Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

oledump.plugin_biff error #428

Closed
CalLight opened this issue Apr 10, 2019 · 2 comments
Closed

oledump.plugin_biff error #428

CalLight opened this issue Apr 10, 2019 · 2 comments
Assignees
@decalage2
Labels
🐛 bug plugin_biff
Milestone
oletools 0.54

Comments

@CalLight
Copy link

CalLight commented Apr 10, 2019
edited by decalage2
Loading

Affected tool:
olevba

Running olevba on an xls with Excel 4 macro results in the following error:
malware hash - 4c6ec69af9dfb446273a38be73be83a613018b1b6a64ab1386cc798637a63832

https://www.hybrid-analysis.com/sample/4c6ec69af9dfb446273a38be73be83a613018b1b6a64ab1386cc798637a63832?environmentId=100

olevba 0.54.1 on Python 2.7.16 - http://decalage.info/python/oletools
===============================================================================
FILE: 4c6ec69af9dfb446273a38be73be83a613018b1b6a64ab1386cc798637a63832.xls
Type: OLE
ERROR    Error when running oledump.plugin_biff, please report to https://github.com/decalage2/oletools/issues
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/dist-packages/oletools/olevba.py", line 3106, in detect_xlm_macros
    self.xlm_macros = biff_plugin.Analyze()
  File "/usr/local/lib/python2.7/dist-packages/oletools/thirdparty/oledump/plugin_biff.py", line 1008, in Analyze
    strings += ' '.join(values[0])
TypeError: sequence item 0: expected string, bytearray found
No VBA macros found.

Version information:

  • OS: Linux
  • OS version: Kali 64 bit
  • Python version: 2.7.16
  • oletools version: 0.54
@decalage2 decalage2 self-assigned this Apr 11, 2019
@decalage2 decalage2 added this to the oletools 0.54 milestone Apr 11, 2019
@enzok
Copy link

enzok commented May 9, 2019

The STRING record is receiving a list of bytearray values and then it's trying to do a string join on them, hence the error.

@decalage2 decalage2 reopened this May 19, 2019
@decalage2
Copy link
Owner

This issue is now fixed both for Python 2 and 3.

This was referenced May 20, 2019
Closed
Closed
@MugurAnghel MugurAnghel mentioned this issue Aug 25, 2020
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@decalage2 decalage2

Labels
🐛 bug plugin_biff
Projects
None yet
Milestone
oletools 0.54
Development

No branches or pull requests
3 participants
@decalage2 @enzok @CalLight