Warning: UPDATE command denied to user 'decalaged'@'10.0.135.99' for table 'cache' query: UPDATE cache SET data = 'a:181:{s:13:\"theme_default\";s:7:\"garland\";s:13:\"filter_html_1\";i:1;s:18:\"node_options_forum\";a:1:{i:0;s:6:\"status\";}s:27:\"menu_secondary_links_source\";s:13:\"primary-links\";s:20:\"freelinking_nodetype\";s:4:\"book\";s:15:\"install_profile\";s:7:\"default\";s:17:\"node_options_page\";a:2:{i:0;s:6:\"status\";i:1;s:7:\"promote\";}s:12:\"comment_page\";s:1:\"2\";s:18:\"drupal_private_key\";s:64:\"5ee87c350e7817c1b567a72fe25b8f8100c218a6f384611866c69facc5d9dd5a\";s:19:\"file_directory_temp\";s:4:\"/tmp\";s:13:\"user_register\";s:1:\"0\";s:9:\"clean_url\";s:1:\"1\";s:21:\"filter_default_format\";i:1;s:19:\"filter_ in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128

Warning: INSERT command denied to user 'decalaged'@'10.0.135.99' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:1023:\"UPDATE command denied to user 'decalaged'@'10.0.135.99' for table 'cache_filter'\nquery: UPDATE cache_filter SET data = '<p>oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the <a href=\\"../../../../../../en/python/oletools\\"& in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128

Warning: INSERT command denied to user 'decalaged'@'10.0.135.99' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:7:\"warning\";s:8:\"%message\";s:97:\"array_map() [<a href=\'function.array-map\'>function.array-map</a>]: Argument #2 should be an array\";s:5:\"%file\";s:59:\"/homez.14/decalaged/www/drupal/modules/system/system.module\";s:5:\"%line\";i:1015;}', 3, '', 'http://www.decalage.info/en/python/oleid', '', '54.235.20.17', 1369307280) in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128

Warning: INSERT command denied to user 'decalaged'@'10.0.135.99' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:7:\"warning\";s:8:\"%message\";s:107:\"array_keys() [<a href=\'function.array-keys\'>function.array-keys</a>]: The first argument should be an array\";s:5:\"%file\";s:49:\"/homez.14/decalaged/www/drupal/includes/theme.inc\";s:5:\"%line\";i:1817;}', 3, '', 'http://www.decalage.info/en/python/oleid', '', '54.235.20.17', 1369307280) in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128

Warning: INSERT command denied to user 'decalaged'@'10.0.135.99' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:7:\"warning\";s:8:\"%message\";s:39:\"Invalid argument supplied for foreach()\";s:5:\"%file\";s:49:\"/homez.14/decalaged/www/drupal/includes/theme.inc\";s:5:\"%line\";i:1817;}', 3, '', 'http://www.decalage.info/en/python/oleid', '', '54.235.20.17', 1369307280) in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128
oleid - a python tool to quickly analyze OLE files | Decalage

oleid - a python tool to quickly analyze OLE files

  • user warning: UPDATE command denied to user 'decalaged'@'10.0.135.99' for table 'cache_filter' query: UPDATE cache_filter SET data = '<p>oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the <a href=\"../../../../../../en/python/oletools\">oletools </a>package.&nbsp;</p>\n<p>See the <a href=\"../../../../../../en/python/oletools\">oletools </a>page for more info.</p>\n<h2 id=\"news\">News</h2>\n<ul>\n<li>2012-10-29: Initial version of oleid</li>\n<li>see changelog in source code for more info.</li>\n</ul>\n<h2 id=\"download\">Download:</h2>\n<p>The archive is ava in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.
  • warning: array_map() [function.array-map]: Argument #2 should be an array in /homez.14/decalaged/www/drupal/modules/system/system.module on line 1015.
  • warning: array_keys() [function.array-keys]: The first argument should be an array in /homez.14/decalaged/www/drupal/includes/theme.inc on line 1817.
  • warning: Invalid argument supplied for foreach() in /homez.14/decalaged/www/drupal/includes/theme.inc on line 1817.
Submitted by decalage on Fri, 11/02/2012 - 10:03

oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the oletools package. 

