+
Skip to content

parsing error/exception seen inside open_ppt() of oletools 0.60.2 #866

New issue
New issue
Open
Open
parsing error/exception seen inside open_ppt() of oletools 0.60.2#866
Assignees
decalage2
Labels
🐛 bugolevbappt_parser
Milestone
 
oletools 0.60
@ghanashyams

Description

@ghanashyams
ghanashyams
opened on Sep 11, 2024

**Affected tool:**olevba 0.60.2

Describe the bug
The sample with hash 548b5f7ed622db4098595877c701695d77672233116cb86835e28372c47d100a(available on VirusTotal) is not parsed and not handled correctly by olevba, exception raised . Detailed stack trace of parsing issue is as below:

(py38ole60) C:\Windows\System32>olevba "C:\samples\Release\ole_test\548b5f7ed622db4098595877c701695d77672233116cb86835e28372c47d100a"
olevba 0.60.2 on Python 3.8.19 - http://decalage.info/python/oletools
ERROR Unhandled exception in main: 'NoneType' object has no attribute 'name'
Traceback (most recent call last):
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 4670, in main
curr_return_code = process_file(filename, data, container, options)
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 4473, in process_file
vba_parser = VBA_Parser_CLI(filename, data=data, container=container,
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 4032, in init
super(VBA_Parser_CLI, self).init(*args, **kwargs)
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 2773, in init
self.open_ppt()
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 3110, in open_ppt
ppt = ppt_parser.PptParser(self.ole_file, fast_fail=True)
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\ppt_parser.py", line 1198, in init
root_streams = self.ole.listdir()
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\olefile\olefile.py", line 1917, in listdir
self._list(files, [], self.root, streams, storages)
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\olefile\olefile.py", line 1890, in _list
prefix = prefix + [node.name]
AttributeError: 'NoneType' object has no attribute 'name'

(py38ole60) C:\Windows\System32>
548b5f7ed622db4098595877c701695d77672233116cb86835e28372c47d100a.zip

File/Malware sample to reproduce the bug
Sample file is attached with this ticket. pascode- infected

How To Reproduce the bug
Steps to reproduce the behavior, including the full command line or the options you used.

Version information: python3.8 windows10/linux

Metadata

Metadata

Assignees

Labels

🐛 bugolevbappt_parser

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载