Press "Enter" to skip to content

Tag: macros

Analysis of Password Protected Malicious Word Document

Let’s take a look at an example of a malicious Word document that has a password-protected VBA project. When looking at malware, it is a good idea to first verify the file type you are looking at. Many malware authors will purposely use deceptive file extensions to try to look as benign as possible. So, running the “file” command on the file, it is confirmed to be a Word document, as the extension suggests. Our next step is checking the streams for macros using oledump.py. The following three streams have macros in them, indicated by an uppercase “M”. Searching for…

Comments closed