An experimental but useful project

ViperMonkey is a toolkit written in Python by Philippe Lagadec, developed to parse VBA macros and emulate their execution.

ViperMonkey acts as a VBA Emulation engine, and tries to analyze and deobfuscate malicious VBA Macros contained in Microsoft Office files (Word, Excel, PowerPoint, Publisher, etc).

Is an experimental project, as says the disclaimer:

- ViperMonkey is a very incomplete and experimental VBA Engine. For now it will NOT handle most real-life macros without errors.

- VBA parsing and emulation is extremely slow for now.

- VBA Emulation is hard and complex, because of all the features of the VBA language, of Microsoft Office applications, and all the DLLs and ActiveX objects that can be called from VBA.

- This open-source project is only developed on my scarce spare time, so do not expect miracles. Any help from you will be very appreciated!


  • Download the archive from the repository: and extract it.
  • (Linux/Mac) Install dependencies by running 
    sudo -H pip install -U -r requirements.txt
  • (Windows) Install dependencies by running
    pip install -U -r requirements.txt
  • Run ViberMonkey with
    python <file>

For more information and usage examples, refer to this article on Delage.Info: