new option -pcode to display P-code disassembly.detection of suspicious keywords and IOCs in P-code.integrated pcodedmp to extract and disassemble P-code.added support for SLK files and XLM macro extraction from SLK.ppt_parser: fixed bug on Python 3 (issues #177, #607, PR #450).clsid: added PDF (issue #552), Microsoft Word Picture (issue #571).oleobj: "Ole10Native" is now case insensitive (issue #541).oleform: improved form parsing (PR #532).replaced option -pcode by -show-pcode and -no-pcode, replaced optparse by argparse (PR #479).
fixed detect_vba_macros to always return VBA code as unicode on Python 3 (issues #455, #477, #587, #593).enabled relaxed mode by default (issues #477, #593).fixed option -relaxed (issue #596, PR #595).fixed bug with email package due to monkeypatch for MHT parsing (issue #602, PR #604).fixed bug when decompressing raw chunks in VBA (issue #575).added -no-xlm option to disable Excel 4/XLM macros parsing (PR #532).added detection of many suspicious keywords (PR #591 and #569, see ).added detection of template injection (PR #569).added simple analysis of Excel 4/XLM macros in XLSM files (PR #569).updated plugin_biff to v0.0.17 to improve Excel 4/XLM macros parsing.added detection of trigger _OnConnecting.Note: python-oletools is not related to OLETools published by BeCubed Software. Quick links: Home page - Download/Install - Documentation - Report Issues/Suggestions/Questions - Contact the Author - Repository - Updates on Twitter Python-oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging.