oletools
oletools copied to clipboard
decalage2
oletools - python tools to analyze MS OLE2 files (Structured Storage, Compound File Binary Format) and MS Office documents, for malware analysis, forensics and debugging.
Warnings can mess-up the output of oletools, a recent example is the Deprecation Warning of cryptography for python2. Human readers have no trouble ignoring these but automated tests or other...
Corrected the branch name, assuming github would manage to update the pull request associated with it This is a re-creation of PR #464: Integrated decrypt in oleobj. This has 2...
Quoting the deprecation warning for package "cryptography", which is needed for msoffcrypto: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in...
Today the tests running on PyPy 2 trigger the following error on PyPy 2 (but not CPython 2): ``` /home/travis/virtualenv/pypy2.7-7.1.1/site-packages/msoffcrypto/method/rc4.py:5: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python...
**Affected tool:** olevba **Describe the bug** When using `extract_macros` function after `detect_macros` executed, i realized it adds not macro sheets to xlm_macros list. `_extract_xlm_plugin_biff` function causes this issue.It finds BOUNDSHEET...
**Affected tool:** olevba **Describe the bug** during the build if the setup.py test is executed it fails with the tests/olevba/test_basic.py From the testing directory tests/test-data/excel4-macros the olevba tool fails to...
**Affected tool:** olevba version 0.60.1 **Describe the bug** Running some malware files through `olevba` prints `NUL` bytes to the output which makes parsing it by other tools (where `NUL` terminates...
I'm having trouble with this file [2e971537ae95b5692688ce47b590599e](https://www.virustotal.com/#/file/3bb726c559e3b11a1184d83f9148137c08931b7bdd4ef5c375997a6f68b8db0d/detection). The file can be downloaded from this link: [https://ufile.io/mq75i](https://ufile.io/mq75i) The problem persist with both the latest version from pip install and the latest...
See https://isc.sans.edu/diary/29174 Sample: https://bazaar.abuse.ch/sample/1c8cfccd2e45ea898125a62686ee97a1e923dfbbc8652889027d46b04aa5dc75/
Even small input files can lead to memory exhaustion inside `oletools.olevba.VBA_Parser.open_openxml`, as zipped contents are read into memory (https://github.com/decalage2/oletools/blob/master/oletools/olevba.py#L2876-L2879). As a safety-measure one could implement a configurable limit for those...
