Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Zloader Maldoc Analysis With xlm-deobfuscator

Published: 2020-05-24
Last Updated: 2020-05-25 07:09:22 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Reader Roland submitted a malicious Zloader Excel 4 macro spreadsheet (MD5 82c12e7fe6cabf5edc0bdaa760b4b8c8).

It's typical of the samples we have seen these last weeks, with heavy formula obfuscation:

These maldocs can now easily be analysed with xlm-deobfuscator:

I also created a short video:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: maldoc zloader
0 comment(s)
Diary Archives