mraptor: added keywords RUN and CALL for XLM macros (issue #562)

decalage2
1 parent 6d7514ce
Showing 2 changed files with 4 additions and 3 deletions
oletools/mraptor.py
setup.py
@@ -60,8 +60,9 @@ http://www.decalage.info/python/oletools
 # 2018-05-25 v0.53 PL: - added Word/PowerPoint 2007+ XML (aka Flat OPC) issue #283
 # 2019-04-04 v0.54 PL: - added ExecuteExcel4Macro, ShellExecuteA, XLM keywords
 # 2019-11-06 v0.55 PL: - added SetTimer
+# 2020-04-20 v0.56 PL: - added keywords RUN and CALL for XLM macros (issue #562)
  
-__version__ = '0.55.2'
+__version__ = '0.56dev5'
  
 #------------------------------------------------------------------------------
 # TODO:
@@ -134,7 +135,7 @@ re_write = re.compile(r&#39;(?i)\b(?:FileCopy|CopyFile|Kill|CreateTextFile|&#39;
 # MS-VBAL 5.2.3.5 External Procedure Declaration
 RE_DECLARE_LIB = r'(?:\bDeclare\b[^\n]+\bLib\b)'
  
-re_execute = re.compile(r'(?i)\b(?:Shell|CreateObject|GetObject|SendKeys|'
+re_execute = re.compile(r'(?i)\b(?:Shell|CreateObject|GetObject|SendKeys|RUN|CALL|'
     + r'MacScript|FollowHyperlink|CreateThread|ShellExecuteA?|ExecuteExcel4Macro|EXEC|REGISTER|SetTimer)\b|' + RE_DECLARE_LIB)
  
  
@@ -52,7 +52,7 @@ import os, fnmatch
 #--- METADATA -----------------------------------------------------------------
  
 name         = "oletools"
-version      = '0.56dev4'
+version      = '0.56dev5'
 desc         = "Python tools to analyze security characteristics of MS Office and OLE files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), for Malware Analysis and Incident Response #DFIR"
 long_desc    = open('oletools/README.rst').read()
 author       = "Philippe Lagadec"