Web Analytics
Oletools Tools to analyze MS OLE2 files and MS Office documents

Oletools Tools to analyze MS OLE2 files and MS Office documents

<

Pentest Tools o

Analyzing Malicious Password Protected Office Documents – Reverse Engineering Malware

This is a small tool I wrote while reversing some malwares. It performs a bunch of nowadays malwares tricks and the goal is to see if you stay under the ...

Known vulnerable objects such as MS Equation are highlighted in red. Work in progress, feedback welcome.

EWC_passwordPrompt

EWC_decryptedDocEnableContent Figure 6: Office document ...

Figure 1: Example email with password protected MS Office document attached and password in message body.

EWD_PassProj

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

Analyzing Malicious Password Protected Office Documents

Two CryptoMix Ransomware variants emerged in a few days, a circumstance that suggests the operators behind the threat are very active.

Figure 9: Running OfficeMalScanner against OLE binary found within OpenXML archive EWC_OfficeMalScannerVBA

delivery-weaponized-bundle-rtf_5

Viper screenshot

EWC_decryptedDoc

#oletools: the new dev version of olemap can now detect and display extra data at the end of OLE files. cc @DidierStevenspic.twitter.com/yARmRr2Jz6

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

delivery-weaponized-bundle-rtf_6

Zeus AWS Auditing & Hardening Tool Zeus is a powerful tool for AWS EC2 / S3

EWC_encDecompressed

Hey @decalage2 is there a way to dump document variables (not properties) with #oletools? They are stored in the 1Table stream.pic.twitter.com/JwCbqe8EqL

EWC_LibreOfficeMacroEditor

Hackers Hijacks A Popular Chrome Extension to Promote Their Malware

Oletools – python tools to analyze OLE and MS Office files #cuckoo #sandbox http://jamaica.nef2.com/oletools-python-tools-to-analyze-ole-and-ms-off…

//digital-forensics.sans.org/blog/2013/05/

#oletools - Twitter Search

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

CopyCat Malware Infected 14 Million Android Devices Last Year

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

routersploit v3.1.0 released: Router Exploitation Framework

#oletools olevba latest dev version: obfuscated VBA macro before and after the --reveal option cc @JohnLaTwCpic.twitter.com/UDlHX9LX52

Twebit - Bitcoin Analysis in Twitter With Machine Learning | Hacking Tools | Pinterest | Machine learning, Security tools and Linux

Basic Malware Analysis Tools - PEiD

2 replies 45 retweets 49 likes

Syrian Programmer SyrianProgrammer

... analysis platform with lots of tools - including #oletools https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html … ...

2 replies 48 retweets 50 likes

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, ...

FLOSS - FireEye Labs Obfuscated String Solver (Automatically extract obfuscated strings from malware) | Hack | Pinterest | Security tools

CALDERA - Automated Adversary Emulation System | Hacking Tools | Pinterest | Security tools

oletools v0.53: analyze MS OLE2 files & MS Office documents, for malware

Photo via @decalage2

delivery-weaponized-bundle-rtf_14

Malwrologist @DissectMalware

Even after so many efforts by Google, malicious apps somehow managed to fool its Play Store's anti-malware protections and infect people with malicious ...

This, Image

2 replies 57 retweets 71 likes

JexBoss v1.2.0 – Jboss verify and Exploitation Tool. – Security List Network™ | Jboss | Pinterest

9:22 AM - 8 Apr 2017

oletools v0.53: analyze MS OLE2 files & MS Office documents, for malware analysis, forensics & debugging | Security news – Ειδήσεις Ασφαλείας | Pinterest

Analyzing Malicious Password Protected Office Documents – Reverse Engineering Malware

2 replies 57 retweets 71 likes

The best to find problems (but not very good for REST and SOAP). The cost is very high, it is used by a lot of big corpo.

Yes, even Mac could also get viruses that could silently spy on its users.

nullinux - SMB null Session Identification and Enumeration Tool | Hacking Tools | Pinterest | Linux and Security tools

Let's start.

Web Exploit Detector - Tool To Detect Possible Infections, Malicious Code And Suspicious Files In

Pupy - Opensource Cross-Platform (Windows Linux OSX Android) Remote Administration And Post

oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Docu…

Now let's have a look at 'Macros/VBA/ThisDocument' (stream 9).

oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Docu…

delivery-weaponized-bundle-rtf_11

Lithuania ban Kaspersky Lab

oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Docu…

delivery-weaponized-bundle-rtf_11

Explore Security Tools, Computer Security and more!

