kevross33
commented
9 years ago closing this office pull request as am creating a new one based on the new static format document (to avoid confusion)
Closed kevross33 closed 9 years ago
kevross33
commented
9 years ago closing this office pull request as am creating a new one based on the new static format document (to avoid confusion)
Add in indicator for office document containing macros but no edit time seen in Bartalex created documents (i.e Dridex).
I am not convinved though on the way this ends up in text. For instance the MD5 facec082a3cffddc43e668a3080487f5 from yesterday results in a severity 3 message of "The office file has 3 macros. The file also appears to have no edit time". In today's dridex document MD5 7d3d5d9a10053587ac981f85c18d0e8a the message becomes "The office file has 3 macros. The file also appears to have no content. The file also appears to have no edit time" which sounds too much of a listing and does not read particularly well but detection wise it is fine.