In the Open
In the Open

ReMnux

Tools

Peepdf

  • Extracting JS from PDF using config file into js_from_pdf.js
echo 'extract js > js_from_pdf.js' > extract_js.conf 
peepdf -s extract_js.conf <file.pdf>

vmonkey

  • Detects malicious VBasic code in documents.
vmonkey <file.doc>

Packaged Binaries

  • Can be identified via entropy or loaded libs
    • The count of libs loaded by a packaged bin is very low. A packaged PE could load GetProcAddress or LoadLibrary.
    • PEiD detects most packers.
    • File Entropy of a packaged is high.