Update olevba.py

even after adding the raw string, _r'HKCU\Environment'_ and _r'HKEY_CURRENT_USER\Environment'_ do not match correctly. I temporarily removed them.

Update olevba.py
even after adding the raw string, _r'HKCU\Environment'_ and _r'HKEY_CURRENT_USER\Environment'_ do not match correctly. I temporarily removed them.
mindsd · GitHub
1 parent 82c4f579
Showing 1 changed file with 1 additions and 2 deletions
oletools/olevba.py
@@ -662,8 +662,7 @@ SUSPICIOUS_KEYWORDS = {
     #TODO: use regex to support variable whitespaces
     #http://www.certego.net/en/news/advanced-vba-macros/
     'May read system environment variables':
-        ('Environ','Win32_Environment','Environment','ExpandEnvironmentStrings','HKCU\Environment',
-        'HKEY_CURRENT_USER\Environment'),
+        ('Environ','Win32_Environment','Environment','ExpandEnvironmentStrings'),
     'May open a file':
         ('Open',),
     'May write to a file (if combined with Open)':