A C# based tool for analysing malicious OneNote documents
A C# based tool for analyzing malicious OneNote documents
Recently we came across few malicious OneNote Documents been distributed in-the-wild by various threat actors. This gave us an idea to develop "OneNoteAnalyzer" which would help in analysing such malicious OneNote documents without executing them. Now lets take a look at the features that the tool offers.
After providing the file path of the Malicious OneNote document. The OneNoteAnalyzer extracts:
NEW
In order to execute OneNoteAnalyzer against malicious OneNote Documents we provide the path of the OneNote Document as shown below.
Upon execution OneNoteAnalyzer extracts the Attachments from the OneNoteDocument in the "OneNoteAttachments" folder. Here the Actual Attachment path i.e the path from where the attachment was been uploaded can be seen in the console along with the extracted filename and size of the attachment.
OneNote Attachments extracted in the OneNoteAttachments Folder:
Next it extracts the Pagewise Metadata from the OneNote Document as shown below.
Then it also extracts all the images in the OneNote Document as shown below:
The extracted images are been saved in the OneNoteImages folder as shown below.
Further the tool extracts Pagewise Text from the OneNote Document
and saves it in the OneNoteText Folder as shown in the screenshot below
Addtionally it extracts HyperLinks from OneNote Document along with the overlay text as shown in the screenshot below.
The extracted Hyperlinks are stored in the OneNoteHyperLinks Folder - onenote_hyperlinks.txt
Finally the tool converts the OneNoteDocument into an Image and saves it shown in the following manner.
Saved Image-1:
Saved Image-2:
Once the execution is completed the extracted data is been stored in an Export Directory "OneNoteFilename_content" in the current working directory as seen in the screenshot below
https://docs.aspose.com/note/net
Thankyou! =)