Peter M. Groen / oletools

Commit caa1e066049d8ad1995c433e820bb7461b41c3f4

Authored by Philippe Lagadec
1 parent c6db08ab

olevba: fixed small bug in suspicious keywords

Inline Side-by-side
Showing 1 changed file with 2 additions and 2 deletions
oletools/olevba.py
  View file @caa1e06
@@ -189,7 +189,7 @@ SUSPICIOUS_KEYWORDS = { @@ -189,7 +189,7 @@ SUSPICIOUS_KEYWORDS = {
189 #FileCopy: http://msdn.microsoft.com/en-us/library/office/gg264390%28v=office.15%29.aspx 189 #FileCopy: http://msdn.microsoft.com/en-us/library/office/gg264390%28v=office.15%29.aspx
190 #CopyFile: http://msdn.microsoft.com/en-us/library/office/gg264089%28v=office.15%29.aspx 190 #CopyFile: http://msdn.microsoft.com/en-us/library/office/gg264089%28v=office.15%29.aspx
191 'May create a text file': 191 'May create a text file':
192 - ('CreateTextFile'), 192 + ('CreateTextFile',),
193 #CreateTextFile: http://msdn.microsoft.com/en-us/library/office/gg264617%28v=office.15%29.aspx 193 #CreateTextFile: http://msdn.microsoft.com/en-us/library/office/gg264617%28v=office.15%29.aspx
194 'May run an executable file or a system command': 194 'May run an executable file or a system command':
195 ('Shell', 'vbNormalFocus', 'vbHide', 'vbMinimizedFocus', 'vbMaximizedFocus', 'vbNormalNoFocus', 'vbMinimizedNoFocus'), 195 ('Shell', 'vbNormalFocus', 'vbHide', 'vbMinimizedFocus', 'vbMaximizedFocus', 'vbNormalNoFocus', 'vbMinimizedNoFocus'),
@@ -219,7 +219,7 @@ SUSPICIOUS_KEYWORDS = { @@ -219,7 +219,7 @@ SUSPICIOUS_KEYWORDS = {
219 ('SendKeys', 'AppActivate'), 219 ('SendKeys', 'AppActivate'),
220 #SendKeys: http://msdn.microsoft.com/en-us/library/office/gg278655%28v=office.15%29.aspx 220 #SendKeys: http://msdn.microsoft.com/en-us/library/office/gg278655%28v=office.15%29.aspx
221 'May attempt to obfuscate malicious function calls': 221 'May attempt to obfuscate malicious function calls':
222 - ('CallByName'), 222 + ('CallByName',),
223 #CallByName: http://msdn.microsoft.com/en-us/library/office/gg278760%28v=office.15%29.aspx 223 #CallByName: http://msdn.microsoft.com/en-us/library/office/gg278760%28v=office.15%29.aspx
224 'May attempt to obfuscate specific strings': 224 'May attempt to obfuscate specific strings':
225 ('Chr', 'ChrB', 'ChrW'), 225 ('Chr', 'ChrB', 'ChrW'),