A quick bugfix and a new feature.
oledump will now correctly handle OLE files with an empty storage. Here is an example with a malicious sample that blog readers reported to me:
And when the OLE file contains a stream with VBA code, but this code is just a set of Attribute statements and nothing else, then the indicator will be a lowercase letter m instead of an uppercase letter M.
This way, you can quickly identify interesting VBA streams to analyze.