Report - github.com/decalage2/oletools/archive/master.zip

Report Overview

Submitted URL
github.com/decalage2/oletools/archive/master.zip
IP
140.82.121.4
ASN
#36459 GITHUB
Submitted
2024-04-18 10:30:45
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
42

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
github.com	1423	2007-10-09	2016-07-13	2024-03-24	502 B	3.5 kB	140.82.121.4
codeload.github.com	62359	2007-10-09	2013-04-18	2024-04-17	514 B	3.4 MB	140.82.121.10

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
codeload.github.com/decalage2/oletools/zip/refs/heads/master
IP
140.82.121.10
ASN
#36459 GITHUB

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.4 MB (3352112 bytes)
Hash
a753ecf856fe87c6ac777c47b98410ef
eb7d51fc58ca52274661bae7619dfd5fedfee0b1
bdefa8ad95528bf8a131a7d2d2bd5bcd84018ffa85bb7a8c1e83c45b6a66d242

Archive (253)

Filename

Md5

File type

.gitattributes

3e69936f6f657d8026c2ebdb0ca40a4e

ASCII text, with CRLF line terminators

bug_report.md

239a93e0eb5a8cfcf11494de679b6394

ASCII text

feature_request.md

ed2255072a8baff5cc6ef57448dcffc8

ASCII text

.gitignore

d25f51d8f04b013bbcabbc5654c01a09

ASCII text

.travis.yml

7b89596593f8a555b4a5deb7fdc15459

ASCII text

INSTALL.txt

c5728a5a6b76e886c6179af3301e4567

ASCII text

LICENSE.md

062477247e75fcb78ae3e1280be9e4e1

ASCII text

MANIFEST.in

85a93e0805e01f6d77434bf5133ff4be

ASCII text

README.md

a7ae7f47345905aebf04cf884271468a

ASCII text

oletools_cheatsheet.docx

e707f31af630276af1146123ec71f463

Microsoft Word 2007+

oletools_cheatsheet.pdf

31ade96528fa4eae0ec851c1ceba669e

PDF document, version 1.5, 1 pages

empty_file.txt

22de49079e23ce339888806a02ce4491

ASCII text

install.bat

5db167313317ea397996249cc2cd375a

DOS batch file, ASCII text, with CRLF line terminators

DocVarDump.vba

394917860f4cd1ca1bf4dffd8dbe4117

ASCII text

LICENSE.txt

545f47f5ec64edbee4526e8fa91d9d40

ASCII text

README.html

b9565cad1ddf2179e94dc5bee6ee1661

HTML document, ASCII text, with very long lines (3000)

README.rst

7084ec086227eb4886811d41cf50b9ec

ASCII text

__init__.py

d41d8cd98f00b204e9800998ecf8427e

__init__.py

d41d8cd98f00b204e9800998ecf8427e

clsid.py

29cdec69b0d2363baf264e29fc435f84

Python script, ASCII text executable

codepages.py

a2a353b9cb740584498d950be6ef7471

Python script, ASCII text executable

errors.py

08c842296e09e35a1080a85ebfc09db7

Python script, ASCII text executable

io_encoding.py

09dce4a325188241cab8b1dea5eb69e1

Python script, ASCII text executable

__init__.py

ac8c1572168face4fc1962c438cc5797

Python script, ASCII text executable

_json_formatter.py

2f890713defd950c0fe81664dccec669

Python script, ASCII text executable

_logger_adapter.py

e74fed584c59a5bbcdc5fa1389609707

Python script, ASCII text executable

_root_logger_wrapper.py

b59de840f37a1a3a4ea39f1b9b3599f6

Python script, ASCII text executable

log_helper.py

fd19fa9ed3c246b923a2722d79e83708

Python script, ASCII text executable

crypto.py

5bf5605748e34d04da59495e8509ca57

Python script, ASCII text executable

Contribute.html

6a5637eb4637fff98730c27e88677087

HTML document, ASCII text

Contribute.md

fa103c694d9a5dc2e952a0ef64db4af5

ASCII text

Home.html

f4d62fa9221e700578fa650a38669b13

HTML document, Unicode text, UTF-8 text, with very long lines (624)

Home.md

e765a7e082273e8b6c43046b067f7003

ASCII text

Install.html

88cbd0877d1d858e35172f60a58497ec

HTML document, ASCII text, with very long lines (319)

Install.md

0832ab626bb892975e2b97726b835eeb

ASCII text

License.html

41617fd979f5a8e690d379ad75faf1e6

HTML document, Unicode text, UTF-8 text, with very long lines (762)

License.md

2821a7a950e8f9a300942cef8d6a5444

ASCII text

mraptor.html

7b53aa7e0ee795b69e61e674a2a611f8

HTML document, Unicode text, UTF-8 text

mraptor.md

479a0949f73a803b89ea286bf870bc10

ASCII text

mraptor1.png

117e17608d934428abb8af185cdf9b6d

PNG image data, 723 x 433, 8-bit/color RGB, non-interlaced

olebrowse.html

126029bde93d5ce442510bdd10fe7b3a

HTML document, Unicode text, UTF-8 text, with very long lines (320)

olebrowse.md

25d8d18e680eb37622bb049200713a06

ASCII text

olebrowse1_menu.png

874e2f509f5186141efe8d3ca1daf61d

PNG image data, 835 x 495, 8-bit/color RGB, non-interlaced

olebrowse2_stream.png

d1ebbe94ddb6c64b413d1e3139903d66

PNG image data, 835 x 495, 8-bit/color RGB, non-interlaced

olebrowse3_hexview.png

8d3ee6a1c01caa7a2aebbeddd5d2c7f1

PNG image data, 835 x 486, 8-bit/color RGB, non-interlaced

oledir.html

a8fd2d28d3f22050a8418b9e676a5614

HTML document, ASCII text

oledir.md

171bc1fbc0695ee1dd16ad740dce3357

ASCII text

oledir.png

703acddb3d4ea55e05404776dd1f633d

PNG image data, 722 x 883, 8-bit/color RGB, non-interlaced

oleid.html

640798117dc5fbfe99a15a6b0b606fb5

HTML document, Unicode text, UTF-8 text, with very long lines (506)

oleid.md

7bb74ddb20dd1da85f94cef792df7db8

ASCII text

olemap.html

d102058e1970748c94507b4fe66f0383

HTML document, ASCII text

olemap.md

e87315e594e9e3f555028ed77ba1322d

ASCII text

olemap1.png

d6e40951c32ba677eec3455338d68ac6

PNG image data, 719 x 668, 8-bit/color RGB, non-interlaced

olemap2.png

aa5dea1e23fbf5ed354c5fd4a47d5d9d

PNG image data, 716 x 766, 8-bit/color RGB, non-interlaced

olemeta.html

4a65de00f394e6447cdf25fa76f45d61

HTML document, Unicode text, UTF-8 text

olemeta.md

6d757783816709907238bd1b2918b95b

ASCII text

olemeta1.png

f19082ebe38d0de8203b0c9890b6d440

PNG image data, 707 x 628, 8-bit/color RGB, non-interlaced

oleobj.html

f92c2b4147ba721ffb3a3c4e4c8209c4

HTML document, ASCII text

oleobj.md

3fc5ccbd856084ac39eeb12e6e1805b9

ASCII text

oletimes.html

e6ddc763eadc87a64422704dfceedd0a

HTML document, Unicode text, UTF-8 text

oletimes.md

79c4111ee36b96be93509d2972def13d

ASCII text

olevba.html

8576ac5ea3f9834b3aa985040718202a

HTML document, Unicode text, UTF-8 text, with very long lines (733)

olevba.md

bb8757cbba64b591061382b9c4a5dc58

ASCII text

pyxswf.html

a912d62862c81d3d0441e1f4942d6652

HTML document, Unicode text, UTF-8 text, with very long lines (458)

pyxswf.md

3a8f4e861e843e245a039446430308c5

ASCII text

rtfobj.html

0e10fd24d5caed1c6ef57c4766bf3a99

HTML document, Unicode text, UTF-8 text, with very long lines (345)

