-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug in decrypting '97 office docs #17
Comments
Thank you for your report! This seems to be an interesting case. The reported file is encrypted .docm file in reality, but MS Word seems to be indifferent to the extension of a file if
so the attacker can use .doc extension instead of .docm (while it matters to LibreOffice.) This article was informative for me: https://www.securityweek.com/attackers-disguise-macro-malware-renaming-files The fix (in PR #18 and so in v4.6.3) for msoffcrypto-tool is just to try looking for For the record, it was curious that the reported file has extra unused MS-DOC streams. Getting off topic, I haven't tried but it might be possible to create MS-DOC file encrpyted in the OOXML way. |
Unable to decrypt an office '97 document. The decryption fails here: https://github.com/nolze/msoffcrypto-tool/blob/master/msoffcrypto/format/doc97.py#L392
Document file is attached to the email found here: https://www.malware-traffic-analysis.net/2018/08/21/index2.html
Please contact me with questions, and I can provide the raw file for your convenience.
The text was updated successfully, but these errors were encountered: