Open JA1E0 opened 3 years ago
Fixed an issue in xlrd2 project (https://github.com/DissectMalware/xlrd2/commit/91bcd840a4d697a9938ca3ed92f48b6d0c8ed97e)
Please update xlrd2:
pip install -U https://github.com/DissectMalware/xlrd2/archive/master.zip --force
Then you should see this:
The output seems to be incomplete. The inner if block in z6 formula caused the interpreter loop detection logic to mark it as a loop; thus, halting the interpretation
using -x (to extract raw formula)
thanks this also fixed error for me, upgrading the xlrd2
❯ When analyzing a malicious document with version 0.1.7, analysis proceeds until... xlmdeobfuscator.exe -f D:\malware\white\ecaaab9e2fc089eefb6accae9750ac60.bin
|\ /|( \ ( ) ( \ / )| ( | () () | \ () / | | | || || | ) ( | | | |(_)| | / ( ) \ | | | | | | ( / \ )| (_/| ) ( | |/ |(____/|/ |
( \ ( __ ( )( \ ( |\ /|( ( __ ( _ )\ _/( )( __ ) | ( \ )| ( \/| ( ) || ( ) )| ( \/| ) ( || ( \/| ( \/| ( ) | ) ( | ( ) || ( )| | | ) || ( | | | || (/ / | ( | | | || (__ | | | () | | | | | | || (__)| | | | || ) | | | || ( | ) | | | |(__ )| | | | | | | | | || ) | | ) || ( | | | || ( \ \ | ( | | | | ) || | | ( ) | | | | | | || (\ ( | (/ )| (__/| (__) || )) )| ) | () |/__) || (__/| ) ( | | | | () || ) \ _ (__/ (__/(____)|/ \/ |/ ()\)(___/|/ | )_( (___)|/ __/
XLMMacroDeobfuscator(v0.1.7) - https://github.com/DissectMalware/XLMMacroDeobfuscator
File: D:\malware\ecaaab9e2fc089eefb6accae9750ac60.bin
Unencrypted xls file
[Loading Cells] Error [deobfuscator.py:2990 process_file(**vars(args))]:
======== MD5: ecaaab9e2fc089eefb6accae9750ac60