Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Finding VBA signatures in .docm files SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Finding VBA signatures in .docm files

Last week I researched how to detect signed VBA code in Word .doc files.

For .docm files, it's easier. .docx and .docm files are actually ZIP files, and a .docm file (Word document with VBA macros) contains file vbaProjectSignature.bin when the VBA code is signed.

 

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

DidierStevens

470 Posts
ISC Handler
Feb 18th 2018

Sign Up for Free or Log In to start participating in the conversation!