This XML file is an Office document with embedded OLE object.
my software
oledump & ClipboardTransformer
Showing how to use a new tool I’m working on (ClipboardTransformer) to help with deobfuscating VBS code.
If you are interested, a beta is available here:
ClipboardTransformerBeta.zip (https)
MD5: FF653016801DA4D12F5BB852703E2D7D
SHA256: 2B9F54145F1396D7FEB259F987DA0315AB168F3FDA03EEEE5AF3BD046223AF7B
SendtoCLIBeta.zip (https)
MD5: F672206A863642E2706A328ECCC18AE2
SHA256: 3EAB27C2496233816AD76E0EB0E35D274D4C711D7EFF8AE236BF0154DE55A423
oledump XML
FileContainer.xls 2
Doing some infiltration and exfiltration of data using my FileContainer.xls spreadsheet and Wikipedia.
FileContainer.xls
FileContainer.xls is a new spreadsheet (with VBA) I developed. It stores and extracts arbitrary files. To be released soon.
oledump With plugin_biff
pdf-parser: YARA
Showing the new YARA feature in pdf-parser.
pdf-parser_V0_6_0.zip (https)
MD5: 25CC4907B862259500A3EB73DE83BBFD
SHA256: 8902ABE1A9BDB61887D501546CCF333724BCF7B3E3E02CE2541BC311AD8E98DF
count.py
A tool to count.
count_v0_1_0.zip (https)
MD5: B96B5ECF9361D44D9366071C9C07FF86
SHA256: 102F346529F34C0EF932ADC3D3CF003ADBA2DFCD8BCE23DBF36425A555345DB5
oledump.py beta
After Tweeting about a new tool I’m working on to analyze MS Office files, some people expressed interest in testing the tool. So here is a beta.
oledump-beta.zip (https)
MD5: 6B2F81410C9DB409E55A05AEB2E8342B
SHA256: E80244C87E11E516F5D7245224828BA15C4079EFE16582FE785D6E307C04B657
zipdump.py
Type zipdump.py -m to see the manual.
zipdump_v0_0_1.zip (https)
MD5: 72594B985FDBE326C6852D9E34DFFA73
SHA256: 7BD6377885A218D691077C837BBCB33B0DC3BA1C673495EF6CE8A5C5C5E8E8AB
Didier Stevens Videos 