![]() VBComponents(i).CodeModule.DeleteLines _ġ. TmpLoc = "C:\Users\" & CurrUser & "\AppData\Roaming\Microsoft\Templates\Normal.dotm"Ī = True Once youve picked your template, you can customize your paper to make your letter special. ![]() You can give your letter a simple look with a modern design, go back in time with a vintage template, or keep it playful with some fun illustrations. ![]() ' Replace current template with Normal.dotm template. To start, choose your favorite template on Microsoft Create. The Final Macro - Notice the unlink function being called in both AutoOpen() and Document_Open() Sub AutoOpen() If there are any errors during the process, the "fail-safe" DeleteVBAProject function will delete all of the VBA script that exists in the document. In short, the additional code first tries to unlink the current malicious template, and link the document with a Normal.dotm default template, which can be found in all Windows machine that has Word installed. This section's unlinking/self-deleting code is from John Woodman - The article goes in-detail about what the code does. This is bad for OPSEC reasons, as word document macros can be deobfuscated, which will reveal additional network based indicators to the analysts. Enter a caption for this image (optional) Unlinking and OPSECĪfter the remote template file is downloaded, the macro is left inside the.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |