oletools
oletools copied to clipboard
decalage2
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
customUI provides an alternate way to trigger VBA macros. See https://www.netero1010-securitylab.com/evasion/execution-of-remote-vba-script-in-excel Different cases: - customUI/onLoad - customUI/command/onAction (with idMso matching a command) - and each case can have either a...
https://attack.mitre.org/techniques/T1221/
Example: https://twitter.com/SBousseaden/status/1486756028700110852
Hi Decalage For a long while I've been looking to make a VBA IDE outside of the VBE (because the VBE is rubbish) and I personally feel VBA macros should...
**Affected tool:** olevba, oleid, ftguess **Describe the bug** In some cases, large MHT files containing raw binary data with a zip file (e.g. embedded OpenXML) may be incorrectly identified as...
`oletools.olevba` will fail on import in the `colorclass` dependency in CPython 3.10: ``` $ oletools/bin/python3.10 -c "import oletools.olevba" Traceback (most recent call last): File "", line 1, in File "/oletools/lib/python3.10/site-packages/oletools/olevba.py",...
Traceback (most recent call last): File "C:\Users\yuhao01\AppData\Local\Programs\Python\Python310\lib\site-packages\oletools\olebrowse.py", line 133, in main ole = olefile.OleFileIO(filename) File "C:\Users\yuhao01\AppData\Local\Programs\Python\Python310\lib\site-packages\olefile\olefile.py", line 1075, in __init__ self.open(filename, write_mode=write_mode) File "C:\Users\yuhao01\AppData\Local\Programs\Python\Python310\lib\site-packages\olefile\olefile.py", line 1192, in open self._raise_defect(DEFECT_FATAL, "not...
**Affected tool:** rtfobj **Describe the bug** When using rtfobj against an RTF that contains an OLE2LNK object the current logic tries to run a string-based regex against a bytearray. This...
**Affected tool:** olevba **Describe the bug** malware with sha256 b02be8a230c8c3c92b1535ad44fe2c4a05866195cb2b9243dd9b2d48d7cb35ea (xls with VBA) make olevba crash with errors: WARNING invalid value for PROJECTLCID_Id expected 0002 got 004A WARNING invalid value...
**Affected tool:** ooxml, oletools **Describe the bug** While running this piece of code against a xlsm file (4.4MB of size) ``` xml_parser = ooxml.XmlParser(filepath) for relationship, target in oleobj.find_external_relationships(xml_parser): ```...
