Didier Stevens

Sunday 23 October 2016

Update: virustotal-search.py Version 0.1.4

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version of virustotal-search.py accepts input from stdin.

virustotal-search_V0_1_4.zip (https)
MD5: 867D6272792965D11317BFB6308E20A9
SHA256: 8C033B3C46767590C54C191AEEDC0162B3B8CCDE0D7B75841A6552CA9DE76044

Saturday 22 October 2016

Update: cut-bytes.py Version 0.0.4

Filed under: My Software,Update — Didier Stevens @ 9:49

I added dumps to this new version of cut-bytes.py:


cut-bytes_V0_0_4.zip (https)
MD5: A44D8BBE9BAB9309E732F8995CB5C7BB
SHA256: F95453DE1CC5855C320AB947D9AE354BE8E3ABFA52418C0CF623351A9DBF6344

Monday 17 October 2016

Update: oledump.py Version 0.0.25

Filed under: My Software,Update — Didier Stevens @ 0:00

This new version has a couple of new options (–decoderdir and –plugindir) and a bugfix.

oledump_V0_0_25.zip (https)
MD5: CED1602AEF505AE0388DB95414F9C00A
SHA256: 54510A54264E4EA3C4559545B5CE43A20D8AB290B4EDDA7B57983AD1396E29FC

Friday 14 October 2016

Analyzing Office Maldocs With Decoder.xls

Filed under: maldoc,Malware,My Software — Didier Stevens @ 13:27

There are Office maldocs out there with some complex payload decoding algorithms. Sometimes I don’t have the time to convert the decoding routines to Python, and then I will use the VBA interpreter in Excel. But I have to be careful not to execute the payload, just decode it. In the following video, I show how I do this.

Tools: oledump.py, decoder.xls

Sample: 2f918f49c3f926bb1538eaad6e8e6883

Friday 7 October 2016

rtfdump Videos

Filed under: maldoc,My Software — Didier Stevens @ 10:05

I produced 3 videos to show you how to use my rtfdump.py tool to analyze (malicious) RTF files.

Here is a video for sample 07884483f95ae891845caf0d50ce507f:

Here is a video for sample 4483ad299158eb54f6ff58b5346a36ee:


Monday 3 October 2016

Overview of Content Published In September

Filed under: Announcement — Didier Stevens @ 0:00

Here is an overview of content I published in September:

Blog posts:

YouTube videos:

SANS ISC Diary entries:

Blog at WordPress.com.