Zloader Maldoc Analysis With xlm-deobfuscator

Published: 2020-05-24. Last Updated: 2020-05-25 07:09:22 UTC
by Didier Stevens (Version: 1)
0 comment(s)

Reader Roland submitted a malicious Zloader Excel 4 macro spreadsheet (MD5 82c12e7fe6cabf5edc0bdaa760b4b8c8).

It's typical of the samples we have seen these last weeks, with heavy formula obfuscation:

These maldocs can now easily be analysed with xlm-deobfuscator:

I also created a short video:

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: maldoc zloader
0 comment(s)

Comments

Login here to join the discussion.


Top of page
Diary Archives