Home

Awesome

QuickSand.io

<img width=200 height=200 src=https://quicksand.io/assets/images/Quicksand/Icon_Colour/Quicksand-Icon-Colour.png> <img src="https://quicksand.io/assets/images/quicksand.png" border=0 height=200>

For QuickSand Version 2 written in Python with PDF analysis support, see quicksand.io.

QuickSand Version 1 Lite is no longer being actively developed.

QuickSand is a compact C framework to analyze suspected malware documents to 1) identify exploits in streams of different encodings, 2) locate and extract embedded executables. By having the ability to locate embedded obfuscated executables, QuickSand could detect documents that contain zero-day or unknown obfuscated exploits.

File Formats For Exploit and Active Content Detection

File Formats For Executable Detection

Lite Version - Mplv2 License

Example results and more info blog post

Full Version - Commercial License

Dependencies (not included)

Distributed components under their own licensing

Quick Start

Documentation

QuickSand.io

Copyright, License, and Trademark

QuickSand application logo are Copyright 2016 Tylabs and their use requires written permission from the author.

Source code quicksand.c, libqs.h, libqs.c and the yara signatures except where noted are Copyright 2016 Tylabs.

See included Mozilla Public License Version 2.0 for licensing information.