olevba: detect and extract Excel 4 Macros (XLM/XLF) in XLSM

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.91k stars 561 forks source link

olevba: detect and extract Excel 4 Macros (XLM/XLF) in XLSM #415

Open decalage2 opened 5 years ago

decalage2 commented 5 years ago

See #389 for details

decalage2 commented 4 years ago

Sample: https://twitter.com/DissectMalware/status/1250409114435551238

decalage2 commented 4 years ago

@DissectMalware developed a parser for XLSM to extract XLM macros (Apache license): https://twitter.com/DissectMalware/status/1250495410860371970 https://github.com/DissectMalware/XLMMacroDeobfuscator/blob/macro_emulator/xlsm_wrapper.py

decalage2 commented 4 years ago

TODO: check changes from PR #569, improve with an XML parser and/or use XLMMacroDeobfuscator