Stay up to date on releases
Create your free account today to subscribe to this repository for notifications about new releases, and build software alongside 40 million developers on GitHub.
Sign up for free See pricing for teams and enterprises
decalage2
released this
Main changes in oletools v0.55:
- olevba:
- added support for SLK files and XLM macro extraction from SLK
- VBA Stomping detection
- integrated pcodedmp to extract and disassemble P-code
- detection of suspicious keywords and IOCs in P-code
- new option --pcode to display P-code disassembly
- improved detection of auto execution triggers
- rtfobj: added URL carver for CVE-2017-0199
- better handling of unicode for systems with locale that does not support UTF-8, e.g. LANG=C (PR #365)
- tests:
How to install with pip: https://github.com/decalage2/oletools/wiki/Install