In diary entry "AV Cleaned Maldoc" I analyze a malicious document with VBA code that has been removed by anti-virus. As the VBA code has been wiped, no M or m indicators are present: I've updated my oledump.py to add a ! indicator for such streams: I also compiled an overview of oledump's indicators. Didier Stevens |
DidierStevens 649 Posts ISC Handler Nov 15th 2020 |
Thread locked Subscribe |
Nov 15th 2020 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!