Search the Community
Showing results for tags 'xlm'.
-
XLM Macro Deobfuscator XLM Macro Deobfuscator can be used to decode obfuscated XLM macros (also known as Excel 4.0 macros). It utilizes an internal XLM emulator to interpret the macros, without fully performing the code. It supports both xls, xlsm, and xlsb formats. It uses xlrd2, pyxlsb2, and its own parser to extract cells and other information from xls, xlsb, and xlsm files, respectively. You can also find XLM grammar in xlm-macro-en.lark Changelog v0.2.6 Fix bug in interpreting a formula if contains a sheet name that is a valid col name like C1 [hide][Hidden Content]]
-
XLM Macro Deobfuscator XLM Macro Deobfuscator can be used to decode obfuscated XLM macros (also known as Excel 4.0 macros). It utilizes an internal XLM emulator to interpret the macros, without fully performing the code. It supports both xls, xlsm, and xlsb formats. It uses xlrd2, pyxlsb2, and its own parser to extract cells and other information from xls, xlsb, and xlsm files, respectively. You can also find XLM grammar in xlm-macro-en.lark Changelog v0.2.3 Added support for FORMULA.ARRAY and _xlfn.ARABIC Fixed several bugs [hide][Hidden Content]]
-
XLM Macro Deobfuscator XLM Macro Deobfuscator can be used to decode obfuscated XLM macros (also known as Excel 4.0 macros). It utilizes an internal XLM emulator to interpret the macros, without fully performing the code. It supports both xls, xlsm, and xlsb formats. It uses xlrd2, pyxlsb2, and its own parser to extract cells and other information from xls, xlsb, and xlsm files, respectively. You can also find XLM grammar in xlm-macro-en.lark Changelog v0.2 Considers auto_close defined names as starting points for interpreting macros Loads XLSM files with many empty cells much faster Has new switches –defined-names –sort-formula –extract-formula-format Supports more functions SQRT Has less bugs (Lots of bugs were fixed in this version). [hide][Hidden Content]]
-
BoobSnail allows generating XLM (Excel 4.0) macro. Its purpose is to support the RedTeam and BlueTeam in XLM macro generation. Features: various infection techniques; various obfuscation techniques; translation of formulas into languages other than English; can be used as a library - you can easily write your own generator. Saving output in Excel Dump output to CSV file. Copy content of CSV file. Run Excel and create a new worksheet. Add new Excel 4.0 Macro (right-click on Sheet1 -> Insert -> MS Excel 4.0 Macro). Paste the content in cell A1 or R1C1. Click Data -> Text to Columns. Click Next -> Set Semicolon as separator and click Finish. [hide][Hidden Content]]
-
- 3
-
- boobsnail
- generating
- (and 4 more)
-
XLMMacroDeobfuscator - Extract And Deobfuscate XLM Macros (A.K.A Excel 4.0 Macros) XLMMacroDeobfuscator can be used to decode obfuscated XLM macros (also known as Excel 4.0 macros). It utilizes an internal XLM emulator to interpret the macros, without fully performing the code. It supports both xls, xlsm, and xlsb formats. It uses xlrd2, pyxlsb2 and its own parser to extract cells and other information from xls, xlsb and xlsm files, respectively. [hide][Hidden Content]]
-
- xlmmacrodeobfuscator
- extract
-
(and 4 more)
Tagged with:
-
EXCELntDonut EXCELntDonut is an XLM (Excel 4.0) macro generator. Start with C# source code (EXE) and end with an XLM (Excel 4.0) macro that will execute your code in memory. XLM (Excel 4.0) macros can be saved in .XLS files. How it works You provide a C# file containing your payload (like an EXE with the main method that executes a cobalt strike beacon payload). That C# file is compiled using MCS into two .NET assemblies: x86 and x64. After compilation, the awesome tools Donut (for x86) and CLRvoyance (for x64) convert each assembly into position independent shellcode. Next, all null bytes are removed, since XLM (Excel 4.0) macros don’t play nicely with null bytes and the payload is chunked into lines with no more than 255 characters (for x86) or 10 characters (for x64). Once the shellcode is prepared, it’s combined with basic process injection functions (VirtualAlloc, WriteProcessMemory, and CreateThread) as well as an architecture check function to determine which payload (x86 or x64) to run on the target system. If you elect to execute sandbox checks or basic obfuscation, then those functions will update your macro. Finally, the output is placed in a CSV file (saved as .txt). [hide][Hidden Content]]
-
- 5
-
- excelntdonut:
- xlm
- (and 4 more)