Oleid – Analyze OLE Files for Malicious Flash and Macros

oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics usually found in malicious files (e.g. malware). For example it can detect VBA macros and embedded Flash objects.

Oleid - Analyze OLE and Flash Malicious Files
Oleid – Analyze OLE and Flash Malicious Files

Some of the features with this tool:

  • Detect OLE file type from its internal structure (e.g. MS Word, Excel, PowerPoint, …)
  • Detect VBA Macros
  • Detect embedded Flash objects
  • Detect embedded OLE objects
  • Detect MS Office encryption
  • Can be used as a command-line tool
  • Python API to integrate it in your applications

This tool can be a good addition to give you a quick information for suspicious file. It will verify the encryption , type of file, potential security issues and more.

Planned improvements by the authors:

  • Extract the most important metadata fields
  • Support for OpenXML files and embedded OLE files
  • Generic VBA macros detection
  • Detect auto-executable VBA macros
  • Extended OLE file types detection
  • Detect unusual OLE structures (fragmentation, unused sectors, etc)
  • Options to scan multiple files
  • Options to scan files from encrypted zip archives
  • CSV output

You can read more and download this tool over here: https://github.com/decalage2/oletools/wiki/oleid

Notify of
Inline Feedbacks
View all comments