Python-oletools/oleid

From aldeid
Jump to navigation Jump to search
You are here
oleid

Description

oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics usually found in malicious files (e.g. malware). For example it can detect VBA macros and embedded Flash objects.

For detailed use cases, refer to the official documentation.

Installation

Refer to this section.

Usage example

$ ./oleid.py /data/tmp/TestYourMind.ppt

Filename: /data/tmp/TestYourMind.ppt
+-------------------------------+----------------------+
| Indicator                     | Value                |
+-------------------------------+----------------------+
| OLE format                    | True                 |
| Has SummaryInformation stream | True                 |
| Application name              | Microsoft PowerPoint |
| Encrypted                     | False                |
| Word Document                 | False                |
| VBA Macros                    | False                |
| Excel Workbook                | False                |
| PowerPoint Presentation       | True                 |
| Visio Drawing                 | False                |
| ObjectPool                    | False                |
| Flash objects                 | 0                    |
+-------------------------------+----------------------+
Retrieved from "https://www.aldeid.com/w/index.php?title=Python-oletools/oleid&oldid=29343"