Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Zloader Maldoc Analysis With xlm-deobfuscator - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Zloader Maldoc Analysis With xlm-deobfuscator

Reader Roland submitted a malicious Zloader Excel 4 macro spreadsheet (MD5 82c12e7fe6cabf5edc0bdaa760b4b8c8).

It's typical of the samples we have seen these last weeks, with heavy formula obfuscation:

These maldocs can now easily be analysed with xlm-deobfuscator:

I also created a short video:

Didier Stevens
Senior handler
Microsoft MVP


650 Posts
ISC Handler
May 25th 2020

Sign Up for Free or Log In to start participating in the conversation!