oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
When running oleobj against the embedded object the following error is hit.
oleobj 0.52.4 - http://decalage.info/oletools
THIS IS WORK IN PROGRESS - Check updates regularly!
Please report any issue at https://github.com/decalage2/oletools/issues
-------------------------------------------------------------------------------
File: './068856a2a048786109fd825130f29bf1_object_00018402.bin'
ERROR Caught exception opening ./068856a2a048786109fd825130f29bf1_object_00018402.bin
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/oletools/oleobj.py", line 629, in find_ole
ole = olefile.OleFileIO(arg_for_ole)
File "/usr/local/lib/python2.7/dist-packages/oletools/thirdparty/olefile/olefile.py", line 1211, in __init__
self.open(filename, write_mode=write_mode)
File "/usr/local/lib/python2.7/dist-packages/oletools/thirdparty/olefile/olefile.py", line 1479, in open
self.loaddirectory(self.first_dir_sector)
File "/usr/local/lib/python2.7/dist-packages/oletools/thirdparty/olefile/olefile.py", line 1844, in loaddirectory
self.root.build_storage_tree()
File "/usr/local/lib/python2.7/dist-packages/oletools/thirdparty/olefile/olefile.py", line 1021, in build_storage_tree
self.append_kids(self.sid_child)
File "/usr/local/lib/python2.7/dist-packages/oletools/thirdparty/olefile/olefile.py", line 1074, in append_kids
... Output snipped ...
File "/usr/local/lib/python2.7/dist-packages/oletools/thirdparty/olefile/olefile.py", line 1052, in append_kids
child = self.olefile._load_direntry(child_sid) #direntries[child_sid]
File "/usr/local/lib/python2.7/dist-packages/oletools/thirdparty/olefile/olefile.py", line 1864, in _load_direntry
"double reference for OLE stream/storage")
File "/usr/local/lib/python2.7/dist-packages/oletools/thirdparty/olefile/olefile.py", line 1237, in _raise_defect
log.warning(message)
File "/usr/lib/python2.7/logging/__init__.py", line 1178, in warning
if self.isEnabledFor(WARNING):
RuntimeError: maximum recursion depth exceeded
Even though oleobj shouldn't produce any real output in this scenario, it seems to me that a recursion bug exists and should be handled by olefile.
I think that this is a case where recursion is running further than intended... An object is 0xc00 in length and recursion limits are being hit.
The full contents of the equation object are
When running oleobj against the embedded object the following error is hit.
Even though oleobj shouldn't produce any real output in this scenario, it seems to me that a recursion bug exists and should be handled by olefile.
The following object can be downloaded here -> https://drive.google.com/open?id=1EHrNlgSDr6NH7qMLS5vFh309IVwigCTZ password: oletools