Commit c853b1e19b62b398ac8a2758055b8ebc8b3132bb
1 parent
5fe3fd31
olevba: added FlX to list of flags in triage mode
Showing
2 changed files
with
4 additions
and
4 deletions
oletools/olevba.py
| @@ -207,7 +207,7 @@ from __future__ import print_function | @@ -207,7 +207,7 @@ from __future__ import print_function | ||
| 207 | # 2018-04-15 v0.53 PL: - added support for Word/PowerPoint 2007+ XML (FlatOPC) | 207 | # 2018-04-15 v0.53 PL: - added support for Word/PowerPoint 2007+ XML (FlatOPC) |
| 208 | # (issue #283) | 208 | # (issue #283) |
| 209 | 209 | ||
| 210 | -__version__ = '0.53' | 210 | +__version__ = '0.53.1' |
| 211 | 211 | ||
| 212 | #------------------------------------------------------------------------------ | 212 | #------------------------------------------------------------------------------ |
| 213 | # TODO: | 213 | # TODO: |
| @@ -3606,7 +3606,7 @@ def main(cmd_line_args=None): | @@ -3606,7 +3606,7 @@ def main(cmd_line_args=None): | ||
| 3606 | # Here we do not close the vba_parser, because process_file may need it below. | 3606 | # Here we do not close the vba_parser, because process_file may need it below. |
| 3607 | 3607 | ||
| 3608 | if options.output_mode == 'triage': | 3608 | if options.output_mode == 'triage': |
| 3609 | - print('\n(Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, TXT=Text, M=Macros, ' \ | 3609 | + print('\n(Flags: OpX=OpenXML, XML=Word2003XML, FlX=FlatOPC XML, MHT=MHTML, TXT=Text, M=Macros, ' \ |
| 3610 | 'A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, ' \ | 3610 | 'A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, ' \ |
| 3611 | 'B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)\n') | 3611 | 'B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)\n') |
| 3612 | 3612 |
oletools/olevba3.py
| @@ -204,7 +204,7 @@ from __future__ import print_function | @@ -204,7 +204,7 @@ from __future__ import print_function | ||
| 204 | # 2018-05-13 v0.53 PL: - added support for Word/PowerPoint 2007+ XML (FlatOPC) | 204 | # 2018-05-13 v0.53 PL: - added support for Word/PowerPoint 2007+ XML (FlatOPC) |
| 205 | # (issue #283) | 205 | # (issue #283) |
| 206 | 206 | ||
| 207 | -__version__ = '0.53' | 207 | +__version__ = '0.53.1' |
| 208 | 208 | ||
| 209 | #------------------------------------------------------------------------------ | 209 | #------------------------------------------------------------------------------ |
| 210 | # TODO: | 210 | # TODO: |
| @@ -3594,7 +3594,7 @@ def main(cmd_line_args=None): | @@ -3594,7 +3594,7 @@ def main(cmd_line_args=None): | ||
| 3594 | vba_parser.close() | 3594 | vba_parser.close() |
| 3595 | 3595 | ||
| 3596 | if options.output_mode == 'triage': | 3596 | if options.output_mode == 'triage': |
| 3597 | - print('\n(Flags: OpX=OpenXML, XML=Word2003XML, MHT=MHTML, TXT=Text, M=Macros, ' \ | 3597 | + print('\n(Flags: OpX=OpenXML, XML=Word2003XML, FlX=FlatOPC XML, MHT=MHTML, TXT=Text, M=Macros, ' \ |
| 3598 | 'A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, ' \ | 3598 | 'A=Auto-executable, S=Suspicious keywords, I=IOCs, H=Hex strings, ' \ |
| 3599 | 'B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)\n') | 3599 | 'B=Base64 strings, D=Dridex strings, V=VBA strings, ?=Unknown)\n') |
| 3600 | 3600 |