rtfobj.md

3447d7e6d687061db11fe5111919cbd9

Python script, ASCII text executable

ezhexviewer.py

27ae8fd6772f25979247e4da3a01ef41

Python script, ASCII text executable

ftguess.py

173c9d2b16a4e2e21d0b976fa9794744

Python script, ASCII text executable

mraptor.py

d29d14a67627031e58369e93910c66de

Python script, ASCII text executable

mraptor3.py

48cbbadb90f47b3e2b76a39da6094f97

Python script, ASCII text executable

mraptor_milter.py

755be066dce759656df703ca2425b452

Python script, ASCII text executable

msodde.py

f2b27a34f1bf2b023f1fb2c1fa4e0578

Python script, ASCII text executable

olebrowse.py

d4ba5828546806318385887bf6d531eb

Python script, ASCII text executable

oledir.py

230a33612e009731434afe31c016c883

Python script, ASCII text executable

oleform.py

c3f5ab4d3e281326b5aa3f4414c5e4eb

Python script, ASCII text executable

oleid.py

608ab0f8f00c1f56c71a4cd3866b8578

Python script, ASCII text executable

olemap.py

d26f3aba3af0ee8af2b1165fa4366766

Python script, ASCII text executable

olemeta.py

3087e09ef406b1c4dd1dcc3fc163abae

Python script, ASCII text executable

oleobj.py

e5dd2ecb029483c037d9e10ef2644a72

Python script, ASCII text executable

oletimes.py

e436107206d1a2d4f8b00a50efc11461

Python script, ASCII text executable

olevba.py

4453844b3be4cdb8a64529f44eec2cb7

Python script, ASCII text executable

olevba3.py

9e059ae7c5d98a933540a77e483b5139

Python script, ASCII text executable

ooxml.py

02a57b87e1c14f175c98d1709027489c

Python script, ASCII text executable

ppt_parser.py

47c1a44c43caf7071a519895f42b4721

Python script, ASCII text executable

ppt_record_parser.py

f2e5de64c302784046154ad86049e0fd

Python script, ASCII text executable

pyxswf.py

37f2a53ed83975b78a3c0020f6266da2

Python script, ASCII text executable

record_base.py

184aebfdc015fbc6fe064d05e45a104d

Python script, ASCII text executable

rtfobj.py

f8dc1a99486dbbc23564b5bb87247bd3

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

__init__.py

d41d8cd98f00b204e9800998ecf8427e

oledump_extract.py

5bce193bfdaa81f240750caf4d34689b

Python script, ASCII text executable

plugin_biff.py

e9a78444211d4c6f7473c6583484e1aa

Python script, ASCII text executable

CHANGELOG

50a5c2d026f9af36d48d255b760a0315

HTML document, ASCII text

COPYING

3e73500ffa52de5071cff65990055282

ASCII text

README

4648a7e376f2784cc3f31881e34ae5c4

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

prettytable.py

538a1660328eba4d987150cf1f7defb5

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

tablestream.py

cf6ecc59f20d6bf1ced55064c1be9715

Python script, ASCII text executable

LICENSE.txt

5b56c05cbfe684241d66eb7ad02e1dd0

ASCII text, with CRLF line terminators

__init__.py

a1544f034b441fc18643266f411d6ab2

Python script, ASCII text executable, with no line terminators

xglob.py

04b99b2a13d424a819a1689f02d6ccb9

Python script, ASCII text executable

LICENSE.txt

4fe869ee987a340198fb0d54c55c47f1

ASCII text

__init__.py

d41d8cd98f00b204e9800998ecf8427e

xxxswf.py

4882f90792dd56d6d495ad29f69ef700

Python script, ASCII text executable

xls_parser.py

e8690f1252b7c073bc430e2ee0c20c5e

Python script, ASCII text executable

requirements.txt

ab99aec0da03d82432bfd3324310e3f9

ASCII text

setup.py

61b6cdcb4dc1f5382a7101162fc30726

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

__init__.py

d41d8cd98f00b204e9800998ecf8427e

__init__.py

d41d8cd98f00b204e9800998ecf8427e

log_helper_test_imported.py

545d18c854e087b49e623e58f5b5c53a

Python script, ASCII text executable

log_helper_test_main.py

54561fdc6dfd8223e220cee91aff0384

Python script, ASCII text executable

test_log_helper.py

1e10fb518f79f9c13fa7f57213d964b1

Python script, ASCII text executable

third_party_importer.py

9d3bf6eb6ebb26ff679c5ae4c576baa0

Python script, ASCII text executable

test_clsid.py

b497d0b1f3301482eea84c732c3577e8

Python script, ASCII text executable

test_encoding_handler.py