Twebit - Bitcoin Analysis in Twitter With Machine Learning | Hacking Tools | Pinterest | Machine learning, Security tools and Linux

FLOSS - FireEye Labs Obfuscated String Solver (Automatically extract obfuscated strings from malware) | Hack | Pinterest | Security tools

sqlmap v1.2.6 released: Automatic SQL injection and database takeover tool

Telnet IoT Honeypot - Python Telnet Honeypot For Catching Botnet Binaries | Network Security | Pinterest | Honeypot, Python and Security tools

Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣

Basic Malware Analysis Tools - Dependency Walker

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

0 replies 2 retweets 3 likes

FLOSS - FireEye Labs Obfuscated String Solver (Automatically extract obfuscated strings from malware) | Hack | Pinterest | Security tools

Zeus AWS Auditing & Hardening Tool Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks sec…

ClamAV for Malware Analysis • Detecting various image lures embedded in docs; 12.

[360-FAAR] Firewall Analysis Audit And Repair 0.3.6 - Dump3r

BeRoot(s) is a post exploitation tool to check commun Windows misconfigurations to find a way to escalate our privilege.

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

PortEx - Java library to analyse Portable Executable files with a special focus on malware analysis and PE malformation robustness | Pinterest | Java and ...

PPEE (Puppy) - Professional PE file Explorer for reversers and malware researchers

After reading the code I realised many of the strings are obfuscated. Then I made use of the debugging function in Visual Basic for Applications (VBA) in ...

6.2 Cross Site Scripting

Malware experts at ESET released a free tool for ICS Malware analysis

Malwrologist @DissectMalware

Basic Malware Analysis Tools - Resource Hacker

Basic Malware Analysis Tools - PEview

Ryan Hanson @ryHanson

openSUSE Tumbleweed

//irma.quarkslab.com/preview.html

delivery-weaponized-bundle-rtf_4

Matt Nelson @enigma0x3 · 20 Oct 2017. "

FLOSS - FireEye Labs Obfuscated String Solver (Automatically extract obfuscated strings from malware) | Security tools

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

delivery-weaponized-bundle-rtf_12; When RTF file ...

Chinese Hackers Spyied On European Diplomats During G20 Meetings Using Malware | Tech and Tech news

Pentest Tools o

Oletools – python tools to analyze OLE and MS Office files #cuckoo #sandbox http

Analyzing Malicious Password Protected Office Documents – Reverse Engineering Malware

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

Known vulnerable objects such as MS Equation are highlighted in red. Work in progress, feedback welcome.

EWC_passwordPrompt

EWC_decryptedDocEnableContent Figure 6: Office document ...

Figure 1: Example email with password protected MS Office document attached and password in message body.

Analyzing Malicious Password Protected Office Documents

EWD_PassProj

delivery-weaponized-bundle-rtf_5

Figure 9: Running OfficeMalScanner against OLE binary found within OpenXML archive EWC_OfficeMalScannerVBA

EWC_decryptedDoc

Known-bad CLSIDs such as MS Equation Editor are highlighted in red.

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

#oletools: the new dev version of olemap can now detect and display extra data at the end of OLE files. cc @DidierStevenspic.twitter.com/yARmRr2Jz6

delivery-weaponized-bundle-rtf_6

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

EWC_encDecompressed

EWC_LibreOfficeMacroEditor

Hey @decalage2 is there a way to dump document variables (not properties) with #oletools? They are stored in the 1Table stream.pic.twitter.com/JwCbqe8EqL

//digital-forensics.sans.org/blog/2013/05/

Oletools – python tools to analyze OLE and MS Office files #cuckoo #sandbox http://jamaica.nef2.com/oletools-python-tools-to-analyze-ole-and-ms-off…

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

#oletools - Twitter Search

2 replies 48 retweets 50 likes

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

Oletools – python tools to analyze OLE and MS Office files #cuckoo #sandbox http://jamaica.nef2.com/oletools-python-tools-to-analyze-ole-and-ms-off…

Awesome Security 2017: Apple Users, Beware! A Nearly-Undetectable Malware Targeting Mac

Basic Malware Analysis Tools - PEiD

Twebit - Bitcoin Analysis in Twitter With Machine Learning | Hacking Tools | Pinterest | Machine learning, Security tools and Linux

#oletools olevba latest dev version: obfuscated VBA macro before and after the --reveal option cc @JohnLaTwCpic.twitter.com/UDlHX9LX52

2 replies 45 retweets 49 likes

Syrian Programmer SyrianProgrammer

... analysis platform with lots of tools - including #oletools https://www.fireeye.com/blog/threat-research/2017/07/flare-vm-the-windows-malware.html … ...

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

CALDERA - Automated Adversary Emulation System | Hacking Tools | Pinterest | Security tools

360-FAAR (Firewall Analysis Audit and Repair) is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, ...

Photo via @decalage2

oletools v0.53: analyze MS OLE2 files & MS Office documents, for malware

delivery-weaponized-bundle-rtf_14

Malwrologist @DissectMalware

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

2 replies 57 retweets 71 likes

Next, I want to see if there's anything interesting inside of the document. There are lots of tools that can be used for this, but for now I'm just going to ...

9:22 AM - 8 Apr 2017

JexBoss v1.2.0 – Jboss verify and Exploitation Tool. – Security List Network™ | Jboss | Pinterest

2 replies 57 retweets 71 likes

Viper screenshot

Let's start.

Pupy - Opensource Cross-Platform (Windows Linux OSX Android) Remote Administration And Post

Emerging Matrix Banker Trojan is targeting banks in Latin America | Security news – Ειδήσεις Ασφαλείας | Pinterest

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | D&C-Metamorphasis | Pinterest | Tech and ...

This, Image

Now let's have a look at 'Macros/VBA/ThisDocument' (stream 9).

Analyzing Malicious Password Protected Office Documents – Reverse Engineering Malware

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

Explore Security Tools, Computer Security and more!

delivery-weaponized-bundle-rtf_11

Lithuania ban Kaspersky Lab

delivery-weaponized-bundle-rtf_11

Twebit - Bitcoin Analysis in Twitter With Machine Learning | Hacking Tools | Pinterest | Machine learning, Security tools and Linux

Telnet IoT Honeypot - Python Telnet Honeypot For Catching Botnet Binaries | Network Security | Pinterest | Honeypot, Python and Security tools

Leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣

Basic Malware Analysis Tools - Dependency Walker

BeRoot(s) is a post exploitation tool to check commun Windows misconfigurations to find a way to escalate our privilege.

Windows cleanup utility CCleaner infected with Malware | Windows cleanup, Software and Tech

0 replies 2 retweets 3 likes

Zeus AWS Auditing & Hardening Tool Zeus is a powerful tool for AWS EC2 / S3 / CloudTrail / CloudWatch / KMS best hardening practices. It checks sec…

ClamAV for Malware Analysis • Detecting various image lures embedded in docs; 12.

After reading the code I realised many of the strings are obfuscated. Then I made use of the debugging function in Visual Basic for Applications (VBA) in ...

... doc from webdav -> serve correct macro stripped doc for detected office ver Problem: https://twitter.com/buffaloverflow/status/967450758110236673 …

Malware experts at ESET released a free tool for ICS Malware analysis

6.2 Cross Site Scripting

Malwrologist @DissectMalware

openSUSE Tumbleweed

Basic Malware Analysis Tools - Resource Hacker

Basic Malware Analysis Tools - PEview

Ryan Hanson @ryHanson

LSB-Steganography - Python program to steganography files into images using the Least Significant Bit | Hacking Tools | Pinterest | Python programming and ...

A Framework That Creates An Advanced FUD Dropper With Some Tricks - Dr0p1t-Framework 1.2

//irma.quarkslab.com/preview.html

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

delivery-weaponized-bundle-rtf_4

Matt Nelson @enigma0x3 · 20 Oct 2017. "

delivery-weaponized-bundle-rtf_12; When RTF file ...

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

Chinese Hackers Spyied On European Diplomats During G20 Meetings Using Malware | Tech and Tech news

Brad @malware_traffic · 16 Oct 2017

delivery-weaponized-bundle-rtf_10

DirtyT (David) @dirty_tizzle · 20 Oct 2017

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

Google CSP Evaluator και CSP Mitigator anti XSS plugins

oletools - Tools to analyze MS OLE2 files and MS Office documents, for malware analysis, forensics and debugging | Windows Hacking Tools | Pinterest ...

[360-FAAR] Firewall Analysis Audit And Repair 0.3.6 - Dump3r

3.3 Cookies

Basic Malware Analysis Tools - FileAlyzer

Below pic shows that the mutillidae has decoded the ascii characters but still the attack was successful,