This week I got an email claiming to be a YellowPages invoice with an XLS attachment containing an Excel 4.0 macro which has similarity to [1][2]. Using Didier‘s oledump.py tool, I checked the spreadsheet using plugin plugin_biff with option -x which show Excel 4 macros: Next step will be to check for any embeded URL …
Read more “Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)”
This week I got an email claiming to be a YellowPages invoice with an XLS attachment containing an Excel 4.0 macro which has similarity to [1][2]. Using Didier‘s oledump.py tool, I checked the spreadsheet using plugin plugin_biff with option -x which show Excel 4 macros: Next step will be to check for any embeded URL …
Read more “Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)”
I was taking a closer look at Xavier’s Word document he analyzed in yesterday’s diary entry: “Obfuscated with a Simple 0x0A“. I expected that the latest version of my zipdump tool would be able to handle this special ZIP file, but it didn’t. After a bit of research, I discoverd that this Word document not …
Read more “New Bypass Technique or Corrupt Word Document?, (Sat, Apr 4th)”
I was taking a closer look at Xavier’s Word document he analyzed in yesterday’s diary entry: “Obfuscated with a Simple 0x0A“. I expected that the latest version of my zipdump tool would be able to handle this special ZIP file, but it didn’t. After a bit of research, I discoverd that this Word document not …
Read more “New Bypass Technique or Corrupt Word Document?, (Sat, Apr 4th)”
I was taking a closer look at Xavier’s Word document he analyzed in yesterday’s diary entry: “Obfuscated with a Simple 0x0A“. I expected that the latest version of my zipdump tool would be able to handle this special ZIP file, but it didn’t. After a bit of research, I discoverd that this Word document not …
Read more “New Bypass Technique or Corrupt Word Document?, (Sat, Apr 4th)”
I was taking a closer look at Xavier’s Word document he analyzed in yesterday’s diary entry: “Obfuscated with a Simple 0x0A“. I expected that the latest version of my zipdump tool would be able to handle this special ZIP file, but it didn’t. After a bit of research, I discoverd that this Word document not …
Read more “New Bypass Technique or Corrupt Word Document?, (Sat, Apr 4th)”
I was taking a closer look at Xavier’s Word document he analyzed in yesterday’s diary entry: “Obfuscated with a Simple 0x0A“. I expected that the latest version of my zipdump tool would be able to handle this special ZIP file, but it didn’t. After a bit of research, I discoverd that this Word document not …
Read more “New Bypass Technique or Corrupt Word Document?, (Sat, Apr 4th)”
I was taking a closer look at Xavier’s Word document he analyzed in yesterday’s diary entry: “Obfuscated with a Simple 0x0A“. I expected that the latest version of my zipdump tool would be able to handle this special ZIP file, but it didn’t. After a bit of research, I discoverd that this Word document not …
Read more “New Bypass Technique or Corrupt Word Document?, (Sat, Apr 4th)”
I was taking a closer look at Xavier’s Word document he analyzed in yesterday’s diary entry: “Obfuscated with a Simple 0x0A“. I expected that the latest version of my zipdump tool would be able to handle this special ZIP file, but it didn’t. After a bit of research, I discoverd that this Word document not …
Read more “New Bypass Technique or Corrupt Word Document?, (Sat, Apr 4th)”
I was taking a closer look at Xavier’s Word document he analyzed in yesterday’s diary entry: “Obfuscated with a Simple 0x0A“. I expected that the latest version of my zipdump tool would be able to handle this special ZIP file, but it didn’t. After a bit of research, I discoverd that this Word document not …
Read more “New Bypass Technique or Corrupt Word Document?, (Sat, Apr 4th)”