Commit b23bfde7a739537905b7b1603581a2da6ad6d2ee
1 parent
c203e02d
mraptor: collapse long lines before analysis
Showing
2 changed files
with
6 additions
and
5 deletions
oletools/mraptor.py
| @@ -2,8 +2,8 @@ | @@ -2,8 +2,8 @@ | ||
| 2 | """ | 2 | """ |
| 3 | mraptor.py - MacroRaptor | 3 | mraptor.py - MacroRaptor |
| 4 | 4 | ||
| 5 | -MacroRaptor is a script to parse OLE and OpenXML files such as MS Office documents | ||
| 6 | -(e.g. Word, Excel), to detect malicious macros. | 5 | +MacroRaptor is a script to parse OLE and OpenXML files such as MS Office |
| 6 | +documents (e.g. Word, Excel), to detect malicious macros. | ||
| 7 | 7 | ||
| 8 | Supported formats: | 8 | Supported formats: |
| 9 | - Word 97-2003 (.doc, .dot), Word 2007+ (.docm, .dotm) | 9 | - Word 97-2003 (.doc, .dot), Word 2007+ (.docm, .dotm) |
| @@ -49,8 +49,9 @@ http://www.decalage.info/python/oletools | @@ -49,8 +49,9 @@ http://www.decalage.info/python/oletools | ||
| 49 | # 2016-02-23 v0.01 PL: - first version | 49 | # 2016-02-23 v0.01 PL: - first version |
| 50 | # 2016-02-29 v0.02 PL: - added Workbook_Activate, FileSaveAs | 50 | # 2016-02-29 v0.02 PL: - added Workbook_Activate, FileSaveAs |
| 51 | # 2016-03-04 v0.03 PL: - returns an exit code based on the overall result | 51 | # 2016-03-04 v0.03 PL: - returns an exit code based on the overall result |
| 52 | +# 2016-03-08 v0.04 PL: - collapse long lines before analysis | ||
| 52 | 53 | ||
| 53 | -__version__ = '0.03' | 54 | +__version__ = '0.04' |
| 54 | 55 | ||
| 55 | #------------------------------------------------------------------------------ | 56 | #------------------------------------------------------------------------------ |
| 56 | # TODO: | 57 | # TODO: |
| @@ -153,8 +154,8 @@ class MacroRaptor(object): | @@ -153,8 +154,8 @@ class MacroRaptor(object): | ||
| 153 | MacroRaptor constructor | 154 | MacroRaptor constructor |
| 154 | :param vba_code: string containing the VBA macro code | 155 | :param vba_code: string containing the VBA macro code |
| 155 | """ | 156 | """ |
| 156 | - # TODO: collapse long lines first | ||
| 157 | - self.vba_code = vba_code | 157 | + # collapse long lines first |
| 158 | + self.vba_code = olevba.vba_collapse_long_lines(vba_code) | ||
| 158 | self.autoexec = False | 159 | self.autoexec = False |
| 159 | self.write = False | 160 | self.write = False |
| 160 | self.execute = False | 161 | self.execute = False |
oletools/oleobj.py
100644 → 100755