There are a few tools out there that extract Macros out of Microsoft Office Documents. I thought I'd walk through and example of how.
First let's create an excel document with a macro.
1.) First open Excel, select the Developer Tab, and the Visual Basic option
2.) Double-click in the VBA Project window on 'This workbook'
3.) Select the "Workbook" from the VBA code drop down list
4.) Write a Hello World type macro (Ex: MsgBox("Hello World") )
5.) Close out of the VBA code area
6.) Save the Excel doc as one of those old evil versions of Microsoft Office
Second let's extract the macro from the excel document without opening it
1.) Download one of the free Macro extraction software tools like OfficeMalScanner
2.) Run the extractor from the command line (Ex: OfficeMalScanner.exe C:\windows\temp\sample.xls info)
3.) See that it found something
4.) View the output folder
5.) Open the file 'ThisWorkbook' to see the macro code!
Now you're safe to analyze without opening and getting infected. Sweet.
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment