Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

README.md

loffice - Lazy Office Analyzer

Requirements:

Optional:

Loffice is making use of WinAppDbg to extract URLs' from Office documents but also VB-script and Javascript. By setting strategical breakpoints it's possible to neutralize obfuscation and get the URL and file destination. Anti-analysis via WMI, for example detecting running processes or installed software is handled by patching the query string before the query is run.

Loffice have three different exit-modes which determine if execution is to be aborted:

  • url - Exit when the first URL is found
  • proc - Exit if a new process is to be created
  • thread - Before resuming a suspended thread (RunPE style)
  • none - Do not interupt execution, URL and file information will still be printed.

It will also give an insight if there is any evasion/sandbox detection going on by checking string comparisons and logging everything to file located in the "logs" directory.

To make analysis as quick as possible macro should be enabled in Office otherwise you would have to manually enable macro for each analysis. After completed analysis the host application (ex. Word) will be terminated.

If you've got any suggestions/thoughts/comments, let me know!

About

Lazy Office Analyzer

Resources

Releases

No releases published

Packages

No packages published

Languages

You can’t perform that action at this time.