tools
Malware Tracker provides software to automate static analysis of malware documents quickly and precisely using web based collaboration and unique cryptanalysis techniques.
PDFExaminer
Analyse a PDF file for exploits and JavaScript
+PDFExaminer - submit sample | recent reports | hash search
Scripts:
Cryptam
Detect malware in Office documents, extract encrypted embedded executables from PDF and office documents
+Cryptam - submit sample | recent reports | hash search
Scripts:
- Download Multi function script - submit file to Cryptam, use API to get decoding parameters to decrypt and extract embedded executables and dropped clean documents from a malware document or PDF.
- Download File submission script for PHP
- Download Report download script for PHP
- Download Script to unencrypt/unrol/unror/bitwise not decode a document.
APT Protocol Decoders
We'll be adding some of the most useful decoder tools here to help quickly identify compromised machines from network pcap.
- +comment crew DES comment decoder - decode commands.
- +Joy Trojan sometimes called Ixeshe or RC4 Dyncalc - decode beacon info packets.
- +Binanen Trojan - decode beacon GET requests.
- +MiniASP Trojan - decode controller commands.
Shellcode
+Shellcode - web interface to dissassemble shellcode, detect packed shellcode etc.