oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
2022-05-09 v0.60.1:
More details about fixed issues and improvements in 0.60: https://github.com/decalage2/oletools/milestone/10?closed=1
More details about fixed issues and improvements in 0.60: https://github.com/decalage2/oletools/milestone/10?closed=1
More details about fixed issues and improvements in 0.56: https://github.com/decalage2/oletools/milestone/9?closed=1
More details about fixed issues and improvements in 0.56: https://github.com/decalage2/oletools/milestone/9?closed=1
How to install with pip: https://github.com/decalage2/oletools/wiki/Install
Main changes in oletools v0.55:
How to install with pip: https://github.com/decalage2/oletools/wiki/Install
This is a bugfix release for oletools 0.54.
Changes:
How to install/update with pip: https://github.com/decalage2/oletools/wiki/Install
Main changes in oletools 0.54:
How to install with pip: https://github.com/decalage2/oletools/wiki/Install
2018-06-13 v0.53.1: Bugfix release - rtfobj: fixed issue #316, whitespace after \bin on Python 3 - olevba3: fixed #320, chr instead of unichr on python 3 - olevba3: fixed #322, import reduce from functools
2018-05-30 v0.53: - olevba and mraptor can now parse Word/PowerPoint 2007+ pure XML files (aka Flat OPC format) - improved support for VBA forms in olevba (oleform) - rtfobj now displays the CLSID of OLE objects, which is the best way to identify them. Known-bad CLSIDs such as MS Equation Editor are highlighted in red. - Updated rtfobj to handle obfuscated RTF samples. - rtfobj now handles the "\'" obfuscation trick seen in recent samples such as https://twitter.com/buffaloverflow/status/989798880295444480, by emulating the MS Word bug described in https://securelist.com/disappearing-bytes/84017/ - msodde: improved detection of DDE formulas in CSV files - oledir now displays the tree of storage/streams, along with CLSIDs and their meaning. - common.clsid contains the list of known CLSIDs, and their links to CVE vulnerabilities when relevant. - oleid now detects encrypted OpenXML files - fixed bugs in oleobj, rtfobj, oleid, olevba