Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Last Daily Podcast (Mon, Feb 19th):Inspecting MSI File;

Latest Diaries

Finding VBA signatures in .docm files

Published: 2018-02-18
Last Updated: 2018-02-18 21:58:41 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Last week I researched how to detect signed VBA code in Word .doc files.

For .docm files, it's easier. .docx and .docm files are actually ZIP files, and a .docm file (Word document with VBA macros) contains file vbaProjectSignature.bin when the VBA code is signed.

 

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

Keywords: docm maldoc signed vba
0 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

Malware Delivered via Windows Installer Files
Feb 17th 2018
2 days ago by Xme (0 comments)

February 2018 Microsoft (and Adobe) Patch Tuesday
Feb 13th 2018
5 days ago by Johannes (8 comments)

Analyzing compressed shellcode
Feb 12th 2018
1 week ago by DidierStevens (2 comments)

View All Diaries →

Latest Discussions

Work logs for hunting
created Jan 18th 2018
1 month ago by Anonymous (0 replies)

What is airbnb doing?
created Jan 9th 2018
1 month ago by Mike (0 replies)

Convert OST Emails to PST Files
created Jan 4th 2018
1 month ago by Anonymous (0 replies)

Windows Client what the hell is this?
created Jan 2nd 2018
1 month ago by Anonymous (0 replies)

My log Reports not displaying reported entries
created Dec 22nd 2017
1 month ago by Tony (0 replies)

View All Forums →

Latest News

View All News →

Top Diaries

Wide-scale Petya variant ransomware attack noted
Jun 27th 2017
7 months ago by Brad (6 comments)

Using a Raspberry Pi honeypot to contribute data to DShield/ISC
Aug 3rd 2017
6 months ago by Johannes (13 comments)

Detection Lab: Visibility & Introspection for Defenders
Dec 15th 2017
2 months ago by Russ McRee (2 comments)

Second Google Chrome Extension Banker Malware in Two Weeks
Aug 29th 2017
5 months ago by Renato (0 comments)

Maldoc with auto-updated link
Aug 17th 2017
6 months ago by Xme (2 comments)