top of page
Maldoc drops DLL and executes via ExecuteExcel4Macro
Behavioral information is a key indicator used to determine if an office document is malicious or not. I’ve recently seen a series of...
Josh Stroschein
Mar 25, 20203 min read
15 views
Maldoc uses Windows API to perform process hollowing
A favorite technique by malware authors is to use macros in their office documents to utilize a normal system executable and replace the...
Josh Stroschein
Mar 18, 20205 min read
61 views
Maldoc uses RC4 to hide PowerShell script, retrieves payload from DNS TXT record
Malware authors are constantly coming up with new and clever techniques to help avoid detection. In this maldoc, the authors employed...
Josh Stroschein
Mar 10, 20203 min read
51 views
bottom of page