Tools: pngdump.py, pecheck.py, strings.py
bdm.png: 95ffae4e0aecd870211c9825633b0a80b7613ec0d9ae144178c132559e7de437 virustotal malshare
my software
PNG Analysis
Tools: pngdump.py, byte-stats.py, translate.py, decrypt-icedid.py, strings.py
Sample: 8fca57502cbd74502560bf963f3fd78acfc922b43d5973a0cd8f28426214abca
SANS ISC Diary entry: PNG Analysis
Analysis of a Malicious HTML File (QBot)
Tools: base64dump.py, zipdump.py, isodump.py, pecheck.py
Sample: 79cd49dc922c41b2845787c7835063e6ed77507001df133e7d7aafa3d13b6e20
SANS ISC Diary entry: Analysis of a Malicious HTML File (QBot)
Analyzing Obfuscated VBS with CyberChef
Tools: zipdump.py, CyberChef
ISC diary entry: “Analyzing Obfuscated VBS with CyberChef“
Sample: malwarebazaar
An Obfuscated Beacon – Extra XOR Layer
VBA Maldoc & UTF7 (APT-C-35)
James Webb JPEG With Malware
Tools: jpegdump.py, base64dump.py, pecheck.py, headtail.py
ISC diary entry: James Webb JPEG With Malware
Sample: 3bdf6d9f0f35be75d8345d897ec838ae231ba01ae898f6d0c8f920ff4061fc22, MalwareBazaar
1768.py’s Sanity Check
Tools: 1768.py
Maldoc: non-ASCII VBA Identifiers
Tools: oledump.py
Sample: f0deca3a062a057b45bd075aef290b9bd88180c4f72743c29907dc3b934121d8
ISC diary entry: Maldoc: non-ASCII VBA Identifiers
Decoding Obfuscated BASE64 Statistically
Sample: 402a722d58368018ffb78eda78280a3f1e6346dd8996b4e4cd442f30e429a5cf
Tools: strings.py, base64dump.py, re-search.py, byte-stats.py
ISC Diary Entry: Decoding Obfuscated BASE64 Statistically
Didier Stevens Videos 