Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error while parsing file with macro #79

Open
johnylate29 opened this issue Jul 11, 2019 · 1 comment
Open

Error while parsing file with macro #79

johnylate29 opened this issue Jul 11, 2019 · 1 comment
Assignees
@decalage2
Labels
bug VBA parser
Milestone
ViperMonkey 0.08

Comments

@johnylate29
Copy link

Hi guys! Thanks for a good tool! I have a problem while trying to deobfuscate some VBA macros. I think this is a problem not on a Viper Monkey side but maybe you faced this before and can tell me in what direction I should search.

Ubuntu 18.04.2 LTS
python 2.7.15

Sample with macros:
https://app.any.run/tasks/01bc5799-47d9-47f5-8ee7-598c7c5fc21f

Output:

PARSING VBA CODE:
Traceback (most recent call last):
File "/home/user/.local/lib/python2.7/site-packages/vipermonkey/vmonkey.py", line 1400, in _process_file
comp_modules = parse_streams(vba, strip_useless)
File "/home/user/.local/lib/python2.7/site-packages/vipermonkey/vmonkey.py", line 1147, in parse_streams
return parse_streams_serial(vba, strip_useless)
File "/home/user/.local/lib/python2.7/site-packages/vipermonkey/vmonkey.py", line 1106, in parse_streams_serial
m = parse_stream(subfilename, stream_path, vba_filename, vba_code, strip_useless, local_funcs)
File "/home/user/.local/lib/python2.7/site-packages/vipermonkey/vmonkey.py", line 1067, in parse_stream
m = module.parseString(vba_code + "\n", parseAll=True)[0]
File "/home/user/.local/lib/python2.7/site-packages/pyparsing.py", line 1811, in parseString
self.streamline()
File "/home/user/.local/lib/python2.7/site-packages/pyparsing.py", line 3728, in streamline
super(And, self).streamline()
File "/home/user/.local/lib/python2.7/site-packages/pyparsing.py", line 3655, in streamline
e.streamline()
File "/home/user/.local/lib/python2.7/site-packages/pyparsing.py", line 4124, in streamline
self.expr.streamline()
File "/home/user/.local/lib/python2.7/site-packages/pyparsing.py", line 3892, in streamline
super(MatchFirst, self).streamline()
File "/home/user/.local/lib/python2.7/site-packages/pyparsing.py", line 3655, in streamline
e.streamline()
File "/home/user/.local/lib/python2.7/site-packages/pyparsing.py", line 3728, in streamline
super(And, self).streamline()
File "/home/user/.local/lib/python2.7/site-packages/pyparsing.py", line 3655, in streamline
e.streamline()
File "/home/user/.local/lib/python2.7/site-packages/pyparsing.py", line 3728, in streamline
super(And, self).streamline()
File "/home/user/.local/lib/python2.7/site-packages/pyparsing.py", line 3655, in streamline
e.streamline()
@kirk-sayre-work
Copy link
Contributor

Could you try this sample with the dev fork of ViperMonkey (https://github.com/kirk-sayre-work/ViperMonkey) ? This sample is analyzed successfully with that fork.

@decalage2 decalage2 self-assigned this Jul 11, 2019
@decalage2 decalage2 added this to the ViperMonkey 0.08 milestone Jul 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@decalage2 decalage2

Labels
bug VBA parser
Projects
None yet
Milestone
ViperMonkey 0.08
Development

No branches or pull requests
3 participants
@decalage2 @kirk-sayre-work @johnylate29