4f46f600a2707fbacf62e45fef5956ba

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

4ac8265eb6dd7315e57b35025d9d6f2e

Python script, ASCII text executable

howto_add_unittests.txt

86ad528927eb232c40a8fe37ca59b3f2

ASCII text

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

dcae27d80652d3f59ecc3f9a38ac4601

Python script, ASCII text executable

test_blacklist.py

53c4d2b5da31019fc547f0b75aa4db7c

Python script, ASCII text executable

test_crypto.py

6756b129862de03c519e40e69df8edc7

Python script, ASCII text executable

test_csv.py

c05efb4b2758b48727975039b6fb9583

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

857b5ef635a2f0530de8310e4694b782

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

4b13eeaa17c716d8252d521e22199df4

Python script, ASCII text executable

test_issue_166.py

e433a728d6c6c074466c8e49aeb89ede

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

98148f26ad1969c1c7571e3a8986a436

Python script, ASCII text executable

test_external_links.py

4405696b1016e3bc4524a9725d063a98

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

e832577b21c857d5c52c96f5183f6a0a

Python script, ASCII text executable

test_crypto.py

09cea4a31e1704b78287e3c32e73fa5b

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

0352836e312d17abd74b75a59b36254c

Python script, ASCII text executable

test_zip_sub_file.py

3c61540e5e2481fc50b4aa221a051752

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_basic.py

c9be2196efe2e5e08c908bcb876387e3

Python script, ASCII text executable

__init__.py

d41d8cd98f00b204e9800998ecf8427e

test_is_rtf.py

47a545c24b82631d81e1dfc0af9c1320

Python script, ASCII text executable

test_issue_185.py

b959c55de533f452c89669c838d4778f

Python script, ASCII text executable

test_issue_251.py

2a1dd65d31a3c465be5eb0e8579d0aba

Python script, ASCII text executable

empty

d41d8cd98f00b204e9800998ecf8427e

encrypted.docx

9e2f4cffc1c06b52bb5f9fe5c88bce95

CDFV2 Encrypted

text

3cd7a0db76ff9dca48979e24c39b408c

ASCII text

autostart-encrypt-standardpassword.xls

f1c294d5859d3f6e7d2b1036a15fb362

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: schulung, Last Saved By: schulung, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Mar 11 09:35:45 2016, Last Saved Time/Date: Thu Mar 21 14:07:50 2019, Security: 1

autostart-encrypt-standardpassword.xlsb

d75671a00ba04b32dc27b59cf038b764

CDFV2 Encrypted

autostart-encrypt-standardpassword.xlsm

17697047fac464907679b25ef100580c

CDFV2 Encrypted

dde-test-encrypt-standardpassword.xls

eb95df4414959b738384a8d9df1ea68a

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Last Saved By: schulung, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Oct 26 07:56:11 2017, Last Saved Time/Date: Thu Mar 21 14:37:43 2019, Security: 1

dde-test-encrypt-standardpassword.xlsb

7e4bae56d2c264cf716a24a7e185c801

CDFV2 Encrypted

dde-test-encrypt-standardpassword.xlsm

f8f468ad25f5be2520b71cc647943bcf

CDFV2 Encrypted

dde-test-encrypt-standardpassword.xlsx

6717e7abddce6aee88eef75f91fd9ecb

CDFV2 Encrypted

encrypted.doc

643ccc25aa82c6254f03803374de318d

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Template: Normal.dotm, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Oct 17 12:27:00 2018, Last Saved Time/Date: Wed Oct 17 12:27:00 2018, Number of Pages: 1, Number of Words: 6, Number of Characters: 42, Security: 1

encrypted.docm

438b8d8238d3a871849d4032517ca2f9

CDFV2 Encrypted

encrypted.docx

e5be03f0f3972ab0d299173222b497ab

CDFV2 Encrypted

encrypted.ppt

89ff6bf91bf3e2347af26e758fe2a67e

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252

encrypted.pptm

8fada37bcd0443d31f4c42ffadb83e50

CDFV2 Encrypted

encrypted.pptx

fb0c6ff3389464a3968aa5a2a721f46d

CDFV2 Encrypted

encrypted.xls

f8d07ace7cc08a44f63f9a6054c96244

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Oct 17 12:30:05 2018, Last Saved Time/Date: Wed Oct 17 12:31:27 2018, Security: 1

encrypted.xlsb

164065b855a9aedf20b73feb374c6cf6

CDFV2 Encrypted

encrypted.xlsm

a87902fe8d9fe088109e922eb800e849

CDFV2 Encrypted

encrypted.xlsx

259309651a61e33cc0e2a03d7036662d

CDFV2 Encrypted

excel4_sample_macro.slk

dc9e132187e203f70c9331604ec23a8f

spreadsheet interchange document, created by Excel

excel4_sample_macro.xls

c0cb61993b5fc669aabe4936ad1eb5e0

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: user, Last Saved By: Philippe Lagadec, Name of Creating Application: Microsoft Excel, Create Time/Date: Sun Jan 20 07:17:53 2019, Last Saved Time/Date: Mon Oct 11 21:01:22 2021, Security: 0

excel4_sample_macro.xlsb

d86947cb677dad89420385f1f4e753ee

Microsoft Excel 2007+

excel4_sample_macro.xlsm

02c93bfe59ad2549226b2658fd03a8ab

Microsoft Excel 2007+

excel4_sample_macro.xlt

463ce1eaf2e5eb72f148bc9f819c4295

excel4_sample_macro.xltm

72f07772ef2c087555e0e3b522f5b5ec

Microsoft Excel 2007+

excel4_sample_macro_excel5_format.xls

052e30733751a339ae0aee6e206d6116

RTF-Spec-1.7.rtf

402490e0fbc9729ae68f68cfe61031a4

Rich Text Format data, version 1, Apple Macintosh, ANSI, code page 10000, default language ID 1033

dde-in-csv.csv

9c2123694b3e72be8a5be106751ec3f2

ASCII text, with CRLF line terminators

dde-in-excel2003.xml

96c71a9cef4866b886cb8d6d22096f3a

XML 1.0 document, ASCII text, with CRLF line terminators

dde-in-word2003.xml.zip

b5bcbddaee3e2cc9db20a0db92ad5c11

Zip archive data, at least v2.0 to extract, compression method=deflate

dde-in-word2007.xml.zip

7078ee60354abce9f5a41fc2798df931

Zip archive data, at least v2.0 to extract, compression method=deflate

dde-test-from-office2003.doc.zip

9c65bf0a5c6091e26ebc742396fc11e9

Zip archive data, at least v2.0 to extract, compression method=deflate

dde-test-from-office2013-utf_16le-korean.doc.zip

eec089e8b718ef6b3d2541ac8abfefa4

Zip archive data, at least v2.0 to extract, compression method=deflate

dde-test-from-office2016.doc.zip

21e03a6b87ca9e3fae66e2bea15faade

Zip archive data, at least v2.0 to extract, compression method=deflate

dde-test.docm

3045882cb01deb82d6c16f359729041e

Microsoft Word 2007+

dde-test.docx

081fb82bbdc3c89df4285cb7ad732696

Microsoft Word 2007+

dde-test.xlsb

f35a5121494bc5dda553734c91ebaf1a

Microsoft Excel 2007+

dde-test.xlsm

34e19d3f0d833706d751361cf0681207

Microsoft Excel 2007+

dde-test.xlsx

13fb5902e80484db65fdc693d3c893ae

Microsoft Excel 2007+

harmless-clean-2003.xml

09c8f181879ccdb747a280325ea3dce4

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (25925), with CRLF line terminators

harmless-clean.doc

d346a7cbed29c49378f9ac998ca0bb91

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: user, Template: Normal, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Oct 26 09:09:00 2017, Last Saved Time/Date: Thu Oct 26 09:09:00 2017, Number of Pages: 1, Number of Words: 39, Number of Characters: 250, Security: 0

harmless-clean.docm

67a81ca72ba335148fecdd8c369ee5dc

Microsoft Word 2007+

harmless-clean.docx

ce0fdaf82a24415c016b07e21f3a1ded

Microsoft Word 2007+

harmless-clean.xml

e01bd114d9452352909c9022067814b8

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (52882), with CRLF line terminators

oleform-PR314.docm

19400bf0638f691966aac762a4484ed5

Microsoft Word 2007+

embedded-simple-2007-as2003.xml

ddc1dc6d4a7d3cf354355065bda3c8c1

XML 1.0 document, ASCII text, with very long lines (9911), with CRLF line terminators

embedded-simple-2007.doc

c7088ad878e30bd4067a32e83921a459

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Template: Normal, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Jan 17 09:47:00 2018, Last Saved Time/Date: Wed Jan 17 09:47:00 2018, Number of Pages: 1, Number of Words: 11, Number of Characters: 73, Security: 0

embedded-simple-2007.docm

80c65cabc4f63b5d1467c82f05aad7d7

Microsoft Word 2007+

embedded-simple-2007.docx

df081d083ed0b83d30f0edc4f075cfce

Microsoft Word 2007+

embedded-simple-2007.dot

ba1b179dcea3245a8410d395813aa88a

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Template: embedded-simple-2007, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Jan 17 09:48:00 2018, Last Saved Time/Date: Wed Jan 17 09:48:00 2018, Number of Pages: 1, Number of Words: 11, Number of Characters: 73, Security: 0

embedded-simple-2007.dotm

d01ba54bf2ee0b60e5d9e3eb676387c8

Microsoft Word 2007+

embedded-simple-2007.dotx

1f15a1d1eb9cb761d4b538b29fbb89a2

Microsoft Word 2007+

embedded-simple-2007.odp

36e8d37000c2d4b8df892cf825653c13

OpenDocument Presentation

embedded-simple-2007.ods

5a7301ddc615485ad665e645a37528c5

OpenDocument Spreadsheet

embedded-simple-2007.odt

75c18cf8ddcee34f76c5f79011ab571f

OpenDocument Text

embedded-simple-2007.pot

11dc1b453c30173fab2ece9d37ea65ac

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Embedded Objects, Author: user, Last Saved By: user, Revision Number: 1, Name of Creating Application: Microsoft Office PowerPoint, Create Time/Date: Thu Jan 18 13:13:30 2018, Last Saved Time/Date: Thu Jan 18 13:15:25 2018, Number of Words: 16

embedded-simple-2007.potm

bf503e1673156c57d1fbfddb2026feb4

Microsoft PowerPoint 2007+

embedded-simple-2007.potx

289847d8f241a92a1d68e7f2730e23ea

Microsoft PowerPoint 2007+

embedded-simple-2007.pps

c2ba2286e756cb839e27f230e65da515

embedded-simple-2007.ppsm

6ca8e0fba2091c23397145226a74b343

Microsoft PowerPoint 2007+

embedded-simple-2007.ppsx

d5505ed6fc8c08b1acf4d7e152c4d17f

Microsoft PowerPoint 2007+

embedded-simple-2007.ppt

053bc6c96fd31bbc00327eb4c14e3dfe

embedded-simple-2007.pptm

991e23828593782c2b3ded0e8fed78f8

Microsoft PowerPoint 2007+

embedded-simple-2007.pptx

5e18f35c7562321fc4614c3e208176e9

Microsoft PowerPoint 2007+

embedded-simple-2007.xla

788923352834d2c98834de0e71e498f9

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 18 10:08:50 2018, Last Saved Time/Date: Thu Jan 18 13:07:40 2018, Security: 0

embedded-simple-2007.xlam

f27710458b0d0bced99a79ecfd4ab561

Microsoft Excel 2007+

embedded-simple-2007.xls

de9b5111fabb54953df6168558ef081b

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 18 10:08:50 2018, Last Saved Time/Date: Thu Jan 18 12:59:28 2018, Security: 0

embedded-simple-2007.xlsb

678383571f0fdd75f4e618b5db8b4008

Microsoft Excel 2007+

embedded-simple-2007.xlsm

673e30f02d63cd979aed76826a749f42

Microsoft Excel 2007+

embedded-simple-2007.xlsx

dd32449f5ead7f3c2baba5ec31bd2697

Microsoft Excel 2007+

embedded-simple-2007.xlt

3b97cdcb1a1585289c45738401ff7a40

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: user, Last Saved By: user, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 18 10:08:50 2018, Last Saved Time/Date: Thu Jan 18 13:01:07 2018, Security: 0

embedded-simple-2007.xltm

d0f1263ac9b01c6cbd1c39d77747e24a

Microsoft Excel 2007+

embedded-simple-2007.xltx

1801e8b0e26c4921c94c2ec01f595730

Microsoft Excel 2007+

embedded-simple-2007.xml

fe14aef6c30439c2a96639330617a96e

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (27221), with CRLF line terminators

