This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 4.6 of Malicious Web & Document Files
VBA macro infection chains, format identification by magic bytes, oleid and olevba triage, P-Code hidden execution, Excel 4.0 XLM macros, DDEAUTO, remote template injection, malicious OneNote files, and a nine-step triage workflow.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
oletools — oleid, olevba, rtfobj Suite
Complete Office malware analysis toolkit. Install via pip. Covers VBA extraction, OLE analysis, and RTF object extraction.
XLMMacroDeobfuscator — Excel 4.0 Macro Analyser
Parses and emulates Excel 4.0 XLM macros. Essential for analysing samples that evade VBA-focused tools.
MITRE ATT&CK — Phishing: Spearphishing Attachment (T1566.001)
ATT&CK technique for malicious document delivery via email with procedure examples and detection guidance.
Quadrant 4 · Self-Assessment
Malicious Web & Document Files
Covers drive-by download attacks, JavaScript de-obfuscation, malicious PDF analysis, RTF exploitation, and Microsoft Office macro malware.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.