Analyzing an Office Maldoc with a VBA Emulator

Today we were¬†informed of another maldoc sample. After a quick look, we were¬†convinced that this sample would be a good candidate for Philippe Lagadec’s VBA emulator ViperMonkey. The maldoc in a nutshell: when the spreadsheet is opened, the VBA code builds a long JScript script and then executes it. This script contains base64 code for […]