• Stars
    star
    141
  • Rank 259,971 (Top 6 %)
  • Language
    Python
  • Created about 6 years ago
  • Updated about 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

2018 School project - PoC of malware code obfuscation in Word macros

VBA obfuscator

Final year school project, obfuscate Word macros.

This program obfuscates the Visual Basic code from Microsoft Word macros. The transformations applied on the code allows the macros to evade signature scans from Antivirus softwares.

Usage example

With Docker:

cat YOUR_MACRO.vbs | docker run -i --rm bonnetn/vba-obfuscator /dev/stdin

This command will obfuscate the whole code.

⚠️ Pay attention to the first two lines!

⚠️ It is necessary to add a document variable to the word document before pasting the code. You can dispose of the first two lines once it has been executed once on the Word document.

Development setup

Install python3 and the requirements.

pip install -r requirements.txt

To run the tests:

pytest

Then run:

python3 obfuscate.py YOUR_MACRO.vbs

Authors

Thomas Leroy - [email protected]

Nicolas Bonnet – [email protected]

How to use (YouTube)

Tutorial video on how to obfuscate your macros and put them in a Word Document.

Click on the picture to see the video (enable the subtitles).

Demo

Proof of concept - Obfuscation & Antivirus

Antivirus signature scan evasion.

Click on the picture to see the video (enable the subtitles).

Demo

Quick how to use...

asciicast

Project report

The report of this project is available here. It is in French, so we are sorry for people that don't speak this lovely language.

Disclaimer

The VBA obfuscator tool is provided for educational and research purposes only. The authors of this project are no way responsible for any misuse of this tool.

Do not attempt to violate the law with our project, we will not take any responsability for your actions.