![]() ![]() Documents do have some privacy concerns, and being able to carry out a full analysis of any (malicious) document on e.g. I wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway and thus reveal the sample’s true nature in a safe manner. The same is true for hand-crafted RTFs with lots of obfuscation – they just shine in the dark. ![]() Embedded ‘executable’ content is usually very visible, and with most exploits, even if you don’t know exactly what is being exploited, the presence of strange data in strange locations is usually a good giveaway that something is going on. Office documents have over many decades been used to launch malware, often through macros, embedded content or exploits. The type and level of obfuscation varies, but in general, the idea is to make it difficult to understand what a sample is really doing – which can reduce the accuracy in correctly handling it. Obfuscation is an old trick every malware researcher and scanner engine needs to get around in order to find the real content of the sample they are analysing. Gathering the data needed to understand the VBA world ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |