I extracted this image using PDF malware that I got for analysis purpose. By using perl script I filter out the unneeded content and later put it in sctest(libemu tool). The graph created using dot command in Graphviz package
Syndicate
User login
Navigation
share the script?
Any chance you'd be willing to share the script you used to generate this? I'd prefer not to reinvent the wheel if I can help it. Thanx.
clausing, I prefer several
clausing,
I prefer several tips online (very few of them):
Example:
http://www.sudosecure.net/archives/313
But, I actually got problem following them exactly, so.. I used a tool provided by Didier Steven, Pyew
http://code.google.com/p/pyew/
Then, for PDF infected file, you take the shellcode (begin with unescape brackets), and filter them out using the link that I above (first link).
Finally, use libemu's tool from http://libemu.carnivore.it/
Libemu's tool called sctest has option to create Graphviz's DOT file. It should work if you are actually working on the correct shellcode :)
Pyew is not a Didier's tool
Hi,
Pyew is not a tool wrote by Didier Stevens, but by me, Joxean Koret.