Malware Analysis Of Malicious Documents

A Beginner’s Course on Analyzing Malicious PDF and Microsoft Office Documents Using Remnux and Windows Virtual Machines
Malware Analysis Of Malicious Documents
File Size :
1.68 GB
Total length :
4h 26m



Paul Chin


Last update




Malware Analysis Of Malicious Documents

What you’ll learn

Analyzing Malicious Documents
Analyzing Malicious PDF documents
Analyzing Malicious Microsoft documents
Install Remnux Virtual Machine
Extracting document Meta-Data
Basic Linux Commands Used in Malware Analysis
Extracting Embedded Objects and Javascript from PDF documents
Extracting VBA Macro Scripts from Office Documents
De-obfuscating Javascript and VBA scripts
Automating Analysis of Documents
Viewing and Debugging Malicious Office Macros
Identifying Maker and Origin of Malicious Documents
Using Yara to Identify Malicious Patterns and Signatures
Analyzing Open Office XML Format Documents
Analyzing Structured Storage Format Documents
Estimating age and date of document creation
Analyzing powershell scripts
Detecting Malware Artifacts and Indicators of Compromise
and more…

Malware Analysis Of Malicious Documents


Windows PC
Interest in Malware Analysis
Basic Linux knowledge helpful but not strictly necessary


Did you know that you could infect your computer just by opening a pdf or microsoft office document? If that came as a shocker for you then you need to take this course. Documents are one of the main vector of attacks for malware authors because of their widespread use. Everyone uses documents to create reports, memos and articles. In fact everything we do for communication involves the use of documents. That is why this is a very popular way to infect computers. Documents are used as the first stage of a malware attack. Embedded in documents are scripts that will download a second stage payload consisting of additional malware, eg ransomware, remote access tools and more. In this course, you will learn how to check and analyze malicious pdf and office documents for signs of malicious artifacts and indicators of compromise. This is a beginners course and targeted to those who are absolutely new to this field. I will take you from zero to proficient level in analyzing malicious documents. You will learn using plenty of practical walk-throughs. We will learn the basic knowledge and skills in analyzing documents. All the needed tools and where to download them will be provided. By the end of this course, you will have the fundamentals of malware analysis of documents under your belt to further your studies in this field. Even if you do not intend to take up malware analysis as a career, still the knowledge and skills gained would enable you to check documents for dangers and protect yourself from these attacks.We will use remnux and windows virtual machine. Remnux is a Debian-based linux distribution that contains all the necessary tools for malware analysis. Some background on linux would be helpful but not strictly necessary. We will also install document debuggers in a windows virtual machine. Then, I will show you how to get started with the very basic tools in remnux and windows. All the essential theory will be covered but kept to the minimum. The emphasis is on practicals and lab exercises.Go ahead and enroll now and I will see you inside.


Section 1: Introduction

Lecture 1 Intro to the course

Lecture 2 Learning Objectives

Section 2: Installing the Tools

Lecture 3 Installing a Windows VM

Lecture 4 Configuring Windows VM

Lecture 5 Installing Adobe Acrobat Reader and Microsoft Office 2013

Lecture 6 Installing RemNux

Lecture 7 Post-Install Configurations

Lecture 8 Summary of Virtual Machines

Section 3: Malware Analysis Process

Lecture 9 Malware Analysis Process

Section 4: Intro to Static Analysis

Lecture 10 Intro to Static Analysis and Lab on Analyzing a PDF document

Lecture 11 Lab – Static Analysis of a Microsoft Document

Section 5: Analyzing PDF Documents

Lecture 12 Introduction to Analysis of PDF Documents

Lecture 13 PDF Objects

Lecture 14 PDF Keywords

Lecture 15 String and Data Encoding

Lecture 16 PDF Analysis Tools

Lecture 17 Lab: Using pdfid and pdf-parser

Lecture 18 How to fix Yara Include File Error

Lecture 19 Lab: Using peepdf

Section 6: Performing Javascript Analysis

Lecture 20 Principles of Performing Javascript Analysis

Lecture 21 De-obfuscating Javascript

Section 7: Lab: Pdf Analysis

Lecture 22 Introduction to Lab Exercise

Lecture 23 Lab Exercise Walkthrough

Section 8: Analyzing Office Documents

Lecture 24 Principles of Analyzing Office Documents

Lecture 25 Lab – Analyzing Office Documents and Extracting VBA Macro Scripts

Section 9: Performing VBA Script Analysis

Lecture 26 Principles of VBA Script Analysis

Lecture 27 VBA Script Analysis Walkthrough

Section 10: Using Debuggers in Document Analysis

Lecture 28 Principles of Using Debuggers in Document Analysis

Lecture 29 Installing Lazy Office Analyzer

Lecture 30 Lab: A walkthrough on debugging a malicious office document

Section 11: Lab: Analyzing An Office Document

Lecture 31 Introduction Lab Exercise: Analyzing An Office Document

Lecture 32 Lab Walkthrough: Document Analysis

Lecture 33 Lab Walkthrough: Debugging A Malicious Office Document

Section 12: Resources For Further Study

Lecture 34 Recap and Where to Get Malware Samples

Lecture 35 Bonus Lecture

Beginners to Malware Analysis,Students embarking on career path to become Malware Analysts,Anyone eager to learn how to know if a document is malicious

Course Information:

Udemy | English | 4h 26m | 1.68 GB
Created by: Paul Chin

You Can See More Courses in the IT & Software >> Greetings from

New Courses

Scroll to Top