From caa1e066049d8ad1995c433e820bb7461b41c3f4 Mon Sep 17 00:00:00 2001
From: Philippe Lagadec <decalage2@users.noreply.github.com>
Date: Mon, 5 Jan 2015 22:48:15 +0100
Subject: [PATCH] olevba: fixed small bug in suspicious keywords

---
 oletools/olevba.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/oletools/olevba.py b/oletools/olevba.py
index 5ef77d3..34793c6 100644
--- a/oletools/olevba.py
+++ b/oletools/olevba.py
@@ -189,7 +189,7 @@ SUSPICIOUS_KEYWORDS = {
         #FileCopy: http://msdn.microsoft.com/en-us/library/office/gg264390%28v=office.15%29.aspx
         #CopyFile: http://msdn.microsoft.com/en-us/library/office/gg264089%28v=office.15%29.aspx
     'May create a text file':
-        ('CreateTextFile'),
+        ('CreateTextFile',),
         #CreateTextFile: http://msdn.microsoft.com/en-us/library/office/gg264617%28v=office.15%29.aspx
     'May run an executable file or a system command':
         ('Shell', 'vbNormalFocus', 'vbHide', 'vbMinimizedFocus', 'vbMaximizedFocus', 'vbNormalNoFocus', 'vbMinimizedNoFocus'),
@@ -219,7 +219,7 @@ SUSPICIOUS_KEYWORDS = {
         ('SendKeys', 'AppActivate'),
         #SendKeys: http://msdn.microsoft.com/en-us/library/office/gg278655%28v=office.15%29.aspx
     'May attempt to obfuscate malicious function calls':
-        ('CallByName'),
+        ('CallByName',),
         #CallByName: http://msdn.microsoft.com/en-us/library/office/gg278760%28v=office.15%29.aspx
     'May attempt to obfuscate specific strings':
         ('Chr', 'ChrB', 'ChrW'),
--
libgit2 0.21.4