Didier Stevens

Monday 9 March 2015

A New Type Of Malicious Document: XML

Filed under: Malware,My Software — Didier Stevens @ 9:08

Since last week we see XML documents being spammed: they are actually Microsoft Word documents with VBA Macros.

I wrote an ISC Diary entry (I’m a SANS ISC Handler now) detailing the internals of these XML files.

oledump is updated to parse these XML documents.

oledump_V0_0_11.zip (https)
MD5: 02AEF764545213E1B1A5895AD0706F78
SHA256: 162EE94B1A4533956EE2CE0CB13ECDF2FF6C18A0597685E690B8524526FD694E

Blog at WordPress.com.