Commit 17d7c66c2eb7a5fdbae2962b9e595de1f0212734
1 parent
6fe312b3
olevba: added ActiveX triggers GotFocus|LostFocus|MouseHover (issue #80)
Showing
1 changed file
with
2 additions
and
2 deletions
oletools/olevba.py
| @@ -479,8 +479,8 @@ AUTOEXEC_KEYWORDS = { | @@ -479,8 +479,8 @@ AUTOEXEC_KEYWORDS = { | ||
| 479 | 'Runs when the file is opened (using InkPicture ActiveX object)': | 479 | 'Runs when the file is opened (using InkPicture ActiveX object)': |
| 480 | # ref:https://twitter.com/joe4security/status/770691099988025345 | 480 | # ref:https://twitter.com/joe4security/status/770691099988025345 |
| 481 | (r'\w+_Painted',), | 481 | (r'\w+_Painted',), |
| 482 | - | ||
| 483 | - #TODO: full list in MS specs?? | 482 | + 'Runs when the file is opened and ActiveX objects trigger events': |
| 483 | + (r'\w+_(?:GotFocus|LostFocus|MouseHover)',), | ||
| 484 | } | 484 | } |
| 485 | 485 | ||
| 486 | # Suspicious Keywords that may be used by malware | 486 | # Suspicious Keywords that may be used by malware |