- **olebrowse**: A simple GUI to browse OLE files (e.g. MS Word, Excel,
Powerpoint documents), to view and extract individual data streams.
-- **pyxswf**: a script to detect, extract and analyze Flash objects
- (SWF) that may be embedded in files such as MS Office documents (e.g.
- Word, Excel), which is especially useful for malware analysis.
+- **oleid**: a tool to analyze OLE files to detect specific
+ characteristics that could potentially indicate that the file is
+ suspicious or malicious.
+- **pyxswf**: a tool to detect, extract and analyze Flash objects (SWF)
+ that may be embedded in files such as MS Office documents (e.g. Word,
+ Excel), which is especially useful for malware analysis.
- and a few others (coming soon)
-- 2012-10-09: Initial version of olebrowse and pyxswf
+- 2012-10-29 v0.02: Added oleid
+- 2012-10-09 v0.01: Initial version of olebrowse and pyxswf
- see changelog in source code for more info.
For screenshots and other info, see
+oleid is a script to analyze OLE files such as MS Office documents (e.g.
+Word, Excel), to detect specific characteristics that could potentially
+indicate that the file is suspicious or malicious, in terms of security
+(e.g. malware). For example it can detect VBA macros, embedded Flash
+Example - analyzing a Word document containing a Flash object and VBA
+ C:\oletools>oleid.py word_flash_vba.doc
+ Filename: word_flash_vba.doc
+ Has SummaryInformation stream: True
+ Application name: Microsoft Office Word
+ PowerPoint Presentation: False