Removing Passwords from VBA Projects

Occasionally I’ll encounter a maldoc that has a password-protected VBA project. While tools such as oledump may still extract the macros, the password protection is typically encountered when accessing the project through the Office/VBA IDE (which I typically use for dynamic analysis). This happens rare enough that I often forget the steps of removing the password so thought I’d start collecting possible solutions.

Word – 2007+

Sample MD5: dc989fa836fa93fe1f158fa490382686

Password prompt when accessing the VBA project in the VBA IDE

With this type of document, you can rename the original file with a .zip extension, this will allow you to explore the contents. This type of file uses the Open XML file format, which stores all necessary files and folders in a compressed, ZIP file.

Explore contents of Word document as a ZIP archive

After opening the archive, navigate to the word folder and extract the file vbaProject.bin.

Next, open that file in a hex editor and search for the ASCII string DPB, replace the B with a lower-case x.

Correct instance of DPB string is followed by an equal (=) sign

Save this file and drag/drop into the original location in the archive. Next, remove the zip file extension and add the original doc/docx/etc. You’re now ready to open the document with Word. You may receive an dialog about an invalid property – you can safely ignore this message.

Changing DPB results in an invalid key

Finally, you can open the project via the Developer tab. Right-click on the project in the project explorer window and select <project> properties. On the protection tab, uncheck Lock project for viewing and save the document. This removes this protection and allows you to now access the macros.

Unlock VBA project

The post Removing Passwords from VBA Projects appeared first on

Article Link: