Saturday, December 16, 2017

[SANS ISC] Microsoft Office VBA Macro Obfuscation via Metadata

I published the following diary on isc.sans.org: “Microsoft Office VBA Macro Obfuscation via Metadata“:

Often, malicious macros make use of the same functions to infect the victim’s computer. If a macro contains these strings, it can be flagged as malicious or, at least, considered as suspicious. Some examples of suspicious functions are:

  • Microsoft.XMLHTTP (used to fetch web data)
  • WScript.Shell (used to execute other scripts or commands)

… [Read more]

 

[The post [SANS ISC] Microsoft Office VBA Macro Obfuscation via Metadata has been first published on /dev/random]



from Xavier

No comments:

Post a Comment