Command line tool for scanning streams within office documents plus xor db attack
For QuickSand Version 2 written in Python with PDF analysis support, see quicksand.io.
QuickSand Version 1 Lite is no longer being actively developed.
QuickSand is a compact C framework to analyze suspected malware documents to 1) identify exploits in streams of different encodings, 2) locate and extract embedded executables. By having the ability to locate embedded obfuscated executables, QuickSand could detect documents that contain zero-day or unknown obfuscated exploits.
Example results and more info blog post
"QuickSand.io" name and the QuickSand application logo are Copyright 2016 Tyler McLellan and Tylabs and their use requires written permission from the author.
Source code quicksand.c, libqs.h, libqs.c and the yara signatures except where noted are Copyright 2016 Tyler McLellan and Tylabs.
See included Mozilla Public License Version 2.0 for licensing information.