Analyzer

Any user can submit a MS Office file for analyzing. By submitting the file, you are agreeing to our Terms of Service and Privacy Policy and to the sharing of your Sample submission with the security community.

Please do not share any personal information; Cubelyzer is not responsible for the contents of your submission. To get started the analyze a file, you can go Analyzer page.

Main Features

Cubelyzer, main features listed below:

• Summary view of analyze result

• Detecting auto-executable macros

• Detecting file structure

• Detecting anti-sandboxing and anti-virtualization techniques

• Detecting and decodes strings obfuscated with Hex/Base64/StrReverse/Dridex

• Deobfuscation VBA expressions with any combination of Chr, Asc, Val, StrReverse, Environ, +, &, using a VBA parser built with pyparsing, including custom Hex and Base64 encodings

• Detecting suspicious VBA keywords often used by malware

• Extracting IOCs/patterns of interest such as IP addresses, URLs, e-mail addresses and executable file names

• Extracting VBA macro source code

Supported Formats

• Word 97-2003 (.doc, .dot), Word 2007+ (.docm, .dotm)

• Excel 97-2003 (.xls), Excel 2007+ (.xlsm, .xlsb)

• PowerPoint 97-2003 (.ppt), PowerPoint 2007+ (.pptm, .ppsm)