Re: [Vol-users] zeusscan2

Michael; Thanks for putting me straight on that one. Seems I had read somewhere (the Internet? Can't be; everything written there is true...) that zeusscan/zeusscan2 couldn't run in Volatility versions beyond 2.0. Obviously not true. As it happens, I already have 2.3.1 installed and typically use it first. Running under 2.3.1 gave a different result, but not necessarily a 'better' different result: $ python vol.py --plugins=contrib/plugins/malware zeusscan2 -f ~/Images/CA005040-HP8460/CA005040-HP8460-RAM.dd4.001 --profile=Win7SP1x86 Volatility Foundation Volatility Framework 2.3.1 Killed Seems it used up all 20GB of installed ram, then consumed the 10GB of available swap space before it bailed. I'll have my hands on a drive image in a day or so (it's an off-site machine) and then if anyone's interested in looking at the malware itself I'll certainly provide copies. -=[ Steve ]=- than 3 years old now. volatility-read-only