Commits

Author Commit Message Labels Comments Date
decalage
updated setup.py for v0.08
decalage
updated doc and readme
decalage
olevba: improved VBA_Scanner and scan_vba API
decalage
olevba: updated VBA_Parser docstring
decalage
olevba: improved Base64 decoding, fixed triage mode not to scan attrib lines
decalage
oleid: added comments
decalage
olevba: improved Base64 detection and decoding
decalage
olevba: added several suspicious keywords
decalage
olevba: display exceptions with stack trace
decalage
olevba: renamed option --hex to --decode, fixed display
decalage
updated readme for v0.08
decalage
olevba: triage now uses VBA_Scanner results, shows Base64 and Dridex strings, exception handling in detect_base64_strings
decalage
olevba: added Base64 obfuscation decoding (contribution from @JamesHabben)
decalage
olevba: fixed issue #4: regex for URL, e-mail and exe filename
decalage
olevba: added DridexUrlDecoder from James Habben
decalage
olevba: added Dridex obfuscation decoding, improved display, shows obfuscation name
decalage
olevba: added option --hex to show all hex strings decoded
decalage
updated olefile to v0.42
decalage
olevba: improved the detection of IOCs obfuscated with hex strings and StrReverse
decalage
olefile: fixed a bug in _list when a storage is empty
decalage
improved olefile to specify the encoding for path names, changed default to UTF-8 on python 2.x to support non-Latin1 code pages
decalage
olevba: fixed issue #3, case-insensitive search in code_modules
decalage
olevba: removed .application from the list of executable extensions, scan reversed hex strings
decalage
olevba: removed .com from the list of executable extensions, added scan_vba to run all detection algorithms, decoded hex strings are now also scanned
decalage
olevba: added option -i to analyze VBA source code directly
decalage
olevba: added several suspicious keywords
decalage
olevba: fix for issue #3 (exception when module name="text")
decalage
olevba: added new triage mode, options -t and -d
decalage
olevba: fixed issue #2, decoding VBA stream names using specified codepage and enabling unicode stream names in olefile
decalage
olevba: added hex strings detection and decoding
  1. Prev
  2. Next