search

DissectMalware / XLMMacroDeobfuscator

Extract and Deobfuscate XLM macros (a.k.a Excel 4.0 Macros)
Apache License 2.0
568 stars 116 forks source link

entry point not found on Trickbot/EtterSilent sample #84

Closed decalage2 closed 3 years ago

decalage2 commented 3 years ago

The latest XLMdeobfuscator does not find the entry point in this sample: https://app.any.run/tasks/bbadb211-fb6c-41e9-9c36-2484b9ea9db8/# (9b1c03b0cca23a94f2d6988c66eb0d246ec2648623765e83dbf20548ac874837)

DissectMalware commented 3 years ago

This is a bug in xlrd2 lib.

Check https://github.com/DissectMalware/xlrd2/issues/6

Update xlrd2 to resolve it: pip install -U https://github.com/DissectMalware/xlrd2/archive/master.zip