# Malware Analysis Tools # Commands for analyzing malicious files and samples % malware, analysis, forensics # Detect malware capabilities with CAPA capa # CAPA verbose output with rule details capa -v # CAPA output in JSON format capa -j # Analyze JavaScript in sandbox box-js # Box-js with custom timeout (seconds) box-js --timeout= # Box-js with download simulation box-js --download --output-dir= # Analyze Office document with oledump oledump.py # Show VBA macros in Office document oledump.py -v # Extract specific stream from Office document oledump.py -s # Decode VBA macros automatically oledump.py -v -s # Analyze RTF document rtfdump.py # Show RTF objects rtfdump.py -O # Analyze email message emldump.py # Extract attachments from email emldump.py -e # URL analysis with unfurl unfurl_cli.py # Unfurl with detailed output unfurl_cli.py -d # Extract metadata from files exiftool # Remove metadata from file exiftool -all= # Analyze data interactively vd # Quick file type detection file # String analysis of binary strings | head -20 # Hex dump analysis xxd | head -20 # Base64 decode and analyze base64dump.py # Search for base64 patterns base64dump.py -s # OCR text extraction from image tesseract $ malware_file: ls *.exe *.dll *.bin *.sample $ javascript_file: ls *.js $ office_file: ls *.doc *.docx *.xls *.xlsx *.ppt *.pptx $ rtf_file: ls *.rtf $ email_file: ls *.eml *.msg $ suspicious_url: echo "https://suspicious-domain.com/path" $ stream_number: echo "1 2 3 4 5" $ timeout: echo "30 60 120" $ output_dir: echo "./output" $ data_file: ls *.csv *.json *.log $ unknown_file: ls * $ binary_file: ls *.exe *.dll *.bin $ file_with_base64: ls *.txt *.log $ search_term: echo "keyword" $ image_file: ls *.png *.jpg *.jpeg *.tiff $ output_text: echo "extracted_text"