oleid - a python tool to quickly analyze OLE files

oleid is a script to analyze OLE files such as MS Office documents (e.g. Word, Excel), to detect specific characteristics that could potentially indicate that the file is suspicious or malicious, in terms of security (e.g. malware). For example it can detect VBA macros, embedded Flash objects, fragmentation. It is part of the oletools package. 

See the oletools page for more info.

News

  • 2012-10-29: Initial version of oleid
  • see changelog in source code for more info.

Download:

The archive is available on the project page.

Usage

Usage: oleid.py <file>

Example

Analyzing a Word document containing a Flash object and VBA macros:

C:\oletools>oleid.py word_flash_vba.doc
Filename: word_flash_vba.doc
OLE format: True
Has SummaryInformation stream: True
Application name: Microsoft Office Word
Encrypted: False
Word Document: True
VBA Macros: True
Excel Workbook: False
PowerPoint Presentation: False
Visio Drawing: False
ObjectPool: True
Flash objects: 1