A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
GNU General Public License v3.0
2.13k
stars
394
forks
source link
Office 365 / Office 2021 not present in ReplaceOfficeVersionInVBAProject #53
I would have simply guessed that the same p-code compiler was carried forward from 2019, but if that were true, I would have expected the version to be AF 00 like the other recent 32-bit versions instead of the version number that has been associated with 64-bit.
By way of letting you know that O365/Office 2021 is absent from the list of valid Office versions in your switch construct, I thought I would ask if you've encountered this too and learned anything about it?
I noted that 32-bit Office 365 saves macro documents with a VBA Project version of
B2 00, which I didn't expect because I thought it to be associated with 2016x64 and 2019x64: https://github.com/outflanknl/EvilClippy/blob/master/evilclippy.cs#L508Didier Stevens wrote about this phenomenon and didn't seem to reach a conclusion on why this is: https://isc.sans.edu/diary/Office+2021%3A+VBA+Project+Version/28150
I would have simply guessed that the same p-code compiler was carried forward from 2019, but if that were true, I would have expected the version to be
AF 00like the other recent 32-bit versions instead of the version number that has been associated with 64-bit.By way of letting you know that O365/Office 2021 is absent from the list of valid Office versions in your
switchconstruct, I thought I would ask if you've encountered this too and learned anything about it?