Reader Roland submitted a malicious Zloader Excel 4 macro spreadsheet (MD5 82c12e7fe6cabf5edc0bdaa760b4b8c8).
It’s typical of the samples we have seen these last weeks, with heavy formula obfuscation:
These maldocs can now easily be analysed with xlm-deobfuscator:
I also created a short video:
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.