We’ve been seeing quite some malicious Excel files with Excel 4 macros lately. A variant we are observing now, is password protected Excel 4 maldocs, using the binary file format .xls (and not OOXML, .xlsm). Password protected .xls files are not completely encrypted. Simply put: it’s the data of the BIFF records that is encrypted, …
Read more “Password Protected Malicious Excel Files, (Mon, Apr 6th)”
We’ve been seeing quite some malicious Excel files with Excel 4 macros lately. A variant we are observing now, is password protected Excel 4 maldocs, using the binary file format .xls (and not OOXML, .xlsm). Password protected .xls files are not completely encrypted. Simply put: it’s the data of the BIFF records that is encrypted, …
Read more “Password Protected Malicious Excel Files, (Mon, Apr 6th)”
We’ve been seeing quite some malicious Excel files with Excel 4 macros lately. A variant we are observing now, is password protected Excel 4 maldocs, using the binary file format .xls (and not OOXML, .xlsm). Password protected .xls files are not completely encrypted. Simply put: it’s the data of the BIFF records that is encrypted, …
Read more “Password Protected Malicious Excel Files, (Mon, Apr 6th)”
We’ve been seeing quite some malicious Excel files with Excel 4 macros lately. A variant we are observing now, is password protected Excel 4 maldocs, using the binary file format .xls (and not OOXML, .xlsm). Password protected .xls files are not completely encrypted. Simply put: it’s the data of the BIFF records that is encrypted, …
Read more “Password Protected Malicious Excel Files, (Mon, Apr 6th)”
This week I got an email claiming to be a YellowPages invoice with an XLS attachment containing an Excel 4.0 macro which has similarity to [1][2]. Using Didier‘s oledump.py tool, I checked the spreadsheet using plugin plugin_biff with option -x which show Excel 4 macros: Next step will be to check for any embeded URL …
Read more “Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)”
This week I got an email claiming to be a YellowPages invoice with an XLS attachment containing an Excel 4.0 macro which has similarity to [1][2]. Using Didier‘s oledump.py tool, I checked the spreadsheet using plugin plugin_biff with option -x which show Excel 4 macros: Next step will be to check for any embeded URL …
Read more “Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)”
This week I got an email claiming to be a YellowPages invoice with an XLS attachment containing an Excel 4.0 macro which has similarity to [1][2]. Using Didier‘s oledump.py tool, I checked the spreadsheet using plugin plugin_biff with option -x which show Excel 4 macros: Next step will be to check for any embeded URL …
Read more “Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)”
This week I got an email claiming to be a YellowPages invoice with an XLS attachment containing an Excel 4.0 macro which has similarity to [1][2]. Using Didier‘s oledump.py tool, I checked the spreadsheet using plugin plugin_biff with option -x which show Excel 4 macros: Next step will be to check for any embeded URL …
Read more “Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)”
This week I got an email claiming to be a YellowPages invoice with an XLS attachment containing an Excel 4.0 macro which has similarity to [1][2]. Using Didier‘s oledump.py tool, I checked the spreadsheet using plugin plugin_biff with option -x which show Excel 4 macros: Next step will be to check for any embeded URL …
Read more “Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)”
This week I got an email claiming to be a YellowPages invoice with an XLS attachment containing an Excel 4.0 macro which has similarity to [1][2]. Using Didier‘s oledump.py tool, I checked the spreadsheet using plugin plugin_biff with option -x which show Excel 4 macros: Next step will be to check for any embeded URL …
Read more “Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)”