You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We received the attached Excel file (password 123), which contains a malicios macro that triggers on "Private Sub Workbook_BeforeClose". Unfortunately mraptor does not detect this file as suspicious, because it only looks for "Document_BeforeClose" or "Workbook_Close", but not "Workbook_BeforeClose" (https://docs.microsoft.com/en-us/office/vba/api/excel.workbook.beforeclose)
The same is true for olevba, which does not recognize an autoexec function via its AUTOEXEC_KEYWORDS.
We received the attached Excel file (password 123), which contains a malicios macro that triggers on "Private Sub Workbook_BeforeClose". Unfortunately mraptor does not detect this file as suspicious, because it only looks for "Document_BeforeClose" or "Workbook_Close", but not "Workbook_BeforeClose" (https://docs.microsoft.com/en-us/office/vba/api/excel.workbook.beforeclose)
The same is true for olevba, which does not recognize an autoexec function via its AUTOEXEC_KEYWORDS.
The fix is trivial, probably not worth a PR
Balance payment.zip
The text was updated successfully, but these errors were encountered: