Melissa

sudo -H pip install -U oletools[full]
olevba LIST.DOC
wget https://raw.githubusercontent.com/DidierStevens/DidierStevensSuite/master/oledump.py
python3 -m pip install olefile
python3 oledump.py LIST.DOC

See the results of olevba here.

Submit the stream number that contains the Melissa macro in the LIST.DOC file (1 points)

Answer:: 7
After identifying which version of word, Melissa will enable all macros from registry (1 points)
```
python3 oledump.py LIST.DOC -s 7
```
The reference documentation is available here.

Answer:: 9.0
What is the email service targeted by Melissa (1 points)

Answer:: Outlook
How many number of email addresses were collected (1 points)
```
If x > 50 Then oo = AddyBook.AddressEntries.Count
```
Answer:: 50
What is the string used by melissa to identify whether a PC is infected or not and decide whether to collect email addresses or not (2 points)
```
System.PrivateProfileString("", "HKEY_CURRENT_USER\Software\Microsoft\Office\", "Melissa?") = "... by Kwyjibo"
```
Answer:: ... by Kwyjibo
What is the variable responsible for identifying the email username of the infected PC (2 points)
```
BreakUmOffASlice.Subject = "Important Message From " & Application.UserName
```
Answer:: Application.UserName
What is the text in email body used for spreading melissa (1 points)
```
BreakUmOffASlice.Body = "Here is that document you asked for ... don't show anyone else ;-)"
```
Answer: Here is that document you asked for ... don't show anyone else ;-)
What is the text that is inserted by Melissa in an open word document? (1 points)
```
If Day(Now) = Minute(Now) Then Selection.TypeText " Twenty-two points, plus triple-word-score, plus fifty points for using all my letters.  Game's over.  I'm outta here."
```
Answer:: Twenty-two points, plus triple-word-score, plus fifty points for using all my letters. Game's over. I'm outta here.

Melissa

Tags