Error [deobfuscator.py:2990 process_file(**vars(args))]:
JA1E0 opened this issue · 2 comments
❯
When analyzing a malicious document with version 0.1.7, analysis proceeds until...
xlmdeobfuscator.exe -f D:\malware\white\ecaaab9e2fc089eefb6accae9750ac60.bin
_ _______
|\ /|( \ ( )
( \ / )| ( | () () |
\ () / | | | || || |
) _ ( | | | |()| |
/ ( ) \ | | | | | |
( / \ )| (/| ) ( |
|/ |(___/|/ |
( __ \ ( ____ ( ___ )( ___ \ ( ____ |\ /|( ____ ( ____ ( ___ )__ /( ___ )( ____ )
| ( \ )| ( /| ( ) || ( ) )| ( /| ) ( || ( /| ( /| ( ) | ) ( | ( ) || ( )|
| | ) || ( | | | || (/ / | ( | | | || (_____ | | | () | | | | | | || ()|
| | | || ) | | | || __ ( | ) | | | |(_ )| | | ___ | | | | | | || )
| | ) || ( | | | || ( \ \ | ( | | | | ) || | | ( ) | | | | | | || (\ (
| (/ )| (/| () || )) )| ) | () |/_) || (/| ) ( | | | | () || ) \ _
(/ (/()|/ ___/ |/ ()_)(/|/ | )( (____)|/ _/
XLMMacroDeobfuscator(v0.1.7) - https://github.com/DissectMalware/XLMMacroDeobfuscator
File: D:\malware\ecaaab9e2fc089eefb6accae9750ac60.bin
Unencrypted xls file
[Loading Cells]
Error [deobfuscator.py:2990 process_file(**vars(args))]:
========
MD5: ecaaab9e2fc089eefb6accae9750ac60
Fixed an issue in xlrd2 project (DissectMalware/xlrd2@91bcd84)
Please update xlrd2:
pip install -U https://github.com/DissectMalware/xlrd2/archive/master.zip --force
Then you should see this:
The output seems to be incomplete. The inner if block in z6 formula caused the interpreter loop detection logic to mark it as a loop; thus, halting the interpretation
using -x (to extract raw formula)
thanks this also fixed error for me, upgrading the xlrd2