add hint about existing parameter when stomping is detected

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.81k stars 560 forks source link

add hint about existing parameter when stomping is detected #818

Open security-companion opened 1 year ago

security-companion commented 1 year ago

The other day I was analyzing a file and olevba detected VBA stomping. Only after researching I found out that olevba already has a tool included for showing the disassembled P-Code. Therefor I suggest adding a hint so that others know about the existing parameter.

xambroz commented 8 months ago

Easy and useful patch ... I would vote for this one as well.