Browse code
bb#11513 - documentation update on targets
Kevin Lin authored on 2016/03/02 02:34:48Showing 1 changed files
| ... | ... |
@@ -395,9 +395,8 @@ MalwareName:TargetType:Offset:HexSignature[:MinFL:[MaxFL]] |
| 395 | 395 |
\begin{itemize}
|
| 396 | 396 |
\item 0 = any file |
| 397 | 397 |
\item 1 = Portable Executable, both 32- and 64-bit. |
| 398 |
- \item 2 = file inside OLE2 container (e.g. image, embedded executable, |
|
| 399 |
- VBA script). The OLE2 format is primarily used by MS Office and MSI |
|
| 400 |
- installation files. |
|
| 398 |
+ \item 2 = OLE2 containers, including their specific macros. The OLE2 |
|
| 399 |
+ format is primarily used by MS Office and MSI installation files. |
|
| 401 | 400 |
\item 3 = HTML (normalized: whitespace transformed to spaces, tags/tag |
| 402 | 401 |
attributes normalized, all lowercase), Javascript is normalized too: |
| 403 | 402 |
all strings are normalized (hex encoding is decoded), numbers are |