[Vol-users] zeusscan

Bridgey adam.bridge at yahoo.com
Sun Sep 7 08:37:01 CDT 2014


I'm using 2.4 too, which I grabbed from the github site, and there's 2 things to consider:

[1] zeusscan1 and zeusscan2 aren't in the out-of-the-box plugins.
[2] Your particular error is odd.


So, [1],


It's not in the default plugins. That is, it's not listed if you list the out-of-the-box plugins for 2.4:
$ python vol.py --help

It is however provided:
$ find -type f -name zeusscan.py
./contrib/plugins/malware/zeusscan.py

To get it to work you need to include the folder:

$ python vol.py --plugins=contrib/plugins/malware/ --help | grep zeusscanVolatility Foundation Volatility Framework 2.4
        zeusscan1          Locate and Decrypt Zeus > 1.20 and < 2.0 Configs
        zeusscan2          Locate and Decrypt Zeus >= 2.0 Configs


Which means you'd use the plugins something like this:
$ python vol.py --plugins=contrib/plugins/malware/ --profile=Win7SP1x86 --filename=/path/to/file zeusscan1


However, [2], your specific problem of fileparams.py being missing is odd. It should be present:
$ find -type f -name fileparam.py
./volatility/plugins/fileparam.py

Can you find the fileparam.py file?
Where did you get your copy of 2.4 from?

Adam



On Sunday, 7 September 2014, 7:08, dnardoni <dnardoni at gmail.com> wrote:
 


Is zeusscan depreciated in version 2.4?

Volatility Foundation Volatility Framework 2.4
ERROR   : volatility.plugins.fileparam: The requested file doesn't exist
_______________________________________________
Vol-users mailing list
Vol-users at volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20140907/4eba392c/attachment.html


More information about the Vol-users mailing list