wroersma
commented
7 years ago Is it possible for you to share this image? If not can you do -d -d -d and provide that output?
Closed 0xwataru closed 7 years ago
wroersma
commented
7 years ago Is it possible for you to share this image? If not can you do -d -d -d and provide that output?
openfoamtutorials
commented
7 years ago Just in case... what does "python --version" return? I think volatility works with 2.7, and not 3+
iMHLv2
commented
7 years ago This is a pretty common error, which results from installing yara from pip or accidentally installing the yara-ctypes library instead of the official yara-python library. See https://github.com/volatilityfoundation/volatility/issues/360
root@lwz-virtual-machine:~/volatility# python vol.py --plugins=contrib/plugins/malware/ --profile=Win7SP1x86 -f win7-snapshot4.vmem zeusscan2 Volatility Foundation Volatility Framework 2.6
Traceback (most recent call last): File "vol.py", line 192, in
main()
File "vol.py", line 183, in main
command.execute()
File "/home/lwz/volatility/volatility/commands.py", line 147, in execute
func(outfd, data)
File "/home/lwz/volatility/contrib/plugins/malware/zeusscan.py", line 462, in render_text
for task, vad, params in data:
File "/home/lwz/volatility/contrib/plugins/malware/zeusscan.py", line 435, in calculate
last_sec_data)
File "/home/lwz/volatility/contrib/plugins/malware/zeusscan.py", line 304, in check_matches
hits = dict((m.rule, m.strings[0][0] + vad.Start) for m in matches)
File "/home/lwz/volatility/contrib/plugins/malware/zeusscan.py", line 304, in
hits = dict((m.rule, m.strings[0][0] + vad.Start) for m in matches)
AttributeError: 'str' object has no attribute 'rule'