Identifying UserForms with Oledump and Olevba
Malware authors often find creative ways to obfuscate and store their data and malicious office documents are no exception. One such...
Identifying UserForms with Oledump and Olevba
OneNote Malware: Hidden Payloads in Page Versions
How-To: Installing Oledump in Windows
Emotet Maldoc Analysis – Embedded DLL and CertUtil for Base64 Decoding
Maldoc drops DLL and executes via ExecuteExcel4Macro
Maldoc uses Windows API to perform process hollowing
Maldoc uses RC4 to hide PowerShell script, retrieves payload from DNS TXT record
Malware Analysis – Triaging Emotet (Fall 2019)
Anti-Analysis in an Office Document
Identifying a User Form in an Office Document
Analyzing Malicious Office Documents with OLEDUMP