This follows on from the post detailing the basic usage of viper. If you have not read that post I would start there.
An index of all the modules can be found here.
The office module is designed to extract meta data and stream information from a variety of office formats. As before this will showcase the analysis features of Viper with Office docs.
Viper is capable of reading most Office Types. This includes OLE and Open Office formats as well as the new talked about XML MSO and MHT file formats.
As with all modules the help file will show us all the available options.
Lists Document information like author, pages, words, edit times etc.
OLE Information -o
This works on the old OLE Format and will identify components of the OLE.
This command will look at all the objects stored inside the Office document. It will process both office 03 formats and newer office 07 + formats.
Export -e /path/to/save
This command will extract and save all the streams to directory of your choosing.
VBA / Macro Analysis -v
This command will read any macro code that is included in the document and provide some analytical details.
VBA Code Export -c /path/to/file.ext
This command will produce an output identical to the VBA command but will also output a copy of the extracted Macro code to your named file. It is important to note that this extraction will work even if the document has passwords set to restrict viewing.
That’s all for this module. It is currently being updated to work with the ‘New’ xml and Mime mso types that are being used by Dridex.
As usual Questions, Queries, Comments below.