-
When running the latest from git, the following bug appears when running against malware sample `ffa75887740c235250a61413117bb2ee`
[mal.zip](https://github.com/DissectMalware/XLMMacroDeobfuscator/f…
-
FORMULA, CALL, RUN, FORMULA.FILL, WORKBOOK.HIDE, GET.WORKSPACE, ...
Samples:
- https://twitter.com/DissectMalware/status/1248137329820172288
- https://twitter.com/DissectMalware/status/1240789649…
-
Running xlmdeobfuscator on this file:
https://www.virustotal.com/gui/file/a0de1f3af78bef68ddfcabf4b7cedfa0e466ac65648a5e81e591702b463c96b1
gives the following error:
Unencrypted xls file
[Lo…
-
I'm not sure if this is a bug, or I'm missing a new feature or a specific action I should make, so i'll open it as a bug.
Affected tool: olevba
Bug description:
0.56.2 oletools version extracts…
-
**Sample:** https://app.any.run/tasks/03f85d8e-c349-48bc-b367-b7e6ab6b1f94/#
**Error message:**
Error [deobfuscator.py:2433 parse_tree = self.xlm_parser.parse(formula)]: Unexpected token Token('CMPO…
-
**Affected tool:**
olevba,oleid
**Describe the bug**
XLM4 exists in the file, but oletools do not detect it.
**File/Malware sample to reproduce the bug**
https://bazaar.abuse.ch/sample/306433…
-
When analyzing a malicious document with version 0.1.4, analysis proceeds until...
.
.
.
CELL:FE2492 , FullEvaluation , "=SET.VALUE(R17C1,0)"
CELL:FE2493 , FullEvaluation , FORMUL…
-
When analyzing a malicious document with version 0.1.4, analysis proceeds until...
XLMMacroDeobfuscator(v0.1.7) - https://github.com/DissectMalware/XLMMacroDeobfuscator
File: sample2-b5d469a07…
JA1E0 updated
3 years ago
-
First of all, thank you for your great work.
Assignment operator
-----
The equal (=) operator is both a comparison and an assignment operator (à là VBA/VB6). Consider this macro:
```
HT202:…
-
This might be related to #101, and could be duplicate of #107 or #106; The following sample causes an unexpected token error with version 0.2.5 of XLMMacroDeobfuscator:
https://bazaar.abuse.ch/samp…
jhhcs updated
2 years ago