 In his latest son's ISC Diary entry Xavier does the analysis of an interesting word document that he encountered, a malicious word document as you can guess and in this analysis he talks about many things and one of the things he mentions here is this function, the format document function as Xavier called it and it's a bit unclear as to what this function does and I created a word document that will show you what this function does so one of the things it does is it changes the color font to black and then it deletes headers here well this is a social engineering trick I created a document here with this function as macro inside so let's open this document and as you can see here a document with two pages the macros have been disabled, they didn't run and you can see just a title and here the text header that says you if the document isn't displayed correctly click settings and select enable this content now actually the content of this document is present if I select here you can see that I'm able to select some text but the text cannot be read because it's actually a white font so the color of the font is white and the background is also white and that's why you don't see anything now when I enable the content then the macro will run and it appears that the document has been decoded because now you can see the text but actually what did just happen is that this document was not really encoded but the color of the font now was set to black so that you can read it and the headers have been deleted so it's a social engineering trick to make you believe that by enabling the content you have actually decoded the document and not as in reality run macros that launch malicious executable