What I like most on cyber security is looking at things from very different perspectives and pushing the limits. Have you ever imagined running an exe file from within a MS Excel file? In regular life, even if you were a professional IT person, you probably would say that it would be impossible. Yet, for a cyber security expert nothing is impossible.
On this article I want to introduce you a Python script I coded to make this possible. The code transports an exe file into a hex string (with the file name ‘hex.txt’) and then prepares out of it all the vba code to be copied and pasted into an Excel file.
You can find the code on Github:
You can customize it the way you want. I tested it with netcat application (nc.exe):
python ExeIntoExcel.py -f nc.exe
Running this code produces two text files: hex.txt and hexready.txt.
Just copy and paste the content of hexready.txt into an Excel file.
Then you can start your listener:
nc -lvp 443
Now you can run your Excel file (macro enabled) and you are in.
Congratulations, you converted an Excel file into a Trojan Dropper.
When I tested this dropper on my computer, an Anti Virus with dynamic analysis enabled could easily catch it. I’m open any ideas to for bypassing AVs.