Category Archives: VBScript

A look at a Word document macro using Invoke-DOSfuscation

The sample from this one comes from  Packet Wire @packet_Wire. Twitter thread here  After getting the location of the Word document and downloading it. The file name was “Auditor-of-State-Notification-of-EFT-Deposit” with hash values of. Sha1: 4C7C8B1897CA22E4E477C361DAF676D471A4F4AFSha256: EBDA287F6B33A0C7A689E1D8FDE7ABC708C9DFBCA2759A56CD055868B2CC0911MD5: 35756ECC87405E42F62DEEEEF18FD43A Let’s dive into … Continue reading

Posted in Malware, PowerShell, VBScript | Tagged , , | Leave a comment

Peeling away the layers of a word document macro

The sample used in this one was first brought to my attention from the blog post by @HerbieZimmerman  and the blog post is here. https://www.herbiez.com/?p=1028 and the link to the doc file is here https://www.hybrid-analysis.com/sample/0de3f4380b642e59d0cde5570ed13bfc727000b94a034ce10e1f87bfac3fac79?environmentId=100 This one peaked my interest … Continue reading

Posted in Malware, PowerShell, security, VBScript | Tagged , ,

Converting VB Script To VB.Net

My Last Post Titled “Event 10 Mystery Solved” (found here.), Left me with a Question about the binary version of the SID, A returned value of  CreatorSID: 1,5,0,0,0,0,0,5,21,0,0,0,190,118,173,34,87,198,105,19,239,226,7,24,244,1,0,0 I started searching the net to see if anyone has posted a … Continue reading

Posted in CodeProject, Programming Tools, System Tools, VB.net, VBScript | Tagged , , ,