Creating Malicious Word Documents

4 min readNov 30, 2022

Hi readers, here we will be looking into creating malicious word documents with the intent of running system commands using macro functionality. Below is the sample VBA code for automatically opening notepad.exe.

Sub AutoOpen()

Dim Shell As Object
Set Shell = CreateObject("")
Shell.Run "notepad"

End Sub

Steps to add VBA macro in MS-word-

a) Go to View-> Macros

b) Macros window will pop up. Here we need to give a macro name and choose a word document for which we are creating a macro and then click Create.

c) Edit the macro-

d) Save the file, exit, and reopen. Notepad will run automatically upon opening.

Some of the other functions which we can use are-

  • AutoOpen runs each time you open an existing document.
  • AutoExit runs when you exit Word.
  • AutoExec runs when you start Word.