You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running pcodedump on VirusTotal sample db52f43dde8a8fff678640539011bff2882ab11d94537d84c6855c5ff1897f71
gives the following error. I can email you the sample if you don't have access to it.
Error: unpack_from requires a buffer of at least 2 bytes.
VarDefn VBA/Sheet2 - 1158 bytes
The text was updated successfully, but these errors were encountered:
OK, I have reviewed the sample that you sent me. Do not make the changes that you suggested. I haven't made the stupid mistake of addressing the wrong table. Instead, somebody has been actively using a design flaw of pcodedmp and has patched this document so that pcodedmp does not see the modules.
I'll send you a detailed description by e-mail. For now, I am closing the issue. The design flaw will have to be addressed, eventually, in order to handle such attacks, but it involves parsing a very complex and undocumented stream format and I really don't have the time for such an adventure right now.
Running pcodedump on VirusTotal sample db52f43dde8a8fff678640539011bff2882ab11d94537d84c6855c5ff1897f71
gives the following error. I can email you the sample if you don't have access to it.
Error: unpack_from requires a buffer of at least 2 bytes.
VarDefn VBA/Sheet2 - 1158 bytes
The text was updated successfully, but these errors were encountered: