dEEpEst Posted March 31, 2023 Share Posted March 31, 2023 MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner. On Macro-enabled Office documents we can quickly use oletools mraptor to determine whether document is malicious. If we want to dissect it further, we could bring in oletools olevba or oledump. To dissect malicious MSI files, so far we had only one, but reliable and trustworthy lessmsi. However, lessmsi doesn't implement features I was looking for: quick triage Binary data extraction YARA scanning Hence this is where msidump comes into play. Here we can see that input MSI is injected with suspicious VBScript and contains numerous executables in it. Now we want to take a closer look at this VBScript by extracting only that record. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
SatanLoveMe Posted April 14, 2023 Share Posted April 14, 2023 This version from github ? Link to comment Share on other sites More sharing options...
Recommended Posts