On Tue, 16 Aug 2016, Jack wrote:
>
> To note, the document opens fine in Microsoft Word, and oletools has no
> issues dumping out the macros.
Hi,
I have observed this problem too with files
that file reports as "Microsoft Word 2007+".
oledump will extract the macros but not sigtool.
clamav
On Mon, August 15, 2016 4:25 pm, Jack wrote:
> Great, thanks. Here is the output with ‘—debug’:
>
>
> LibClamAV debug: Initialized 0.99.2 engine
> LibClamAV debug: in cli_ole2_extract()
> LibClamAV debug: OLE2 magic failed!
> LibClamAV debug: Cleaning up phishcheck
> LibClamAV debug: Phishcheck cl
Great, thanks. Here is the output with ‘—debug’:
LibClamAV debug: Initialized 0.99.2 engine
LibClamAV debug: in cli_ole2_extract()
LibClamAV debug: OLE2 magic failed!
LibClamAV debug: Cleaning up phishcheck
LibClamAV debug: Phishcheck cleaned up
To note, the document opens fine in Microsoft Word,
On Mon, August 15, 2016 3:50 pm, Jack wrote:
> Hello,
>
>
>
> Can someone take a look and determine why there are passing issues?
Hi Jack,
add --debug on the end... eg... might give you a bit more info...
sigtool --vba "287DD777DB20BE14F2DD0B9952BECF41.xxx" --debug
LibClamAV debug: Initialized
Hello,
I am attempting to dissect a document’s macros using sigtool, but am running
into a problem. Nothing is being returned when the following command is run:
$ sigtool --vba
'237b81cda8251aac11eaa28387765e6dd165664aa87563a6bce5951dd5ca4de3.bin’
The document in question is SHA256:
237b81cda
