rtfobj: Not a well-formed OLE object

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.89k stars 565 forks source link

rtfobj: Not a well-formed OLE object #739

Open decalage2 opened 2 years ago

decalage2 commented 2 years ago

This AgentTesla sample is not parsed properly by rtfobj: https://twitter.com/ForensicITGuy/status/1490528788308021262 https://forensicitguy.github.io/agenttesla-rtf-dotnet-tradecraft/ Sample: https://bazaar.abuse.ch/sample/213d36f7d37abac0df9187e6ce3ed8e26bc61bd3e02a725b079be90d7cfd5117/