ftguess: DOCX not identified properly

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.89k stars 565 forks source link

ftguess: DOCX not identified properly #828

Open decalage2 opened 11 months ago

decalage2 commented 11 months ago

this sample is detected as Generic Zip Archive instead of DOCX: f1cdd47f7a2502902d15adf3ac79c0f86348ba09f4a482ab9108ad98258edb55

source: https://twitter.com/Timele9527/status/1195272502135549953 https://app.any.run/tasks/fc3ac788-a109-4184-93a6-cb96021de0ac/