Skip to main content

Oletools

Sus emails part 2

https://www.reddit.com/r/immersivelabs/comments/l4b7gt/comment/k81v2ki/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

 

Tools in oletools

Tools to analyze malicious documents

  • oleid: analyzes OLE files to detect specific characteristics usually found in malicious files.
  • olevba: extracts and analyzes VBA macro source code from MS Office documents (OLE and Open XML).
  • MacroRaptor: detects malicious VBA Macros. (mraptor -m <file> for strings)
  • msodde: detects and extracts DDE/DDEAUTO links from MS Office documents, RTF and CSV.
  • pyxswf: detects, extracts, and analyzes Flash objects (SWF) that may be embedded in files such as MS Office documents and RTF, which is especially useful for malware analysis.
  • oleobj: extracts embedded objects from OLE files.
  • rtfobj: extracts embedded objects from RTF files.

Tools to analyze the structure of OLE files

  • olebrowse: a simple GUI to browse OLE files (e.g. MS Word, Excel, PowerPoint documents), allowing you to view and extract individual data streams.
  • olemeta: extracts all standard properties (metadata) from OLE files.
  • oletimes: extracts creation and modification timestamps of all streams and storages.
  • oledir: displays all the directory entries of an OLE file, including free and orphaned entries.
  • olemap: displays a map of all the sectors in an OLE file.

Back to top