OfficeMalScanner

From aldeid
Jump to navigation Jump to search

Description

OfficeMalScanner is a MS Office forensic framework to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams.

It is composed of following tools:

Name (click link for details) Description
DisView DisView is a disassembler. When using OfficeMalScanner with "scan debug", you may notice an interesting portion of code but it's truncated. DisView will display much more code to help you in the analysis.
MalHost-Setup MalHost-Setup will dump an executable embedded in an Office document. You can identify the offset with OfficeMalScanner, using scan debug.
OfficeMalScanner OfficeMalScanner is a MS Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams.
RTFScan RTFScan is a tool which has similar features as OfficeMalScanner but for RTF documents.

Installation

Note
OfficeMalScanner is intended to be used from command line.

Comments