top of page
Excel 4 Macros – Get.Workspace Reference
With the recent resurgence of the use of Excel 4 macros in malicious excel documents, I’ve found myself scouring the internet looking for...
Josh Stroschein
Apr 12, 20201 min read
77 views
Removing Passwords from VBA Projects
Occasionally I’ll encounter a maldoc that has a password-protected VBA project. While tools such as oledump may still extract the macros,...
Josh Stroschein
Apr 9, 20202 min read
29 views
Maldoc uses Windows API to perform process hollowing
A favorite technique by malware authors is to use macros in their office documents to utilize a normal system executable and replace the...
Josh Stroschein
Mar 18, 20205 min read
59 views
bottom of page