top of page
Josh Stroschein
Mar 25, 20203 min read
Maldoc drops DLL and executes via ExecuteExcel4Macro
Behavioral information is a key indicator used to determine if an office document is malicious or not. I’ve recently seen a series of...
14 views
Josh Stroschein
Mar 18, 20205 min read
Maldoc uses Windows API to perform process hollowing
A favorite technique by malware authors is to use macros in their office documents to utilize a normal system executable and replace the...
48 views
Josh Stroschein
Mar 10, 20203 min read
Maldoc uses RC4 to hide PowerShell script, retrieves payload from DNS TXT record
Malware authors are constantly coming up with new and clever techniques to help avoid detection. In this maldoc, the authors employed...
40 views
bottom of page