updated readme and doc

Philippe Lagadec
1 parent 0762f5bb
Showing 5 changed files with 18 additions and 5 deletions
README.md
oletools/README.html
oletools/README.rst
oletools/doc/olevba.html
oletools/doc/olevba.md
@@ -22,7 +22,9 @@ Note: python-oletools is not related to OLETools published by BeCubed Software.
 News
 ----
  
-- **2015-03-23 v0.09**: [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba) now supports Word 2003 XML files,
+- **2015-05-06 v0.10**: [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba) now supports Word MHTML files
+with macros, aka "Single File Web Page" (.mht)
+- 2015-03-23 v0.09: [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba) now supports Word 2003 XML files,
 added anti-sandboxing/VM detection
 - 2015-02-08 v0.08: [olevba](https://bitbucket.org/decalage/oletools/wiki/olevba) can now decode strings 
 obfuscated with Hex/StrReverse/Base64/Dridex and extract IOCs. Added new triage mode, support for non-western
@@ -4,7 +4,8 @@
 <p>Note: python-oletools is not related to OLETools published by BeCubed Software.</p>
 <h2 id="news">News</h2>
 <ul>
-<li><strong>2015-03-23 v0.09</strong>: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> now supports Word 2003 XML files, added anti-sandboxing/VM detection</li>
+<li><strong>2015-05-06 v0.10</strong>: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> now supports Word MHTML files with macros, aka &quot;Single File Web Page&quot; (.mht)</li>
+<li>2015-03-23 v0.09: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> now supports Word 2003 XML files, added anti-sandboxing/VM detection</li>
 <li>2015-02-08 v0.08: <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> can now decode strings obfuscated with Hex/StrReverse/Base64/Dridex and extract IOCs. Added new triage mode, support for non-western codepages with olefile 0.42, improved API and display, several bugfixes.</li>
 <li>2015-01-05 v0.07: improved <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a> to detect suspicious keywords and IOCs in VBA macros, can now scan several files and open password-protected zip archives, added a Python API, upgraded OleFileIO_PL to olefile v0.41</li>
 <li>2014-08-28 v0.06: added <a href="https://bitbucket.org/decalage/oletools/wiki/olevba">olevba</a>, a new tool to extract VBA Macro source code from MS Office documents (97-2003 and 2007+). Improved <a href="https://bitbucket.org/decalage/oletools/wiki">documentation</a></li>
@@ -26,7 +26,11 @@ Software.
 News
 ----
  
--  **2015-03-23 v0.09**:
+-  **2015-05-06 v0.10**:
+   `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__ now
+   supports Word MHTML files with macros, aka "Single File Web Page"
+   (.mht)
+-  2015-03-23 v0.09:
    `olevba <https://bitbucket.org/decalage/oletools/wiki/olevba>`__ now
    supports Word 2003 XML files, added anti-sandboxing/VM detection
 -  2015-02-08 v0.08:
@@ -16,13 +16,14 @@
 <li><p>Word 97-2003 (.doc, .dot)</p></li>
 <li><p>Word 2007+ (.docm, .dotm)</p></li>
 <li><p>Word 2003 XML (.xml)</p></li>
+<li><p>Word MHTML Single File Web Page (.mht)</p></li>
 <li><p>Excel 97-2003 (.xls)</p></li>
 <li><p>Excel 2007+ (.xlsm, .xlsb)</p></li>
 <li><p>PowerPoint 2007+ (.pptm, .ppsm)</p></li>
 </ul>
 <h2 id="main-features">Main Features</h2>
 <ul>
-<li><p>Detect VBA macros in MS Office 97-2003 and 2007+ files</p></li>
+<li><p>Detect VBA macros in MS Office 97-2003 and 2007+ files, XML, MHT</p></li>
 <li><p>Extract VBA macro source code</p></li>
 <li><p>Detect auto-executable macros</p></li>
 <li><p>Detect suspicious VBA keywords often used by malware</p></li>
@@ -238,6 +239,8 @@ ANALYSIS:
 <ul>
 <li><p><strong>OLE</strong>: the file type is OLE, for example MS Office 97-2003</p></li>
 <li><p><strong>OpX</strong>: the file type is OpenXML, for example MS Office 2007+</p></li>
+<li><p><strong>XML</strong>: the file type is Word 2003 XML</p></li>
+<li><p><strong>MHT</strong>: the file type is Word MHTML, aka Single File Web Page (.mht)</p></li>
 <li><p><strong>?</strong>: the file type is not supported</p></li>
 <li><p><strong>M</strong>: contains VBA Macros</p></li>
 <li><p><strong>A</strong>: auto-executable macros</p></li>
@@ -21,13 +21,14 @@ by John William Davison, with significant modifications.
 - Word 97-2003 (.doc, .dot)
 - Word 2007+ (.docm, .dotm)
 - Word 2003 XML (.xml)
+- Word MHTML Single File Web Page (.mht)
 - Excel 97-2003 (.xls)
 - Excel 2007+ (.xlsm, .xlsb)
 - PowerPoint 2007+ (.pptm, .ppsm)
  
 ## Main Features
  
-- Detect VBA macros in MS Office 97-2003 and 2007+ files
+- Detect VBA macros in MS Office 97-2003 and 2007+ files, XML, MHT
 - Extract VBA macro source code
 - Detect auto-executable macros
 - Detect suspicious VBA keywords often used by malware
@@ -200,6 +201,8 @@ The following flags show the results of the analysis:
  
 - **OLE**: the file type is OLE, for example MS Office 97-2003
 - **OpX**: the file type is OpenXML, for example MS Office 2007+
+- **XML**: the file type is Word 2003 XML
+- **MHT**: the file type is Word MHTML, aka Single File Web Page (.mht)
 - **?**: the file type is not supported
 - **M**: contains VBA Macros
 - **A**: auto-executable macros