Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: oledump's Indicators (video) - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
oledump's Indicators (video)

My tool oledump uses indicators, you're probably most familiar with indicators M and m that indicate that a stream contains macros.

Here is an overview of all possible indicators:

  • M: Macro (attributes and code)
  • m: macro (attributes without code)
  • E: Error (code that throws an error when decompressed)
  • !: Unusual macro (code without attributes)
  • O: object (embedded file)
  • .: storage
  • R: root entry

If you want to know more, I recorded this video:


Didier Stevens
Senior handler
Microsoft MVP


650 Posts
ISC Handler
Dec 6th 2020

Sign Up for Free or Log In to start participating in the conversation!