Analyzing Malicious Password Protected Office Documents

Over the past year-or-so, there seems to have been an uptick of miscreants password protecting the malicious office documents that they send to their target victims. They do this in an effort to bypass detection and thwart analysis. This blog details a few different tools and methodologies that can be used to analyze such files.


Defeating the VB5 Packer

In this post, I provide step-by-step instruction on how to unpack an executable that has been packed with a VB5 Packer. I will also cover the bypassing of multiple anti-analaysis controls that were implemented by the packer. The result is a fully functional unpacked executable.