In diary entry "Quick Tip: Extracting all VBA Code from a Maldoc" I explain which options to use with oledump.py to extract all VBA code with a single command. I promised that I would update oledump.py so that it can also produce JSON output with all VBA code. This is now done with version 0.0.55. Existing option -j (--json) produces a JSON object with the content (base64 encoded) of each stream found inside the analyzed ole file. Combining option -j and -v produces a JSON object with the VBA code (base64 encoded) of each stream module found inside the analyzed ole file: Didier Stevens |
DidierStevens 546 Posts ISC Handler Nov 22nd 2020 |
Thread locked Subscribe |
Nov 22nd 2020 4 months ago |
Sign Up for Free or Log In to start participating in the conversation!