You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment XLMMacroDeobfuscator can't process files like .slk (it's not supported file extension there)
However, if XLMMacroDeobfuscator is installed, it is automatically used for xlm-analysis in the current code, so one can't choose to use plugin_biff (one can only disable XLM-analysis fully with --no-xlm)
OK, I need to rewrite the processing of XLM Macros, to fall back to plugin_biff/SLK parsing/XML parsing when XLMMacroDeobfuscator fails. And indeed, it could be useful to have a CLI parameter to control which parser is used.
At the moment
XLMMacroDeobfuscator
can't process files like.slk
(it's not supported file extension there)However, if
XLMMacroDeobfuscator
is installed, it is automatically used for xlm-analysis in the current code, so one can't choose to useplugin_biff
(one can only disable XLM-analysis fully with--no-xlm
)oletools/oletools/olevba.py
Line 321 in dfbcabb
Because of that, either
slk
ofxlsb
+ files are not processed in any case, missing some possible malwareI suggest having command line parameter allowing to choose what to use for XML-processing explicitly
The text was updated successfully, but these errors were encountered: