From 17d7c66c2eb7a5fdbae2962b9e595de1f0212734 Mon Sep 17 00:00:00 2001
From: decalage2 <decalage@laposte.net>
Date: Sat, 17 Sep 2016 18:14:56 +0200
Subject: [PATCH] olevba: added ActiveX triggers GotFocus|LostFocus|MouseHover (issue #80)

---
 oletools/olevba.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/oletools/olevba.py b/oletools/olevba.py
index 80f296c..edabb97 100755
--- a/oletools/olevba.py
+++ b/oletools/olevba.py
@@ -479,8 +479,8 @@ AUTOEXEC_KEYWORDS = {
     'Runs when the file is opened (using InkPicture ActiveX object)':
         # ref:https://twitter.com/joe4security/status/770691099988025345
         (r'\w+_Painted',),
-
-    #TODO: full list in MS specs??
+    'Runs when the file is opened and ActiveX objects trigger events':
+        (r'\w+_(?:GotFocus|LostFocus|MouseHover)',),
 }
 
 # Suspicious Keywords that may be used by malware
--
libgit2 0.21.4