Sample: f450ab337c93b7cb62599b0f6aa485e8
Tools: oledump.py
Blog post: Analyzing PowerPoint Maldocs with oledump Plugin plugin_ppt
video
When DOSfuscation Helps…
Sample: dfff3a02e6e6a4d079c12f83dcc2f7a5
Tools: re-search.py, sets.py, python-per-line.py
ISC Diary entry: When DOSfuscation Helps…
Using scdbg to analyze shellcode
Maldoc with DOSfuscation: example 2
Tools: oledump.py, re-research.py, sets.py and numbers-to-string.py.
ISC diary entry: Dealing with numeric obfuscation in malicious scripts
Sample: a564cd735132eccde401d6978651b66d
oledump: plugin_msg
Maldoc Analysis & Linux Tools
Tools: oledump.py.
ISC diary entry: Maldoc analysis with standard Linux tools
Sample: 2f87105fea2d4bae72ebc00efc6ede56
Dealing With Numeric Obfuscation
Tools: oledump.py, re-research.py, sets.py and numbers-to-string.py.
ISC diary entry: Dealing with numeric obfuscation in malicious scripts
Sample: f25a16298240f2faefee654478050a62
DotNetToJScript Analysis
Tools: re-research.py, base64dump.py and pecheck.py.
Maldoc with DOSfuscation
Tools: oledump.py, re-research.py, sets.py and instantiation.py.
ISC diary entry: Malicious Word documents using DOSfuscation
Sample: 47827f618056ef15563138ebe69225d0
Retrieving and Processing JSON Data (BTC Example)
Tools: jq and what-is-new.py.
ISC Diary Entries: Retrieving and processing JSON data (BTC example) and New Extortion Tricks: Now Including Your Password!
Didier Stevens Videos 