Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oledump.plugin_biff error #428

Closed
CalLight opened this issue Apr 10, 2019 · 2 comments
Closed

oledump.plugin_biff error #428

CalLight opened this issue Apr 10, 2019 · 2 comments
Assignees
@decalage2
Labels
🐛 bug plugin_biff
Milestone
oletools 0.54

Comments

@CalLight
Copy link

CalLight commented Apr 10, 2019
edited by decalage2
Loading

Affected tool:
olevba

Running olevba on an xls with Excel 4 macro results in the following error:
malware hash - 4c6ec69af9dfb446273a38be73be83a613018b1b6a64ab1386cc798637a63832

https://www.hybrid-analysis.com/sample/4c6ec69af9dfb446273a38be73be83a613018b1b6a64ab1386cc798637a63832?environmentId=100

olevba 0.54.1 on Python 2.7.16 - http://decalage.info/python/oletools
===============================================================================
FILE: 4c6ec69af9dfb446273a38be73be83a613018b1b6a64ab1386cc798637a63832.xls
Type: OLE
ERROR    Error when running oledump.plugin_biff, please report to https://github.com/decalage2/oletools/issues
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/oletools/olevba.py", line 3106, in detect_xlm_macros
    self.xlm_macros = biff_plugin.Analyze()
  File "/usr/local/lib/python2.7/dist-packages/oletools/thirdparty/oledump/plugin_biff.py", line 1008, in Analyze
    strings += ' '.join(values[0])
TypeError: sequence item 0: expected string, bytearray found
No VBA macros found.

Version information:

  • OS: Linux
  • OS version: Kali 64 bit
  • Python version: 2.7.16
  • oletools version: 0.54
@decalage2 decalage2 self-assigned this Apr 11, 2019
@decalage2 decalage2 added this to the oletools 0.54 milestone Apr 11, 2019
@enzok
Copy link

enzok commented May 9, 2019

The STRING record is receiving a list of bytearray values and then it's trying to do a string join on them, hence the error.

@decalage2 decalage2 reopened this May 19, 2019
@decalage2
Copy link
Owner

This issue is now fixed both for Python 2 and 3.

This was referenced May 20, 2019
Closed
Closed
@MugurAnghel MugurAnghel mentioned this issue Aug 25, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@decalage2 decalage2

Labels
🐛 bug plugin_biff
Projects
None yet
Milestone
oletools 0.54
Development

No branches or pull requests
3 participants
@decalage2 @enzok @CalLight