I have a .doc file (test2.zip) that has test VBA macro in it which Vipermonkey is unable to analyze. The analysis stops to error "ERROR 'str' object is not callable".
Additionally, if the sample is run with given dockerfile the analysis stops to a Segmentation fault on Dockers end.
To Reproduce
Local installation, Version information:
Version Information: ViperMonkey: 1.0.3
Python: sys.version_info(major=2, minor=7, micro=18, releaselevel='final', serial=0)
pyparsing: 2.4.7
olefile: 0.46
olevba: 0.60
Steps to replicate:
user@user:/tmp/ViperMonkey/vipermonkey$ python2 vmonkey.py test2.doc
Traceback:
-------------------------------------------------------------------------------
PARSING VBA CODE:
INFO parsed Sub ['NOT_AutoOpen'] (): 2 statement(s)
Traceback (most recent call last):
File "vmonkey.py", line 874, in _process_file
vm.add_compiled_module(m)
File "/tmp/ViperMonkey/vipermonkey/core/__init__.py", line 336, in add_compiled_module self.globals[name.lower()] = _sub
TypeError: 'str' object is not callable
ERROR 'str' object is not callable
Using Docker:
user@user:/tmp/ViperMonkey/docker$ ./dockermonkey.sh test2.doc
Traceback:
[] Running 'docker ps' to see if script has required privileges to run...
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[] Pulling and starting container...
latest: Pulling from haroldogden/vipermonkey
Digest: sha256:0ebbe27f2d0da95f4668de5386df7eee8fb6bb0ced6f2fb92492e677b41eca79
Status: Image is up to date for haroldogden/vipermonkey:latest
docker.io/haroldogden/vipermonkey:latest
[] Attempting to copy file test2.doc into container ID b21343a327086ba7a9b1c32fe40505d0207431d04f6c0494016965233a6a282d [] Starting openoffice listener for file content conversions...
[] Checking for ViperMonkey and dependency updates...
[] Disabling network connection for container ID b21343a327086ba7a9b1c32fe40505d0207431d04f6c0494016965233a6a282d INFO Starting emulation...
INFO Emulating an Office (VBA) file.
INFO Reading document metadata...
Segmentation fault
[*] Done - Killing docker container b21343a327086ba7a9b1c32fe40505d0207431d04f6c0494016965233a6a282d
Additional context
Note: The sample contains a somewhat functional VBA macro used for testing - it is not intended to be malicious and at worst just opens calculator.exe. However, it might trigger antivirus.
Describe the bug Hi,
I have a .doc file (test2.zip) that has test VBA macro in it which Vipermonkey is unable to analyze. The analysis stops to error "ERROR 'str' object is not callable".
Additionally, if the sample is run with given dockerfile the analysis stops to a Segmentation fault on Dockers end.
To Reproduce Local installation, Version information: Version Information: ViperMonkey: 1.0.3
Python: sys.version_info(major=2, minor=7, micro=18, releaselevel='final', serial=0)
pyparsing: 2.4.7
olefile: 0.46
olevba: 0.60
Steps to replicate: user@user:/tmp/ViperMonkey/vipermonkey$ python2 vmonkey.py test2.doc Traceback:
Using Docker: user@user:/tmp/ViperMonkey/docker$ ./dockermonkey.sh test2.doc
Traceback:
[] Running 'docker ps' to see if script has required privileges to run...
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
[] Pulling and starting container...
latest: Pulling from haroldogden/vipermonkey
Digest: sha256:0ebbe27f2d0da95f4668de5386df7eee8fb6bb0ced6f2fb92492e677b41eca79
Status: Image is up to date for haroldogden/vipermonkey:latest
docker.io/haroldogden/vipermonkey:latest
[] Attempting to copy file test2.doc into container ID b21343a327086ba7a9b1c32fe40505d0207431d04f6c0494016965233a6a282d [] Starting openoffice listener for file content conversions...
[] Checking for ViperMonkey and dependency updates...
[] Disabling network connection for container ID b21343a327086ba7a9b1c32fe40505d0207431d04f6c0494016965233a6a282d INFO Starting emulation...
INFO Emulating an Office (VBA) file.
INFO Reading document metadata...
Segmentation fault
[*] Done - Killing docker container b21343a327086ba7a9b1c32fe40505d0207431d04f6c0494016965233a6a282d
Additional context
Note: The sample contains a somewhat functional VBA macro used for testing - it is not intended to be malicious and at worst just opens calculator.exe. However, it might trigger antivirus.