
"result": "Trojan-GameThief.Win32.Magania.ensu",
"update": "20190324"
},
"Avast-Mobile": {
"detected": false,
"version": "190324-00",
"result": null,
"update": "20190324"
},
"GData": {
"detected": true,
"version": "A:25.21250B:25.14682",
"result": "Gen:Variant.Symmi.72359",
"update": "20190324"
},
"AhnLab-V3": {
"detected": true,
"version": "3.15.0.23609",
"result": "Dropper/Win32.OnlineGameHack.R3269",
"update": "20190324"
},
"Acronis": {
"detected": false,
"version": "1.0.1.40",
"result": null,
"update": "20190322"
},
"VBA32": {
"detected": true,
"version": "4.0.0",
"result": "BScope.Trojan.Downloader",
"update": "20190322"
},
"ALYac": {
"detected": true,
"version": "1.1.1.5",
"result": "Gen:Variant.Symmi.72359",
"update": "20190324"
},
"TACHYON": {
"detected": true,
"version": "2019-03-24.02",
"result": "Trojan-PWS/W32.WebGame.72704.AX",
"update": "20190324"
},
"Ad-Aware": {
"detected": true,
"version": "3.0.5.370",
"result": "Gen:Variant.Symmi.72359",
"update": "20190324"
},
"Malwarebytes": {
"detected": true,
"version": "2.1.1.1115",
"result": "Backdoor.Farfli.Gen",
"update": "20190324"
},
"Zoner": {
"detected": true,
"version": "1.0",
"result": "Trojan.Win32.9143",
"update": "20190325"
},
"ESET-NOD32": {
"detected": true,
"version": "19081",
"result": "Win32/Farfli.DV",
"update": "20190324"
},
"Tencent": {
"detected": true,
"version": "1.0.0.1",
"result": "Trojan.Win32.Magania.nlz",
"update": "20190325"
},
"Yandex": {
"detected": true,
"version": "5.5.1.3",
"result": "Trojan.PWS.Magania!d9Mad2m07yY",
"update": "20190324"
},
"Ikarus": {
"detected": true,
"version": "0.1.5.2",
"result": "Trojan-Spy.Win32.Insain",
"update": "20190324"
},
"eGambit": {
"detected": true,
"version": "v4.3.6",
"result": "Unsafe.AI_Score_95%",
"update": "20190325"
},
"Fortinet": {
"detected": true,
"version": "5.4.247.0",
"result": "W32/Onlinegames.BNLQ!tr",
"update": "20190324"
},
"AVG": {
"detected": true,
"version": "18.4.3895.0",
"result": "Win32:Downloader-UAD [Trj]",
"update": "20190324"
},
"Cybereason": {
"detected": true,
"version": "1.2.449",
"result": "malicious.6d292a",
"update": "20190324"
},
"Panda": {
"detected": true,
"version": "4.6.4.2",
"result": "Generic Malware",
"update": "20190324"
},
"CrowdStrike": {
"detected": true,
"version": "1.0",
"result": "win/malicious_confidence_100% (W)",
"update": "20190212"
},
"Qihoo-360": {
"detected": true,
"version": "1.0.0.1120",
"result": "Win32/Trojan.GameThief.cda",
"update": "20190325"
}
},
"tags": [
"peexe",
"armadillo"
],
"authentihash": "3bad0e636b23c59cbf300ebbf3df53380288b7035f8c2ba130f3735ab3b3a2d1",
"unique_sources": 116,
"positives": 65,
"ssdeep": "1536:jWZpTtLcWyeYd4//yEZc1GJf7/QP4uirySj5e:+pZTvnyEZiGJ7/QguiryS5e",
"md5": "2a9d0d06d292a4cbbe4a95da4650ed54",
"permalink": "https://www.virustotal.com/file/09a1c17ac55cde962b4f3bcd61140d752d86362296ee74736000a6a647c73d8c/analysis/1553470514/",
"sha1": "44c32dfae9ac971c3651adbd82c821971a5400dc",
"resource": "44c32dfae9ac971c3651adbd82c821971a5400dc",
"response_code": 1,
"community_reputation": -59,
"malicious_votes": 5,
"ITW_urls": [
"http://34.240.31.94/854137.exe",
"http://200.129.137.121/Malware.ex___",
"http://199.193.71.91:89/0.exe"
],
"last_seen": "2019-03-09 18:46:24"
}
]
}
],
"archivers": {},
"plugins_run": {
"workers": [
[
"hash",
"trid",
"clamav",
"mimetype"
],
[
"vtmis-search"
]
],
"archivers": []
},
"extracted_from": null,
"extracted_by": null
}
],
"request_meta": {
"archive_payloads": true,
"source": null,
"extra_data": {}
},
"errors": {
},
"time": "2019-04-23T14:45:37.636438",
"decorators": {},
"scan_id": "c25068fd-f0f2-4f7d-b988-d7712ef4d132"
}
Traceback (most recent call last):
File "/home/pass/.stoq/.venv/lib/python3.6/site-packages/stoq/core.py", line 546, in scan_payload
connector.save(response)
File "/home/pass/.stoq/plugins/filedir/filedir.py", line 139, in save
outfile.write(f'{helpers.dumps(response, compactly=self.compactly)}\n')
UnicodeEncodeError: 'ascii' codec can't encode characters in position 1418-1420: ordinal not in range(128)
--- Logging error ---
Traceback (most recent call last):
File "/home/pass/.stoq/.venv/lib/python3.6/site-packages/stoq/core.py", line 546, in scan_payload
connector.save(response)
File "/home/pass/.stoq/plugins/filedir/filedir.py", line 139, in save
outfile.write(f'{helpers.dumps(response, compactly=self.compactly)}\n')
UnicodeEncodeError: 'ascii' codec can't encode characters in position 1418-1420: ordinal not in
range(128)