Posted by on Apr 21, 2021
Office documents have over many decades been used to launch malware, often through macros, embedded content or exploits.
Researcher Kurt Natvig wanted to understand whether it’s possible to recompile VBA macros to another language, which could then easily be ‘run’ on any gateway, thus revealing a sample’s true nature in a safe manner.
In a new article he explains, step by step, how he recompiled malicious VBA macro code to valid harmless Python 3.x code.