oledump's Indicators, (Sun, Dec 6th)
SANS Internet Storm Center, InfoCON: green 2020-12-06
My tool oledump uses indicators, you're probably most familiar with indicators M and m that indicate that a stream contains macros.
Here is an overview of all possible indicators:
- M: Macro (attributes and code)
- m: macro (attributes without code)
- E: Error (code that throws an error when decompressed)
- !: Unusual macro (code without attributes)
- O: object (embedded file)
- .: storage
- R: root entry
If you want to know more, I recorded this video:
Didier Stevens Senior handler Microsoft MVP blog.DidierStevens.com DidierStevensLabs.com
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.