Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: Internet Storm Center - SANS Internet Storm Center Internet Storm Center


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Latest Diaries

.PUB Analysis

Published: 2016-09-24
Last Updated: 2016-09-24 21:10:00 UTC
by Didier Stevens (Version: 1)
1 comment(s)

Xavier reported a maldoc campaign using Microsoft Publisher files. These files can be analyzed just like malicious Word files.

oledump.py reveals VBA macros in this sample:

The VBA macro contains calls to the chr function. This could encode a URL or some other payload:

If you want more details, I made this video.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

Keywords:
1 comment(s)

If you have more information or corrections regarding our diary, please share.

Recent Diaries

The era of big DDOS?
2 days ago by Rick (5 comments)

YAHDD! (Yet another HUGE data Breach!)
2 days ago by Rick (0 comments)

OpenSSL Update Released
2 days ago by Dr. J. (1 comment)

Those never-ending waves of Locky malspam
3 days ago by Brad (1 comment)

Windows Events log for IR/Forensics ,Part 2
4 days ago by Basil (1 comment)

Does it Matter If You Cover Your Webcam?
5 days ago by Dr. J. (9 comments)

Windows Events log for IR/Forensics ,Part 1
6 days ago by Basil (3 comments)

View All Diaries →

Latest Discussions

Best way to reduce spam?
created 1 day ago by RafealHenco (0 replies)

Best security software to protect my PC!
created 1 day ago by RafealHenco (0 replies)

Level of detail for Info Security Policy
created 1 week ago by Circadian (7 replies)

Strange / Excessive Error Code 400
created 3 weeks ago by JimR (2 replies)

API call to get the IP list at the sources page?
created 3 weeks ago by John (1 reply)

View All Forums →

Latest News

View All News →

Top Diaries

Critical Cisco ASA IKEv1/v2 Vulnerability. Active Scanning Detected
7 months ago by Dr. J. (25 comments)

Voice Message Notifications Deliver Ransomware
1 month ago by Xme (6 comments)

Is "2 out of 3" good enough for Anti-Malware?
1 week ago by Dr. J. (8 comments)

Data Classification For the Masses
1 month ago by Xme (14 comments)

An Approach to Vulnerability Management
3 months ago by Russell (13 comments)