From Collaborative RCE Tool Library
Code Ripping Tools
| Tool name:
|| OfficeMalScanner ||
|| Frank Boldewin
| Current version:
| Last updated:
|| February 5, 2010
| Direct D/L link:
|| Locally archived copy
| License type:
|| OfficeMalScanner v0.51 is a Ms Office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams. Found files are being extracted to disk. It supports disassembly and hexview as well as an easy brute force mode to detect encrypted files. Next to this, an office file is being scanned for VB-macro code and if found, it will be extracted for further analysis. The "inflate" feature extracts Ms Office 2007 documents into a directory and marks potentially malicious files. Also included in this package is a tool called MalHost-Setup, some kind of MS Office runtime emulation environment to debug shellcode in malicious documents in realtime.
| Also listed in:
|| Data Search and Extraction Tools
| More details:
|| Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.