MSI Dump - a tool that analyzes malicious MSI installation packages, extracts files, streams, binary data and incorporates YARA scanner.
Features
This tool helps in quick triages as well as detailed examinations of malicious MSIs corpora. It lets us:
Quickly determine whether file is suspicious or not.
List all MSI tables as well as dump specific records
Extract Binary data, all files from CABs, scripts from CustomActions
scan all inner data and records with YARA rules
Uses file/MIME type deduction to determine inner data type
[hide][Hidden Content]]