Malware Devil

Loading...

Sunday, November 15, 2020

oledump’s ! Indicator, (Sun, Nov 15th)

In diary entry “AV Cleaned Maldoc” I analyze a malicious document with VBA code that has been removed by anti-virus.

As the VBA code has been wiped, no M or m indicators are present:

I’ve updated my oledump.py to add a ! indicator for such streams:

I also compiled an overview of oledump’s indicators.

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post oledump’s ! Indicator, (Sun, Nov 15th) appeared first on Malware Devil.



https://malwaredevil.com/2020/11/15/oledumps-indicator-sun-nov-15th/?utm_source=rss&utm_medium=rss&utm_campaign=oledumps-indicator-sun-nov-15th
at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...