Didier Stevens

Friday 14 October 2016

Analyzing Office Maldocs With Decoder.xls

Filed under: maldoc,Malware,My Software — Didier Stevens @ 13:27

There are Office maldocs out there with some complex payload decoding algorithms. Sometimes I don’t have the time to convert the decoding routines to Python, and then I will use the VBA interpreter in Excel. But I have to be careful not to execute the payload, just decode it. In the following video, I show how I do this.

Tools: oledump.py, decoder.xls

Sample: 2f918f49c3f926bb1538eaad6e8e6883

1 Comment »

  1. […] Analyzing Office Maldocs With Decoder.xls […]

    Pingback by Overview of Content Published In October | Didier Stevens — Monday 14 November 2016 @ 0:01


RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.