Fake Word Document EXE File

Generate an exe file with a Word icon. When executed, it automatically releases the built-in Word document, copies itself to the %User%\Documents directory, launches, and then deletes itself.

Operation Method

Create a new listener
Run the module

Download the generated VS project

Modify the Word document content in the project (DO NOT change the filename!!!!)

Open the project in VS and compile

Rename the compiled exe to a phishing filename

For example: Security_Development_Manual.docx.exe

Send to the target through spear-phishing email

Running Effect

After double-clicking the exe, it will release a docx file locally and open it, then delete itself (the exe file)

The program will copy itself to the %USER%\Documents directory and execute