Analyzing infected files

MSOFFICE 2007+
unzip the file and get vbaProject.bin

sigtool --vba vbaProject.bin

PRE MSOFFICE 2007

sigtool --vba FILE.xls

EXECUTABLES

get http://hexacorn.com/d/PESectionExtractor.pl

use it..

sigtool --mdb

OR

sigtool --md5

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.