diff --git a/malware-analysis_ref_and_memo.md b/malware-analysis_ref_and_memo.md index f6cda87..17cbcf1 100644 --- a/malware-analysis_ref_and_memo.md +++ b/malware-analysis_ref_and_memo.md @@ -375,8 +375,26 @@ Injecition/Hollowingされたプロセスの自動検出
- [PowerShell Core(PowerShell 7+)](https://docs.microsoft.com/ja-jp/powershell/scripting/install/installing-powershell-core-on-windows?view=powershell-7) - [LibreOffice](https://ja.libreoffice.org/) - ref: - - [vbastomp.com](https://vbastomp.com/) + - [vbastomp.com](https://vbastomp.com/) - [Advanced VBA Macros Attack&Defence,BHEU2019](https://www.decalage.info/files/eu-19-Lagadec-Advanced-VBA-Macros-Attack-And-Defence.pdf) +- vba memo + - Using WScript.Shell + ``` + Dim wsh As New WshShell + or + Dim wsh As Object + Set wsh = CreateObject("Wscript.Shell") + ``` + - StateMent + - Call + - dllを呼び出せる + - プロシージャを呼び出す + - `Call name [argumentlist]` + - Function + - [Commmand](https://docs.microsoft.com/ja-jp/office/vba/language/reference/user-interface-help/command-function) + - コマンドライン引数を取得 + - [ExecuteExcel4Macro](https://docs.microsoft.com/ja-jp/office/vba/api/excel.application.executeexcel4macro) + - Excel4.0のマクロを実行 # JavaScript Analysis - **[JS Beautify](https://github.com/beautify-web/js-beautify)**