Jump to content

oletools v0.55


Recommended Posts

Main changes in oletools v0.55:

  • olevba:
    • added support for SLK files and XLM macro extraction from SLK
    • VBA Stomping detection
    • integrated pcodedmp to extract and disassemble P-code
    • detection of suspicious keywords and IOCs in P-code
    • new option --pcode to display P-code disassembly
    • improved detection of auto execution triggers
  • rtfobj: added URL carver for CVE-2017-0199
  • better handling of unicode for systems with locale that does not support UTF-8, e.g. LANG=C (PR #365)
  • tests:
    • test files can now be encrypted, to avoid antivirus alerts (PR #217, issue #215)
    • tests that trigger antivirus alerts have been temporarily disabled (issue #215)

How to install with pip: https://github.com/decalage2/oletools/wiki/Install


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...