My tool oledump uses indicators, you’re probably most familiar with indicators M and m that indicate that a stream contains macros.
Here is an overview of all possible indicators:
- M: Macro (attributes and code)
- m: macro (attributes without code)
- E: Error (code that throws an error when decompressed)
- !: Unusual macro (code without attributes)
- O: object (embedded file)
- .: storage
- R: root entry
If you want to know more, I recorded this video:
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.