Tag Archives: VBA

Peeling away the layers of obfuscation from Excel VBA to dll

Posted on December 7, 2021 by pcsxcetrasupport3

When I first seen this Tweet here by FileScan.IO @filescan_itsec I thought this would be a easy target for deobfuscation. I was wrong. The layers just kept peeling away. Looking at the Twitter link you can get a pretty good … Continue reading →

Posted in Uncategorized | Tagged Excel, Malware Analysis, PowerShell, VBA | 1 Comment

Extracting Shellcode from VBA to PowerShell

Posted on March 26, 2020 by pcsxcetrasupport3

This post will revolve around using my tools to extract the vba code then clean a base64 string that is exploded into multiple lines and then decode to a PowerShell script then extract the shellcode from the script and get … Continue reading →

Posted in Malware, PowerShell, VBScript | Tagged Decoding, Malware Analysis, PowerShell, VBA | 1 Comment

A look at Stomped VBA code and the P-Code in a Word Document

Posted on April 25, 2019 by pcsxcetrasupport3

This sample comes from a Twitter discussion here and a second part of the thread here on April 22 2019. This discussion was started by “My Online Security @dvk01uk “. Although it appears to have a vba file in it … Continue reading →

Posted in Malware | Tagged Malware Analysis, P-Code, VBA | Comments Off

	Name on Pealing back the layers of a b…
	Week 21 – 2022… on Pealing back the layers of a b…
	Week 50 – 2021… on Peeling away the layers of obf…
	Week 47 – 2021… on Excel 4 macro code obfusc…
	Week 31 – 2021… on A deeper look at Office docume…

Tag Archives: VBA

Peeling away the layers of obfuscation from Excel VBA to dll

Extracting Shellcode from VBA to PowerShell

A look at Stomped VBA code and the P-Code in a Word Document

Recent Posts

Recent Comments

Archives

Categories

Meta