Sunday, December 6, 2009

Analyzing Malicious Documents Cheat Sheet

This cheat sheet outlines tips and tools for reverse-engineering malicious documents, such as Microsoft Office (DOC, XLS, PPT) and Adobe Acrobat (PDF) files.

General Approach
1. Locate potentially malicious embedded code.
2. Extract suspicious code segments from the file.
3. If relevant, disassemble and/or debug shellcode.
4. If relevant, deobfuscate and examine code.
5. Understand next steps in the infection chain.

Check for the link above for the full details...very good information.

No comments:

Post a Comment