Malware authors often find creative ways to obfuscate and store their data and malicious office documents are no exception. One such...

While the abuse of OneNote documents is nothing new, a recent document I investigated revealed multiple payloads through the page...

In this video, we’ll look into installing OLEDUMP in Microsoft Windows. Microsoft office documents are a common vehicle used by malware...

On 11/10/2020, AnyRun posted an Emotet maldoc that utilized CertUtil to decode a DLL payload that was used for unpacking and running the...

Behavioral information is a key indicator used to determine if an office document is malicious or not. I’ve recently seen a series of...

A favorite technique by malware authors is to use macros in their office documents to utilize a normal system executable and replace the...

Malware authors are constantly coming up with new and clever techniques to help avoid detection. In this maldoc, the authors employed...

This is a summary of initial (triage) analysis of Emotet droppers and the associated network traffic from the fall of 2019. This write-up...

Please note: This was a blog post I originally authored for Bromium. Due to changes in how they host their blog content, it has fallen...

In this post, we will be looking into ways to identify and analyze the presence of a user form in an office document. As I discussed in a...

Microsoft office documents are a common vehicle used by malware authors to deliver malware. These documents, used for malicious purposes,...