Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)
This week I got an email claiming to be a YellowPages invoice with an XLS attachment containing an Excel 4.0 macro which has similarity to [1][2]. Using Didier‘s oledump.py tool, I checked the spreadsheet using plugin plugin_biff with option -x which show Excel 4 macros: Next step will be to check for any embeded URL …
Read more “Maldoc XLS Invoice with Excel 4 Macros, (Sun, Apr 5th)”