In diary entry “Quick Tip: Extracting all VBA Code from a Maldoc” I explain which options to use with oledump.py to extract all VBA code with a single command.
I promised that I would update oledump.py so that it can also produce JSON output with all VBA code.
This is now done with version 0.0.55. Existing option -j (–json) produces a JSON object with the content (base64 encoded) of each stream found inside the analyzed ole file. Combining option -j and -v produces a JSON object with the VBA code (base64 encoded) of each stream module found inside the analyzed ole file:
Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More
The post Quick Tip: Extracting all VBA Code from a Maldoc – JSON Format, (Sun, Nov 22nd) appeared first on Malware Devil.
https://malwaredevil.com/2020/11/22/quick-tip-extracting-all-vba-code-from-a-maldoc-json-format-sun-nov-22nd/?utm_source=rss&utm_medium=rss&utm_campaign=quick-tip-extracting-all-vba-code-from-a-maldoc-json-format-sun-nov-22nd
No comments:
Post a Comment