Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Finding VBA signatures in .docm files InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Finding VBA signatures in .docm files

Published: 2018-02-18
Last Updated: 2018-02-18 21:58:41 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Last week I researched how to detect signed VBA code in Word .doc files.

For .docm files, it's easier. .docx and .docm files are actually ZIP files, and a .docm file (Word document with VBA macros) contains file vbaProjectSignature.bin when the VBA code is signed.

 

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

Keywords: docm maldoc signed vba
0 comment(s)
Diary Archives