A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
I have recently identified that Office 2016 actually uses another header to differentiate 64bits from 32bit:
UA-CPU: AMD64
The current version of EvilClippy is not able to serve the correct template because it is not analyzing the value of this header, so it ends up serving x86 template for x64.
I'm not sure if that happens to other versions, so I just added another check for this specific header and the presence of the string "64" in the value of the header.
I have recently identified that Office 2016 actually uses another header to differentiate 64bits from 32bit:
UA-CPU: AMD64
The current version of EvilClippy is not able to serve the correct template because it is not analyzing the value of this header, so it ends up serving x86 template for x64.
I'm not sure if that happens to other versions, so I just added another check for this specific header and the presence of the string "64" in the value of the header.