olevba is a script to parse OLE and OpenXML files such as MS Office documents (e.g. Word, Excel), to detect VBA Macros, extract their source code in clear text, decode malware obfuscation (Hex/Base64/StrReverse/Dridex) and detect security-related patterns such as auto-executable macros, suspicious VBA keywords used by malware, and potential IOCs (IP addresses, URLs, executable filenames, etc). It is part of the python-oletools package.

This article describes the Microsoft Office 97-2003 legacy/binary file formats (doc, xls, ppt), related security issues and useful resources.

oletimes is a script to parse OLE files such as MS Office documents (e.g. Word, Excel), to extract creation and modification times of all streams and storages in the OLE file. It is part of the python-oletools package.

olemeta is a script to parse OLE files such as MS Office documents (e.g. Word, Excel), to extract all standard properties present in the OLE file. It is part of the python-oletools package.

Since version 0.32, OleFileIO_PL comes with experimental write features. For now it is possible to write sectors, and to write over an existing stream. More features will be added over time.

This article presents several new open source frameworks meant to simplify static file scanning for malware analysis and incident response: MASTIFF, Viper, IRMA and a few others. Their goal is to provide an extensible framework to integrate many existing scanning tools.

This article explains how I converted Signsrch signatures to Yara rules, in order to include them in my tool Balbuzard. Signsrch signatures are useful for malware analysis, to detect standard constants used in many encryption and compression algorithms, and also some anti-debugging code.

Balbuzard is a package of malware analysis tools in python to extract patterns from suspicious files (IP addresses, domain names, known file headers, interesting strings, etc). It can also crack malware obfuscation such as XOR, ROL, etc by bruteforcing and checking for those patterns.

reScan is a very simple Python script to look for specific patterns (regular expressions) in binary or text files. It has been primarily developed to analyze malicious files, to quickly extract interesting patterns (shellcodes, embedded executables in malformed documents, etc). Update in 2014: it has now evolved into Balbuzard, which provides many more features.

pyxswf is a script to detect, extract and analyze Flash objects (SWF files) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis. It is part of the oletools package. pyxswf is an extension of xxxswf.py published by Alexander Hanel.