|
In diary entry "AV Cleaned Maldoc" I analyze a malicious document with VBA code that has been removed by anti-virus. As the VBA code has been wiped, no M or m indicators are present:
I've updated my oledump.py to add a ! indicator for such streams:
I also compiled an overview of oledump's indicators. Didier Stevens |
DidierStevens 604 Posts ISC Handler Nov 15th 2020 |
| Thread locked Subscribe |
Nov 15th 2020 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!
https://www.sans.edu
