oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
olevba 0.56 on Python 3.6.8 fails to parse 5522b698846ce0db6cd7e0ff2511ad93
olevba 0.56 on Python 3.6.8 - http://decalage.info/python/oletools
===============================================================================
FILE: dridex.doc
Type: OLE
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 4024, in process_file
self.run_analysis(show_decoded_strings=show_decoded_strings, deobfuscate=deobfuscate)
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3920, in run_analysis
self.analyze_macros(show_decoded_strings, deobfuscate)
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3532, in analyze_macros
self.vba_code_all_modules = self.get_vba_code_all_modules()
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3511, in get_vba_code_all_modules
for (_, _, _, vba_code) in self.extract_all_macros():
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3495, in extract_all_macros
for (subfilename, stream_path, vba_filename, vba_code) in self.extract_macros():
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3478, in extract_macros
if self.detect_vba_stomping():
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3860, in detect_vba_stomping
assert(s[0]=='"' and s[-1]=='"')
AssertionError
ERROR Error processing file dridex.doc ()!
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 4024, in process_file
self.run_analysis(show_decoded_strings=show_decoded_strings, deobfuscate=deobfuscate)
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3920, in run_analysis
self.analyze_macros(show_decoded_strings, deobfuscate)
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3532, in analyze_macros
self.vba_code_all_modules = self.get_vba_code_all_modules()
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3511, in get_vba_code_all_modules
for (_, _, _, vba_code) in self.extract_all_macros():
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3495, in extract_all_macros
for (subfilename, stream_path, vba_filename, vba_code) in self.extract_macros():
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3478, in extract_macros
if self.detect_vba_stomping():
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 3860, in detect_vba_stomping
assert(s[0]=='"' and s[-1]=='"')
AssertionError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 4362, in process_file
no_xlm=options.no_xlm)
File "/usr/local/lib/python3.6/site-packages/oletools/olevba.py", line 4110, in process_file
raise ProcessingError(self.filename, exc)
oletools.olevba.ProcessingError: Error processing file dridex.doc ()
norwayfinland
commented
3 years ago
olevba 0.56 on Python 3.6.8 fails to parse 5522b698846ce0db6cd7e0ff2511ad93