Description

pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel), which is especially useful for malware analysis.

For detailed use cases, refer to the official documentation.

Installation

Refer to this section.

Usage

Syntax

usage: pyxswf.py [options] <file.bad>

Options

-h, --help

show this help message and exit

-x, --extract

Extracts the embedded SWF(s), names it MD5HASH.swf & saves it in the working dir. No addition args needed

-y, --yara

Scans the SWF(s) with yara. If the SWF(s) is compressed it will be deflated. No addition args needed

-s, --md5scan

Scans the SWF(s) for MD5 signatures. Please see func checkMD5 to define hashes. No addition args needed

-H, --header

Displays the SWFs file header. No addition args needed

-d, --decompress

Deflates compressed SWFS(s)

-r PATH, --recdir=PATH

Will recursively scan a directory for files that contain SWFs. Must provide path in quotes

-c, --compress

Compresses the SWF using Zlib

-o, --ole

Parse an OLE file (e.g. Word, Excel) to look for SWF in each stream

-f, --rtf

Parse an RTF file to look for SWF in each embedded object