The malicious doc mail has been sent to the organization.I am analyzing it but it don't contain any malicious VB script but officemalwarescanner does show it as creating
Api-Name GetTempPath
Api-Name CreateFile
Api-Name CloseHandle
Api-name WriteFile

I am trying to find any shell code if any .

i have posted the doc file at h__p://www.offensivecomputing.net/?q=ocsearch&ocq=aada36da206a13ed56979c1a6838a1e6.

Hello everyone!

My name is Dante Allegro , and as the newest member of the team my job is to work with members of the commercial community who wish to purchase products and services from Offensive Computing.

If you or your company would like to utilize the Offensive Computing malware database in your commercial product, or if you have a specific job that you feel the Offensive Computing team can assist you with , please contact me and I will be quite happy to assist you.

As I am on the road quite a bit please contact me directly at dallegro ( at ) offensivecomputing.net.