xtchm - extract Compiled Help Modules #43
Assignees
Labels
new-unit
The ticket discusses the implementation of a new unit.
Comments
EricFaehrmann
added
the
new-unit
|
After our prior discussion, I did some research and could not identify any acceptable Python libraries to unpack CHM files either. I had collected a few links to CHM-related online resources, but not much more. I will leave them here to posterity:
Notably, 7Zip can handle CHM files, so the 7Zip source code might also be a good reference. I probably won't have time to work on this myself, but I would be grateful for the contribution. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Specification
It is possible to weaponize .chm files but binref can't extract this files.
There is a python lib PyCHM but this is just a wrapper for this c lib CHMLib. The c lib needs a string with the path to the chm file to open it. This is against the binref code of conduct.
I think the only solution would be to implement the algorithm in python as a new binref unit.
@huettenhain can you prove that there isn't a other way to extract chm files with binref? If so I can start to develop a new unit.
Test Cases
Malicious-CHM-Guide.md
AgentTesla Spreads Through CHM and PDF Files in Recent Attacks
Cryptowall Makes a Comeback Via Malicious Help Files (CHM)
Harmful Help: Analyzing a Malicious Compiled HTML Help File Delivering Agent Tesla
The text was updated successfully, but these errors were encountered: