Last Updated: 2020-11-15 14:17:57 UTC
by Didier Stevens (Version: 1)
In diary entry "AV Cleaned Maldoc" I analyze a malicious document with VBA code that has been removed by anti-virus.
As the VBA code has been wiped, no M or m indicators are present:
I've updated my oledump.py to add a ! indicator for such streams:
I also compiled an overview of oledump's indicators.