Last Updated: 2016-09-24 21:10:00 UTC
by Didier Stevens (Version: 1)
Xavier reported a maldoc campaign using Microsoft Publisher files. These files can be analyzed just like malicious Word files.
The VBA macro contains calls to the chr function. This could encode a URL or some other payload:
If you want more details, I made this video.