PDF Analysis: Back To Basics

When you receive a suspicious PDF these days, it could be just a scam without malicious code. Let's see how to analyze such samples with PDF Tools. As always, we first take a look with pdfid: There's nothing special to see, but we have to check the content of the Stream Objects (/ObjStm): Still nothing special … Continue reading PDF Analysis: Back To Basics →

Videos: Analyzing an Office Maldoc with a VBA Emulator

We produced 2 videos for our blog post Analyzing an Office Maldoc with a VBA Emulator. The first video shows ViperMonkey in action: https://www.youtube.com/watch?v=jAUg2nrt4Fw The second video shows how to extract the EXE: https://www.youtube.com/watch?v=n5oRMmSdCr8

Analyzing an Office Maldoc with a VBA Emulator

Today we were informed of another maldoc sample. After a quick look, we were convinced that this sample would be a good candidate for Philippe Lagadec's VBA emulator ViperMonkey. The maldoc in a nutshell: when the spreadsheet is opened, the VBA code builds a long JScript script and then executes it. This script contains base64 code for … Continue reading Analyzing an Office Maldoc with a VBA Emulator →

Malicious Document Targets Belgian Users

In this blog post I want to show how a malicious document (maldoc) behaves and how it can be analyzed with free tools. A couple of weeks ago many users in Belgium received an e-mail, supposedly from a courier company, informing them that a package was waiting for them (article in Dutch). This is an example … Continue reading Malicious Document Targets Belgian Users →