embedded-unicode-2007.docx

18a346a4644042f7d48bce064c60316a

Microsoft Word 2007+

embedded-unicode.doc

ed0d527c88a198d0fd331815c98b26d4

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: , Author: user, Template: Normal.dot, Last Saved By: user, Revision Number: 9, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Jan 12 11:20:00 2018, Last Saved Time/Date: Fri Jan 12 13:23:00 2018, Number of Pages: 1, Number of Words: 15, Number of Characters: 99, Security: 0

sample_with_external_link_to_doc.docm

5ba3f1dbd6dd15ea478f4028f939aa77

Microsoft Word 2007+

sample_with_external_link_to_doc.docx

72f6b9ca2a80b30d778238cafc38fb62

Microsoft OOXML

sample_with_external_link_to_doc.dotm

026acd91903c466bc31d9911d3ec8370

Microsoft Word 2007+

sample_with_external_link_to_doc.dotx

dceeb6ba7372e4a6658b798c8835fd0c

Microsoft Word 2007+

sample_with_external_link_to_doc.potm

48321bd181f2cd140b9eb3fdea9c48c6

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.potx

50c7622f7c21401515f9bf464e0a6778

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.ppsm

74e0a2ed3e60557f8236fa2244c8d454

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.ppsx

c3e7293674207b31aba8a9df52c57877

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.pptm

57fb553c88d9a8ef34b59de4cdd28952

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.pptx

9c15fd926b94cd7e70cbe70d231c6ee9

Microsoft PowerPoint 2007+

sample_with_external_link_to_doc.xlsb

ff50c1cbd617aed3bcaf9d01534f5a20

Microsoft Excel 2007+

sample_with_external_link_to_doc.xlsm

09ffea587bd12570f3553391a43c8493

Microsoft Excel 2007+

sample_with_external_link_to_doc.xlsx

4dbbb3f058d39a738a3eab61d0134688

Microsoft Excel 2007+

sample_with_calc_embedded.doc

258801e9816c4214a4c337f9adb198d3

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: xxxxxxxxxxxx, Template: Normal, Last Saved By: xxxxxxxxxxxx, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Mon Nov 13 21:27:00 2017, Last Saved Time/Date: Mon Nov 13 21:28:00 2017, Number of Pages: 1, Number of Words: 3, Number of Characters: 18, Security: 0

sample_with_lnk_file.doc

a5cf58415b0769123da4249d90584e78

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: , Author: user, Template: Normal, Last Saved By: user, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Nov 30 09:33:00 2017, Last Saved Time/Date: Thu Nov 30 10:05:00 2017, Number of Pages: 1, Number of Words: 2, Number of Characters: 19, Security: 0

sample_with_lnk_file.pps

786650d2c3ce1f736d4bdecec6ae11ff

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Test, Author: user, Last Saved By: user, Revision Number: 1, Name of Creating Application: Microsoft Office PowerPoint, Create Time/Date: Thu Nov 30 10:21:24 2017, Last Saved Time/Date: Thu Nov 30 10:39:43 2017, Number of Words: 1

sample_with_lnk_file.ppt

0f6576d76d37a4a216307b9a115a0c4f

sample_with_lnk_to_calc.doc

2f885f6baf46c2eea1f026bc2706607c

Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: zzzzzzzzzzzz, Template: Normal, Last Saved By: zzzzz zzzzzz, Revision Number: 5, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Mon Nov 13 21:39:00 2017, Last Saved Time/Date: Mon Nov 13 21:42:00 2017, Number of Pages: 1, Number of Words: 3, Number of Characters: 18, Security: 0

sample_with_vba.ppt

2ef2b3f05eb16524a3d983f72bff4705

Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 949, Title: PPT VBA TEST, Author: , Last Saved By: , Revision Number: 7, Name of Creating Application: Microsoft Office PowerPoint, Total Editing Time: 17:46, Create Time/Date: Fri Nov 5 00:45:36 2021, Last Saved Time/Date: Fri Nov 5 01:03:23 2021, Number of Words: 3

dde-in-excel2003.xml

96c71a9cef4866b886cb8d6d22096f3a

XML 1.0 document, ASCII text, with CRLF line terminators

dde-in-word2003.xml.zip

53b60da5f207091fea53edaf12265027

Zip archive data, at least v2.0 to extract, compression method=deflate

harmless-clean-2003.xml

09c8f181879ccdb747a280325ea3dce4

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (25925), with CRLF line terminators

harmless-clean.xml

e01bd114d9452352909c9022067814b8

XML 1.0 document, Unicode text, UTF-8 text, with very long lines (52882), with CRLF line terminators

presentation.xps

3eec101ea4c04bedb0abeaf086f095dd

Microsoft OOXML

issue_185.rtf.zip

58f216490c43ff0e2c8f5f238f174298

Zip archive data, at least v2.0 to extract, compression method=deflate

issue_251.rtf

875a296b6c96f54a5763b731f28895e1

Rich Text Format data, version 2, ANSI, code page 1181, default language ID 1094

__init__.py

84f95bd6ff88b75d772b79a9fa0b2bb4

Python script, ASCII text executable

testdata_reader.py

5a88fce92258b68a4e0003ae859b9dcb

Python script, ASCII text executable

utils.py

ceb84e60a9fd94852e91a39db67b6c9d

Python script, ASCII text executable

unittest_template.py

33de94d91a0f36e8d767adbfbf195211

Python script, ASCII text executable

Detections

Analyzer	Verdict	Alert
Public Nextron YARA rules	malware	Detects Excel4 macro use with auto open / close
Public Nextron YARA rules	malware	Detects Excel4 macro use with auto open / close
Public Nextron YARA rules	malware	Detects RTF documents with non-standard version and embedding one of the object mostly observed in exploit (e.g. CVE-2017-11882) documents.
VirusTotal	malicious	VirusTotal - Scan result 36/63

JavaScript (0)

HTTP Transactions (2)

URL IP Response Size

github.com/decalage2/oletools/archive/master.zip

140.82.121.4

302 Found

0 B

URL User Request GET HTTP/2
github.com/decalage2/oletools/archive/master.zip
IP
140.82.121.4:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subjectgithub.com
FingerprintE7:03:5B:CC:1C:18:77:1F:79:2F:90:86:6B:6C:1D:F8:DF:AA:BD:C0
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type

Size
0 B (0 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /decalage2/oletools/archive/master.zip HTTP/1.1
Host: github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 302 Found
server: GitHub.com
date: Thu, 18 Apr 2024 10:30:15 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
location: https://codeload.github.com/decalage2/oletools/zip/refs/heads/master
cache-control: max-age=0, private
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com api.githubcopilot.com objects-origin.githubusercontent.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-length: 0
x-github-request-id: 130F:1C89E8:2881A95:28F28AC:6620F637
X-Firefox-Spdy: h2

codeload.github.com/decalage2/oletools/zip/refs/heads/master

140.82.121.10

200 OK

3.4 MB

URL User Request GET HTTP/2
codeload.github.com/decalage2/oletools/zip/refs/heads/master
IP
140.82.121.10:443
ASN
#36459 GITHUB

Certificate
IssuerSectigo Limited
Subject*.github.com
Fingerprint0D:F6:EC:50:FA:ED:AE:6E:13:AF:82:94:52:F7:11:1B:0A:CF:7C:20
ValidityThu, 07 Mar 2024 00:00:00 GMT - Fri, 07 Mar 2025 23:59:59 GMT

File type
Zip archive data, at least v1.0 to extract, compression method=store
Size
3.4 MB (3352112 bytes)
Hash
a753ecf856fe87c6ac777c47b98410ef
eb7d51fc58ca52274661bae7619dfd5fedfee0b1
bdefa8ad95528bf8a131a7d2d2bd5bcd84018ffa85bb7a8c1e83c45b6a66d242

Detections

Analyzer	Verdict	Alert
VirusTotal	malicious	VirusTotal - Scan result 36/63

HTTP Headers

GET /decalage2/oletools/zip/refs/heads/master HTTP/1.1
Host: codeload.github.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: https://render.githubusercontent.com
content-disposition: attachment; filename=oletools-master.zip
content-length: 3352112
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: application/zip
cross-origin-resource-policy: cross-origin
etag: W/"7cb4db9f1e5016e1ffd37bacffa109ee46baa151ac9d06d583be4a42dde10a1b"
strict-transport-security: max-age=31536000
vary: Authorization,Accept-Encoding,Origin
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
date: Thu, 18 Apr 2024 10:30:16 GMT
x-github-request-id: CA33:1F2299:3FF060:4AAE8D:6620F638
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (253)

Detections

JavaScript (0)

HTTP Transactions (2)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

Detections

HTTP Headers