I released an update to jsunpack-n that fix some bugs and add some new features. The detection updates for this release mostly involve improvements in PDF parsing. Some jsunpack users suggested that I add better detection capabilities for PDF files and content within deflated streams. That is not yet available, but I am planning to make those updates available in a future version.
Updates 2010-03-18 version 0.3.1e
1) added LZW and RunLength decoding to pdf.py
2) fixed pdf.py so that streams that fail to decompress are not output
3) rooturl is now a member of jsunpack objects (to better support threading)
4) js.files now contains three entries [filename,origin,contents] (contents is new)
5) new command line argument -Q (for Quit-outputting-files), incase you plan to use the output from a python script
6) updated rules
Subscribe to:
Post Comments (Atom)
Very good work, and very fast on results. The classification is sometimes not correct.
ReplyDeleteThanks Nicolas, which rule or alert caused the classification to be incorrect? Knowing so I would be able to fix or disable it.
ReplyDeletecan i run jsunpack on my local system? im trying to install it on my ubuntu, is it possible? just follow the install file and got all the needed packages, and i cant install pynids, below are some errors:
ReplyDeletenidsmodule.c:45: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
nidsmodule.c:49: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
nidsmodule.c:50: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘*’ token
btw, im doing jsunpack as my research topic on my job as a malware analyst, i just need to run it locally. hope you can help me, my email is orgen16@gmail.com (dont worry, its just a temp email)
orgen experienced those errors because of this line:
ReplyDelete> nidsmodule.c:23:20: error: Python.h: No such file or directory
For me installing the python-dev package solved this problem.