Kirk Sayre
Kirk Sayre
**Is your feature request related to a problem? Please describe.** The most recent version of olevba looks like it includes the most of the XLM macro information needed to analyze/emulate...
**Affected tool:** olevba **Describe the bug** olevba is improperly decoding the arguments to a XLM 4.0 RUN() macro call. olevba is decoding the formula as: RUN(-B0=83) The formula (as decoded...
Current SLoad Excel XLM samples contain several while loops which never terminate during XLMMacroDeobfuscator emulation (ex. https://www.virustotal.com/gui/file/f7c577d377eae268913717937f792cca3f5bf7a802559f146ef5fba45f3f4605/detection). This pull request contains one potential method for handling infinite while loops. It...
Example doc: f9c853989e336d614594f0f1fe017d4e58c7d0000a74c1d6a301fc2cb69be1a5 Need to handle multiple user defined classes with methods that have the same name. Probably need to implement name mangling in ViperMonkey to tell the methods from...
This is a potential fix for https://github.com/decalage2/oletools/issues/490 . Based on the behavior of oledump and some VBA payload decoders that decode extended ASCII strings it looks like VBA code bytes...