Commit 715b4e1b4c4cd3d15e35b0c1c837c56208a6df02
1 parent
fa49ae62
clsid: added MSI CLSIDs
Showing
2 changed files
with
7 additions
and
3 deletions
oletools/common/clsid.py
| ... | ... | @@ -12,7 +12,7 @@ http://www.decalage.info/python/oletools |
| 12 | 12 | |
| 13 | 13 | #=== LICENSE ================================================================== |
| 14 | 14 | |
| 15 | -# oletools are copyright (c) 2018-2021 Philippe Lagadec (http://www.decalage.info) | |
| 15 | +# oletools are copyright (c) 2018-2023 Philippe Lagadec (http://www.decalage.info) | |
| 16 | 16 | # All rights reserved. |
| 17 | 17 | # |
| 18 | 18 | # Redistribution and use in source and binary forms, with or without modification, |
| ... | ... | @@ -43,7 +43,7 @@ http://www.decalage.info/python/oletools |
| 43 | 43 | # 2018-04-18 PL: - added known-bad CLSIDs from Cuckoo sandbox (issue #290) |
| 44 | 44 | # 2018-05-08 PL: - added more CLSIDs (issues #299, #304), merged and sorted |
| 45 | 45 | |
| 46 | -__version__ = '0.60.1.dev1' | |
| 46 | +__version__ = '0.60.2.dev2' | |
| 47 | 47 | |
| 48 | 48 | |
| 49 | 49 | # REFERENCES: |
| ... | ... | @@ -93,6 +93,10 @@ KNOWN_CLSIDS = { |
| 93 | 93 | '0003000D-0000-0000-C000-000000000046': 'OLE Package Object (may contain and run any file)', |
| 94 | 94 | '0003000E-0000-0000-C000-000000000046': 'OLE Package Object (may contain and run any file)', |
| 95 | 95 | '0004A6B0-0000-0000-C000-000000000046': 'Microsoft Equation 2.0 (Known Related to CVE-2017-11882 or CVE-2018-0802)', # TODO: to be confirmed |
| 96 | + # Referenced in https://devblogs.microsoft.com/setup/identifying-windows-installer-file-types/ : | |
| 97 | + '000C1082-0000-0000-C000-000000000046': 'MSI Transform (mst)', | |
| 98 | + '000C1084-0000-0000-C000-000000000046': 'MSI Installer Package (msi)', | |
| 99 | + '000C1086-0000-0000-C000-000000000046': 'MSI Patch Package (psp)', | |
| 96 | 100 | '048EB43E-2059-422F-95E0-557DA96038AF': 'Microsoft Powerpoint.Slide.12', |
| 97 | 101 | '05741520-C4EB-440A-AC3F-9643BBC9F847': 'otkloadr.WRLoader (can be used to bypass ASLR after triggering an exploit)', |
| 98 | 102 | '06290BD2-48AA-11D2-8432-006008C3FBFC': 'Factory bindable using IPersistMoniker (scripletfile)', | ... | ... |
setup.py
| ... | ... | @@ -55,7 +55,7 @@ import os, fnmatch |
| 55 | 55 | #--- METADATA ----------------------------------------------------------------- |
| 56 | 56 | |
| 57 | 57 | name = "oletools" |
| 58 | -version = '0.60.2dev1' | |
| 58 | +version = '0.60.2dev2' | |
| 59 | 59 | desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" |
| 60 | 60 | long_desc = open('oletools/README.rst').read() |
| 61 | 61 | author = "Philippe Lagadec" | ... | ... |