Analyzing an Office Maldoc with a VBA Emulator

Today we were¬†informed of another maldoc sample. After a quick look, we were¬†convinced that this sample would be a good candidate for Philippe Lagadec’s VBA emulator ViperMonkey. The maldoc in a nutshell: when the spreadsheet is opened, the VBA code builds a long JScript script and then executes it. This script contains base64 code for …

Malicious Document Targets Belgian Users

In this blog post I want to show how a malicious document (maldoc) behaves and how it can be analyzed with free tools. A couple of weeks ago many users in Belgium received an e-mail, supposedly from a courier¬†company, informing them that a package was waiting for them (article in Dutch). This is an example …