decalage2 / ViperMonkey

A VBA parser and emulation engine to analyze malicious macros.
1.05k stars 186 forks source link

pcode support #90

Open vdun opened 4 years ago

vdun commented 4 years ago

https://github.com/bontchev/pcodedmp https://github.com/Big5-sec/pcode2code

decalage2 commented 4 years ago

When olevba detects potential VBA stomping, vmonkey could use pcode2code to convert the P-code to VBA and then parse it.