malconfscan & malstrscan runtime errors #8
Description
both plugins resulted an error when running.
I am using an ubuntu 16.04 virtual machine, 4 gb RAM, 1 cpu.
malconfscan:
omri@ubuntu:/opt/calamity/MalConfScan$ vol.py -f ~/Desktop/otterctf.vmem --profile=Win7SP1x64 malconfscan
Volatility Foundation Volatility Framework 2.6.1
[+] Searching memory by Yara rules.
Traceback (most recent call last):
File "/usr/local/bin/vol.py", line 4, in
import('pkg_resources').run_script('volatility==2.6.1', 'vol.py')
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 719, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 1504, in run_script
exec(code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/EGG-INFO/scripts/vol.py", line 192, in
main()
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/EGG-INFO/scripts/vol.py", line 183, in main
command.execute()
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/commands.py", line 147, in execute
func(outfd, data)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/malconfscan.py", line 94, in render_text
for task, start, end, malname, memory_model, config_data in data:
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/malconfscan.py", line 84, in calculate
for task, vad_base_addr, end, hit, memory_model, config_data in instance.calculate():
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/utils/datperscan.py", line 236, in calculate
dec = self.custom_rc4(enc, key, rc4key_seed)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/utils/datperscan.py", line 97, in custom_rc4
for char in data:
TypeError: 'NoneType' object is not iterable
malstrscan:
omri@ubuntu:/opt/calamity/MalConfScan$ vol.py -f ~/Desktop/otterctf.vmem --profile=Win7SP1x64 malstrscan
Volatility Foundation Volatility Framework 2.6.1
[+] Searching for malicious memory space.
Traceback (most recent call last):
File "/usr/local/bin/vol.py", line 4, in
import('pkg_resources').run_script('volatility==2.6.1', 'vol.py')
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 719, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python2.7/dist-packages/pkg_resources/init.py", line 1504, in run_script
exec(code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/EGG-INFO/scripts/vol.py", line 192, in
main()
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/EGG-INFO/scripts/vol.py", line 183, in main
command.execute()
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/commands.py", line 147, in execute
func(outfd, data)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/malconfscan.py", line 271, in render_text
for task, start, end, data, protection, strings in data:
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/malconfscan.py", line 206, in calculate
for start, end, memdata, protection in self.detect_injection_proc(proc, space):
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/plugins/malware/malconfscan.py", line 140, in detect_injection_proc
data = address_space.zread(vad.Start, vad.End + 1)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/addrspace.py", line 283, in zread
return self._read(addr, length, True)
File "/usr/local/lib/python2.7/dist-packages/volatility-2.6.1-py2.7.egg/volatility/addrspace.py", line 269, in _read
return "".join(buff)
MemoryError
any solutions come in mind? thanks !