diff --git a/oletools/olevba.py b/oletools/olevba.py
index edabb97..b0da3c7 100755
--- a/oletools/olevba.py
+++ b/oletools/olevba.py
@@ -599,6 +599,8 @@ SUSPICIOUS_KEYWORDS = {
     'May detect WinJail Sandbox':
     # ref: http://www.cplusplus.com/forum/windows/96874/
         ('Afx:400000:0',),
+    'Memory manipulation':
+        ('VirtualAllocEx', 'RtlMoveMemory'),
 }
 
 # Regular Expression for a URL:
diff --git a/oletools/olevba3.py b/oletools/olevba3.py
index b122399..348b80d 100755
--- a/oletools/olevba3.py
+++ b/oletools/olevba3.py
@@ -570,6 +570,8 @@ SUSPICIOUS_KEYWORDS = {
     'May detect WinJail Sandbox':
     # ref: http://www.cplusplus.com/forum/windows/96874/
         ('Afx:400000:0',),
+    'Memory manipulation':
+        ('VirtualAllocEx', 'RtlMoveMemory'),
 }
 
 # Regular Expression for a URL: