3 comments on “Obfuscated shellcode inside a malicious RTF document

  1. This is very helpful esp to a neophyte like myself. Question. How reliable is officemalscanner what the false positive rate? Is there any easy way like trying disassemble entire document or something. Like how to tell data bytes from command bytes

    • Officemalscanner is a really nice tools but it doesn’t work with files using new techniques, that’s the problem. A false positive is just like an alert, you always have to put your hands inside the document. And it’s not an Officemalscanner related weakness, it’s a general problem which is related to a large variaty of tools. As far as I know there are no easy way…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s