Sample

Metadata

SHA256: 56f5623daa470bee190ae0ecd961be8e6df71c8da1ccf7b268fe876b84c183d9
Difficulty: easy
Platform: Windows
Tags: loader msoffice openxml vsto add-in
Likes: 3
Views: 14
Submitter: struppigel

Analysis

Goal

Where does this file load the next stage from?

Description

This is an OpenXML file which abuses VSTO Add-in

Recommended Tools

exiftool oletools

Solutions

Malicious MS Office Files Without Macros Reference by struppigel
Malicious .docx Analysis by ge0lev
Finding the next stage in a Word Document abusing VSTO functionality by 0xdeluks

7

Image

Sample image

Video

Solution by struppigel: Malicious MS Office Files Without Macros

Comments

Please login to view and post comments.