Usage: eviloffice.exe [OPTIONS]+ filename
Author: Stan Hegt
Email: [email protected]
Options:
-n, --name=VALUE The target module name to stomp.
This argument can be repeated.
-s, --sourcefile=VALUE File containing substitution VBA code (fake
code).
-g, --guihide Hide code from VBA editor GUI.
--gg, --guiunhide Unhide code from VBA editor GUI.
-t, --targetversion=VALUE Target MS Office version the pcode will run on.
-w, --webserver=VALUE Start web server on specified port to serve
malicious template.
-d, --delmetadata Remove metadata stream (may include your name
etc.).
-r, --randomnames Set random module names, confuses some analyst
tools.
--rr, --resetmodulenames
Undo the set random module names by making the
ASCII module names in the DIR stream match their
Unicode counter parts
-u, --unviewableVBA Make VBA Project unviewable/locked.
--uu, --viewableVBA Make VBA Project viewable/unlocked.
-v Increase debug message verbosity.
-h, --help Show this message and exit.