Document Analysis using OfficeMalScanner Toolkit
DisView is bundled inside the OfficeMalScanner toolkit, it works by disassembling the code inside the malicious offset for further analysis.
In an incident, time is critical to the responder, and they must have the skills and the right tools to perform such an action to be able to quickly timeline the attack.
To use the tool:
Open command prompt run > DisView.exe <document_name> <offset_address>