Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

Analyzing UDF Files with Python

Published: 2019-04-19
Last Updated: 2019-04-19 22:05:09 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Yesterday, Xavier wrote a diary entry about malicious UDF files.

I wrote about the analysis of .ISO files before, and it turns out the same techniques work for UDF files too.

Python module isoparser can also parse UDF files:

We can retrieve the content:

And calculate the hash of the contained EXE:

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: malware UDF
0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Malware Sample Delivered Through UDF Image
Apr 18th 2019
1 day ago by Xme (1 comment)

A few Ghidra tips for IDA users, part 2 - strings and parameters
Apr 17th 2019
3 days ago by Jim (0 comments)

Odd DNS Requests that are Normal
Apr 16th 2019
3 days ago by Johannes (4 comments)

Configuring MTA-STS and TLS Reporting For Your Domain
Apr 13th 2019
6 days ago by Johannes (0 comments)

View All Diaries →

Latest Discussions

Domain registration date plugin for email?
created Mar 30th 2019
2 weeks ago by Anonymous (0 replies)

Run Extracted binaries from mirror traffic on cuckoo
created Feb 6th 2019
2 months ago by ching (1 reply)

Another sextortion email
created Feb 5th 2019
2 months ago by Anonymous (0 replies)

Two-factor authentication: Why do I need it? What are the best apps?
created Jan 27th 2019
2 months ago by Russell (0 replies)

sextortion Mail
created Jan 10th 2019
3 months ago by Anonymous (0 replies)

View All Forums →

Latest News

View All News →

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
1 year ago by Brad (6 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
1 year ago by Johannes (13 comments)

Second Google Chrome Extension Banker Malware in Two Weeks
Aug 29th 2017
1 year ago by Renato (0 comments)

Detection Lab: Visibility & Introspection for Defenders
Dec 15th 2017
1 year ago by Russ McRee (2 comments)

Maldoc with auto-updated link
Aug 17th 2017
1 year ago by Xme (2 comments)