[Vol-users] zeusscan2

shorejsi2 at mmm.com shorejsi2 at mmm.com
Tue Jan 28 08:06:18 CST 2014


Michael;

 Thanks for putting me straight on that one. Seems I had read somewhere 
(the Internet? Can't be; everything written there is true...) that 
zeusscan/zeusscan2 couldn't run in Volatility versions  beyond 2.0. 
Obviously not true.  As it happens, I already have 2.3.1 installed and 
typically use it first. 

 Running under 2.3.1 gave a different result, but not necessarily a 
'better' different result:

$ python vol.py --plugins=contrib/plugins/malware  zeusscan2 -f 
~/Images/CA005040-HP8460/CA005040-HP8460-RAM.dd4.001 --profile=Win7SP1x86
Volatility Foundation Volatility Framework 2.3.1
Killed

 Seems it used up all 20GB of installed ram, then consumed the 10GB of 
available swap space before it bailed. 

 I'll have my hands on a drive image in a day or so (it's an off-site 
machine) and then if anyone's interested in looking at the malware itself 
I'll certainly provide copies.


                        -=[ Steve ]=-



>> I would recommend grabbing a 2.3.1 install, the 2.0 version is more 
than 3 years old now.  

>> $ svn checkout http://volatility.googlecode.com/svn/trunk/ 
volatility-read-only
>> $ cd volatility-read-only
>> $ python vol.py --plugins=contrib/plugins/malware -f mem.dmp zeusscan2

>> Give that a shot...
>> MHL
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20140128/fa557683/attachment.html


More information about the Vol-users mailing list