MalwareBazaar Database
This page shows some basic information the YARA rule INDICATOR_SUSPICIOUS_EXE_Enable_OfficeMacro including corresponding malware samples.
Database Entry
| YARA Rule: | INDICATOR_SUSPICIOUS_EXE_Enable_OfficeMacro |
|---|---|
| Author: | ditekSHen |
| Description: | Detects Windows executables referencing Office macro registry keys. Observed modifying Office configurations via the registy to enable macros |
| Firstseen: | 2025-05-08 06:52:08 UTC |
| Lastseen: | 2025-11-23 09:30:08 UTC |
| Sightings: | 5 |
Malware Samples
The table below shows all malware samples that matching this particular YARA rule (max 1000).
| Firstseen (UTC) | SHA256 hash | Tags | Signature | Reporter |
|---|