Skip to content
Please note that GitHub no longer supports Internet Explorer.

We recommend upgrading to the latest Microsoft Edge, Google Chrome, or Firefox.

Learn more

@decalage2 decalage2 released this Dec 3, 2019 · 30 commits to master since this release

Main changes in oletools v0.55:

  • olevba:
    • added support for SLK files and XLM macro extraction from SLK
    • VBA Stomping detection
    • integrated pcodedmp to extract and disassemble P-code
    • detection of suspicious keywords and IOCs in P-code
    • new option --pcode to display P-code disassembly
    • improved detection of auto execution triggers
  • rtfobj: added URL carver for CVE-2017-0199
  • better handling of unicode for systems with locale that does not support UTF-8, e.g. LANG=C (PR #365)
  • tests:
    • test files can now be encrypted, to avoid antivirus alerts (PR #217, issue #215)
    • tests that trigger antivirus alerts have been temporarily disabled (issue #215)

How to install with pip: https://github.com/decalage2/oletools/wiki/Install

Assets 4
You can’t perform that action at this time.