Simple utility design to generate obfuscated macro that also include a AV / Sandboxes escape mechanism.

Setup Malicious Macro Generator Utility on Kali Linux

First thing we need to do is download the code from Github or git clone.

After that let’s try the basics




Config file

Example of a project config file.

Evasion techniques

Domain check

The macro is fetching the USERDOMAIN environment variable and compare the value with a predefined one. If they match the final payload is executed.

Disk check

The macro is looking for the total disk space. VMs and test machines use small disk most of the time.

Memory check

The macro is looking for the total memory size. Vms and test machines use less resources.

Uptime check

The macro is looking for the system uptime. Sandboxes will return a short uptime.

Process check

The macro is checking if a specific process is running (example outlook.exe)


The python script will also generate obfuscated code to avoid heuristic detection