Maldoc Analysis

Last modified: 2023-04-04


Malicious Documents (.doc) are Microsoft documents contain malicious execution code.

Static Analysis

  1. Open CyberChef
  2. Upload the suspicious doc file on CyberChef.
  3. Use the "Strings" function to extract strings.
  4. If you found obfuscated strings in the results, add the "Find / Replace" function to remove extra strings.
  5. If necessary, add the "Drop bytes" function to remove extra bytes.