Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: A "Stream O" Maldoc - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
A "Stream O" Maldoc

Reader Robert submitted a malicious document. It just happens to be a maldoc with the payload hidden in a user form, as discussed in diary entry "Maldoc: Payloads in User Forms" last weekend.

I'm using plugin plugin_stream_o to view the payload.

This output is more user-friendly: it's a XLS/XLST file with malicious JScript: a downloader:

Didier Stevens
Senior handler
Microsoft MVP


652 Posts
ISC Handler
Jul 5th 2019

Sign Up for Free or Log In to start participating in the conversation!