I found a pretty cool sample while reviewing recent trends in XLS malware. The XLS contains a small piece of macro code that starts an interesting chain of events. The VBA macros can be extracted from the XLS with Didier Steven’s oledump, or Decalage’s olevba. Here is the entirety of the VBA code. The code […]