QuickSand is a new Python-based analysis framework to analyze suspected malware documents to identify exploits in streams of different encodings or compressions. QuickSand supports documents, PDFs, Mime/Email, Postscript and other common formats. A built-in command line tool can process a single document or directory of documents.
QuickSand scans within the decoded streams of documents and PDFs using Yara signatures to identify exploits or high risk active content.
A hosted version is available to try without any installation at scan.tylabs.com.
An older C version is also available, it can break xor obfuscation that was popular in the early days of document malware.
Get QuickSand on GitHub