We have released Cerbero Suite 6.5 and Cerbero Engine 3.5. What follows is a list of the most important new features.
Continue reading “Cerbero Suite 6.5 and Cerbero Engine 3.5 are out!”
We have released Cerbero Suite 6.5 and Cerbero Engine 3.5. What follows is a list of the most important new features.
Continue reading “Cerbero Suite 6.5 and Cerbero Engine 3.5 are out!”
This malicious OneNote document contains two obfuscated batch scripts and we’ll be using our commercial Simple Batch Emulator package to understand what they do.
SHA256: 46149F56028829246628FFAFC58DF81A4B0FF1C87ED6466492E25AD2F23C0A13
Continue reading “Obfuscated Batch Scripts in OneNote Document”
A quick 70-seconds introduction to Silicon Shellcode Emulator: a lightweight x86/x64 emulator designed for Windows shellcode. This package is available to all commercial licenses of Cerbero Suite Advanced.
We have released Cerbero Suite 6.4 and Cerbero Engine 3.4. What follows is a list of the most important new features.
Continue reading “Cerbero Suite 6.4 and Cerbero Engine 3.4 are out!”
We have released the URL Extractor package for all licenses of Cerbero Suite Advanced! This package prints out URLs detected when scanning a file.
In this specific image, URL Extractor detected a URL inside a VBS script contained in a Cabinet archive stored in the resources of an executable inside a OneNote document inside a Zip archive.
We have released Cerbero Suite 6.3 and Cerbero Engine 3.3. What follows is a list of the most important new features.
Continue reading “Cerbero Suite 6.3 and Cerbero Engine 3.3 are out!”
We recently released three commercial packages: OneNote Format, Simple Batch Emulator and PowerShell Beautifier.
In this release we moved a number of features to optional packages so that we can more rapidly update them. Cerbero Store now has the following additional packages:
– JavaScript Beautifier (all licenses)
– EML Format (all advanced licenses)
– Torrent Format (all advanced licenses)
– ShellcodeToExecutable (all advanced licenses)
– Tor Downloader (all advanced licenses)
– Python Snippets (all licenses)
We have also reached another important milestone in the SDK documentation process, as it now features the complete guide on how to create plugins and extensions for Cerbero Suite and Cerbero Engine.
We also improved syntax highlighting and fixed various bugs.
To help in the analysis of malware which uses Windows batch scripts we just released a package on Cerbero Store called “Simple Batch Emulator”. The name of the package is self-explanatory as it provides a basic emulator for batch scripts. The package is available to all commercial licenses of Cerbero Suite Advanced.
The following is a malicious OneNote document. All embedded files are automatically extracted thanks to the “OneNote Format” package.
Two of the embedded files are batch scripts. We can execute the action to emulate the obfuscated batch code.
Microsoft OneNote is rising in popularity as a vector for malware. Therefore, all commercial licenses of Cerbero Suite can now download our “OneNote Format” package from Cerbero Store which parses the OneNote format and extracts embedded files.
Installing the package from Cerbero Store takes only a few mouse clicks.
Once the package is installed, you can directly inspect OneNote documents in Cerbero Suite and all embedded files are automatically extracted and ready to be inspected.
The 2nd issue of Cerbero Journal, our company e-zine, is out!
In this issue we discuss the release of Cerbero Suite 6 and Cerbero Engine 3, new and improved cloud packages, improvements to our PDF parser, PDF malware hiding in images, one way we tested Cerbero Suite on the field and much more!