Comments (6)
Hello. There's a different version of malfind supplied with the 2.1 alpha
branch (as compared to the version in malware.py on this website). The older
malfind (which is written about in the book) searched for injected code *and*
allowed you to scan for yara signatures. In the newer version, malfind only
finds injected code. The plugin for scanning with yara rules is yarascan.
So in your 2.1 alpha branch just do:
$ python vol.py malfind -h
$ python vol.py yarascan -h
That will show you the options allowed for both plugins. One thing I see is you
used -dump-dir instead of --dump-dir.
Original comment by [email protected]
on 18 Apr 2012 at 3:40
from malwarecookbook.
Hi Michael,
for Volatility Framework 2.1_alpha
i tried the following
vol.py malfind -f c:\memsmpls\zeus.vmem -dump-dir c:\re\
output is : vol.py: error: no such option: -u
Also tried
vol.py malfind -f c:\memsmpls\zeus.vmem --dump-dir c:\re\
output is : vol.py: error: no such option: --dump-dir
what is wrong ? please help
Thanks
Tamer
Original comment by [email protected]
on 22 Apr 2012 at 7:28
from malwarecookbook.
Hey Tamer, sorry about that. I just realized the --dump-dir option had gotten
removed in the transition to the 2.1 alpha base.
See the following patch and update to r1628 to re-enable the --dump-dir option:
http://code.google.com/p/volatility/source/detail?r=1628
Thanks!
Original comment by [email protected]
on 23 Apr 2012 at 2:47
from malwarecookbook.
Hi Michael,
It is working,
Thanks
Original comment by [email protected]
on 24 Apr 2012 at 6:17
from malwarecookbook.
hey, Michael
yarascan works good.
then I should find malware yara rule.
Thanks a lot.
Original comment by [email protected]
on 25 Apr 2012 at 10:22
from malwarecookbook.
Original comment by [email protected]
on 2 May 2012 at 6:13
- Changed state: Done
from malwarecookbook.
Related Issues (20)
- ApiHooks plugin takes too long time to scan (I think) HOT 1
- list tasks prob with malware.py r94 HOT 1
- list of apihooks possibly incomplete HOT 2
- issue with impscan HOT 1
- clamav_to_yara.py creates lots of invalid jumps e.g. [4-4] HOT 6
- typo in pescanner.py wrt clamscan status code HOT 1
- Add --physical-offset option to psxview to synchronize eprocess offsets HOT 1
- IOError: [Errno 22] Invalid argument when running malfind.py HOT 3
- malware2.1_alpha.py Error HOT 3
- avsubmit.py & VT API 2.0
- volatility 2.1 alpha && malware2.1_alpha.py trunk psxview command bug HOT 1
- ssdeep_proc.py not showing the results on windows 7 x64 machir
- malware plugins not installed with 2.1 alpha HOT 2
- dbmgr.py has a gramatical error which halts processing HOT 2
- av_multiscan indent error HOT 1
- peid_to_yara.py HOT 1
- Patch for /trunk/3/8/pescanner.py
- Seeing lots of [invalid skip in string "$a1"] when running a Yara Scan with ClamAV Converted Signatures HOT 9
- Patch for /trunk/3/5/capabilities.yara
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from malwarecookbook.