From 39aec1e9a0b220e84f91491b3b29b164113f9d3c Mon Sep 17 00:00:00 2001
From: Mr-Un1k0d3r <mr.un1k0d3r@gmail.com>
Date: Wed, 21 Sep 2016 19:26:17 -0400
Subject: [PATCH] Update README.md

---
 README.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 28f265f..67d5bdf 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,7 @@
 ## MaliciousMacroGenerator
 #Malicious Macro Generator Utility
----
+
 Simple utility design to generate obfuscated macro that also include a AV / Sandbox escape trick
----
 
 #Requirement
 ```
@@ -22,3 +21,10 @@ Usage: GenMacro.py [template] [domain] [offset] [payload] [output]
         
 python GenMacro.py "base.vba" "RingZer0" 3 "cmd.exe /c ping ringzer0team.com" malicious.vba
 ```
+
+#Evasion technique
+```
+The macro is fetching the USERDOMAIN environment variable and compare the value with a predefined one. If they match the final payload is executed.
+
+The python script will also generate obfuscated code to avoid heuristic detection
+```