oleobj: handle non-Package OLE objects

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.9k stars 563 forks source link

oleobj: handle non-Package OLE objects #542

Open decalage2 opened 4 years ago

decalage2 commented 4 years ago

For now, oleobj treats all OLE objects as Package. It should behave like rtfobj, checking the class of an OLE object to decide if it is a Package or not.

decalage2 commented 3 years ago

For example this XLSX sample stops with "WARNING *** Not an OLE 1.0 Object": https://app.any.run/tasks/2eace630-7baa-420f-973a-b417acda3754/ as shown in https://github.com/decalage2/oletools/discussions/655#discussioncomment-412792