Analysis Malicious HTA

Analysis Malicious HTA Skip to main content Analysis Malicious HTA By Diyar Saadi | WIN32 July 15, 2025 Another file used by attackers in cyberspace is a file known as HTA or HTML application extension. s is a Windows program that uses HTML, Dynamic HTML, and scripting languages such as VBScript or JScript to create a user interface and program logic. It runs with full trust, meaning it has more access to system resources than a typical web page. This makes them potentially useful for creating standalone applications but also a target for malicious actors. The HTA file is mostly used to download the second stage of the malware, and attackers and malware developers use PowerShell code in the HTA as well as in macros. The HTA code structure is as follows: As you can see, even VBA scripts can be used in the structure. Malware Sample : https://bazaar.abuse.ch/sample/83a02fa534ab80c2661d7ab12802abc716a7325d396ff2e8b701a45721b2b854/ Real Malicious HTA Code : Malicious HTA Code Analysis :