Small Challenge: A Simple Word Maldoc, (Sun, Aug 2nd)

A reader submitted malicious Word document deed contract,07.20.doc (also uploaded the Malware Bazaar).

There are a couple of interesting aspects to this document. The first, that I will point out here, is that the VBA code is quite simple.

The code is quite short. And there is string obfuscation.

In this diary, I’m not going to analyze this document.

If you are interested, I’m challenging you to analyze it. I’ve copied the code you see above to pastebin, so that you can have a go at it without needing the actual malware sample.

If you participate, please post a comment with your solution. I’m particularly interested in your analysis method, rather than the deobfuscated command.

Have fun 🙂


Didier Stevens
Senior handler
Microsoft MVP

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

Reposted from SANS. View original.