Closed rprasko closed 9 years ago
iMHLv2
commented
9 years ago the following error indicates you have a syntax issue in your yara rules:
Cannot compile rules: line 40: invalid regular expression in string "$buf": \k is not followed by a braced, angle-bracketed, or quoted nameHello, I'll close this out assuming you were able to fix the syntax error in the Yara rules. If that did not solve your problem, feel free to reopen and describe a bit more of what you're seeing.
I have attached Volatility to a Cuckoo Sandbox and have had issues trying to link them. I have been able to specify the profile in which Volatility should use to process the memory, Win7SP1x64, since my VM is Windows 7. It is now creating the memory dump but gives me a collection of Warnings, but more specifically an Error in the malfind plugin. The Error is as follows:
2015-09-09 14:15:59,016 [volatility.plugins.malware.malfind] ERROR: Cannot compile rules: line 40: invalid regular expression in string "$buf": \k is not followed by a braced, angle-bracketed, or quoted name 2015-09-09 14:15:59,017 [lib.cuckoo.core.plugins] ERROR: Failed to run the processing module "Memory":
I just updated to Volatility 2.4 yesterday, and haven't been able to process the memory module for Cuckoo Sandbox. Trying to find where the errors lie, any help will be appreciated.
Thanks