Monday, December 7, 2009

Cheat Sheet: Analyzing Malicious Documents

This cheat sheet outlines tips and tools for reverse-engineering malicious documents, such as Microsoft Office (DOC, XLS, PPT) and Adobe Acrobat (PDF) files.

General Approach
1-Locate potentially malicious embedded code, such as shellcode, VBA macros, or JavaScript.
2-Extract suspicious code segments from the file.
3-If relevant, disassemble and/or debug shellcode.
4-If relevant, deobfuscate and examine JavaScript, ActionScript, or VB macro code.
5-Understand next steps in the infection chain.

Full article:http://zeltser.com/reverse-malware/analyzing-malicious-documents.html

Source: http://isc.sans.org

No comments: