Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Quick Analysis Of Phishing MSG

Published: 2022-05-14
Last Updated: 2022-05-14 10:22:29 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Reader Robert submitted a phishing email (msg file).

.msg files are compound file binary format files (aka ole files), and as such can be analyzed with

And I have plugins specific for .msg files: and

Robert's submission inspired me to add a small feature to plugin_msg_summary: it will now search through all streams for URLs, and report them.

This way, one can now immediately see the phishing URLs in phishing emails:

Didier Stevens
Senior handler
Microsoft MVP

Keywords: msg oledump phishing
0 comment(s)
Diary Archives