oleobj/oleid: very large OLE object not reported

[decalage2]

The sample reported in this article https://research.checkpoint.com/2024/maldocs-of-word-and-excel-vigor-of-the-ages/#enormous-oleobject contains several OLE objects in an XLSM file, one of which is 2GB large. That object seems to contain an equation editor exploit, but it is not reported by oleobj nor by oleid.

Moreover, olevba takes a long time to parse the file, whereas the large OLE object does not contain VBA macros. It's probably because the OLE file of the OLE object must be decompressed in RAM to check if it does not contain macros.