search

VBA Stomping

By altering P-Code to hide VBA macros it is possible to confuse macro analysis tools (used by AV).

This can be done manually using FlexHex, or more easily by using EvilClippy.

EvilClippy.exe -s fake.vba -g -r doc1.doc

-g Hide/Unhide macros from GUI -s Stomp VBA (abuse P-code) -r Set/reset random module names (fool analyst tools)

fake.vba
Private Sub AutoOpen()
MsgBox "My nice fake code!"
End Sub

hashtag
Tooling

Last updated