Tools: oledump.py, re-research.py, sets.py and numbers-to-string.py.
ISC diary entry: Dealing with numeric obfuscation in malicious scripts
Sample: a564cd735132eccde401d6978651b66d
malware
Maldoc Analysis & Linux Tools
Tools: oledump.py.
ISC diary entry: Maldoc analysis with standard Linux tools
Sample: 2f87105fea2d4bae72ebc00efc6ede56
Dealing With Numeric Obfuscation
Tools: oledump.py, re-research.py, sets.py and numbers-to-string.py.
ISC diary entry: Dealing with numeric obfuscation in malicious scripts
Sample: f25a16298240f2faefee654478050a62
Maldoc with DOSfuscation
Tools: oledump.py, re-research.py, sets.py and instantiation.py.
ISC diary entry: Malicious Word documents using DOSfuscation
Sample: 47827f618056ef15563138ebe69225d0
Analyzing XPS Files
Tools: zipdump.py and re-search.py.
ISC Diary Entry: XPS Samples
Sample: 19e432b6960604aa7492e1196c20b594
VBA Maldoc: Form-Embedded PE File
.xlsm: Button & VBA & PowerShell & EXE
Dealing with obfuscated rtf files
Tools: rtfdump.py
ISC Diary entry: Dealing with obfuscated RTF files
Sample: a3d89108e4a13900c299d7c5f6d687e0
PDF’s /URI
It’s Not An Invoice
Tools: oledump.py, base64dump.py
Sample: 9c4c3234f20b6102569216675b48c70a
ISC Diary Entry: It’s Not An Invoice …
Didier Stevens Videos 