In my previous blog I had a first look on what Excel Formula, or Excel Macro 4.0 – would look like in Python 3.x. I manually wrote support for the first layer of that sample. Little did I know how complicated it would become to do this automatic, and what secrets the sample had furtherContinue reading “First look at automatic XF2Python”
Category Archives: Uncategorized
First look at ‘manual’ xf2python
One of my first blogs was about de-compiling Excel Formula code from the formula statements in the workbook stream. Today we’ll see how we can run this code in Python.
Vba2Python results & challenges
This will probably by the last post about vba2python for a while. This time we’ll walk through 3 samples, look at the output and the various challenges they contain trying to convert this to Python 3.x
Automatically generate Python 3.x from malicious VBA macros
If you have followed my lasts posts, it’s been focused on VBA macros and getting them to run on a Python platform. I spent a lot of time understanding the VBA world and how it could work in the Python world. I manually converted the code and then I built automation to convert the complicatedContinue reading “Automatically generate Python 3.x from malicious VBA macros”
Running VBA as Python (part 3)
The similarities between Python and Visual Basic for Applications (VBA) are strong. Python is of course a much stronger language, trying to do this the other way would have been way too painful (and possibly not doable). How much time does it take to extract info, convert code and run it? Find out..
Running VBA as Python (part 2)
In my previous blog we looked at a quite simple malicious VBA macro that used string-obfuscation and we could convert the code to Python to understand its real intentions. It wasn’t particularly complicated.
Want to run your VBA macros safely anywhere?
Introduction This time I want to show you a nice method of making the obfuscation-level of office Visual Basic for Applications (VBA) macros go away. You’ll get to see the clear motivation and instructions the malware is giving without dealing with the garbage they show to the unlucky person trying to figure out what theyContinue reading “Want to run your VBA macros safely anywhere?”
Excel Formula/Macro in .xlsb?
Excel Formula, or XLM – doesn’t stop giving pain to researchers?
Decompiling Excel Formula (XF) 4.0 malware
Office malware has been around for a long time. In the past I’ve written several blogs about the basics and beyond. In this blog we’ll focus on Excel Formula (XF) 4.0. I wasn’t too familiar with XF 4.0 before I started looking into it, so learn with me.