malware analysis fundamentals - files | tools€¦ · malware analysis fundamentals - files | tools...
TRANSCRIPT
![Page 1: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/1.jpg)
Malware Analysis Fundamentals - Files | ToolsMay 26, 2020
Marc Ochsenmeier
@ochsenmeier
www.winitor.com
![Page 2: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/2.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
2
Handling generic|unknown File
![Page 3: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/3.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
3
Handling email File
![Page 4: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/4.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
4
Handling RTF File
![Page 5: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/5.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
5
Handling PDF file
![Page 6: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/6.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
6
Handling LNK File
![Page 7: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/7.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
7
Handling MS Office 97-2003 File
doc, xls, xlsm, xlsb, ppt, msg files
(I) xls, xlsm, xlsb files
![Page 8: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/8.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
8
Handling protected MS Office 97-2003 File
doc, xls, xlsm, xlsb, ppt, msg files
(I) xls, xlsm, xlsb files
![Page 9: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/9.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
9
Handling MS Office 2007+ File
docx, xlsx, xlsb, xlsm, pptx files
(I) xls, xlsm, xlsb files
![Page 10: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/10.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
10
Handling protected MS Office 2007+ File
docx, xlsx, xlsb, xlsm, pptx files
(I) xls, xlsm, xlsb files
![Page 11: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/11.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
11
Handling MSI File
![Page 12: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/12.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
12
Handling Executable File
![Page 13: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/13.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
13
Handling AutoIt Executable File
![Page 14: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/14.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
14
Handling Certificate File
![Page 15: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/15.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
15
Handling Cab File
![Page 16: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/16.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
16
Handling Microsoft Office Files
![Page 17: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/17.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
17
Handling miscellaneous Files
![Page 18: Malware Analysis Fundamentals - Files | Tools€¦ · Malware Analysis Fundamentals - Files | Tools @ochsenmeier | Marc Ochsenmeier | May 26, 2020 8 Handling protected MS Office 97-2003](https://reader035.vdocument.in/reader035/viewer/2022062414/5f02b6a57e708231d405a3e6/html5/thumbnails/18.jpg)
Malware Analysis Fundamentals - Files | Tools
@ochsenmeier | Marc Ochsenmeier | www.winitor.com May 26, 2020
18
• Oletoolshttps://github.com/decalage2/oletools
• Didier Stevenshttps://blog.didierstevens.com/didier-stevens-suite/
• Analyzing Malicious Documents Cheat Sheethttps://zeltser.com/media/docs/analyzing-malicious-document-files.pdf
• Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros) https://github.com/DissectMalware/XLMMacroDeobfuscator
• AutoIT Extractorhttps://gitlab.com/x0r19x91/autoit-extractor
• uncompyle2https://github.com/wibiti/uncompyle2
• LECmdhttps://f001.backblazeb2.com/file/EricZimmermanTools/LECmd.zip
More Information