Description
Affected tool: olevba
Describe the bug
The sample with hash 108519732a9e9c01e4a708c97c016ce31704178648b74b3155a8b91cd7fdde07 (available on VirusTotal) is not parsed and not handled correctly by olevba, exception raised . Detailed stack trace of parsing issue is as below:
C:\Windows\System32>olevba C:\samples\108519732a9e9c01e4a708c97c016ce31704178648b74b3155a8b91cd7fdde07
olevba 0.60.2 on Python 3.8.19 - http://decalage.info/python/oletools
ERROR Unhandled exception in main: negative seek value -147
Traceback (most recent call last):
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 4670, in main
curr_return_code = process_file(filename, data, container, options)
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 4473, in process_file
vba_parser = VBA_Parser_CLI(filename, data=data, container=container,
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 4032, in init
super(VBA_Parser_CLI, self).init(*args, **kwargs)
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 2757, in init
self.ftg = ftguess.FileTypeGuesser(self.filename, data=data)
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\ftguess.py", line 845, in init
if FType_Generic_OpenXML.recognize(self):
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\ftguess.py", line 405, in recognize
root_rels = ftg.zipfile.read('_rels/.rels')
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\zipfile.py", line 1483, in read
with self.open(name, "r", pwd) as fp:
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\zipfile.py", line 1538, in open
fheader = zef_file.read(sizeFileHeader)
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\zipfile.py", line 765, in read
self._file.seek(self._pos)
ValueError: negative seek value -147
File/Malware sample to reproduce the bug
Sample attached password - infected
How To Reproduce the bug
command to scan -> olevba 108519732a9e9c01e4a708c97c016ce31704178648b74b3155a8b91cd7fdde07
Expected behavior
Should not cause exception.
Console output / Screenshots
If applicable, add screenshots to help explain your problem.
Use the option "-l debug" to add debugging information, if possible.
Version information:
- OS: Windows/Linux/
- OS version: x.xx - 64 bits
- Python version: 3.8
- oletools version: 0.60.2
Additional context
Add any other context about the problem here.