Didier Stevens

Tuesday 19 January 2021

Video: Maldoc Analysis With CyberChef

Filed under: maldoc,Malware,video — Didier Stevens @ 0:00

In this video, I show how to analyze a .doc malicious document using CyberChef only. This is possible, because the payload is a very long string that can be extracted without having to parse the structure of the .doc file with a tool like oledump.py.

I pasted the recipe on pastebin here.


  1. Great content, Didier. I love CyberChef and it is always great to see how others approach when building recipes. Perhaps you did it a certain way for others to follow but if you double click on any item under Operations, it will add it to the Recipe and if you double click while it Is in the recipe, it removes it. Sometimes, drag and drop can be painful, and if you are adding to the end of the recipe, which generally the case, this should make things a little bit easier. Cheers.

    Comment by FB — Tuesday 19 January 2021 @ 5:36

  2. Thanks for the tip!

    Comment by Didier Stevens — Thursday 21 January 2021 @ 8:58

  3. […] Didier StevensVideo: Maldoc Analysis With CyberChef […]

    Pingback by Week 4 – 2021 – This Week In 4n6 — Sunday 24 January 2021 @ 3:44

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.