Didier Stevens

Thursday 19 February 2015

Update: oledump.py Version 0.0.9

Filed under: Malware,My Software,Update — Didier Stevens @ 22:19

The plugin_dridex plugin was updated.

And oledump.py has a new option: –quiet: only print output from plugins.

oledump_V0_0_9.zip (https)
MD5: 849C26F32397D2508381A8472FE40F90
SHA256: 74887EA3D4362C46CCBF67B89BB41D7AACE9E405E4CB5B63888FEDCE20FD6A07

2 Comments »

  1. Several dridex .doc examples that do not seem to decode under oledump v0.0.9, via http or dridex plugin.

    Mirror1: http://www.mediafire.com
    Mirror2: https://www.sendspace.com

    Comment by Anonymous — Friday 20 February 2015 @ 1:42

  2. got another .doc sample which was detected by 1/57 in virustotal see: 1cf2218f95300c6a963976d154af0700113fd8e7e120654af70d4b976ec5c163
    the filename changes at the end with numbers so it seems like some champaign
    maybe worth a look
    sincerly
    skippie

    Comment by stefan — Wednesday 25 February 2015 @ 16:43


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: