0% found this document useful (0 votes)

109 views

Malware Analysis Fundamentals Files Tools

The document discusses how to handle different types of files during malware analysis, including generic files, email files, Microsoft Office files from 1997-2003 and 2007+, RTF files, LNK files, MSI files, PDF files, and PE files. It provides tips on tools like python-oletools and references additional resources for analyzing malicious documents. The document is authored by Marc Ochsenmeier and focuses on fundamentals of analyzing files during malware analysis.

Uploaded by

apolelel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

109 views

Malware Analysis Fundamentals Files Tools

Uploaded by

apolelel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 13

Malware Analysis Fundamentals - Files > Tools

March 23, 2020

Marc Ochsenmeier
@ochsenmeier
www.winitor.com
Malware Analysis Fundamentals - Files > Tools 2

Handling an unknown | generic File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 3

Handling an email File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 4

Handling a MS Office 97-2003 File

applies to following files: doc, xls, ppt, msg

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 5

Handling a protected MS Office 97-2003 File

applies to following files: doc, xls, ppt, msg

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 6

Handling a MS Office 2007+ File

applies to following files: docx, xlsx, xlsb, xlsm, pptx

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 7

Handling a protected MS Office 2007+ File

applies to following files: docx, xlsx, xlsb, xlsm, pptx

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 8

Handling an RTF File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 9

Handling an LNK File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 10

Handling an MSI File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 11

Handling a PDF file

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 12

Handling a PE File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 13

More Information
• python-oletools
https://github.com/decalage2/oletools
• Didier Stevens
https://blog.didierstevens.com/didier-stevens-suite/
• Analyzing Malicious Documents Cheat Sheet
https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Alert Analysis L1 External
No ratings yet
Alert Analysis L1 External
7 pages
Unit 3 Cryptography and Public Key Infrastrucutre
No ratings yet
Unit 3 Cryptography and Public Key Infrastrucutre
34 pages
McAfee File and Removable Media Protection (FRP) 4.3.0 - User Guide - EN PDF
No ratings yet
McAfee File and Removable Media Protection (FRP) 4.3.0 - User Guide - EN PDF
27 pages
09 March Azure Sentinel
No ratings yet
09 March Azure Sentinel
42 pages
Reverse Engineering Syllabus
No ratings yet
Reverse Engineering Syllabus
2 pages
Lecture 1
No ratings yet
Lecture 1
22 pages
PAN MigrationTool Usersguide 33 PDF
No ratings yet
PAN MigrationTool Usersguide 33 PDF
130 pages
AGM BitLocker Administration and Monitoring 1.0 PDF
No ratings yet
AGM BitLocker Administration and Monitoring 1.0 PDF
110 pages
CSSLP The Art and Science of Secure Software Development Ebook - PDF
No ratings yet
CSSLP The Art and Science of Secure Software Development Ebook - PDF
32 pages
What Is A Security Operations Center (SOC) ?
No ratings yet
What Is A Security Operations Center (SOC) ?
3 pages
8.3 SailPoint PeopleSoft HRMS Database Connector Guide
No ratings yet
8.3 SailPoint PeopleSoft HRMS Database Connector Guide
18 pages
Types of Migration Policies PDF
No ratings yet
Types of Migration Policies PDF
4 pages
Microsoft SDL - Version 5.0
No ratings yet
Microsoft SDL - Version 5.0
135 pages
Integrating Okta With Microsoft Sentinel
No ratings yet
Integrating Okta With Microsoft Sentinel
18 pages
Reddaiah SailPoint Resume
No ratings yet
Reddaiah SailPoint Resume
2 pages
NOC Vs SOC What Is The Difference
No ratings yet
NOC Vs SOC What Is The Difference
5 pages
PingFederate License Agreement
No ratings yet
PingFederate License Agreement
4 pages
CISC RISC SoC
No ratings yet
CISC RISC SoC
1 page
Microsoft Azure Network Security
No ratings yet
Microsoft Azure Network Security
18 pages
Pingid Technical Brief 3027
No ratings yet
Pingid Technical Brief 3027
5 pages
Microsoft Security Days - Azure Sentinel Better Together Final Slides - Share
No ratings yet
Microsoft Security Days - Azure Sentinel Better Together Final Slides - Share
18 pages
Chapter 9 Ollydbg
No ratings yet
Chapter 9 Ollydbg
20 pages
BitLocker Flow
No ratings yet
BitLocker Flow
36 pages
Okta NL-SE Workshop Overview For IT
No ratings yet
Okta NL-SE Workshop Overview For IT
24 pages
Windows Abused Privileges
No ratings yet
Windows Abused Privileges
1 page
Microsoft Threat Modeling Tool 2016 Getting Started Guide Beta
No ratings yet
Microsoft Threat Modeling Tool 2016 Getting Started Guide Beta
30 pages
Chapter 3 Quiz - Introduction To Cybersecurity 0420
No ratings yet
Chapter 3 Quiz - Introduction To Cybersecurity 0420
10 pages
JD - Privileged Access Management SME
No ratings yet
JD - Privileged Access Management SME
4 pages
BitLocker Drive Encryption Flow
No ratings yet
BitLocker Drive Encryption Flow
36 pages
Common Vulnerabilities and Exposures Project Report
No ratings yet
Common Vulnerabilities and Exposures Project Report
22 pages
Is It Wrong To Try To Find APT Techniques in Ransomware Attack?
No ratings yet
Is It Wrong To Try To Find APT Techniques in Ransomware Attack?
55 pages
Transform Your Enterprise With Microsoft Solutions
No ratings yet
Transform Your Enterprise With Microsoft Solutions
5 pages
Top Cybersecurity Whitepapers 2020
No ratings yet
Top Cybersecurity Whitepapers 2020
44 pages
Checkpoint Firewall Audit Program
No ratings yet
Checkpoint Firewall Audit Program
12 pages
Epolicy Orchestrator 4.0 Essentials: Based On The Beta 3 Release
No ratings yet
Epolicy Orchestrator 4.0 Essentials: Based On The Beta 3 Release
92 pages
CV Okta
No ratings yet
CV Okta
3 pages
Windows & Active Directory Exploitation
No ratings yet
Windows & Active Directory Exploitation
30 pages
Security Governance Framework
No ratings yet
Security Governance Framework
9 pages
PAM Suite Comparision
No ratings yet
PAM Suite Comparision
5 pages
Imperva - SecureD Data Protection v1.5 HSL v1.2
No ratings yet
Imperva - SecureD Data Protection v1.5 HSL v1.2
32 pages
AWS Security - Staying On Top of The Cloud
No ratings yet
AWS Security - Staying On Top of The Cloud
36 pages
6822 Protecting Your Data With Windows 10 BitLocker
No ratings yet
6822 Protecting Your Data With Windows 10 BitLocker
6 pages
Security Operations Center A Framework For Automat
No ratings yet
Security Operations Center A Framework For Automat
16 pages
Malware Analysis
No ratings yet
Malware Analysis
5 pages
Patch Management With Gfi Languard™ and Microsoft Wsus
No ratings yet
Patch Management With Gfi Languard™ and Microsoft Wsus
10 pages
Malware Analysis
No ratings yet
Malware Analysis
15 pages
Security Goals in IoT
No ratings yet
Security Goals in IoT
7 pages
Sailpoint JD
No ratings yet
Sailpoint JD
2 pages
SoC interview questions
No ratings yet
SoC interview questions
24 pages
Top Security Orchestration Use Cases
No ratings yet
Top Security Orchestration Use Cases
17 pages
Module 1 PDF
No ratings yet
Module 1 PDF
18 pages
Code Injection and Hooking
No ratings yet
Code Injection and Hooking
54 pages
Artificial Intelligence For Cybersecurity - Paper
No ratings yet
Artificial Intelligence For Cybersecurity - Paper
21 pages
Jeremy Dusablon Resume
No ratings yet
Jeremy Dusablon Resume
2 pages
Detail Report v0.1
No ratings yet
Detail Report v0.1
60 pages
CISM Outline Description
No ratings yet
CISM Outline Description
2 pages
Lecture 5: Network Threat Management Part 1: Networks Standards and Compliance-Dhanesh More
No ratings yet
Lecture 5: Network Threat Management Part 1: Networks Standards and Compliance-Dhanesh More
33 pages
Security Monitoring with Wazuh: A hands-on guide to effective enterprise security using real-life use cases in Wazuh
From Everand
Security Monitoring with Wazuh: A hands-on guide to effective enterprise security using real-life use cases in Wazuh
Rajneesh Gupta
No ratings yet
Configuring IPCop Firewalls: Closing Borders with Open Source
From Everand
Configuring IPCop Firewalls: Closing Borders with Open Source
Barrie Dempster
No ratings yet
Backend Development
From Everand
Backend Development
Kai Turing
No ratings yet
endpoint Security
No ratings yet
endpoint Security
5 pages
Account 】【 Using Our Site #: ► ◄【Hack Facebook Hack Fb Online) 2 Minutes
No ratings yet
Account 】【 Using Our Site #: ► ◄【Hack Facebook Hack Fb Online) 2 Minutes
4 pages
Quiz For Chapter 4 IAS
No ratings yet
Quiz For Chapter 4 IAS
5 pages
Slide-lesson8-Security in AI
No ratings yet
Slide-lesson8-Security in AI
10 pages
INS microproject) (1) (2)
No ratings yet
INS microproject) (1) (2)
15 pages
IT Security and Safety
No ratings yet
IT Security and Safety
11 pages
Cyber Crime Is An Unlawful Act Where The Computer Is Used As A Tool or
No ratings yet
Cyber Crime Is An Unlawful Act Where The Computer Is Used As A Tool or
2 pages
DAY 6 - PPT - Supraja Technologies - MGIT & CBIT
No ratings yet
DAY 6 - PPT - Supraja Technologies - MGIT & CBIT
19 pages
L2 Rules of Netiquette
No ratings yet
L2 Rules of Netiquette
17 pages
IAS-Chapter 2 The Need For Information Security
No ratings yet
IAS-Chapter 2 The Need For Information Security
14 pages
Cloud Security1
No ratings yet
Cloud Security1
10 pages
2021 01 07 Hackers Epoch Quick Start Guide 2
No ratings yet
2021 01 07 Hackers Epoch Quick Start Guide 2
15 pages
DeepWeb Presentation Final-19!10!2024 Assinado-2
No ratings yet
DeepWeb Presentation Final-19!10!2024 Assinado-2
53 pages
Introduction To Certified Ethical Hacker CEH Certification
No ratings yet
Introduction To Certified Ethical Hacker CEH Certification
16 pages
Category: Asst. Prof. Nayna N Mistry (M.C.A, Net, Gset) Sutex Bank College of Computer Applications and Sciencepage 1
No ratings yet
Category: Asst. Prof. Nayna N Mistry (M.C.A, Net, Gset) Sutex Bank College of Computer Applications and Sciencepage 1
17 pages
CourseWork2 CST3510 Memory Analysis Notes
No ratings yet
CourseWork2 CST3510 Memory Analysis Notes
4 pages
( (Hack Instagram Account 2020) ) (Hack Insta Password) Using Our Website in
25% (4)
( (Hack Instagram Account 2020) ) (Hack Insta Password) Using Our Website in
2 pages
Term Paper On Cyber Crime
100% (1)
Term Paper On Cyber Crime
6 pages
Cyber Crime and Cyber Security
No ratings yet
Cyber Crime and Cyber Security
9 pages
Lesson Plan Crime
100% (1)
Lesson Plan Crime
5 pages
The Problem of Email Spam From Ipv6
No ratings yet
The Problem of Email Spam From Ipv6
8 pages
Fail2ban Protect Apache From DDOS Attack PDF
No ratings yet
Fail2ban Protect Apache From DDOS Attack PDF
3 pages
Navigating Smart TV Vulnerabilities & Mitigation
No ratings yet
Navigating Smart TV Vulnerabilities & Mitigation
6 pages
VL2023240503483_PE003
No ratings yet
VL2023240503483_PE003
13 pages
1.introduction To Ethical Hacking
No ratings yet
1.introduction To Ethical Hacking
12 pages
IT Threat Landscape Briefing July 2023
100% (1)
IT Threat Landscape Briefing July 2023
13 pages
Legal Interventions - Morillo
No ratings yet
Legal Interventions - Morillo
32 pages
Security Awareness Training
100% (1)
Security Awareness Training
25 pages
Cyber Crime Update: Kegiatan, Tanggal, Lokasi
No ratings yet
Cyber Crime Update: Kegiatan, Tanggal, Lokasi
40 pages
What Is Soc (Security Operation Center) ?
No ratings yet
What Is Soc (Security Operation Center) ?
13 pages