Didier Stevens

Tuesday 8 May 2018

Update: base64dump.py Version 0.0.9

Filed under: My Software,Update — Didier Stevens @ 0:00

During last week’s private maldoc training, I got the idea to update base64dump with 2 extra encodings, and add YARA support.

The new encodings are “bx = backslash hexadecimal” like \x90\x90… and “ah = ampersand hexadecimal” like &H90&H90…

Support for YARA rules is identical to my other tools, like oledump.

In this example, I use a YARA rule to detect hex-encoded PE files:

 

base64dump_V0_0_9.zip (https)
MD5: 4CF9F57AD34CC728B05F1307219864BB
SHA256: 01264F82CEFB7B1D2DF51A8DB190840FE6C368C9C3D63566CF14CE4983F73D5A

Blog at WordPress.com.