Bugfixes in ISNUMBER, IF and SEARCH

DissectMalware / XLMMacroDeobfuscator

Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)

Apache License 2.0

568 stars 115 forks source link

Bugfixes in ISNUMBER, IF and SEARCH #68

Closed stevengoossensB closed 3 years ago

stevengoossensB commented 3 years ago

Please check line 1093. Seems to me that True and False were switched around, but maybe I'm missing something?

DissectMalware commented 3 years ago

Please share with me the sample file that you have tested your code with.

stevengoossensB commented 3 years ago

Tested it with

6f6ba7e59949cd4869f4cd3d63d556b86313b7e42d2030546426efbef20ee2c1.xls

when also temporarily changing the output of the FILES command to always return a value, the sample runs to the end and also shows the dropper URL again.

DissectMalware commented 3 years ago

I fixed a few more things so the sample can be emulated

https://pastebin.com/6LuM1buA