How to scan a file for viruses without antivirus

In most variants of cyberattacks, threat participants use legitimate documents downloaded by malware, which is why researchers often say that it all starts with a Word file, a Power Point presentation, an Excel spreadsheet, or even a workbook downloaded from a free PDF file.

We do not encourage you to take any action, the article is written for informational purposes only in order to protect the reader from illegal actions.

This time, digital forensics experts from the International Cybersecurity Institute (IICS) will show you an easy way to manually check any suspicious documents and check if they are loaded with malware.

Generally speaking, all file analysis methods include the following elements:

• Check the document for dangerous tags and scripts
• Detect online code such as shellcode, VBA macro, Javascript, Powershell, and more
• Extract the suspicious code or object from the file
• If possible, remove the extracted code (although, with a very high degree of probability, obfuscated code is harmful)

TOOLS TO ANALYZE MICROSOFT OFFICE FILES

Oletools: This is a powerful Python toolkit for analyzing Microsoft OLE2 files, primarily Microsoft Office documents such as Word or Power Point files mentioned by digital forensics experts.

To install on Linux, simply run the following command:

sudo -H pip install -U oletools

On the other hand, if you want to install this tool on Windows systems, you must use the following command:

pip install -U oletools

You can find many other tools in this package, including:

• Mraptor
• olebrowse
• oledir
• Oleid
• olemap
• Olemet
• oleobj
• Oletimes
• Olevba
• pyxswf
• rtfobj

PCODEDMP: This is a document Pi code disassembler (essentially shellcode). Digital forensic experts mention that oletooles are required for this tool to work properly.

PDF ANALYSIS TOOLS

PDF Stream Dumper: This is a Windows graphical utility for analyzing PDF files, Very popular among the cybersecurity community.

PDF-parser: Using this tool allows digital forensic experts to extract individual elements from a PDF file, such as titles, links, and more, for detailed analysis.

PDFID: PDFID lists all objects in the scanned PDF file.

PEEPDF: This is a pretty powerful analysis framework that includes shellcode search, Javascript, and more. PEEPDF is enabled by default in Kali Linux.

PDFxray: This tool has most of the necessary utilities in the form of separate Python scripts, but requires many of the dependencies mentioned by digital forensic experts.

WHAT SHOULD WE LOOK FOR WHEN ANALYZING A PDF DOCUMENT?

First, digital forensics experts recommend looking for the following parameters:

• /OpenAction and /AA because they can run scripts automatically
• /JavaScript and /JS respectively run js
• /GoTo, because this action changes the visible page of the file, can automatically open and redirect to other PDFs
• /Launch allows you to launch a program or open a document
• /SubmitForm and /GoToR can submit data via URL
• / RichMedia can be used to embed flash memory
• /ObjStm can hide objects

It’s rare to find clean and unmerged code into malicious PDFs. The simplest types of obfuscation are hexadecimal encoding, such as /J s 61vaScript instead of /Javascript and line breaks:

/Ja\[/SIZE][/SIZE][/SIZE][/SIZE]

[SIZE=6] [SIZE=4] [SIZE=6] [SIZE=4] vascr\

Ipt

SAFETY TEST

At this point, we will use a malware-uploaded document to exploit the flaw tracked as CVE-2017–11882.

Let’s take a look at VBA scripts:

olevba exploit.doc

Right off the bat, we’ll find tons of lines of VBA script, and eventually, they’ll also show what it does. The next test is to parse a PDF file using PDFID to view all the objects in the file.

The PDF file contains /ObjStm objects. To make sure that they do not have a negative impact on our systems, we can extract these objects from the file and examine them separately using a PDF parser.

To learn more about information security risks, malware, vulnerabilities, and information technology, feel free to visit the International Cybersecurity Institute (IICS) website.

We Got More Tools For #Price

https://t.me/redfishiaven

#Update #tutorial #rianews #software #hardware #technology #money #earning #ipmc #love #giveaways #computing #computers #informationtechnology #learning #AI #redfishiaven #servers #deepweb #darkweb #bitcoin

See REDFISH IA VEN ( https://goo.gl/maps/LVKkEYNN2LTe9C34A ) in Google Maps.

https://www.youtube.com/channel/UC6k_cFigPCSEtRyALo1D-tA

Be the First To Know About The New #software