9 Replies Latest reply on Oct 5, 2016 2:01 AM by peter.mason

    NSM - Malware Archive - Decompressing Export Files

    jamespemberton

      Hi,

       

      Under maintenance within NSM there is a Malware Archive section, here you can export a cached malware file under the format of "HASH.mcafee".

       

      Is there anyway to recover the original file from this?

       

      I'm interested in running the originals through sandbox products like DeepViz and Hybrid Analysis but can't see to retrieve the original or convert the file into any acceptable format.

       

      Some sandbox files will capture files you can download and run independently to determine their reputation/contents.

       

      Usually you get a file that you need to rename to a .zip format, from there you can uncompress it and rename the files inside to their original extensions and you now have the original file.

       

      Is this possible with the .mcafee files?

       

      Thanks,