Nick Hoffman
Nick Hoffman
Hello, This might be a case of user error, but when I try to run parse_clamav.py against a custom set of clam rules (https://raw.githubusercontent.com/wmetcalf/clam-punch/master/miscreantpunch099.ldb) it'll generate an error `Unable to...
When running oleobj against a sample that has an Ole10Native object, the following will occur ``` oleobj 8805b8874bf3f72510474643d7fd5a4fda19423ce829413831f40bdaf3634785_object_0000003C.bin oleobj 0.52 - http://decalage.info/oletools THIS IS WORK IN PROGRESS - Check updates...
**Environment information** * Operating System: Fedora 31 (x86_64) * Cutter version: Appimage 1.10 * Obtained from: - [ ] Built from source - [x] Downloaded from release - [ ]...
While it's still in pre-release, it looks like the volatility team is gearing up for the release of version 3. https://volatility-labs.blogspot.com/ https://github.com/volatilityfoundation/volatility3 Are there plans to update this plugin to...
When running the latest from git, the following bug appears when running against malware sample `ffa75887740c235250a61413117bb2ee` [mal.zip](https://github.com/DissectMalware/XLMMacroDeobfuscator/files/4833553/mal.zip) Password: `infected` ``` Error [deobfuscator.py:1590 parse_tree = self.xlm_parser.parse(formula)]: Unexpected token Token(__ANON_0, '())') at...
Running the latest dev version (`v0.1.5`) pulled from Github, I encountered an error while processing the file `e314ea8492fec8fb7349f966eab30ae0f8dfad22d08fe914a2d88e5056b9451f` ``` Error [deobfuscator.py:1569 evaluation_result = self.evaluate_parse_tree(current_cell, parse_tree, interactive)]: 'Token' object has no...
I'm currently working on a problem where I'm looking for "Most of them" to be true. Since this isn't easily defined in Yara (and has no real meaning) an approximate...
### Description MISP has been changing parts of the API and moving certain functions into `ExpandedPyMISP`, now when running `otx-misp` more deprecation warnings are occurring, including the warning about the...
Attempting to parse the following document will yield with an encoding error: "unknown encoding: cp10000" Hash of the document is 0433646411efb9aeb5e2729326a3472f81ed45c618d5cccb82c51b1af3693218 https://www.virustotal.com/en/file/0433646411efb9aeb5e2729326a3472f81ed45c618d5cccb82c51b1af3693218/analysis/1442602897/