- trid: Is used to identify and confirm the filetype
- oleid: Is used to extract basic information about the document to get a better understanding of its structure (filename, filetype, encryption status, whether containing VBA macros or not, etc.)
- olementa: Is used to extract property information like metadata from exiftool with many details
- oletime: Is used to determine the different stream objects' creation/alteration etc. times present in the suspicious document
- olemap: Is used to display details about different sectors of the suspicious file in detail
- olevba: Is used to extract all of the found VBA macros in a suspicious document and also to share the summary of the suspicious elements found in the suspicious document
- strings: Is used to extract all strings from a file
- ViperMonkey: Is used to analyze and emulate the behaviors of malicious macros in a MS Office document
ref: TryHackMe.com - MalDoc: Static Analysis Room