password discovery and decrypted filepath dstfile

decalage2 / oletools

oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.

http://www.decalage.info/python/oletools

Other

2.81k stars 560 forks source link

password discovery and decrypted filepath dstfile #842

Open federicofantini opened 4 months ago

federicofantini commented 4 months ago

added support to password discovery during decryption
added support to decrypted filepath dstfile

mlodic commented 4 months ago

@decalage2 hey how you doing? :P

We struggled in finding the information of the correct password used to decrypt once oletools correctly decrypts the file. Plus, there was a bad message saying "All passwords failed" when it wasn't true.

May I ask if you have any plans for a new release? We would be happy to add this change in IntelOwl without the need to pin the commit.

Thank you and keep up the great work! :)

decalage2 commented 4 months ago

Hi @mlodic and @federicofantini, this is definitely a super useful improvement, thanks a lot! I will surely add it to the next release, that I hope to finish it soon with a number of bugfixes that are waiting in the backlog. I'm not sure exactly when it will be done, though. Probably in the coming weeks.

mlodic commented 1 week ago

any chance to have this in a new release soon? We can help doing changes in case. ty! :)

decalage2 commented 1 week ago

Hi, I'm planning a release with new features quite soon. :-) In this PR, since decrypted_filepath is actually a directory and not the full file path, would it be possible to rename it to decrypted_dir? This is just to avoid confusion. If you could make that change before I merge it, it would be great.