Last Updated: 2018-02-18 21:58:41 UTC
by Didier Stevens (Version: 1)
Last week I researched how to detect signed VBA code in Word .doc files.
For .docm files, it's easier. .docx and .docm files are actually ZIP files, and a .docm file (Word document with VBA macros) contains file vbaProjectSignature.bin when the VBA code is signed.
If you have more information or corrections regarding our diary, please share.