Peter M. Groen / oletools

Commit 715b4e1b4c4cd3d15e35b0c1c837c56208a6df02

Authored by decalage2
1 parent fa49ae62

clsid: added MSI CLSIDs

Inline Side-by-side
Showing 2 changed files with 7 additions and 3 deletions
oletools/common/clsid.py
  View file @715b4e1
@@ -12,7 +12,7 @@ http://www.decalage.info/python/oletools @@ -12,7 +12,7 @@ http://www.decalage.info/python/oletools
12 12
13 #=== LICENSE ================================================================== 13 #=== LICENSE ==================================================================
14 14
15 -# oletools are copyright (c) 2018-2021 Philippe Lagadec (http://www.decalage.info) 15 +# oletools are copyright (c) 2018-2023 Philippe Lagadec (http://www.decalage.info)
16 # All rights reserved. 16 # All rights reserved.
17 # 17 #
18 # Redistribution and use in source and binary forms, with or without modification, 18 # Redistribution and use in source and binary forms, with or without modification,
@@ -43,7 +43,7 @@ http://www.decalage.info/python/oletools @@ -43,7 +43,7 @@ http://www.decalage.info/python/oletools
43 # 2018-04-18 PL: - added known-bad CLSIDs from Cuckoo sandbox (issue #290) 43 # 2018-04-18 PL: - added known-bad CLSIDs from Cuckoo sandbox (issue #290)
44 # 2018-05-08 PL: - added more CLSIDs (issues #299, #304), merged and sorted 44 # 2018-05-08 PL: - added more CLSIDs (issues #299, #304), merged and sorted
45 45
46 -__version__ = '0.60.1.dev1' 46 +__version__ = '0.60.2.dev2'
47 47
48 48
49 # REFERENCES: 49 # REFERENCES:
@@ -93,6 +93,10 @@ KNOWN_CLSIDS = { @@ -93,6 +93,10 @@ KNOWN_CLSIDS = {
93 '0003000D-0000-0000-C000-000000000046': 'OLE Package Object (may contain and run any file)', 93 '0003000D-0000-0000-C000-000000000046': 'OLE Package Object (may contain and run any file)',
94 '0003000E-0000-0000-C000-000000000046': 'OLE Package Object (may contain and run any file)', 94 '0003000E-0000-0000-C000-000000000046': 'OLE Package Object (may contain and run any file)',
95 '0004A6B0-0000-0000-C000-000000000046': 'Microsoft Equation 2.0 (Known Related to CVE-2017-11882 or CVE-2018-0802)', # TODO: to be confirmed 95 '0004A6B0-0000-0000-C000-000000000046': 'Microsoft Equation 2.0 (Known Related to CVE-2017-11882 or CVE-2018-0802)', # TODO: to be confirmed
  96 + # Referenced in https://devblogs.microsoft.com/setup/identifying-windows-installer-file-types/ :
  97 + '000C1082-0000-0000-C000-000000000046': 'MSI Transform (mst)',
  98 + '000C1084-0000-0000-C000-000000000046': 'MSI Installer Package (msi)',
  99 + '000C1086-0000-0000-C000-000000000046': 'MSI Patch Package (psp)',
96 '048EB43E-2059-422F-95E0-557DA96038AF': 'Microsoft Powerpoint.Slide.12', 100 '048EB43E-2059-422F-95E0-557DA96038AF': 'Microsoft Powerpoint.Slide.12',
97 '05741520-C4EB-440A-AC3F-9643BBC9F847': 'otkloadr.WRLoader (can be used to bypass ASLR after triggering an exploit)', 101 '05741520-C4EB-440A-AC3F-9643BBC9F847': 'otkloadr.WRLoader (can be used to bypass ASLR after triggering an exploit)',
98 '06290BD2-48AA-11D2-8432-006008C3FBFC': 'Factory bindable using IPersistMoniker (scripletfile)', 102 '06290BD2-48AA-11D2-8432-006008C3FBFC': 'Factory bindable using IPersistMoniker (scripletfile)',
setup.py
  View file @715b4e1
@@ -55,7 +55,7 @@ import os, fnmatch @@ -55,7 +55,7 @@ import os, fnmatch
55 #--- METADATA ----------------------------------------------------------------- 55 #--- METADATA -----------------------------------------------------------------
56 56
57 name = "oletools" 57 name = "oletools"
58 -version = '0.60.2dev1' 58 +version = '0.60.2dev2'
59 desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR" 59 desc = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR"
60 long_desc = open('oletools/README.rst').read() 60 long_desc = open('oletools/README.rst').read()
61 author = "Philippe Lagadec" 61 author = "Philippe Lagadec"