Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

malconfscan & malstrscan runtime errors #8

Open
omrirefaeli opened this issue Oct 27, 2019 · 1 comment
Open

malconfscan & malstrscan runtime errors #8

omrirefaeli opened this issue Oct 27, 2019 · 1 comment

Comments

@omrirefaeli
Copy link

both plugins resulted an error when running.
I am using an ubuntu 16.04 virtual machine, 4 gb RAM, 1 cpu.

malconfscan:

omri@ubuntu:/opt/calamity/MalConfScan$ vol.py -f ~/Desktop/otterctf.vmem --profile=Win7SP1x64 malconfscan
Volatility Foundation Volatility Framework 2.6.1
[+] Searching memory by Yara rules.
Traceback (most recent call last):
File "/usr/local/bin/vol.py", line 4, in
import('pkg_resources').run_script('volatility==2.6.1', 'vol.py')
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 719, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 1504, in run_script
exec(code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/EGG-INFO/scripts/vol.py", line 192, in
main()
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/EGG-INFO/scripts/vol.py", line 183, in main
command.execute()
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/commands.py", line 147, in execute
func(outfd, data)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/malconfscan.py", line 94, in render_text
for task, start, end, malname, memory_model, config_data in data:
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/malconfscan.py", line 84, in calculate
for task, vad_base_addr, end, hit, memory_model, config_data in instance.calculate():
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/utils/datperscan.py", line 236, in calculate
dec = self.custom_rc4(enc, key, rc4key_seed)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/utils/datperscan.py", line 97, in custom_rc4
for char in data:
TypeError: 'NoneType' object is not iterable

malstrscan:

omri@ubuntu:/opt/calamity/MalConfScan$ vol.py -f ~/Desktop/otterctf.vmem --profile=Win7SP1x64 malstrscan
Volatility Foundation Volatility Framework 2.6.1
[+] Searching for malicious memory space.
Traceback (most recent call last):
File "/usr/local/bin/vol.py", line 4, in
import('pkg_resources').run_script('volatility==2.6.1', 'vol.py')
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 719, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 1504, in run_script
exec(code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/EGG-INFO/scripts/vol.py", line 192, in
main()
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/EGG-INFO/scripts/vol.py", line 183, in main
command.execute()
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/commands.py", line 147, in execute
func(outfd, data)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/malconfscan.py", line 271, in render_text
for task, start, end, data, protection, strings in data:
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/malconfscan.py", line 206, in calculate
for start, end, memdata, protection in self.detect_injection_proc(proc, space):
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/malconfscan.py", line 140, in detect_injection_proc
data = address_space.zread(vad.Start, vad.End + 1)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/addrspace.py", line 283, in zread
return self._read(addr, length, True)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/addrspace.py", line 269, in _read
return "".join(buff)
MemoryError

any solutions come in mind? thanks !
@ohisama
Copy link

ohisama commented Oct 23, 2020

環境は、ubuntu 18.04 LTS
volatilityは、apt-get install

volatility malconfscan -f laqma.vmem/laqma.vmem

Volatility Foundation Volatility Framework 2.6
[+] Searching memory by Yara rules.
Traceback (most recent call last):
File "/usr/bin/volatility", line 192, in
main()
File "/usr/bin/volatility", line 183, in main
command.execute()
File "/usr/lib/python2.7/dist-packages/volatility/commands.py", line 147, in execute
func(outfd, data)
File "/usr/lib/python2.7/dist-packages/volatility/plugins/malware/malconfscan.py", line 101, in render_text
for task, start, end, malname, memory_model, config_data in data:
File "/usr/lib/python2.7/dist-packages/volatility/plugins/malware/malconfscan.py", line 87, in calculate
for task, vad_base_addr, end, hit, memory_model, config_data in instance.calculate():
File "/usr/lib/python2.7/dist-packages/volatility/plugins/malware/utils/datperscan.py", line 236, in calculate
dec = self.custom_rc4(enc, key, rc4key_seed)
File "/usr/lib/python2.7/dist-packages/volatility/plugins/malware/utils/datperscan.py", line 97, in custom_rc4
for char in data:
TypeError: 'NoneType' object is not iterable

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ohisama @omrirefaeli