oletools icon indicating copy to clipboard operation
oletools copied to clipboard

Published 20 hours ago verified publisher icon decalage2

Metadata

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

Results 173 oletools issues
Sort by recently updated
recently updated
newest added

olevba: extract and display references from VBA project

1 comment

decalage2 avatar decalage2

:+1: enhancement
olevba

olevba - detect external references in VBA project

1 comment

This technique can be used to detect sandboxing: https://conference.hitb.org/hitbsecconf2018ams/materials/D2T1%20-%20Aviv%20Grafi%20&%20Amit%20Dori%20-%20Sandbox%20Evasion%20Using%20VBA%20Referencing.pdf The VBA code could also check if Protected View is disabled, probably by looking at the registry.

decalage2 avatar decalage2

:+1: enhancement
olevba

OLEVBA do not show xls macro while OLEID indicate it exist

5 comment

**Affected tool:** olevba version 0.6 (latest) **Describe the bug** OLEVBA failed to show and detect the macro inside XLS file. While OleId do indicate that. ``` FILE: 062d8e8c3de4faeb07f686514dbb8f9d.xls Type: OLE...

randubin avatar randubin

:bug: bug
olevba
setup.py
oleid
XLM

olevba: improve parsing of XLM macros

I need to improve the parsing of XLM macros, probably something like this: - if format = OLE: - if XLMMacroDeobfuscator is installed, use it. - if not, or if...

decalage2 avatar decalage2

:bug: bug
olevba
XLM

XLM4 is not detected

2 comment

**Affected tool:** olevba,oleid **Describe the bug** XLM4 exists in the file, but oletools do not detect it. **File/Malware sample to reproduce the bug** https://bazaar.abuse.ch/sample/306433cdeddadf922a7849ab12431fbdb1f1f7f23dc4de1c2e378dcf9a05ca8a/ **How To Reproduce the bug** Tested...

randubin avatar randubin

:bug: bug
olevba

can't detect the macro in the virus xlsb

1 comment

**Affected tool:** **olevba** **Describe the bug** A clear and concise description of what the bug is. **File/Malware sample to reproduce the bug** **password : infected [REJ-113925551-Feb-21.xlsb.zip](https://github.com/decalage2/oletools/files/8115583/REJ-113925551-Feb-21.xlsb.zip)** **How To Reproduce the...

leezp avatar leezp

:bug: bug
olevba
XLM

String parsing slow with ~100,000+ strings

1 comment

**Affected tool:** olevba **Describe the bug** When an input file has on the order of ~100,000s of strings, `analyze_macros()` becomes very slow. Profiling reveals most of the time is spent...

Blacksyke avatar Blacksyke

:bug: bug
olevba

Avoid repeated string join()s in analyze_macros()

Change addressing #749 When an input file has on the order of ~100,000s of strings, `analyze_macros()` becomes very slow. Let's change this behavior to instead store extracted strings in their...

Blacksyke avatar Blacksyke

:bug: bug
olevba

Olevba: Add switch parameter to choose either XLMMacroDeobfuscator or plugin_biff for XLM-macros analysis

1 comment

At the moment `XLMMacroDeobfuscator` can't process files like `.slk` (it's not supported file extension there) However, if `XLMMacroDeobfuscator` is installed, it is automatically used for xlm-analysis in the current code,...

antmaxi avatar antmaxi

:+1: enhancement
olevba
proposal
XLM

extract_macros (of VBA_PARSER) doesn't extract macrosheet code anymore

8 comment

I'm not sure if this is a bug, or I'm missing a new feature or a specific action I should make, so i'll open it as a bug. Affected tool:...

eyaltemps avatar eyaltemps

:bug: bug
olevba

Metadata

2.8k
Stars
559
Forks
Watchers

Owner

verified publisher icon decalage2

Metadata

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

Back