You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
$ clamscan f.exe
f.exe: Win.Trojan.DarkKomet-1 FOUND
Output:
[+] Loading File: f.exe
[-] Found: DarkComet
[-] Running Decoder
Traceback (most recent call last):
File "/usr/local/bin/malconf", line 122, in
process_file(args[0], output_file)
File "/usr/local/bin/malconf", line 49, in process_file
module.get_config()
File "/usr/local/lib/python3.8/dist-packages/malwareconfig/decoders/darkcomet.py", line 70, in get_config
raw_config = self.parse_v5(self.file_info, dc_version)
File "/usr/local/lib/python3.8/dist-packages/malwareconfig/decoders/darkcomet.py", line 41, in parse_v5
clear_config = crypto.decrypt_arc4(dc_version, crypted_config)
File "/usr/local/lib/python3.8/dist-packages/malwareconfig/crypto.py", line 22, in decrypt_arc4
cipher = ARC4.new(key)
File "/usr/local/lib/python3.8/dist-packages/Crypto/Cipher/ARC4.py", line 132, in new
return ARC4Cipher(key, *args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/Crypto/Cipher/ARC4.py", line 60, in init
result = _raw_arc4_lib.ARC4_stream_init(c_uint8_ptr(key),
File "/usr/local/lib/python3.8/dist-packages/Crypto/Util/_raw_api.py", line 144, in c_uint8_ptr
raise TypeError("Object type %s cannot be passed to C code" % type(data))
TypeError: Object type <class 'str'> cannot be passed to C code
The text was updated successfully, but these errors were encountered:
$ malconf --version
malconf 1.0
$ clamscan f.exe
f.exe: Win.Trojan.DarkKomet-1 FOUND
Output:
[+] Loading File: f.exe
[-] Found: DarkComet
[-] Running Decoder
Traceback (most recent call last):
File "/usr/local/bin/malconf", line 122, in
process_file(args[0], output_file)
File "/usr/local/bin/malconf", line 49, in process_file
module.get_config()
File "/usr/local/lib/python3.8/dist-packages/malwareconfig/decoders/darkcomet.py", line 70, in get_config
raw_config = self.parse_v5(self.file_info, dc_version)
File "/usr/local/lib/python3.8/dist-packages/malwareconfig/decoders/darkcomet.py", line 41, in parse_v5
clear_config = crypto.decrypt_arc4(dc_version, crypted_config)
File "/usr/local/lib/python3.8/dist-packages/malwareconfig/crypto.py", line 22, in decrypt_arc4
cipher = ARC4.new(key)
File "/usr/local/lib/python3.8/dist-packages/Crypto/Cipher/ARC4.py", line 132, in new
return ARC4Cipher(key, *args, **kwargs)
File "/usr/local/lib/python3.8/dist-packages/Crypto/Cipher/ARC4.py", line 60, in init
result = _raw_arc4_lib.ARC4_stream_init(c_uint8_ptr(key),
File "/usr/local/lib/python3.8/dist-packages/Crypto/Util/_raw_api.py", line 144, in c_uint8_ptr
raise TypeError("Object type %s cannot be passed to C code" % type(data))
TypeError: Object type <class 'str'> cannot be passed to C code
The text was updated successfully, but these errors were encountered: