Malware Analysis

by Anurag


I came across this sample from one of Twitter post and immediately I downloaded this sample from virusbay.io  for analysis. First I used oleTools to analyse word macro. Macro will execute on opening file. It creates text file. It executes PowerShell command. it has base64 used to obfuscate the string. And it creates two bat …

Continue reading


VirusTotal sample – c9bdfb2d6ac9e493bc391b2f64b48d8d5cde10645ea921951b23112e6d73545c File Type: Microsoft Word Document Document Property: I have used Oletools to analyse word document properties and analyse content. This word document has VBA macros. After parsing word document using olevba, this tells, file has suspicious hex string and Base64 strings. And file has below macros, LUDoB_BX.cls fkkkCAk.bas ZAAcAA.bas And macros …

Continue reading


I had emailed a recruiter last year for a job opportunity. He reverted back year later with attachment and it was encrypted and provided password. Unzipped and looked for the properties of word document. I analysed file using Oletools  and the result showed it as a suspicious file. I found value (“1jwe7d7n1544”) in the Macro code …

Continue reading