MD5: CA15F9F45971EA442943084547761994 File: Microsoft word document Word Document Screenshot: File Properties: I used OLEVBA.py to extract the VBA code but it was giving error. I used oledump.py tools to analyze the file. Using oledum.py. I ran the below command to get the complete document streams. >>oledump.py <filename> You can see M at Number 18 and… Read More Word Document Malware Analysis
HASH MD5: 4A88E83B325AA23DA1E4BFA90B4F7C34 File type: Office Open XML Document VT Score: 45/62 While I was going through Any.run report tracker, I came across this word document, I downloaded it for analysis. OleTools: I used OLETools to analyse the document macros. Olevba.py -a <file name> Indicators: Auto execute on opening document. May write a file to… Read More Word Macro Drops IcedID Trojan – Malware Analysis
SHA256: dd81d70fa14f0e95b8cd2fe86a9a21a264cbb4bb32d80c4195fc13ee6791b994 Sample Link: Beta.VirusBay.io File Type: Microsoft Word File Extension: .doc I am going to use OLETools to analyse this word document sample. For initial document analysis I rely on this tool, if you have read my earlier blog posts on word macro analysis, you can see I have used this tool. >>oleid.py <word… Read More Word Macro Malware Analysis
Malware Analysis 