Cryptam Malware Document Detection Suite
Automate detection of malware in Microsoft Office documents and Embedded Executables in PDF files. Word, PowerPoint, Excel, RTF, CHM and HLP. Detect the most common Enterprise threats - variants of CVE-2009-4324, CVE-2006-2492, CVE-2009-3129, CVE-2010-3333 and CVE-2012-0754. From criminal to advanced Advanced Persistant Threat (APT) threats we can provide early detection of new emgerging threats and malware with otherwise low commercial antivirus detection rates of 12-20% on Virustotal is common for document malware.
Cryptam can detect encrypted embedded executables by conducting a cryptanalysis of the submitted document, report the key used, and detect strings associated with executables. The web interface version provides a visual representation of the analysis as well as a rating of confidence on any detected entities.
Cryptam also contains new advanced features to detect embedded malware within Open XML documents such as MS Office .docx, pptx, and xlsx files. Uncompress and scan Shockwave Flash CWS files embedded in Office documents. Support for embedded executable detection in RTF datastores. Extraction of the embedded executables (and dropped documents) happens automatically and can be fed into a Sandbox or static analysis tool. Include your own signatures and receive updates for the first year free.
Detection and extraction support for combinations of various lengths of XOR encryption, bitwise ROL or ROR shifting, bitwise NOT, and transposition ciphers including header only transposition. Support for extraction of both Windows and Mac executables from documents.
Process spear physhing attacks to gather intelligence from the malware and compare metadata such as last saved by user, write times, character sets and encryption methods.
Check out an example Cryptam report.
Now available. Try it out for free online. Or contact us to order a command line or local version.