Error [deobfuscator.py:2990 process_file(**vars(args))]:

[JA1E0]

❯ When analyzing a malicious document with version 0.1.7, analysis proceeds until... xlmdeobfuscator.exe -f D:\malware\white\ecaaab9e2fc089eefb6accae9750ac60.bin

      _        _______

|\ /|( \ ( ) ( \ / )| ( | () () | \ () / | | | || || | ) ( | | | |(_)| | / ( ) \ | | | | | | ( / \ )| (_/| ) ( | |/ |(____/|/ |

---

( \ ( __ ( )( \ ( |\ /|( ( __ ( _ )\ _/( )( __ ) | ( \ )| ( \/| ( ) || ( ) )| ( \/| ) ( || ( \/| ( \/| ( ) | ) ( | ( ) || ( )| | | ) || ( | | | || (/ / | ( | | | || (__ | | | () | | | | | | || (__)| | | | || ) | | | || ( | ) | | | |(__ )| | | | | | | | | || ) | | ) || ( | | | || ( \ \ | ( | | | | ) || | | ( ) | | | | | | || (\ ( | (/ )| (__/| (__) || )) )| ) | () |/__) || (__/| ) ( | | | | () || ) \ _ (__/ (__/(____)|/ \/ |/ ()\)(___/|/ | )_( (___)|/ __/

XLMMacroDeobfuscator(v0.1.7) - https://github.com/DissectMalware/XLMMacroDeobfuscator

File: D:\malware\ecaaab9e2fc089eefb6accae9750ac60.bin

Unencrypted xls file

[Loading Cells] Error [deobfuscator.py:2990 process_file(**vars(args))]:

======== MD5: ecaaab9e2fc089eefb6accae9750ac60

[DissectMalware]

Fixed an issue in xlrd2 project (https://github.com/DissectMalware/xlrd2/commit/91bcd840a4d697a9938ca3ed92f48b6d0c8ed97e)

Please update xlrd2:

pip install -U https://github.com/DissectMalware/xlrd2/archive/master.zip --force

Then you should see this:

The output seems to be incomplete. The inner if block in z6 formula caused the interpreter loop detection logic to mark it as a loop; thus, halting the interpretation

using -x (to extract raw formula)

[doomedraven]

thanks this also fixed error for me, upgrading the xlrd2