Cryptam

Cryptam document analysisAutomate detection of malware in Microsoft Office documents and Embedded Executables in PDF files. Word, PowerPoint, Excel, RTF, CHM and HLP. Detect the most common Enterprise threats - variants of CVE-2009-4324, CVE-2006-2492, CVE-2009-3129, CVE-2010-3333, CVE-2012-0754, CVE-2012-0779, CVE-2012-0158, CVE-2012-1535, CVE-2012-1856, CVE-2012-5054, and Visual Basic macros.

Cryptam can detect encrypted embedded executables by conducting a cryptanalysis of the submitted document, report the key used, and detect strings associated with executables.

Detection and extraction support for combinations of various lengths of XOR encryption, bitwise ROL or ROR shifting, bitwise NOT, and transposition ciphers including header only transposition. Support for extraction of both Windows and Mac executables from documents.

Now on GitHub

PDFExaminer

PDFExaminer PDF analysisAutomate malware PDF analysis and step through the objects of a malicious PDF. Support for basic PDF Javascript de-obfuscation, encrypted PDFs (RSA, AESV2, Revision 5 AESV3). Dissect PDF streams to discover new and known exploits. Detect variants of CVE-2007-5659, CVE-2009-3953, CVE-2009-3959, CVE-2009-0927, CVE-2008-2992, CVE-2009-4324, CVE-2009-1493, CVE-2010-0188, CVE-2010-1297, CVE-2010-2883, CVE-2010-3654, CVE-2010-4091, CVE-2011-0609, CVE-2011-0611, CVE-2011-2462, CVE-2011-4369, CVE-2012-0754, CVE-2013-0641, and CVE-2013-2729.

Now on GitHub