visual basic


FortiGuard Labs recently captured some malware which was developed with the Microsoft .Net framework. I analyzed one of them, and in this blog, I’m going to show you how it is able to steal information from a victim’s machine. The malware was spread via a Microsoft Word document that contained an auto-executable malicious VBA Macro. Figure 1 below shows how it looks when it’s opened. Figure 1. When the malicious Word document is opened What the VBA code does Once you click the “Enable Content”... [Read More]
by RSS Xiaopeng Zhang  |  Jun 28, 2017  |  Filed in: Security Research
In every country and region in the world, tax season is also a time when we see a spike in scams, phishing, and targeted malware. The tax return season in the US is coming to the end. Have you filed your tax return yet? Did you receive any notifications from the IRS (the Internal Revenue Service) in your email?  We did, but not from the real IRS. (Remember, the IRS never communicates important information with taxpayers by email.) FortiGuard Labs recently collected a number of malware samples related to the current tax season in the US.... [Read More]
by RSS Xiaopeng Zhang  |  Apr 13, 2017  |  Filed in: Security Research
To survive, Macro downloaders have to constantly develop new techniques for evading sandbox environments and anti-virus applications. Recently, Fortinet spotted a malicious document macro designed to bypass Microsoft Windows’ UAC security and execute Fareit, an information stealing malware, with high system privilege. SPAM This malicious document is distributed by a SPAM email.  As part of its social engineering strategy, it is presented in the context of someone being interested in a product. Fig.1 SPAM with the malicious... [Read More]
by RSS Joie Salvio and Rommel Joven  |  Dec 16, 2016  |  Filed in: Security Research
Recently we received a SPAM with an attachment, which is a password-protected Word document. Its MD5 is 6619356e9e0c9d2445bf777a8bea5d6a, which is detected as “WM/Agent.60F9!tr” by the Fortinet AntiVirus service. When the document is opened, the attached malicious VB script code is executed and additional malware is created and executed. Based on our analysis, this is information-stealing malware. In this blog, we’ll show you how the malware works, what information is stolen from a victim’s system, and how the stolen data... [Read More]
by RSS Xiaopeng Zhang  |  Oct 24, 2016  |  Filed in: Security Research