Reversing Malicious Office Document (Macro) Emotet(?)

OLEVBA - https://github.com/decalage2/oletools/wiki/olevba 1:58 - Extract Macro with olevba 2:40 - ExifTool to examine Document Metadata (Comments used in Macro) 3:48 - Examining Macro Code 4:21 - Using Python to explan Right(left)) 7:20 - Opening ProcMon 9:07 - Why you should be careful when executing portions of "bad code" 9:55 - Viewing Macro's in Word and DeObfuscating by changing Shell to Print 12:17 - Start of Obfuscated Powershell (after de-base64) 13:21 - Malicious Powershell Code 16

• #تحصیلات_و_یادگیری
• #reverse
• #malware
• #emotet
• #office
• #macro