Showing posts tagged #hancitor

Return Home

Previous analysis: Palo Alto's Analysis Minerva's Analysis We are presented with a Word document that has macros. The VBA code for the macros is obfuscated but we can clearly see that it is using some interesting Win32 API calls like VirtualAlloc and CallWindowProc, which later renames. Thus, we can just

Read More