Releases: DissectMalware/XLMMacroDeobfuscator
Releases · DissectMalware/XLMMacroDeobfuscator
XLMMacroDeobfuscator-v0.2.7
Bug fix
XLMMacroDeobfuscator-v0.2.6
Fix bug in interpreting a formula if contains a sheet name that is a valid col name like C1
XLMMacroDeobfuscator-v0.2.5
XLMMacroDeobfuscator-v0.2.4
In this version:
A grammar bug in handling names is fixed (#101)
XLMMacroDeobfuscator-v0.2.3
- Added support for FORMULA.ARRAY and _xlfn.ARABIC
- Fixed several bugs
XLMMacroDeobfuscator-v0.2.0
[The notable changes since v0.1.9]
XLMMacroDeobfuscator v0.2.0:
- Considers auto_close defined names as starting points for interpreting macros
- Loads XLSM files with many empty cells much faster
- Has new switches
- --defined-names
- --sort-formula
- --extract-formula-format
- Supports more functions
- SQRT
- Has less bugs (Lots of bugs were fixed in this version).
XLMMacroDeobfuscator-v0.1.4-beta
The following list summarizes the most notable features added in this version:
- The following XLM functions are added: ROUND, SET.NAME, DIRECTORY, CONCATENATE, ACTIVE.CELL, SELECT, AND, OR, WHILE, LEN, REGISTER
- Dumps shellcodes injected into a process. It interprets the following Windows APIs: VirtualAlloc, WriteProcessMemory, RtlCopyMemory
- Guesses the correct day for DAY(NOW()) used for deobfuscating XLM macro.
- Supports range addresses
- New switches: --with-ms-excel, --password (--no-ms-excel is deprecated)
- Bug fixes
XLMMacroDeobfuscator-v0.1.2-beta
In this version, many new features are introduced. The followings are a few notable additions:
- Many functions such as GET.WORKSPACE, GET.CELL, FORMULA.FILL, SET.VAL, DAY, and IF are added
- If the IF-condition cannot fully be evaluated, then both branches will be explored
- Loop detection mechanism is added to prevent looping
- XLM grammar is updated to consider operator precedence and also associativity
XLMMacroDeobfuscator-v0.1.0-beta
This is an initial release of XLMMacroObfuscator.
XLMMacroObfuscator supports:
Extraction of cell information from macrosheets in xls, xlsm, and xlsb files.
Emulation XLM macros (limited, not all functions are implemented)