Embed Size (px)
Citation preview
Malware Analysis Fundamentals - Files | ToolsMay 26, 2020
Marc Ochsenmeier
@ochsenmeier
www.winitor.com
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
2
Handling generic|unknown File
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
3
Handling email File
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
4
Handling RTF File
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
5
Handling PDF file
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
6
Handling LNK File
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
7
Handling MS Office 97-2003 File
doc, xls, xlsm, xlsb, ppt, msg files
(I) xls, xlsm, xlsb files
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
8
Handling protected MS Office 97-2003 File
doc, xls, xlsm, xlsb, ppt, msg files
(I) xls, xlsm, xlsb files
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
9
Handling MS Office 2007+ File
docx, xlsx, xlsb, xlsm, pptx files
(I) xls, xlsm, xlsb files
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
10
Handling protected MS Office 2007+ File
docx, xlsx, xlsb, xlsm, pptx files
(I) xls, xlsm, xlsb files
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
11
Handling MSI File
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
12
Handling Executable File
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
13
Handling AutoIt Executable File
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
14
Handling Certificate File
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
15
Handling Cab File
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
16
Handling Microsoft Office Files
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
17
Handling miscellaneous Files
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
18
• Oletoolshttps://github.com/decalage2/oletools
• Didier Stevenshttps://blog.didierstevens.com/didier-stevens-suite/
• Analyzing Malicious Documents Cheat Sheethttps://zeltser.com/media/docs/analyzing-malicious-document-files.pdf
• Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros) https://github.com/DissectMalware/XLMMacroDeobfuscator
• AutoIT Extractorhttps://gitlab.com/x0r19x91/autoit-extractor
• uncompyle2https://github.com/wibiti/uncompyle2
• LECmdhttps://f001.backblazeb2.com/file/EricZimmermanTools/LECmd.zip
More Information
![Malware Fails Best Bugs in Malware Felix Leder [Malware ... · 1 Malware Fails Best Bugs in Malware Felix Leder [Malware Detection Team] Felix.Leder@norman.com 5. desember 2011 malware](https://img.pdfslide.us/doc/110x75/5e24a0182957fc7c07460194/malware-fails-best-bugs-in-malware-felix-leder-malware-1-malware-fails-best.jpg)
