Skip to content

oletools v0.55
Compare
Choose a tag to compare
@decalage2 decalage2 released this 03 Dec 23:42
· 312 commits to master since this release
v0.55
35786cc

Main changes in oletools v0.55:

  • olevba:
    • added support for SLK files and XLM macro extraction from SLK
    • VBA Stomping detection
    • integrated pcodedmp to extract and disassemble P-code
    • detection of suspicious keywords and IOCs in P-code
    • new option --pcode to display P-code disassembly
    • improved detection of auto execution triggers
  • rtfobj: added URL carver for CVE-2017-0199
  • better handling of unicode for systems with locale that does not support UTF-8, e.g. LANG=C (PR #365)
  • tests:
    • test files can now be encrypted, to avoid antivirus alerts (PR #217, issue #215)
    • tests that trigger antivirus alerts have been temporarily disabled (issue #215)

How to install with pip: https://github.com/decalage2/oletools/wiki/Install

Assets 4