olevba - VB expression parser crashes on a VBScript sample with Chr()

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.88k stars 561 forks source link

olevba - VB expression parser crashes on a VBScript sample with Chr() #34

Open decalage2 opened 8 years ago

decalage2 commented 8 years ago

Originally reported by: Philippe Lagadec (Bitbucket: decalage, GitHub: decalage2)

olevba 0.42 crashes when analyzing the VBScript file dropped by this malware sample: https://malwr.com/analysis/YzZhZjYwMGU2MmI5NGUxMzllZDM5ZDFiMDVlZjkwOGY/

Need to:

Handle exceptions gracefully without crashing.
Fix the parser bug.

Bitbucket: https://bitbucket.org/decalage/oletools/issue/34

decalage2 commented 8 years ago

Original comment by Philippe Lagadec (Bitbucket: decalage, GitHub: decalage2):

Issue #36 was marked as a duplicate of this issue.

decalage2 commented 8 years ago

Original comment by Philippe Lagadec (Bitbucket: decalage, GitHub: decalage2):

This issue was not fully fixed: still need to handle VBA parser exceptions gracefully.

decalage2 commented 8 years ago

Original comment by Philippe Lagadec (Bitbucket: decalage, GitHub: decalage2):

olevba: partially fixed issue 34 in the VBA parser (fixed incorrect expression parsing)