Didier Stevens

Thursday 19 February 2015

Update: oledump.py Version 0.0.9

Filed under: Malware,My Software,Update — Didier Stevens @ 22:19

The plugin_dridex plugin was updated.

And oledump.py has a new option: –quiet: only print output from plugins.

oledump_V0_0_9.zip (https)
MD5: 849C26F32397D2508381A8472FE40F90
SHA256: 74887EA3D4362C46CCBF67B89BB41D7AACE9E405E4CB5B63888FEDCE20FD6A07


  1. Several dridex .doc examples that do not seem to decode under oledump v0.0.9, via http or dridex plugin.

    Mirror1: http://www.mediafire.com
    Mirror2: https://www.sendspace.com

    Comment by Anonymous — Friday 20 February 2015 @ 1:42

  2. got another .doc sample which was detected by 1/57 in virustotal see: 1cf2218f95300c6a963976d154af0700113fd8e7e120654af70d4b976ec5c163
    the filename changes at the end with numbers so it seems like some champaign
    maybe worth a look

    Comment by stefan — Wednesday 25 February 2015 @ 16:43

  3. […] things first, let’s use oledump.py to see what lies underneath this […]

    Pingback by Crimson Rat (02-24-2020): VelvetSweatshop and shellcode – Click All the Things! — Thursday 27 February 2020 @ 12:54

RSS feed for comments on this post. TrackBack URI

Leave a Reply (comments are moderated)

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.