filmov
tv
[CB19] [BB] FileInsight-plugins: Decoding toolbox for malware analysis by Nobutaka Mantani
Показать описание
FileInsight-plugins is a collection of plugins for McAfee FileInsight hex editor. It is useful for various kind of decoding tasks in malware analysis such as extracing malware executables and decoy documents from malicious document files. FileInsight-plugins adds many functions including the following:
- Search for XORed, bit-rotated text strings and byte arrays
- XOR with incrementing / decrementing XOR key (so-called rolling XOR)
- Encode / decode using custom BASE64 table
- Encryption and decryption with 8 encryption algorithms such as AES
- Compression and decompression with 7 compression algorithms such as Gzip
- Extract PE file embedded in the file
- Extraction of ASCII and UTF-16 strings (strings) and automatic decoding of extracted hexadecimal strings
- Scanning with YARA and coloring areas that match YARA rules
- Open data with other tools such as CyberChef, IDA, VSCode, etc.
FileInsight-plugins is a tool that I develop privately, not professionally developed by the organization I belong to.
- Search for XORed, bit-rotated text strings and byte arrays
- XOR with incrementing / decrementing XOR key (so-called rolling XOR)
- Encode / decode using custom BASE64 table
- Encryption and decryption with 8 encryption algorithms such as AES
- Compression and decompression with 7 compression algorithms such as Gzip
- Extract PE file embedded in the file
- Extraction of ASCII and UTF-16 strings (strings) and automatic decoding of extracted hexadecimal strings
- Scanning with YARA and coloring areas that match YARA rules
- Open data with other tools such as CyberChef, IDA, VSCode, etc.
FileInsight-plugins is a tool that I develop privately, not professionally developed by the organization I belong to.
![[CB19] [BB] FileInsight-plugins:](https://i.ytimg.com/vi/2ewqiogwuF0/hqdefault.jpg)
0:29:09
0:29:09