![]() In order to find the encoded script, we go to the "sdghfgjfgkgkghk.o" stream. VBE files are encoded VBS scripts and Cerbero Suite automatically decodes these scripts into readable VBS code. This part of code dumps a VBE script to disk and executes it. If we glance over the code, we reach an interesting part. The first thing we notice when opening the malicious document with Cerbero Suite is that it contains VBA code. ![]() We would like to thank InQuest for this interesting malware sample: it's a great sample to show the power of Cerbero Suite! ![]()
0 Comments
Leave a Reply. |