Category Archives: CFBF

Malware in a MSG

Even though sending malware via zipped attachments in spam emails is nothing new and had been around for eons but many people are still puzzled at how it works. Thus, I will go through with you on how to do … Continue reading

Posted in CFBF, Profiler | Tagged , , , | 4 Comments

CVE-2012-0158: RTF/OLE/CFBF/PE

Since support for the RTF file format has been added very recently with the version 0.9.4 of the Profiler, it’s a good idea to test it against real malware. I downloaded a pack of RTFs from contagiodump.blogspot.com and as I … Continue reading

Posted in CFBF, PE, Profiler, RTF | Tagged , | Comments Off on CVE-2012-0158: RTF/OLE/CFBF/PE

Previews

The upcoming version 0.9.2 of the Profiler adds previews for various things: images (all supported formats), several Portable Executable resources and Office Word Documents (text-only). Since media elements are rendered through third-party code, the Profiler displays a warning box before … Continue reading

Posted in CFBF, PE, Profiler | Tagged , , , | Comments Off on Previews

Profiler 0.8.2 Demo

The first evaluation version of the Profiler is available. SHA1: F1CA1B8B1BAE51977EE0BE827DC13E2E17BD81A3 Please note that the demo is subject to limitations: only standard .doc files are supported (not even other Office file types) embedded and referenced files can’t be inspected only … Continue reading

Posted in CFBF, Demo, Profiler | 2 Comments

MicroType Express

MicroType Express is the (optional) compression technology used by Embedded OpenType fonts. It was specifically designed to compress TrueType fonts. These fonts are generally to be found in web pages or Office documents. In this screenshot we have Internet Explorer … Continue reading

Posted in CFBF, EOT, Fonts, Profiler | Tagged , , , , | Comments Off on MicroType Express

MSI support

Even though CAB file support is still under development, the CFBF parser already lets us inspect Windows Installer packages and patches. Having such feature comes in handy when you want to analyse their contents, and eliminates the need for external … Continue reading

Posted in CFBF, Profiler | Tagged , , , , | Comments Off on MSI support

The security of non-exec files

This article is based on a speech I gave couple of months ago at DeepSec. I wrote it during the summer, which means I would now expand on some of the paragraphs. Nonetheless, I hope you’ll enjoy the read. Introduction … Continue reading

Posted in CFBF, JPEG, PDF, Profiler, SWF | Tagged | Comments Off on The security of non-exec files