Update: oledump & MSI Files

Published: 2023-04-02. Last Updated: 2023-04-02 08:32:42 UTC
by Didier Stevens (Version: 1)
0 comment(s)

I wrote about my new oledump plugin plugin_msi_info that analyzes MSI files (MSI files are OLE files) in diary entry "oledump & MSI Files".

I have a new release that brings some changes to the output.

Let me illustrate with this sample from MalwareBazaar:

At the end of the report (Remaining streams), I've added an indicator.

! indicates PE files and CAB files.

? indicates files that are not images (PNG, JPEG, BMP), neither PE or CAB files.

In this example, a SVG file (image) is marked with indicator ?.

I parse CAB files to list their content.

And you can change the hash algorithm with environment variable DSS_DEFAULT_HASH_ALGORITHMS.

 

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

Keywords:
0 comment(s)

YARA v4.3.0 Release

Published: 2023-04-02. Last Updated: 2023-04-02 08:10:15 UTC
by Didier Stevens (Version: 1)
0 comment(s)

We wrote 2 diary entries about new features in release candidates of YARA 4.3.0.

 

YARA 4.3.0 has been released now.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com

Keywords: update yara
0 comment(s)

Comments


Diary Archives