You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Originally reported by: Unknown Name (Bitbucket: ganado, GitHub: ganado)
Hello!
I've encountered a parsing error on malware sample. (I could open this file with SSView)
First, incomplete OLE stream error while opening unicode named vba script.
_VBA_PROJECT_CUR/VBA/Лист1
Traceback (most recent call last):
File "/Users/mmt_edu/bin/malware_analysis_homework2.py", line 459, in run
ofp = ole.openstream(olepath)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 1911, in openstream
return self._open(entry.isectStart, entry.size)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 1814, in _open
filesize=self._filesize)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 753, in __init__
raise IOError('incomplete OLE stream')
IOError: incomplete OLE stream
and out of range error while opening other vba files ...
"_VBA_PROJECT_CUR/VBA/dir"
Traceback (most recent call last):
File "/Users/mmt_edu/bin/malware_analysis_homework2.py", line 459, in run
ofp = ole.openstream(olepath)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 1911, in openstream
return self._open(entry.isectStart, entry.size)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 1814, in _open
filesize=self._filesize)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 763, in __init__
raise IOError('incorrect OLE FAT, sector index out of range')
IOError: incorrect OLE FAT, sector index out of range
Attached is xls file(malware sample), for reproducing the bug.
Original comment byPhilippe Lagadec (Bitbucket: decalage, GitHub: decalage2):
After a lot of troubleshooting, I found the issue: the sample file is slightly malformed. Its header sets the "mini sector cutoff size" to 0, whereas the only allowed value is 4096. If I fix this value in olefile, then all streams can be read without error.
Originally reported by: Unknown Name (Bitbucket: ganado, GitHub: ganado)
Hello!
I've encountered a parsing error on malware sample. (I could open this file with SSView)
First, incomplete OLE stream error while opening unicode named vba script.
and out of range error while opening other vba files ...
Attached is xls file(malware sample), for reproducing the bug.
I am using python 2.7.10, olefile 0.42
Thanks for wonderful project.
The text was updated successfully, but these errors were encountered: