[BUG] linux.pslist.PsList - Android 15 LiME dump not recognized

[BinsIT]

Unable to access the linux.pslist.PsList plugin from an Android 15 (Pixel 7 emulator) LiME dump.
Volatility 3 fails to satisfy requirements plugins.PsList.kernel.layer_name and plugins.PsList.kernel.symbol_table_name, despite a matching symbol file existing in the Linux symbols path.

Command executed

python3 vol.py -vvv -f ~/Desktop/ram.raw -s ~/.cache/volatility3/symbols/linux/ linux.pslist.PsList

Context

Volatility Version: 3 Framework 2.27.0
OS (Host): Ubuntu 24.04.3 LTS
Python Version: 3.12.3 (GCC 13.3.0)
Suspected Target OS: Android 15 (kernel 6.6.30-android15-8-maybe-dirty) — Pixel 7 emulator image
Acquisition Tool: LiME (compiled and loaded in Android Emulator)
Command:
python3 vol.py -vvv -f ~/Desktop/ram.raw -s ~/.cache/volatility3/symbols/linux/ linux.pslist.PsList

Relevant output

Unsatisfied requirement plugins.PsList.kernel.layer_name:
Unsatisfied requirement plugins.PsList.kernel.symbol_table_name:

A translation layer requirement was not fulfilled.
A symbol table requirement was not fulfilled.

DEBUG volatility3.framework.automagic.linux: No suitable linux banner could be matched
DEBUG volatility3.framework.automagic.symbol_cache: Duplicate entry for identifier '6.6.30-android15-8-maybe-dirty'
Unable to validate the plugin requirements: ['plugins.PsList.kernel.layer_name', 'plugins.PsList.kernel.symbol_table_name']

Expected behavior
Volatility should load the correct Linux symbols (6.6.30-android15-8-maybe-dirty.json) and output the process list.

Additional information

Symbol file exists at:

~/.cache/volatility3/symbols/linux/6.6.30-android15-8-maybe-dirty.json

Kernel banner detected correctly:

Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host)

Possibly related to:

Android kernels compiled with Clang 18 (AOSP r510928)

Emulator memory layout (non-standard LiME offsets?)

Question

Is additional configuration or custom symbol generation required for Android 15 (Clang-based) kernels to make linux.pslist.PsList work properly in Volatility 3?

[eve-mem]

Hello, I'm assuming it also emulates arm too? If so vol doesn't currently support it, however you can try this PR which adds in some arm support.
#1088

[BinsIT]

I'm not sure, but arch is x86_64.

EDIT:
Arch is x86_64.

[eve-mem]

Ah ok. Great. Could you please share the full log with the pslist output -vvvv option. It'll help diagnose the problem.

Could you also share the output of the banners plugin and the isfinfo plugin.

Thanks 😊

[BinsIT]

DEBUG    volatility3.framework: Failed to import module volatility3.plugins.linux.vmayarascan based on file: /home/ubuntu/Desktop/volatility3/volatility3/framework/plugins/linux/vmayarascan.py
INFO     volatility3.cli: The following plugins could not be loaded (use -vv to see why): volatility3.plugins.linux.vmayarascan, volatility3.plugins.windows.cachedump, volatility3.plugins.windows.cmdscan, volatility3.plugins.windows.consoles, volatility3.plugins.windows.debugregisters, volatility3.plugins.windows.direct_system_calls, volatility3.plugins.windows.etwpatch, volatility3.plugins.windows.hashdump, volatility3.plugins.windows.iat, volatility3.plugins.windows.indirect_system_calls, volatility3.plugins.windows.lsadump, volatility3.plugins.windows.malware.direct_system_calls, volatility3.plugins.windows.malware.indirect_system_calls, volatility3.plugins.windows.malware.psxview, volatility3.plugins.windows.malware.skeleton_key_check, volatility3.plugins.windows.malware.suspicious_threads, volatility3.plugins.windows.malware.unhooked_system_calls, volatility3.plugins.windows.mftscan, volatility3.plugins.windows.netscan, volatility3.plugins.windows.netstat, volatility3.plugins.windows.orphan_kernel_threads, volatility3.plugins.windows.pe_symbols, volatility3.plugins.windows.psxview, volatility3.plugins.windows.registry.cachedump, volatility3.plugins.windows.registry.hashdump, volatility3.plugins.windows.registry.lsadump, volatility3.plugins.windows.skeleton_key_check, volatility3.plugins.windows.suspended_threads, volatility3.plugins.windows.suspicious_threads, volatility3.plugins.windows.thrdscan, volatility3.plugins.windows.threads, volatility3.plugins.windows.unhooked_system_calls, volatility3.plugins.windows.vadyarascan, volatility3.plugins.windows.verinfo, volatility3.plugins.yarascan
INFO     volatility3.framework.automagic: Detected a linux category plugin
INFO     volatility3.framework.automagic: Running automagic: ConstructionMagic
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList
INFO     volatility3.framework.automagic: Running automagic: SymbolCacheMagic
INFO     volatility3.framework.automagic: Running automagic: LayerStacker
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DEBUG    volatility3.framework.automagic.linux: No suitable linux banner could be matched
DEBUG    volatility3.framework.automagic.linux: Identified banner: b'Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970\n\x00'
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer
DEBUG    volatility3.framework.automagic.stacker: physical_layer maximum_address: 2146905087
DEBUG    volatility3.framework.automagic.stacker: Stacked layers: ['FileLayer']
INFO     volatility3.framework.automagic: Running automagic: SymbolFinder  
INFO     volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
INFO     volatility3.framework.automagic: Running automagic: KernelModule
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Unable to validate the plugin requirements: ['plugins.PsList.kernel.layer_name', 'plugins.PsList.kernel.symbol_table_name']

• verbose

Offset  Banner

0x10490f00      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.
0x14831b00      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.
0x57b9ed10      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970
0x57dabea0      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970
0x5d874aa0      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970
0x76990ca0      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970
0x76990eb4      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970
0x769910f0      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970
0x79ca18a0      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970
0x79ca1ab4      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970
0x79ca1cf0      Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970

• banner

Volatility 3 Framework 2.27.0
Progress:  100.00               PDB scanning finished
URI     Valid   Number of base_types    Number of types Number of symbols       Number of enums Identifying information

isinfo

[eve-mem]

Thanks for that information, it looks like the isfinfo output was cut off? The logs show that a banner was identified in the sample, so it's likely you've generated them correctly.

Reading the verbose logs, it looks like the lime file wasn't detected as an elf. When you created the dump did you use the raw method? If so unfortunately that doesn't preserve the layout of memory correctly and so can't be parsed. (Some attempt to make that more obvious here 504ensicsLabs/LiME#121)

[BinsIT]

I pass out what plugin shows to me. How to implement vmlinux/plugin vol3/other method to acquire processes and all of plugins from this framework? This is virtual machine, i can reimplement vol3 for this - fork or something,but do you have any idea? 👍

[eve-mem]

What command did you run with lime when you created the memory dump?

If it is a virtual machine, you can likely have some hypervisor command to dump the memory out as well. That means you don't have to use lime.

I doubt you will need to rewrite vol to make it parse a memory dump of this machine.

[BinsIT]

I doubt you will need to rewrite vol to make it parse a memory dump of this machine.

How to do that? You have any advices?
Do you have time for check symbols ?
I can send symbols generated by dwarf2symbols,im not know what is this file extacly.

https://www.transfernow.net/dl/20251101aONDeLeb

• symbols

If it is a virtual machine, you can likely have some hypervisor command to dump the memory out as well. That means you don't have to use lime.

Or something like that.

If we do that,it helps alot of ppl to analyze their phones. Im creating program to analyze .apk, with RAM dumps and decompilations it should show whats going on.

I can send you symbols and raw/lime dump from virtual machine. And files like Symbols.map / vmlinux - to create profil by ownself , and then compare to normal dumps, some symbols are unnamed in my .json file. But psinfo localize my banner/kernel. I used raw method.

isinfo shows:

ubuntu@ubuntu:~/Desktop/volatility3$ python3 vol.py -f ram.raw -s ./symbols/linux isfinfo.IsfInfo
Volatility 3 Framework 2.27.0
Progress:  100.00		PDB scanning finished  
URI	Valid	Number of base_types	Number of types	Number of symbols	Number of enums	Identifying information

file:///home/ubuntu/Desktop/volatility3/volatility3/symbols/linux/linux-6.6.3.0.json	True (cached)	3991	302471	282483	11982	b'Linux version 6.6.30-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan  1 00:00:00 UTC 1970\n\x00'

[eve-mem]

If you can share some samples that would help considerably. Can you tell me what command you used exactly to make the memory dump?

[BinsIT]

I will share samples and commands soon. Now i assuring that my compilation is compatible with AVDs. ( i need to generate lime.ko again,because i deleted old module,it needs some tweaks and time so i will write there soon).

