From 13a71c47548d16d98cbe9f4e7048fdc6f63d05e3 Mon Sep 17 00:00:00 2001 From: Philippe Lagadec Date: Sat, 28 Feb 2015 19:00:09 +0100 Subject: [PATCH] olevba: fixed issue #5 in doc, --hex option renamed to --decode --- oletools/doc/olevba.html | 6 +++--- oletools/doc/olevba.md | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/oletools/doc/olevba.html b/oletools/doc/olevba.html index 5ef7856..3dca490 100644 --- a/oletools/doc/olevba.html +++ b/oletools/doc/olevba.html @@ -64,15 +64,15 @@ Options: -i INPUT, --input=INPUT input file containing VBA source code to be analyzed (no parsing) - --hex display all the hex-encoded strings with their decoded - content. + --decode display all the obfuscated strings with their decoded + content (Hex, Base64, StrReverse, Dridex).

Examples

Scan a single file:

olevba.py file.doc

Scan a single file, stored in a Zip archive with password "infected":

olevba.py malicious_file.xls.zip -z infected

Scan a single file, showing all obfuscated strings decoded:

-
olevba.py file.doc --hex
+
olevba.py file.doc --decode

Scan VBA source code extracted into a text file:

olevba.py -i source_code.vba

Scan a collection of files stored in a folder:

diff --git a/oletools/doc/olevba.md b/oletools/doc/olevba.md index c27ab2f..51a4609 100644 --- a/oletools/doc/olevba.md +++ b/oletools/doc/olevba.md @@ -76,9 +76,9 @@ and potential IOCs (URLs, IP addresses, e-mail addresses, executable filenames, -i INPUT, --input=INPUT input file containing VBA source code to be analyzed (no parsing) - --hex display all the hex-encoded strings with their decoded - content. - + --decode display all the obfuscated strings with their decoded + content (Hex, Base64, StrReverse, Dridex). + ### Examples Scan a single file: @@ -94,7 +94,7 @@ Scan a single file, stored in a Zip archive with password "infected": Scan a single file, showing all obfuscated strings decoded: :::text - olevba.py file.doc --hex + olevba.py file.doc --decode Scan VBA source code extracted into a text file: -- libgit2 0.21.4