683 B

Raw Blame History

ReMnux

Documentation

Tools

Peepdf

Extracting JS from PDF using config file into js_from_pdf.js

echo 'extract js > js_from_pdf.js' > extract_js.conf 
peepdf -s extract_js.conf <file.pdf>

vmonkey

Detects malicious VBasic code in documents.

vmonkey <file.doc>

Packaged Binaries

Can be identified via entropy or loaded libs
- The count of libs loaded by a packaged bin is very low. A packaged PE could load GetProcAddress or LoadLibrary.
- PEiD detects most packers.
- File Entropy of a packaged is high.