Published: 2020-12-06. Last Updated: 2020-12-06 13:07:39 UTC
by Didier Stevens (Version: 1)
My tool oledump uses indicators, you're probably most familiar with indicators M and m that indicate that a stream contains macros.

Here is an overview of all possible indicators:

  • M: Macro (attributes and code)
  • m: macro (attributes without code)
  • E: Error (code that throws an error when decompressed)
  • !: Unusual macro (code without attributes)
  • O: object (embedded file)
  • .: storage
  • R: root entry

If you want to know more, I recorded this video:


Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

