OfficeMalScanner v 0.431,用于扫描恶意文档,如外壳代码启发式、PE文件或嵌入式OLE流。它支持反汇编和hexview以及简单的暴力模式来检测加密文件。在这旁边,一个office文件正在被扫描VB宏代码,如果找到,它将被提取出来供进一步分析。
(OfficeMalScanner is a MS office forensic tool to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams. It supports disassembly and hexview as well as an easy brute force mode to detect encrypted files. Next to this, an office file is being scanned for VB-macro code and if found, it will be extracted for further analysis)