Analyzing a suspect WMF file
Randy Armknecht detected a malformed WMF file. My analysis will show that this WMF file doesn’t contain shellcode. I use a tool I discovered recently, the 010 Editor, a professional hex editor with binary templates. Binary templates allow you to define the structure of a binary file with a C-like scripting language. A binary file parsed with a template is much easier to understand, as you will see. Unfortunately, I found no free alternative for this tool.
[ Read more ]
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.