Zloader Maldoc Analysis With xlm-deobfuscator
Reader Roland submitted a malicious Zloader Excel 4 macro spreadsheet (MD5 82c12e7fe6cabf5edc0bdaa760b4b8c8).
It's typical of the samples we have seen these last weeks, with heavy formula obfuscation:
These maldocs can now easily be analysed with xlm-deobfuscator:
I also created a short video:
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com
Wireshark 3.2.4 Released
Wireshark version 3.2.4 was released.
It has a vulnerability fix and bug fixes.
A vulnerability in the NSP dissector can be abused to cause a crash.
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com
×
Diary Archives
Comments