|
Sometimes I have to compare the internals of Office documents (OOXML files, e.g. ZIP container with XML files, …). Since they are ZIP containers, I have to compare the files within. I used to do this with with zipdump.py tool, but recently, I started to use WinMerge because of its graphical user interface. WinMerge is a free Windows tool to compare files. It is capable of comparing files stored inside archives: this is exactly what Office documents like .docx, .xlsm, … are. First I have to change a setting so that WinMerge will recognize archive files like ZIP files based on their content too, and not only their extension.
Then I open the 2 Word documents. The first .docx file is a Word document with the text "This is test 1", the second Word document is an edited copy with the text "This is test 2".
I make sure that all comparisons are visible, and expand all subfolders:
It is not a surprise that document.xml is one of the files that is different: it contains the words I typed into the document and then altered:
WinMerge can also be used to compare XML files:
And then it is easier to see the changes I made:
Didier Stevens |
DidierStevens 638 Posts ISC Handler Jun 22nd 2020 |
| Thread locked Subscribe |
Jun 22nd 2020 1 year ago |
|
sorry for misusing this diary.
At June 12 your wrote about 'nicely' obfuscated malware. Today there was a similar type, but now as a xlsx! https://bazaar.abuse.ch/sample/11335112bd99bba097839f78c98c46bd409ab63074b1eb038bd5134f39c49ed7/ How a xlsx can contains VBA? |
Anonymous |
| Quote |
Jun 23rd 2020 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
