Didier Stevens

Friday 29 July 2016

Releasing rtfdump.py

Filed under: maldoc,My Software — Didier Stevens @ 8:59

Today I’m releasing my rtfdump.py tool to analyze RTF documents. I started working on it about a year ago, but I didn’t like the direction it took me in, and stopped working on it. About a week ago I started again with new samples, and I’m more satisfied now with the result.

I will post more information later. But if you want to get an idea how to use my tool, take a look at this analysis in SANS ISC Diary.

rtfdump_V0_0_2.zip (https)
MD5: 368CCACC556E283D5E1759ED5E164BFF
SHA256: DA9B0AB231B1ADBC1083FC0F915A789EF19A5F7540C317CFA80BF3DE038C7952


  1. […] also showed how to use his new Python script rtfdump.py (version 0.0.2) to examine a malicious RTF file. The post goes through the various elements of the […]

    Pingback by Week 30 – 2016 – This Week In 4n6 — Sunday 31 July 2016 @ 13:21

  2. […] Releasing rtfdump.py […]

    Pingback by Overview of Content Published In July | Didier Stevens — Monday 1 August 2016 @ 0:01

  3. Wouldn’t it be a good idea to throw this up on Github as well for easier source code management and visibility?

    Comment by Chris Higgins — Tuesday 2 August 2016 @ 19:12

  4. Well yes it would be a good idea. More than a year old: https://blog.didierstevens.com/didier-stevens-suite/

    Comment by Didier Stevens — Tuesday 2 August 2016 @ 21:18

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.