oletools icon indicating copy to clipboard operation
oletools copied to clipboard

Published 20 hours ago verified publisher icon decalage2

Failed to detect OOXML XLSX file

Open randubin opened this issue 2 years ago • 0 comments

Affected tool: olevba, mraptor, rtfobj, oleid, etc

Describe the bug Failed to analyze OOXML XLSX files due to undetected file format.

File/Malware sample to reproduce the bug [Please attach the file in a password protected zip archive, or provide a link where it can be downloaded (e.g. Hybrid Analysis, preferably not VirusTotal which requires paid access). If not possible, please provide a hash.

https://labs.inquest.net/dfi/sha256/6b3f34adaf8d7a6ed3431c129854c08271f7d0132ac382f21ad2b43306dccfc4 https://labs.inquest.net/dfi/sha256/5ec8cdb2cf93dbf9c22e88dc44deb55d516b2049d5a553f8f634a832a8930d21 https://labs.inquest.net/dfi/sha256/52a2212b79b32471c14174d27b8d4b4ad3e6c167c6ef150d370f9ab881d0179c The debug information belongs to this file: https://labs.inquest.net/dfi/sha256/6c7449dd411b963ac70c3933b27c5bf18799ee3852d4022a1ad2e49079201de8 How To Reproduce the bug Regular OLEVBA or other

Expected behavior Analysis of OOXML file.

Console output / Screenshots olevba -l debug 6c7449dd411b963ac70c3933b27c5bf18799ee3852d4022a1ad2e49079201de8_black.xlsx XLMMacroDeobfuscator: pywin32 is not installed (only is required if you want to use MS Excel) olevba 0.60.1.dev6 on Python 3.8.8 - http://decalage.info/python/oletools DEBUG ftguess: file type=Unknown file type - container=Unknown Container INFO 6c7449dd411b963ac70c3933b27c5bf18799ee3852d4022a1ad2e49079201de8_black.xlsx is not a supported file type, cannot extract VBA Macros. DEBUG Checking for encryption (after exception) DEBUG Checking for encryption using msoffcrypto INFO msoffcrypto failed to parse file or determine whether it is encrypted: Unsupported file format INFO Failed to check 6c7449dd411b963ac70c3933b27c5bf18799ee3852d4022a1ad2e49079201de8_black.xlsx for encryption (not an OLE2 structured storage file); assume it is not encrypted. ERROR Failed to open 6c7449dd411b963ac70c3933b27c5bf18799ee3852d4022a1ad2e49079201de8_black.xlsx -- probably not supported! Traceback (most recent call last): File "/opt/anaconda3/lib/python3.8/site-packages/oletools/olevba.py", line 4478, in process_file vba_parser = VBA_Parser_CLI(filename, data=data, container=container, File "/opt/anaconda3/lib/python3.8/site-packages/oletools/olevba.py", line 4030, in init super(VBA_Parser_CLI, self).init(*args, **kwargs) File "/opt/anaconda3/lib/python3.8/site-packages/oletools/olevba.py", line 2822, in init raise FileOpenError(msg) oletools.olevba.FileOpenError: Failed to open file 6c7449dd411b963ac70c3933b27c5bf18799ee3852d4022a1ad2e49079201de8_black.xlsx is not a supported file type, cannot extract VBA Macros. DEBUG will exit now with code 5

Version information:

  • OS:Mac
  • OS version: x.xx - 64 bits
  • Python version: 3.8.8 - 32/64 bits
  • oletools version: 0.60.1.dev6

Additional context Add any other context about the problem here.

randubin avatar Mar 27 '22 06:03 randubin