Closed
Description
Originally reported by: Unknown Name (Bitbucket: ganado, GitHub: ganado)
Hello!
I've encountered a parsing error on malware sample. (I could open this file with SSView)
First, incomplete OLE stream error while opening unicode named vba script.
_VBA_PROJECT_CUR/VBA/Лист1
Traceback (most recent call last):
File "/Users/mmt_edu/bin/malware_analysis_homework2.py", line 459, in run
ofp = ole.openstream(olepath)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 1911, in openstream
return self._open(entry.isectStart, entry.size)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 1814, in _open
filesize=self._filesize)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 753, in __init__
raise IOError('incomplete OLE stream')
IOError: incomplete OLE stream
and out of range error while opening other vba files ...
"_VBA_PROJECT_CUR/VBA/dir"
Traceback (most recent call last):
File "/Users/mmt_edu/bin/malware_analysis_homework2.py", line 459, in run
ofp = ole.openstream(olepath)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 1911, in openstream
return self._open(entry.isectStart, entry.size)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 1814, in _open
filesize=self._filesize)
File "/usr/local/lib/python2.7/site-packages/olefile/olefile.py", line 763, in __init__
raise IOError('incorrect OLE FAT, sector index out of range')
IOError: incorrect OLE FAT, sector index out of range
Attached is xls file(malware sample), for reproducing the bug.
I am using python 2.7.10, olefile 0.42
Thanks for wonderful project.