DissectMalware
commented
4 years ago This is addressed now. Please update from the Master.
https://twitter.com/DissectMalware/status/1263147848314556416
Closed enzok closed 4 years ago
DissectMalware
commented
4 years ago This is addressed now. Please update from the Master.
https://twitter.com/DissectMalware/status/1263147848314556416
enzok
commented
4 years ago Thank you!
DissectMalware
commented
4 years ago Thank you @enzok! please keep posting issues when you find a bug or see a new function used by malware campaigns. I'll try to address them as soon as possible
1c6a12ed08fe4c992fa7231da6cacd6c47e85a4e5528d37245bd4918bab65221
This sample is failing with the following: [Starting Deobfuscation] Error: Unexpected token Token(STRING, '"#$%&\'()*+,-./01"') at line 1, column 24. Expected one of:
Seems that MID is now being used in the formulas.
' 0085 14 BOUNDSHEET : Sheet Information - worksheet or dialog sheet, visible ' 0085 38 BOUNDSHEET : Sheet Information - Excel 4.0 macro sheet, visible ' 0018 28 LABEL : Cell Value, String Constant - build-in-name 1 Auto_Open ' 0006 390 FORMULA : Cell Formula - R432C198 len=368 ptgRefV R21975C49291 ptgInt 12 ptgInt 1 ptgFuncV MID (0x001f)