# VBA Stomping

VBA Stomping refers to destroying the VBA source code in an office document, leaving only the compiled/p-code of the document. 

As long as the p-code is compatible with the current VBA version on the system, it will get executed. The p-code is n, what gets displayed in the macro editor, is not the decompressed VBA source, but the decompiled p-code.

We can do this with EvilClippy like so:

```
EvilClippy.exe -s fakecode.vba -t 2016x86 macrofile.doc
```

{% embed url="<https://medium.com/walmartglobaltech/vba-stomping-advanced-maldoc-techniques-612c484ab278>" %}

{% embed url="<https://github.com/outflanknl/EvilClippy>" %}