AttributeError: 'module' object has no attribute 'Message'

[AndyLeeRobinson]

Came across an msg file as a malicious attachment. There is no end to the methods that scammers are using to try to bypass the filters, and this is a new one to me.
So, none of my usual tools work, oletools etc.. so eventually found this repo.
However, it has been frustrating.
So, I ran:
pip install git+https://github.com/mattgwwalker/msg-extractor
and it appeared to install, but no executable extract-msg in /usr/local/bin as expected.

OK, it's a library, so did some more research and pieced together this code to try to do what I want, just to unpack the payload and identify any malicious urls.

import extract_msg
msg = extract_msg.Message("./docq0017-3512c.doc.msg")
for attachment in msg.attachments: attachment.save()

I get this error:

Traceback (most recent call last):
  File "extract_msg.py", line 1, in <module>
    import extract_msg
  File "/var/spool/MailScanner/quarantine/20190612/spam/x5CDM7as3550383/extract_msg.py", line 3, in <module>
    msg = extract_msg.Message("./docq0017-3512c.doc.msg")
AttributeError: 'module' object has no attribute 'Message'

Test on fully updated Fedora 28 and Fedora 29 machines.
It does not work for me from a fresh install.

[TheElementalOfDestruction]

You called your program "extract_msg". Because of this, your program is ending up importing itself, not our module. Change your file name and it should work.

[AndyLeeRobinson]

Ah! That explains a lot!
Renamed to extract-msg.py and it ran without error, however it didn't save any attachments, which could mean there aren't any, but the binary file clearly shows something there.

.1. .D.O.C.U.M.E.N.T. .S.H.A.R.E.D. .(.2.3.0...1.4.K.B.). .2.0. .M.i.n.s. .A.G.O. .
.V.I.E.W./.D.O.W.N.L.O.A.D. .D.O.C.U.M.E.N.T. .F.R.O.M. .S.H.A.R.E.P.O.I.N.T. . .E.m.a.i.l. .a.n.d. .P.a.s.s.w.o.r.d... .
.acce<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<a:clrMap xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" bg1="lt1" tx1="dk1" bg2="lt2" tx2="dk2" etc...

I've attached the file if you'd like to take a look, but it could be live and dangerous.
docq0017-3512c.doc.msg.gz

[TheElementalOfDestruction]

Hmm. That is rather strange that nothing got saved. I'll try to take a look at it in a little while. If you see this before I respond again, try running the following code on the msg file to see if you get anything other than a zero:

print(len(msg.attachments))

[TheElementalOfDestruction]

Can confirm that msg extractor cannot find any attachments. Will now be looking in more depth into this specific file to see what I can find out.

[TheElementalOfDestruction]

I also can't detect any malicious code in the file using malwarebytes

[TheElementalOfDestruction]

Okay, so the file definitely does not have an attachment. It does, however, have a link to what looks to be a malicious site intended to acquire your username and password for SharePoint.