Sample
- SHA256
-
57e497bf62138b926d4adab395e0ab64f9f1b606ff9219e0c004fcc5a8348f7a - Difficulty
- medium
- Platform
- Windows
- Tags
- CVE-2017-11882 exploit msoffice
- Likes
- 0
- Views
- 6
- Submitter
- struppigel
Analysis
Goal
Find the code that is responsible for loading the next stage. Figure out the download URL for the next stage with emulation.
Description
This file abuses Microsoft Equation Editor exploit (CVE-2017-11882), a critical remote code execution (RCE) vulnerability.
Recommended Tools
oletools
Image
Comments
Please login to view and post comments.