oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
ftguess.py khaosat_trieuchung.doc
ftguess 0.60.2dev3 on Python 3.9.0 - http://decalage.info/python/oletools
THIS IS WORK IN PROGRESS - Check updates regularly!
Please report any issue at https://github.com/decalage2/oletools/issues
File : khaosat_trieuchung.doc
File Type : Generic OLE/CFB file
Description: Generic OLE file / Compound File (unknown format)
Application: Unknown Application
Container : OLE
Root CLSID : - None
Content-type(s) :
PUID : None
It would be possible to enhance format detection by checking the presence of well-known stream names such as WordDocument for Word, and also the application name in document properties:
An OLE file without root storage CLSID is not properly identified by ftguess, for example this sample: 167949ba90da85c8b56878d95be19c1a - https://app.any.run/tasks/b42b3dff-1ff9-49ac-96f6-df8e4d9927bd/#
It would be possible to enhance format detection by checking the presence of well-known stream names such as WordDocument for Word, and also the application name in document properties: