oledump.py has the –calc option to calculate the MD5 hashes of each stream (if you need another hash algorithm, use option –extra).
This time I needed the hashes of the decompressed macro streams, and not of the raw streams. So I updated oledump.py to support using options –calc and -v together (and also option –extra and -v). When you use option –calc (or –extra) with option -v, raw macro streams (indicator m or M) will be decompressed and the hash of the decompressed macro will be calculated.
I needed this option to compare two samples that were different, but probably very similar.
Here I can see that the hashes of the macro streams are identical, hence that although I have 2 different samples, the VBA code is identical.
oledump_V0_0_24.zip (https)
MD5: F1BFD24FBC72966D54C365B57E662700
SHA256: 4C175874EFDF7DB3264038BFACFD44F1B9060E834189FF3CBAA6C8EBD9D7F680
Didier Stevens 
While your software is excellent, I’m still seeing an issue with docx files. It fails to recognize them as office documents and gives no output. If I manually unzip it, it does appear to be a word document, with lots of .xml files. Any advice?
Comment by Robert — Thursday 7 July 2016 @ 15:41
@Robert No, there is no issue with the tool, this is expected bahavior. .docx files do not contain macros. Try a .docm file, they contain macros.
Comment by Didier Stevens — Thursday 7 July 2016 @ 18:22
That explains it. Thanks for all you do.
Comment by Robert — Thursday 7 July 2016 @ 19:46
You’re welcome!
Comment by Didier Stevens — Thursday 7 July 2016 @ 22:27
[…] Update:oledump.py Version 0.0.24 […]
Pingback by Overview of Content Published In June | Didier Stevens — Sunday 17 July 2016 @ 0:00