unknown CLSID B801CA65-A1FC-11D0-85AD-444553540000

[flix87]

rtfobj 0.55

0 |0000013Bh |format_id: 2 (Embedded)
| |class name: 'AcroExch.Document.DC'
| |data size: 14336
| |MD5 = 'a97f42f6fc046f33cca256e9a13fa5fa'
| |CLSID: B801CA65-A1FC-11D0-85AD-444553540000
| |unknown CLSID (please report at
| |https://github.com/decalage2/oletools/issues)

[decalage2]

It looks like it could be "Adobe Acrobat 7.0 Document" or simply "Adobe Acrobat Document".

[flix87]

Yes it is and PDF.

[flix87]

Now I do not getting an Error but I still can't open the file:
`rtfobj 0.55.2 on Python 2.7.12 - http://decalage.info/python/oletools
THIS IS WORK IN PROGRESS - Check updates regularly!
Please report any issue at https://github.com/decalage2/oletools/issues

===============================================================================
File: 'rtf.rtf' - size: 2993950 bytes
---+----------+---------------------------------------------------------------
id |index |OLE Object
---+----------+---------------------------------------------------------------
0 |00000124h |format_id: 2 (Embedded)
| |class name: 'AcroExch.Document.DC'
| |data size: 1451520
| |MD5 = 'ba30391b4f30bf691160dc772a87f1c0'
| |CLSID: B801CA65-A1FC-11D0-85AD-444553540000
| |Adobe Acrobat Document - PDF file
---+----------+---------------------------------------------------------------
Saving file embedded in OLE object #0:
format_id = 2
class name = 'AcroExch.Document.DC'
data size = 1451520
saving to file rtf.rtf_object_00000124.bin
md5 ba30391b4f30bf691160dc772a87f1c0
`

[decalage2]

This is probably because there is some data from the OLE object before the actual start of the PDF file. You may open it in a hex editor, and remove everything before "%PDF", which is the beginning of the PDF file.
If this still doesn't work, maybe the file is heavily obfuscated or corrupt.

[flix87]

Yes If I remove everthing before %PDF it works so the file is okay.
Can we fix that in oletools?