Tag: kurt natvig
-
New article: Run your malicious VBA macros anywhere!
Office documents have over many decades been used to launch malware, often through macros, embedded content or exploits. Researcher Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner. In a…
-
New article: Excel Formula/Macro in .xlsb?
Excel Formula, or XLM – does it ever stop giving pain to researchers? So asks Forcepoint researcher Kurt Natvig. In a follow-up to his previous article on Excel Formula (XF) 4.0 malware, Kurt takes us through his analysis of a new sample using the .xlsb file format. Excel Formula/Macro in .xlsb? Read the paper (HTML)…
-
New article: Decompiling Excel Formula (XF) 4.0 malware
Office malware has been around for a long time, but until recently Excel Formula (XF) 4.0 was not something researcher Kurt Natvig was very familiar with. In a new article Kurt allows us to learn with him as he takes a deeper look at XF 4.0. Decompiling Excel Formula (XF) 4.0 malware Read the paper…