|
Yesterday I came across a file type I rarely have to analyze: "Transport Neutral Encapsulation Format". It's an attachment file format used by Outlook and Exchange. Here is how the file command identifies it:
There are different free and opensource programs and libraries that can parse this file format. There's a Python module tnefparse that comes with a parsing program:
So this TNEF file contains one attached file: an .iso file.
I've covered the analysis of .iso files before in this diary entry. With 7-zip, I can look into the .iso file:
And extract the .exe (MD5 d71e537c1ca1aba1f6854c0cb7b71835) file:
Didier Stevens |
DidierStevens 639 Posts ISC Handler Dec 31st 2017 |
| Thread locked Subscribe |
Dec 31st 2017 4 years ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
