mraptor, olevba: add VBA trigger using customUI - Githubissues

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.89k stars 565 forks source link

mraptor, olevba: add VBA trigger using customUI #733

Open decalage2 opened 2 years ago

decalage2 commented 2 years ago

customUI provides an alternate way to trigger VBA macros.

See https://www.netero1010-securitylab.com/evasion/execution-of-remote-vba-script-in-excel

Different cases:

customUI/onLoad
customUI/command/onAction (with idMso matching a command)
and each case can have either a namespace for Office 2007 or 2010

List of values for command/idMso: