Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: oledump's Indicators (video) - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
oledump's Indicators (video)

My tool oledump uses indicators, you're probably most familiar with indicators M and m that indicate that a stream contains macros.

Here is an overview of all possible indicators:

  • M: Macro (attributes and code)
  • m: macro (attributes without code)
  • E: Error (code that throws an error when decompressed)
  • !: Unusual macro (code without attributes)
  • O: object (embedded file)
  • .: storage
  • R: root entry

If you want to know more, I recorded this video:


Didier Stevens
Senior handler
Microsoft MVP


650 Posts
ISC Handler
Dec 6th 2020

Sign Up for Free or Log In to start participating in the conversation!