[BinsIT]

adb shell su root insmod /data/local/tmp/lime.ko path=/sdcard/memory.lime format=lime

lime 16384 0
-rw-rw---- 1 u0_a134 media_rw 1.9G 2025-11-19 05:21 /sdcard/memory.lime

=== DMESG LIME ===
[ 1314.859756] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.860003] write_vaddr+0xc5/0x110 [lime]
[ 1314.860173] init_module+0x35a/0xff0 [lime]
[ 1314.869502] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.869686] write_vaddr+0xc5/0x110 [lime]
[ 1314.869854] init_module+0x35a/0xff0 [lime]
[ 1314.879485] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.879671] write_vaddr+0xc5/0x110 [lime]
[ 1314.879840] init_module+0x35a/0xff0 [lime]
[ 1314.885270] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.885479] write_vaddr+0xc5/0x110 [lime]
[ 1314.885648] init_module+0x35a/0xff0 [lime]
[ 1314.895706] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.895889] write_vaddr+0xc5/0x110 [lime]
[ 1314.896058] init_module+0x35a/0xff0 [lime]
[ 1314.905519] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.905703] write_vaddr+0xc5/0x110 [lime]
[ 1314.905873] init_module+0x35a/0xff0 [lime]
[ 1314.915201] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.915406] write_vaddr+0xc5/0x110 [lime]
[ 1314.915578] init_module+0x35a/0xff0 [lime]
[ 1314.925175] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.925364] write_vaddr+0xc5/0x110 [lime]
[ 1314.925533] init_module+0x35a/0xff0 [lime]
[ 1314.931017] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.931202] write_vaddr+0xc5/0x110 [lime]
[ 1314.931373] init_module+0x35a/0xff0 [lime]
[ 1314.940972] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.941157] write_vaddr+0xc5/0x110 [lime]
[ 1314.941331] init_module+0x35a/0xff0 [lime]
[ 1314.946836] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.947021] write_vaddr+0xc5/0x110 [lime]
[ 1314.947190] init_module+0x35a/0xff0 [lime]
[ 1314.957154] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.957342] write_vaddr+0xc5/0x110 [lime]
[ 1314.957511] init_module+0x35a/0xff0 [lime]
[ 1314.964398] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.964583] write_vaddr+0xc5/0x110 [lime]
[ 1314.964753] init_module+0x35a/0xff0 [lime]
[ 1314.975041] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.975227] write_vaddr+0xc5/0x110 [lime]
[ 1314.975518] init_module+0x35a/0xff0 [lime]
[ 1314.980966] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.981150] write_vaddr+0xc5/0x110 [lime]
[ 1314.981324] init_module+0x35a/0xff0 [lime]
[ 1314.996166] write_vaddr_disk+0x3b/0x80 [lime]
[ 1314.996356] write_vaddr+0xc5/0x110 [lime]
[ 1314.996526] init_module+0x35a/0xff0 [lime]
[ 1315.001892] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.002090] write_vaddr+0xc5/0x110 [lime]
[ 1315.002261] init_module+0x35a/0xff0 [lime]
[ 1315.012793] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.012977] write_vaddr+0xc5/0x110 [lime]
[ 1315.013145] init_module+0x35a/0xff0 [lime]
[ 1315.018431] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.018615] write_vaddr+0xc5/0x110 [lime]
[ 1315.018783] init_module+0x35a/0xff0 [lime]
[ 1315.028815] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.028998] write_vaddr+0xc5/0x110 [lime]
[ 1315.029167] init_module+0x35a/0xff0 [lime]
[ 1315.039314] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.039499] write_vaddr+0xc5/0x110 [lime]
[ 1315.039669] init_module+0x35a/0xff0 [lime]
[ 1315.049810] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.049993] write_vaddr+0xc5/0x110 [lime]
[ 1315.050161] init_module+0x35a/0xff0 [lime]
[ 1315.060324] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.060509] write_vaddr+0xc5/0x110 [lime]
[ 1315.060677] init_module+0x35a/0xff0 [lime]
[ 1315.066285] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.066471] write_vaddr+0xc5/0x110 [lime]
[ 1315.066641] init_module+0x35a/0xff0 [lime]
[ 1315.076197] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.076383] write_vaddr+0xc5/0x110 [lime]
[ 1315.076551] init_module+0x35a/0xff0 [lime]
[ 1315.082019] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.082203] write_vaddr+0xc5/0x110 [lime]
[ 1315.082374] init_module+0x35a/0xff0 [lime]
[ 1315.091909] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.092093] write_vaddr+0xc5/0x110 [lime]
[ 1315.092266] init_module+0x35a/0xff0 [lime]
[ 1315.097759] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.097953] write_vaddr+0xc5/0x110 [lime]
[ 1315.098120] init_module+0x35a/0xff0 [lime]
[ 1315.108267] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.108452] write_vaddr+0xc5/0x110 [lime]
[ 1315.108620] init_module+0x35a/0xff0 [lime]
[ 1315.114294] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.114479] write_vaddr+0xc5/0x110 [lime]
[ 1315.114648] init_module+0x35a/0xff0 [lime]
[ 1315.124121] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.124309] write_vaddr+0xc5/0x110 [lime]
[ 1315.124478] init_module+0x35a/0xff0 [lime]
[ 1315.130056] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.130241] write_vaddr+0xc5/0x110 [lime]
[ 1315.130409] init_module+0x35a/0xff0 [lime]
[ 1315.139780] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.139963] write_vaddr+0xc5/0x110 [lime]
[ 1315.140131] init_module+0x35a/0xff0 [lime]
[ 1315.145446] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.145628] write_vaddr+0xc5/0x110 [lime]
[ 1315.145796] init_module+0x35a/0xff0 [lime]
[ 1315.155244] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.155452] write_vaddr+0xc5/0x110 [lime]
[ 1315.155621] init_module+0x35a/0xff0 [lime]
[ 1315.160899] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.161092] write_vaddr+0xc5/0x110 [lime]
[ 1315.161262] init_module+0x35a/0xff0 [lime]
[ 1315.170941] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.171193] write_vaddr+0xc5/0x110 [lime]
[ 1315.171398] init_module+0x35a/0xff0 [lime]
[ 1315.176719] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.176902] write_vaddr+0xc5/0x110 [lime]
[ 1315.177080] init_module+0x35a/0xff0 [lime]
[ 1315.186771] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.186958] write_vaddr+0xc5/0x110 [lime]
[ 1315.187127] init_module+0x35a/0xff0 [lime]
[ 1315.192490] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.192675] write_vaddr+0xc5/0x110 [lime]
[ 1315.192844] init_module+0x35a/0xff0 [lime]
[ 1315.202025] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.202209] write_vaddr+0xc5/0x110 [lime]
[ 1315.202380] init_module+0x35a/0xff0 [lime]
[ 1315.207682] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.207866] write_vaddr+0xc5/0x110 [lime]
[ 1315.208036] init_module+0x35a/0xff0 [lime]
[ 1315.218189] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.218403] write_vaddr+0xc5/0x110 [lime]
[ 1315.218572] init_module+0x35a/0xff0 [lime]
[ 1315.227626] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.227827] write_vaddr+0xc5/0x110 [lime]
[ 1315.227995] init_module+0x35a/0xff0 [lime]
[ 1315.235424] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.235608] write_vaddr+0xc5/0x110 [lime]
[ 1315.235788] init_module+0x35a/0xff0 [lime]
[ 1315.243246] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.243431] write_vaddr+0xc5/0x110 [lime]
[ 1315.243601] init_module+0x35a/0xff0 [lime]
[ 1315.254911] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.255096] write_vaddr+0xc5/0x110 [lime]
[ 1315.255267] init_module+0x35a/0xff0 [lime]
[ 1315.260559] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.260743] write_vaddr+0xc5/0x110 [lime]
[ 1315.260911] init_module+0x35a/0xff0 [lime]
[ 1315.270223] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.270420] write_vaddr+0xc5/0x110 [lime]
[ 1315.270589] init_module+0x35a/0xff0 [lime]
[ 1315.275976] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.276161] write_vaddr+0xc5/0x110 [lime]
[ 1315.276334] init_module+0x35a/0xff0 [lime]
[ 1315.285629] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.285812] write_vaddr+0xc5/0x110 [lime]
[ 1315.285981] init_module+0x35a/0xff0 [lime]
[ 1315.291267] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.291450] write_vaddr+0xc5/0x110 [lime]
[ 1315.291621] init_module+0x35a/0xff0 [lime]
[ 1315.301055] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.301241] write_vaddr+0xc5/0x110 [lime]
[ 1315.301409] init_module+0x35a/0xff0 [lime]
[ 1315.309081] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.309343] write_vaddr+0xc5/0x110 [lime]
[ 1315.309511] init_module+0x35a/0xff0 [lime]
[ 1315.317127] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.317315] write_vaddr+0xc5/0x110 [lime]
[ 1315.317483] init_module+0x35a/0xff0 [lime]
[ 1315.327036] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.327220] write_vaddr+0xc5/0x110 [lime]
[ 1315.327390] init_module+0x35a/0xff0 [lime]
[ 1315.332669] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.332852] write_vaddr+0xc5/0x110 [lime]
[ 1315.333020] init_module+0x35a/0xff0 [lime]
[ 1315.342333] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.342527] write_vaddr+0xc5/0x110 [lime]
[ 1315.342695] init_module+0x35a/0xff0 [lime]
[ 1315.347961] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.348144] write_vaddr+0xc5/0x110 [lime]
[ 1315.348314] init_module+0x35a/0xff0 [lime]
[ 1315.357703] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.357886] write_vaddr+0xc5/0x110 [lime]
[ 1315.358055] init_module+0x35a/0xff0 [lime]
[ 1315.365102] write_vaddr_disk+0x3b/0x80 [lime]
[ 1315.365286] write_vaddr+0xc5/0x110 [lime]
[ 1315.365477] init_module+0x35a/0xff0 [lime]

and

/sdcard/memory.lime: 1 file pulled, 0 s...52.7 MB/s (2146905152 bytes in 13.405s)
-rw-r--r-- 1 ubuntu ubuntu 2.0G Nov 19 05:23 /home/ubuntu/Desktop/memory.lime
00000000: 454d 694c 0100 0000 0010 0000 0000 0000 EMiL............
00000010: fffb 0900 0000 0000 0000 0000 0000 0000 ................
00000020: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000030: 0000 0000 0000 0000 0000 0000 0000 0000 ................
00000040: 0000 0000 0000 0000 0000 0000 0000 0000 ................

Memory dump is 100% memory dump good acquired by LiME , working with avd. But vol3.py cant analyze this file.

Vol3 generate even ISF symbols with correct VMLINUX and System.map. ARCH IS x86_64.

I can send you:

vmlinux,
System.map
other files required for working Vol3!

[ikelos]

You've said the command line for running lime was using --format=lime but volatility didn't detect the output file as a lime file (as indicated by DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['FileLayer'] which does not list lime amongst the stacked layers. The lime "raw" format will not work with volatility, and the lime format itself is very simple and should be detected easily by volatility. Since the debug line suggests it hasn't been, you should verify that your installation of volatility is accurate, and then look for lines in the debug output (using -vvvvvvv) to see what happens when it tries to detect the lime format.

[BinsIT]

I Download fresh vol3.py folder from this portal and my debug output -using -vvvvvv

ubuntu@ubuntu:~/Desktop/vol3$ python3 vol.py -vvvvvvv -f memory.lime linux.pslist 2>&1 | tee volatility_debug.log
INFO volatility3.cli: Volatility plugins path: ['/home/ubuntu/Desktop/vol3/volatility3/plugins', '/home/ubuntu/Desktop/vol3/volatility3/framework/plugins']
INFO volatility3.cli: Volatility symbols path: ['/home/ubuntu/Desktop/vol3/volatility3/symbols', '/home/ubuntu/Desktop/vol3/volatility3/framework/symbols']
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/plugins, /home/ubuntu/Desktop/vol3/volatility3/framework/plugins
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 19, in
import yara_x
ModuleNotFoundError: No module named 'yara_x'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 25, in
import yara
ModuleNotFoundError: No module named 'yara'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.yarascan based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/cmdscan.py", line 17, in
from volatility3.plugins.windows import pslist, consoles
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/consoles.py", line 21, in
from volatility3.plugins.windows import pslist, info, verinfo
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/verinfo.py", line 21, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.cmdscan based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/cmdscan.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 19, in
import yara_x
ModuleNotFoundError: No module named 'yara_x'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/direct_system_calls.py", line 7, in
from volatility3.plugins.windows.malware import direct_system_calls
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/direct_system_calls.py", line 13, in
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 25, in
import yara
ModuleNotFoundError: No module named 'yara'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.direct_system_calls based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/direct_system_calls.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/consoles.py", line 21, in
from volatility3.plugins.windows import pslist, info, verinfo
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/verinfo.py", line 21, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.consoles based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/consoles.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/orphan_kernel_threads.py", line 10, in
from volatility3.plugins.windows import thrdscan, ssdt, modules
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.orphan_kernel_threads based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/orphan_kernel_threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/iat.py", line 6, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.iat based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/iat.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/etwpatch.py", line 10, in
from volatility3.plugins.windows import pslist, pe_symbols
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.etwpatch based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/etwpatch.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/skeleton_key_check.py", line 6, in
from volatility3.plugins.windows.malware import skeleton_key_check
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/skeleton_key_check.py", line 17, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.skeleton_key_check based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/skeleton_key_check.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/netscan.py", line 17, in
from volatility3.plugins.windows import info, poolscanner, verinfo
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/verinfo.py", line 21, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.netscan based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/netscan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/threads.py", line 10, in
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.threads based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/unhooked_system_calls.py", line 6, in
from volatility3.plugins.windows.malware import (
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/unhooked_system_calls.py", line 16, in
from volatility3.plugins.windows import pslist, pe_symbols
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.unhooked_system_calls based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/unhooked_system_calls.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 19, in
import yara_x
ModuleNotFoundError: No module named 'yara_x'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/vadyarascan.py", line 12, in
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 25, in
import yara
ModuleNotFoundError: No module named 'yara'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.vadyarascan based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/vadyarascan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/lsadump.py", line 7, in
from volatility3.plugins.windows.registry import lsadump
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/registry/lsadump.py", line 9, in
from Crypto.Cipher import ARC4, DES, AES
ModuleNotFoundError: No module named 'Crypto'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.lsadump based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/lsadump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/debugregisters.py", line 18, in
import volatility3.plugins.windows.threads as threads
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/threads.py", line 10, in
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.debugregisters based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/debugregisters.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/netstat.py", line 15, in
from volatility3.plugins.windows import netscan, modules, info, verinfo
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/netscan.py", line 17, in
from volatility3.plugins.windows import info, poolscanner, verinfo
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/verinfo.py", line 21, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.netstat based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/netstat.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.thrdscan based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/thrdscan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.pe_symbols based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 19, in
import yara_x
ModuleNotFoundError: No module named 'yara_x'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/mftscan.py", line 13, in
from volatility3.plugins import timeliner, yarascan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 25, in
import yara
ModuleNotFoundError: No module named 'yara'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.mftscan based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/mftscan.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/hashdump.py", line 7, in
from volatility3.plugins.windows.registry import hashdump
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/registry/hashdump.py", line 10, in
from Crypto.Cipher import AES, ARC4, DES
ModuleNotFoundError: No module named 'Crypto'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.hashdump based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/hashdump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/psxview.py", line 6, in
from volatility3.plugins.windows.malware import psxview
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/psxview.py", line 12, in
from volatility3.plugins.windows import handles, pslist, psscan, thrdscan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.psxview based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/psxview.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/suspended_threads.py", line 10, in
import volatility3.plugins.windows.threads as threads
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/threads.py", line 10, in
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.suspended_threads based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/suspended_threads.py
INFO volatility3.plugins.windows.verinfo: Python pefile module not found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/verinfo.py", line 21, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.verinfo based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/verinfo.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 19, in
import yara_x
ModuleNotFoundError: No module named 'yara_x'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/indirect_system_calls.py", line 6, in
from volatility3.plugins.windows.malware import indirect_system_calls
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/indirect_system_calls.py", line 11, in
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 25, in
import yara
ModuleNotFoundError: No module named 'yara'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.indirect_system_calls based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/indirect_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/suspicious_threads.py", line 6, in
from volatility3.plugins.windows.malware import suspicious_threads
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/suspicious_threads.py", line 11, in
from volatility3.plugins.windows import pslist, threads, vadinfo, thrdscan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/threads.py", line 10, in
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.suspicious_threads based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/suspicious_threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/cachedump.py", line 7, in
from volatility3.plugins.windows.registry import cachedump
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/registry/cachedump.py", line 8, in
from Crypto.Cipher import ARC4, AES
ModuleNotFoundError: No module named 'Crypto'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.cachedump based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/cachedump.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 19, in
import yara_x
ModuleNotFoundError: No module named 'yara_x'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/direct_system_calls.py", line 13, in
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 25, in
import yara
ModuleNotFoundError: No module named 'yara'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.direct_system_calls based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/direct_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/skeleton_key_check.py", line 17, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.skeleton_key_check based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/skeleton_key_check.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/unhooked_system_calls.py", line 16, in
from volatility3.plugins.windows import pslist, pe_symbols
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.unhooked_system_calls based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/unhooked_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/psxview.py", line 12, in
from volatility3.plugins.windows import handles, pslist, psscan, thrdscan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.psxview based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/psxview.py
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 19, in
import yara_x
ModuleNotFoundError: No module named 'yara_x'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/indirect_system_calls.py", line 11, in
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 25, in
import yara
ModuleNotFoundError: No module named 'yara'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.indirect_system_calls based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/indirect_system_calls.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/suspicious_threads.py", line 11, in
from volatility3.plugins.windows import pslist, threads, vadinfo, thrdscan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/threads.py", line 10, in
from volatility3.plugins.windows import pslist, thrdscan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/thrdscan.py", line 14, in
from volatility3.plugins.windows import pe_symbols, poolscanner
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/pe_symbols.py", line 10, in
import pefile
ModuleNotFoundError: No module named 'pefile'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.malware.suspicious_threads based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/malware/suspicious_threads.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/registry/lsadump.py", line 9, in
from Crypto.Cipher import ARC4, DES, AES
ModuleNotFoundError: No module named 'Crypto'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.registry.lsadump based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/registry/lsadump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/registry/hashdump.py", line 10, in
from Crypto.Cipher import AES, ARC4, DES
ModuleNotFoundError: No module named 'Crypto'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.registry.hashdump based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/registry/hashdump.py
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/registry/cachedump.py", line 8, in
from Crypto.Cipher import ARC4, AES
ModuleNotFoundError: No module named 'Crypto'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.windows.registry.cachedump based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/windows/registry/cachedump.py
DEBUG volatility3.plugins.renderers.parquet_renderer: Arrow/Parquet libraries not found
INFO volatility3.plugins.yarascan: Neither yara-x nor yara-python (>3.8.0) module was found, plugin (and dependent plugins) not available
DEBUG volatility3.framework: Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 19, in
import yara_x
ModuleNotFoundError: No module named 'yara_x'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/ubuntu/Desktop/vol3/volatility3/framework/init.py", line 168, in import_file
importlib.import_module(module)
File "/usr/lib/python3.12/importlib/init.py", line 90, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "", line 1387, in _gcd_import
File "", line 1360, in _find_and_load
File "", line 1331, in _find_and_load_unlocked
File "", line 935, in _load_unlocked
File "", line 995, in exec_module
File "", line 488, in _call_with_frames_removed
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/linux/vmayarascan.py", line 11, in
from volatility3.plugins import yarascan
File "/home/ubuntu/Desktop/vol3/volatility3/framework/plugins/yarascan.py", line 25, in
import yara
ModuleNotFoundError: No module named 'yara'

DEBUG volatility3.framework: Failed to import module volatility3.plugins.linux.vmayarascan based on file: /home/ubuntu/Desktop/vol3/volatility3/framework/plugins/linux/vmayarascan.py
INFO volatility3.cli: The following plugins could not be loaded (use -vv to see why): volatility3.plugins.linux.vmayarascan, volatility3.plugins.windows.cachedump, volatility3.plugins.windows.cmdscan, volatility3.plugins.windows.consoles, volatility3.plugins.windows.debugregisters, volatility3.plugins.windows.direct_system_calls, volatility3.plugins.windows.etwpatch, volatility3.plugins.windows.hashdump, volatility3.plugins.windows.iat, volatility3.plugins.windows.indirect_system_calls, volatility3.plugins.windows.lsadump, volatility3.plugins.windows.malware.direct_system_calls, volatility3.plugins.windows.malware.indirect_system_calls, volatility3.plugins.windows.malware.psxview, volatility3.plugins.windows.malware.skeleton_key_check, volatility3.plugins.windows.malware.suspicious_threads, volatility3.plugins.windows.malware.unhooked_system_calls, volatility3.plugins.windows.mftscan, volatility3.plugins.windows.netscan, volatility3.plugins.windows.netstat, volatility3.plugins.windows.orphan_kernel_threads, volatility3.plugins.windows.pe_symbols, volatility3.plugins.windows.psxview, volatility3.plugins.windows.registry.cachedump, volatility3.plugins.windows.registry.hashdump, volatility3.plugins.windows.registry.lsadump, volatility3.plugins.windows.skeleton_key_check, volatility3.plugins.windows.suspended_threads, volatility3.plugins.windows.suspicious_threads, volatility3.plugins.windows.thrdscan, volatility3.plugins.windows.threads, volatility3.plugins.windows.unhooked_system_calls, volatility3.plugins.windows.vadyarascan, volatility3.plugins.windows.verinfo, volatility3.plugins.yarascan
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/automagic
DETAIL 3 volatility3.cli: Cache directory used: /home/ubuntu/.cache/volatility3
INFO volatility3.framework.automagic: Detected a linux category plugin
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
INFO volatility3.framework.automagic: Running automagic: ConstructionMagic
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList.kernel
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.automagic.construct_layers: Failed on requirement: plugins.PsList
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 4 volatility3.framework.automagic.construct_layers: Construction Exception occurred: Unexpected config value found: None
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
INFO volatility3.framework.automagic: Running automagic: SymbolCacheMagic
DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in /home/ubuntu/Desktop/vol3/volatility3/symbols, /home/ubuntu/Desktop/vol3/volatility3/framework/symbols
DETAIL 3 volatility3.framework.layers.resources: Available URL handlers: HTTPErrorProcessor, HTTPDefaultErrorHandler, HTTPRedirectHandler, ProxyHandler, HTTPBasicAuthHandler, ProxyBasicAuthHandler, HTTPDigestAuthHandler, ProxyDigestAuthHandler, AbstractHTTPHandler, HTTPHandler, HTTPSHandler, HTTPCookieProcessor, UnknownHandler, FileHandler, FTPHandler, CacheFTPHandler, DataHandler, VolatilityHandler, JarHandler, OfflineHandler
DETAIL 2 volatility3.framework.automagic.symbol_cache: Identified file:///home/ubuntu/Desktop/vol3/volatility3/symbols/android-kernel-symbols.json as b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
INFO volatility3.framework.automagic: Running automagic: LayerStacker
DETAIL 4 volatility3.framework: Importing from the following paths: /home/ubuntu/Desktop/vol3/volatility3/framework/layers
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Stacked LimeLayer using LimeStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using QemuStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using AVMLStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using Elf64Stacker
DETAIL 4 volatility3.framework.layers.elf: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using XenCoreDumpStacker
DETAIL 4 volatility3.framework.layers.xen: Exception: Offset 0x0 does not exist within the base layer
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using WindowsCrashDumpStacker
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 4 volatility3.framework.layers.crash: Exception reading crashdump: Crashdump header not found at offset 0
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using VmwareStacker
DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelVMCOREINFOStacker
DETAIL 4 volatility3.framework.symbols.intermed: Searching for symbols in /home/ubuntu/Desktop/vol3/volatility3/symbols, /home/ubuntu/Desktop/vol3/volatility3/framework/symbols
DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
DEBUG volatility3.schemas: Validating JSON against schema...
DEBUG volatility3.schemas: JSON validated against schema (result cached)
DETAIL 3 volatility3.framework.automagic.stacker: Exception during stacking: Symbol type not in LintelStacker1 SymbolTable: module_sect_attr
DETAIL 4 volatility3.framework.automagic.stacker: Traceback (most recent call last):

File "/home/ubuntu/Desktop/vol3/volatility3/framework/automagic/stacker.py", line 219, in stack_layer
new_layer = stacker.stack(context, initial_layer, progress_callback)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/home/ubuntu/Desktop/vol3/volatility3/framework/automagic/linux.py", line 337, in stack
table = linux.LinuxKernelIntermedSymbols(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/home/ubuntu/Desktop/vol3/volatility3/framework/symbols/linux/init.py", line 55, in init
self.set_type_class("module_sect_attr", extensions.module_sect_attr)

File "/home/ubuntu/Desktop/vol3/volatility3/framework/symbols/intermed.py", line 60, in _delegate_function
return getattr(self._delegate, name)(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/home/ubuntu/Desktop/vol3/volatility3/framework/symbols/intermed.py", line 446, in set_type_class
raise ValueError(f"Symbol type not in {self.name} SymbolTable: {name}")

ValueError: Symbol type not in LintelStacker1 SymbolTable: module_sect_attr

DETAIL 2 volatility3.framework.automagic.stacker: Attempting to stack using LinuxIntelStacker
DEBUG volatility3.framework.automagic.linux: Identified banner: b'Linux version 6.6.30-android15-8-android15-8-maybe-dirty (kleaf@build-host) (Android (11368308, +pgo, +bolt, +lto, +mlgo, based on r510928) clang version 18.0.0 (https://android.googlesource.com/toolchain/llvm-project 477610d4d0d988e69dbc3fae4fe86bff3f07f2b5), LLD 18.0.0) #1 SMP PREEMPT Thu Jan 1 00:00:00 UTC 1970\n\x00'
DETAIL 3 volatility3.framework.automagic.stacker: Exception during stacking: Symbol type not in LintelStacker1 SymbolTable: module_sect_attr
DETAIL 4 volatility3.framework.automagic.stacker: Traceback (most recent call last):

File "/home/ubuntu/Desktop/vol3/volatility3/framework/automagic/stacker.py", line 219, in stack_layer
new_layer = stacker.stack(context, initial_layer, progress_callback)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/home/ubuntu/Desktop/vol3/volatility3/framework/automagic/linux.py", line 58, in stack
table = linux.LinuxKernelIntermedSymbols(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/home/ubuntu/Desktop/vol3/volatility3/framework/symbols/linux/init.py", line 55, in init
self.set_type_class("module_sect_attr", extensions.module_sect_attr)

File "/home/ubuntu/Desktop/vol3/volatility3/framework/symbols/intermed.py", line 60, in _delegate_function
return getattr(self._delegate, name)(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

File "/home/ubuntu/Desktop/vol3/volatility3/framework/symbols/intermed.py", line 446, in set_type_class
raise ValueError(f"Symbol type not in {self.name} SymbolTable: {name}")

ValueError: Symbol type not in LintelStacker1 SymbolTable: module_sect_attr

DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: LimeLayer
DETAIL 1 volatility3.framework.configuration.requirements: TypeError - Layer is not the required Architecture: FileLayer
DEBUG volatility3.framework.automagic.stacker: physical_layer maximum_address: 2146905151
DEBUG volatility3.framework.automagic.stacker: Stacked layers: ['LimeLayer', 'FileLayer']
INFO volatility3.framework.automagic: Running automagic: SymbolFinder
INFO volatility3.framework.automagic: Running automagic: LinuxSymbolFinder
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
INFO volatility3.framework.automagic: Running automagic: KernelModule
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: IndexError - No configuration provided: plugins.PsList.kernel.layer_name
DETAIL 1 volatility3.framework.configuration.requirements: Symbol table requirement not yet fulfilled: plugins.PsList.kernel.symbol_table_name
Unable to validate the plugin requirements: ['plugins.PsList.kernel.layer_name', 'plugins.PsList.kernel.symbol_table_name']
Volatility 3 Framework 2.27.0

Unsatisfied requirement plugins.PsList.kernel.layer_name:
Unsatisfied requirement plugins.PsList.kernel.symbol_table_name:

A translation layer requirement was not fulfilled. Please verify that:
A file was provided to create this layer (by -f, --single-location or by config)
The file exists and is readable
The file is a valid memory image and was acquired cleanly

A symbol table requirement was not fulfilled. Please verify that:
The associated translation layer requirement was fulfilled
You have the correct symbol file for the requirement
The symbol file is under the correct directory or zip file
The symbol file is named appropriately or contains the correct banner

[ikelos]

The new output you've provided does now identify it as a lime layer.

The new problem appears to be a missing symbol that's expected to be in the symbol table:

 Symbol type not in LintelStacker1 SymbolTable: module_sect_attr

It seems this is a known issue, please see bug #1761.