#How to open worksheet in excel xlam file code#
Weirdly, none of this macro code seemed to have anything to do with an annual employee evaluation. Those values are then stored within a sheet called “HostInfo,” specifically cells starting in Row 2, Column 2.
![how to open worksheet in excel xlam file how to open worksheet in excel xlam file](https://eraser.heidi.ie/forum/proxy.php?image=https%3A%2F%2Fwww.esofttools.com%2Fimg%2Fexcel%2Fexcelunlocker-feb-2020.png)
Six variables are set to values that are returned by the Environ function, which is a VBA function that returns the string associated with a specific operating system environment variable. Sheets("HostInfo").Cells(7, 2).Value = strOS Sheets("HostInfo").Cells(6, 2).Value = strDomainDC Sheets("HostInfo").Cells(5, 2).Value = strDnsDomain Sheets("HostInfo").Cells(4, 2).Value = strDomain Sheets("HostInfo").Cells(3, 2).Value = strCname Sheets("HostInfo").Cells(2, 2).Value = strUname StrOS = Environ$("os") strComputer = "." 'Populate target sheet The most interesting pieces in this first section are the following variables, along with some handy comments: 'Gather User Information If an error occurs, it jumps to a function called Oops-otherwise, it declares a bunch of variables. It tells the macro to execute once the file is opened (or once macros are enabled). Let’s see what comes out of the workbook from OLEVBA:Īt first glance, we could see the initial subroutine: Sub_AutoOpen(). OLEVBA parses OLE and OpenXML and extracts the VBA macro code in clear text, which was specifically useful in this case because, fun fact: Microsoft Office documents are just specialized XML files. There’s more than one way to analyze a macro, but my favorite method involves OLE Tools. Only one way to figure out what went wrong: look at the macro itself. Interestingly, the “Secure Cells” now displayed an error message: “ERROR 8415E1337: TIMEOUT OCCURED RETRIEVING DATA” (yes, “occurred” was spelled wrong). With the script running, it was the perfect time to poke around the workbook. What’s the worst that could happen? It’s not as if the macro was going to enumerate local system information or Active Directory data and ship it back to the red team within this workbook… right?
![how to open worksheet in excel xlam file how to open worksheet in excel xlam file](https://analysistabs.com/wp/wp-content/uploads/2013/02/Hide-Unhide-Worksheet-Examples-1.png)
A bunch of red text in cells exclaiming “ SECURE CELL: ENABLE MACROS TO RETRIEVE DATA”Įnable macros or not? that was the question… I really wanted that boat.Microsoft’s bright yellow notification: “ SECURITY WARNING Macros have been disabled”.
![how to open worksheet in excel xlam file how to open worksheet in excel xlam file](https://www.automateexcel.com/excel/wp-content/uploads/2019/11/excel-add-in-trust-center.png)
There were no results, no new salary, no bonus information (I was going to buy a boat!), no nothing. The contents of the spreadsheet were immediately disappointing. How did the sender entice the user, you ask? They used a classic phishing lure in the subject line: “Annual Employee Evaluation Report.” I mean, how could you not open it and see how you did last year?! Even we were intrigued, so we popped open the attachment to see how the evaluation went. Just like any phishing campaign involving Microsoft Office files, the user had to be enticed into opening it. The attachment consisted of a Microsoft Excel workbook (.xlsm) that contained a Visual Basic (VBA) macro-I know… we shuddered as well. A customer involved in a penetration test reached out to us recently about a suspicious email message that one of their employees received.