You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
python oledump.py SCAN7318_000.DOC
1: 114 '\x01CompObj'
2: 4096 '\x05DocumentSummaryInformation'
3: 4096 '\x05SummaryInformation'
4: 6988 '1Table'
5: 571 'Macros/PROJECT'
6: 110 'Macros/PROJECTwm'
7: 97 'Macros/SamboF/\x01CompObj'
8: 289 'Macros/SamboF/\x03VBFrame'
9: 402 'Macros/SamboF/f'
10: 484 'Macros/SamboF/o'
11: M 18318 'Macros/VBA/Module1'
Traceback (most recent call last):
File "../oledump.py", line 1588, in <module>
sys.exit(Main())
File "../oledump.py", line 1585, in Main
return OLEDump(args[0], options)
File "../oledump.py", line 1472, in OLEDump
returnCode = OLESub(ole, '', rules, options)
File "../oledump.py", line 1266, in OLESub
stream = ole.openstream(fname).read()
File "/usr/local/lib/python2.7/dist-packages/olefile/olefile.py", line 1955, in openstream
return self._open(entry.isectStart, entry.size)
File "/usr/local/lib/python2.7/dist-packages/olefile/olefile.py", line 1858, in _open
filesize=self._filesize)
File "/usr/local/lib/python2.7/dist-packages/olefile/olefile.py", line 817, in __init__
raise IOError('incorrect last sector index in OLE stream')
IOError: incorrect last sector index in OLE stream
Originally reported by: Loic Jaquemet (Bitbucket: trolldbois, GitHub: trolldbois)
Hello,
probably in continuation of Issue #27, another piece of malware has find a way to cause issues due to OLE stream corruption.
When using oledump.py on the attached file, the OleFileIO lib raises an error.
Careful, it is a malicious word file. (Dridex)
olefile version: 0.43 - 2016-02-02 (double triple checked)
The text was updated successfully, but these errors were encountered: