Malware Analysis

by Anurag


SHA256 – 4221a9922d97fa329b3dbb27e37522448958cbfa186a6ef722e48d63f9753808 Download link – VirusTotal I downloaded this word document and checked whether macro present and it auto executes on opening document. Yes, it does and it has obfuscated strings too. I opened document and navigated to > Views > Macros > View Macros > Selected “autoopen” > Edit I renamed autoopen() to …

Continue reading


SHA256 : 1043dd7647105b035acbc027e0fa448f329ea5620956a1ba82dc254fc7bd6e29 I have downloaded word document for analysis from VirusTotal I checked file with Oletools to verify macro exist and is it auto executable. In below screenshot, it can be seen, the macro is present and auto executable. I opened word document and Enabled Editing. Views > Macros > View Macros > Select …

Continue reading


VirusTotal sample – c9bdfb2d6ac9e493bc391b2f64b48d8d5cde10645ea921951b23112e6d73545c File Type: Microsoft Word Document Document Property: I have used Oletools to analyse word document properties and analyse content. This word document has VBA macros. After parsing word document using olevba, this tells, file has suspicious hex string and Base64 strings. And file has below macros, LUDoB_BX.cls fkkkCAk.bas ZAAcAA.bas And macros …

Continue reading