See the oletools page for more info.

News

  • 2012-10-29: Initial version of oleid
  • see changelog in source code for more info.

Download:

The archive is available on the project page.

Usage

Usage: oleid.py <file>

Example

Analyzing a Word document containing a Flash object and VBA macros:

C:\oletools>oleid.py word_flash_vba.doc
Filename: word_flash_vba.doc
OLE format: True
Has SummaryInformation stream: True
Application name: Microsoft Office Word
Encrypted: False
Word Document: True
VBA Macros: True
Excel Workbook: False
PowerPoint Presentation: False
Visio Drawing: False
ObjectPool: True
Flash objects: 1

Warning: INSERT command denied to user 'decalaged'@'10.0.135.99' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:0:\"\";s:5:\"%file\";s:49:\"/homez.14/decalaged/www/drupal/includes/cache.inc\";s:5:\"%line\";i:109;}', 3, '', 'http://www.decalage.info/en/python/oleid', '', '54.235.20.17', 1369307280) in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128

Warning: INSERT command denied to user 'decalaged'@'10.0.135.99' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:233:\"UPDATE command denied to user &#039;decalaged&#039;@&#039;10.0.135.99&#039; for table &#039;node_counter&#039;\nquery: UPDATE node_counter SET daycount = daycount + 1, totalcount = totalcount + 1, timestamp = 1369307280 WHERE nid = 82\";s:5:\"%file\";s:67:\"/homez.14/decalaged/www/drupal/modules/statistics/statistics.module\";s:5:\"%line\";i:54;}', 3, '', 'http://www.decalage.info/en/python/oleid', '', '54.235.20.17', 1369307280) in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128

Warning: INSERT command denied to user 'decalaged'@'10.0.135.99' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:391:\"INSERT command denied to user &#039;decalaged&#039;@&#039;10.0.135.99&#039; for table &#039;accesslog&#039;\nquery: INSERT INTO accesslog (title, path, url, hostname, uid, sid, timer, timestamp) values(&#039;oleid - a python tool to quickly analyze OLE files&#039;, &#039;node/82&#039;, &#039;&#039;, &#039;54.235.20.17&#039;, 0, &#039;52c2858eb42a2d8f55b21eb8d02dc942&#039;, 502, 1369307280)\";s:5:\"%file\";s:67:\"/homez.14/decalaged/www/drupal/modules/statistics/statistics.module\";s:5:\"%line\";i:64;}&# in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128

Warning: INSERT command denied to user 'decalaged'@'10.0.135.99' for table 'watchdog' query: INSERT INTO watchdog (uid, type, message, variables, severity, link, location, referer, hostname, timestamp) VALUES (0, 'php', '%message in %file on line %line.', 'a:4:{s:6:\"%error\";s:12:\"user warning\";s:8:\"%message\";s:1023:\"UPDATE command denied to user &#039;decalaged&#039;@&#039;10.0.135.99&#039; for table &#039;sessions&#039;\nquery: UPDATE sessions SET uid = 0, cache = 0, hostname = &#039;54.235.20.17&#039;, session = &#039;messages|a:1:{s:5:\\&quot;error\\&quot;;a:3:{i:0;s:80:\\&quot;user warning: in /homez.14/decalaged/www/drupal/includes/cache.inc on line 109.\\&quot;;i:1;s:330:\\&quot;user warning: UPDATE command denied to user &amp;#039;decalaged&amp;#039;@&amp;#039;10.0.135.99&amp;#039; for table &amp;#039;node_counter&amp;#039;\ in /homez.14/decalaged/www/drupal/includes/database.mysql.inc on line 128