0% found this document useful (0 votes)

134 views13 pages

Malware File Handling Guide

The document discusses how to handle different types of files during malware analysis, including generic files, email files, Microsoft Office files from 1997-2003 and 2007+, RTF files, LNK files, MSI files, PDF files, and PE files. It provides tips on tools like python-oletools and references additional resources for analyzing malicious documents. The document is authored by Marc Ochsenmeier and focuses on fundamentals of analyzing files during malware analysis.

Uploaded by

apolelel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

134 views13 pages

Malware File Handling Guide

Uploaded by

apolelel

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 13

Malware Analysis Fundamentals - Files > Tools

March 23, 2020

Marc Ochsenmeier
@ochsenmeier
www.winitor.com
Malware Analysis Fundamentals - Files > Tools 2

Handling an unknown | generic File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 3

Handling an email File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 4

Handling a MS Office 97-2003 File

applies to following files: doc, xls, ppt, msg

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 5

Handling a protected MS Office 97-2003 File

applies to following files: doc, xls, ppt, msg

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 6

Handling a MS Office 2007+ File

applies to following files: docx, xlsx, xlsb, xlsm, pptx

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 7

Handling a protected MS Office 2007+ File

applies to following files: docx, xlsx, xlsb, xlsm, pptx

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 8

Handling an RTF File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 9

Handling an LNK File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 10

Handling an MSI File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 11

Handling a PDF file

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 12

Handling a PE File

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis Fundamentals - Files > Tools 13

More Information
• python-oletools
https://github.com/decalage2/oletools
• Didier Stevens
https://blog.didierstevens.com/didier-stevens-suite/
• Analyzing Malicious Documents Cheat Sheet
https://zeltser.com/media/docs/analyzing-malicious-document-files.pdf

Marc Ochsenmeier | @ochsenmeier | www.winitor.com March 23, 2020

Malware Analysis
No ratings yet
Malware Analysis
2 pages
McAfee File and Removable Media Protection (FRP) 4.3.0 - User Guide - EN PDF
No ratings yet
McAfee File and Removable Media Protection (FRP) 4.3.0 - User Guide - EN PDF
27 pages
Unit 3 Cryptography and Public Key Infrastrucutre
No ratings yet
Unit 3 Cryptography and Public Key Infrastrucutre
34 pages
Types of Migration Policies PDF
No ratings yet
Types of Migration Policies PDF
4 pages
09 March Azure Sentinel
No ratings yet
09 March Azure Sentinel
42 pages
Endpointsecuritypres 221217173518 Cefbeb29
No ratings yet
Endpointsecuritypres 221217173518 Cefbeb29
18 pages
Lecture 1
No ratings yet
Lecture 1
22 pages
BitLocker Drive Encryption Flow
No ratings yet
BitLocker Drive Encryption Flow
36 pages
PingFederate License Agreement
No ratings yet
PingFederate License Agreement
4 pages
AGM BitLocker Administration and Monitoring 1.0 PDF
No ratings yet
AGM BitLocker Administration and Monitoring 1.0 PDF
110 pages
Brksec 2585
No ratings yet
Brksec 2585
35 pages
Vmware Workspace Security Solutions
No ratings yet
Vmware Workspace Security Solutions
3 pages
Chapter 3 Quiz - Introduction To Cybersecurity 0420
No ratings yet
Chapter 3 Quiz - Introduction To Cybersecurity 0420
10 pages
SOC Resume
No ratings yet
SOC Resume
2 pages
CSSLP The Art and Science of Secure Software Development Ebook - PDF
No ratings yet
CSSLP The Art and Science of Secure Software Development Ebook - PDF
32 pages
What Is A Security Operations Center (SOC) ?
No ratings yet
What Is A Security Operations Center (SOC) ?
3 pages
Chapter 9 Ollydbg
No ratings yet
Chapter 9 Ollydbg
20 pages
6822 Protecting Your Data With Windows 10 BitLocker
No ratings yet
6822 Protecting Your Data With Windows 10 BitLocker
6 pages
Soc Analyst
No ratings yet
Soc Analyst
9 pages
Vmware Carbon Black® Hosted Edr ™: (Formerly Known As CB Response Cloud)
No ratings yet
Vmware Carbon Black® Hosted Edr ™: (Formerly Known As CB Response Cloud)
7 pages
Cisco Scor
No ratings yet
Cisco Scor
24 pages
Soar + Edr: Challenge Joint Solution Benefits
No ratings yet
Soar + Edr: Challenge Joint Solution Benefits
2 pages
BitLocker Flow
No ratings yet
BitLocker Flow
36 pages
Epolicy Orchestrator 4.0 Essentials: Based On The Beta 3 Release
No ratings yet
Epolicy Orchestrator 4.0 Essentials: Based On The Beta 3 Release
92 pages
Building A Malware Analysis Lab
No ratings yet
Building A Malware Analysis Lab
9 pages
Beginner's Guide to Ethical Hacking with Kali Linux
No ratings yet
Beginner's Guide to Ethical Hacking with Kali Linux
13 pages
Security Operations Center A Framework For Automat
No ratings yet
Security Operations Center A Framework For Automat
16 pages
Navigating The Intersection of AI and Cybersecurity in India
No ratings yet
Navigating The Intersection of AI and Cybersecurity in India
10 pages
DevSecOps Lead-1
No ratings yet
DevSecOps Lead-1
2 pages
Microsoft Threat Modeling Tool 2016 Getting Started Guide Beta
No ratings yet
Microsoft Threat Modeling Tool 2016 Getting Started Guide Beta
30 pages
Lecture 11 - Database Security
No ratings yet
Lecture 11 - Database Security
116 pages
Module 1 PDF
No ratings yet
Module 1 PDF
18 pages
Alert Analysis L1 External
No ratings yet
Alert Analysis L1 External
7 pages
Online Training Course Catalog
No ratings yet
Online Training Course Catalog
32 pages
Artificial Intelligence For Cybersecurity - Paper
No ratings yet
Artificial Intelligence For Cybersecurity - Paper
21 pages
Phishing Analysis
No ratings yet
Phishing Analysis
12 pages
New E-Guide SIEM Feb2014 PDF
No ratings yet
New E-Guide SIEM Feb2014 PDF
10 pages
Scan Report
No ratings yet
Scan Report
29 pages
Nexpose Enterprise Edition: Vulnerability Management To Combat Today's Threats
No ratings yet
Nexpose Enterprise Edition: Vulnerability Management To Combat Today's Threats
2 pages
Slide Deck
No ratings yet
Slide Deck
122 pages
Privileged Access Management SME Job
No ratings yet
Privileged Access Management SME Job
4 pages
Top Cybersecurity Whitepapers 2020
No ratings yet
Top Cybersecurity Whitepapers 2020
44 pages
CV Okta
No ratings yet
CV Okta
3 pages
Microsoft SDL - Version 5.0
No ratings yet
Microsoft SDL - Version 5.0
135 pages
RSA Via L-G CyberArk AppGuide
No ratings yet
RSA Via L-G CyberArk AppGuide
66 pages
Ransomware Threats Explained
100% (1)
Ransomware Threats Explained
11 pages
Hardening Document Sample1
No ratings yet
Hardening Document Sample1
28 pages
Secret Key Encryption Lab Guide
No ratings yet
Secret Key Encryption Lab Guide
8 pages
Aes Rsa
No ratings yet
Aes Rsa
14 pages
Lecture 5: Network Threat Management Part 1: Networks Standards and Compliance-Dhanesh More
No ratings yet
Lecture 5: Network Threat Management Part 1: Networks Standards and Compliance-Dhanesh More
33 pages
Transform Your Enterprise With Microsoft Solutions
No ratings yet
Transform Your Enterprise With Microsoft Solutions
5 pages
CrowdStrikeFal - Con2019 RTRForForensicsandHunting J.Miller
No ratings yet
CrowdStrikeFal - Con2019 RTRForForensicsandHunting J.Miller
24 pages
Masters Thesis
100% (1)
Masters Thesis
93 pages
Chapter 2 Windows Process Programming
No ratings yet
Chapter 2 Windows Process Programming
30 pages
Eventos McAfee
No ratings yet
Eventos McAfee
6 pages
OWASPAppSecEU2006 WAFs WhenAreTheyUseful
No ratings yet
OWASPAppSecEU2006 WAFs WhenAreTheyUseful
44 pages
Malware Analysis Fundamentals - Files - Tools: March 26, 2020 Marc Ochsenmeier
No ratings yet
Malware Analysis Fundamentals - Files - Tools: March 26, 2020 Marc Ochsenmeier
14 pages
Malware Analysis Fundamentals Files Tools
No ratings yet
Malware Analysis Fundamentals Files Tools
18 pages
Malware Analysis Fundamentals Files Tools
No ratings yet
Malware Analysis Fundamentals Files Tools
17 pages
MSOffice Malware Analysis Guide
No ratings yet
MSOffice Malware Analysis Guide
19 pages
Working To Prevent Diabetes-Related Amputations: Editorial
No ratings yet
Working To Prevent Diabetes-Related Amputations: Editorial
1 page
Zimbabwe School Examinations Council: Accounting 9197/3
50% (2)
Zimbabwe School Examinations Council: Accounting 9197/3
8 pages
Resume - AJAY - 8+years
No ratings yet
Resume - AJAY - 8+years
5 pages
CH11 Probs
No ratings yet
CH11 Probs
10 pages
Algorithms For Polynomial and Rational Approximation
No ratings yet
Algorithms For Polynomial and Rational Approximation
141 pages
DLL English 10 Q1 - Module 1 - Lesson 3 - Myth, Implicit and Explicit Signals, Let It Go, Orpheus, Life of Pi
No ratings yet
DLL English 10 Q1 - Module 1 - Lesson 3 - Myth, Implicit and Explicit Signals, Let It Go, Orpheus, Life of Pi
8 pages
SAP PM - Key Figures For Order Costs
No ratings yet
SAP PM - Key Figures For Order Costs
3 pages
PGBC Summary
100% (2)
PGBC Summary
36 pages
EEAR 2022 Aeronáutica English Exam
No ratings yet
EEAR 2022 Aeronáutica English Exam
10 pages
Laboratory Oil Testers by Megger
No ratings yet
Laboratory Oil Testers by Megger
4 pages
LAPLACIAN SPECTRUM OF WEAKLY ZERO-DIVISOR GRAPH OF THE RING ZN
No ratings yet
LAPLACIAN SPECTRUM OF WEAKLY ZERO-DIVISOR GRAPH OF THE RING ZN
10 pages
PfBlockerNGConfigurationGuide-StepByStep 1714660961696
No ratings yet
PfBlockerNGConfigurationGuide-StepByStep 1714660961696
4 pages
Public and Private Sectors in Higher Education: A Comparison of International Patterns 1
No ratings yet
Public and Private Sectors in Higher Education: A Comparison of International Patterns 1
13 pages
BCM MARKET SURVEY OF FLOORING AND PAVING N
No ratings yet
BCM MARKET SURVEY OF FLOORING AND PAVING N
14 pages
Instant Access To The Problem Centred Interview Principles and Practice Andreas Witzel Ebook Full Chapters
100% (10)
Instant Access To The Problem Centred Interview Principles and Practice Andreas Witzel Ebook Full Chapters
77 pages
02-Chain of Action
No ratings yet
02-Chain of Action
2 pages
Ensayo Sobre Corrupción
100% (1)
Ensayo Sobre Corrupción
4 pages
12thDailyTest5-Students 20241127110535
No ratings yet
12thDailyTest5-Students 20241127110535
2 pages
Pages From (ASHRAE) - 2009 - ASHRAE - Handbook - Fundamentals - (SI)
No ratings yet
Pages From (ASHRAE) - 2009 - ASHRAE - Handbook - Fundamentals - (SI)
2 pages
CASEL CSI Emerging Insights Brief 2020
100% (1)
CASEL CSI Emerging Insights Brief 2020
37 pages
Lesson 10 Gamification in Teaching English
No ratings yet
Lesson 10 Gamification in Teaching English
20 pages
Geothermal Energy Bibliography
No ratings yet
Geothermal Energy Bibliography
388 pages
Applied Radiological Anatomy 2nd Semester
No ratings yet
Applied Radiological Anatomy 2nd Semester
7 pages
Lonely Planet Oman UAE Arabian Peninsula 6th Edition Lonely Planet Instant Download
100% (1)
Lonely Planet Oman UAE Arabian Peninsula 6th Edition Lonely Planet Instant Download
138 pages
Covidien Bed SIde Spo2 Monitoring System
No ratings yet
Covidien Bed SIde Spo2 Monitoring System
2 pages
Nigeria Overpopulation Causes & Solutions
No ratings yet
Nigeria Overpopulation Causes & Solutions
12 pages
Full Download The Subject of Coexistence Otherness in International Relations Borderlines Series 1st Edition Louiza Odysseos PDF
100% (13)
Full Download The Subject of Coexistence Otherness in International Relations Borderlines Series 1st Edition Louiza Odysseos PDF
84 pages
Is LBA Mandatory For SCAN Listener in Oracle RAC?
100% (1)
Is LBA Mandatory For SCAN Listener in Oracle RAC?
8 pages
IC Scrum Project Management Gantt Chart Template 10578 Excel 2000 2004
No ratings yet
IC Scrum Project Management Gantt Chart Template 10578 Excel 2000 2004
6 pages
Biomaterials 2018 - Ceramic Biomaterials PDF
No ratings yet
Biomaterials 2018 - Ceramic Biomaterials PDF
44 pages