Today I am releasing a new version of jsunpack-n that fixes several different bugs and increases the functionality of jsunpack-n.
This release REQUIRES an up to date version of YARA (1.3 or greater), because the rules file makes use of the new rule syntax. If you experience problems compiling the YARA rules, this is likely the reason.
In this release, I added support for lastModified, which attackers have used in attacks to prevent analysis (this will only work if you use a pcap file), since it is part of the network traffic that an attacker sends from a malicious server.
Here is the full CHANGELOG below:
1) rule updates for yara 1.3 rule language
2) fixes in PDF JavaScript parsing
3) improvements to the tree structure, made appending children better
4) cmdline options for logging and temporary directories
5) additions to pre.js and post.js to handle App.eval, String.eval, and better definitions for Adobe version variables
6) handle document.write and document.writeln with multiple parameters
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment