 A reader of my blog posted a comment regarding a malicious document that he had trouble analyzing. Now he already determined that it was a MIME file, so he used the EML Dump to analyze the file. And you can see that EML Dump just tells us that it is just text. Now if we look at the MIME file here, ahead of the MIME type file, we can see the MIME version and the content type multipart. But the very first line here is not the version, but it is this string here which looks like something that was typed by banging on the keyboard. Now EML Dump, for such a case, there is an option in EML Dump, the header option, minus H, capital H. And when used that EML Dump will skip the first line. So when we analyze the sample like this, then we get indeed information that it is a multipart file that contains an MSO file. So this part here, part 3 can be extracted. So let's do that. So we skip the first line, we select part 3 and we dump it. And now we can pipe this into EML Dump. And then as you can see, you get the content of the EML files and indeed you can see that it contains micros.