Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Small Challenge: A Simple Word Maldoc

Published: 2020-08-02
Last Updated: 2020-08-02 20:58:58 UTC
by Didier Stevens (Version: 1)
8 comment(s)

A reader submitted malicious Word document deed contract,07.20.doc (also uploaded the Malware Bazaar).

There are a couple of interesting aspects to this document. The first, that I will point out here, is that the VBA code is quite simple.

The code is quite short. And there is string obfuscation.

In this diary, I'm not going to analyze this document.

If you are interested, I'm challenging you to analyze it. I've copied the code you see above to pastebin, so that you can have a go at it without needing the actual malware sample.

If you participate, please post a comment with your solution. I'm particularly interested in your analysis method, rather than the deobfuscated command.

Have fun :-)

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: challenge maldoc
8 comment(s)
Diary Archives