olevba - add keyword search in document properties

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.92k stars 562 forks source link

olevba - add keyword search in document properties #133

Open decalage2 opened 7 years ago

decalage2 commented 7 years ago

Some malware samples use document properties to hide part of their payload.

Example: https://www.joesecurity.org/reports/report-952a36f4231c8628acea028b4145daec.html

decalage2 commented 7 years ago

Other examples:

https://twitter.com/JaromirHorejsi/status/856405706685198336
https://twitter.com/JaromirHorejsi/status/852418166814801923
https://twitter.com/JaromirHorejsi/status/849621401153744898