Rtfobj

Return to site

Rtfobj

Rtfobj: added URL carver for CVE-2017-0199; better handling of unicode for systems with locale that does not support UTF-8, e.g. LANG=C (PR #365) tests: test files can now be encrypted, to avoid antivirus alerts (PR #217, issue #215) tests that trigger antivirus alerts have been temporarily disabled (issue #215). Rtfobj.py file.rtf. Extract objects embedded into RTF-formatted file.rtf. Rtfdump.py file.rtf. List groups and structure of RTF-formatted file.rtf. Rtfdump.py file.rtf-f O. List groups in file.rtf that enclose an object. Rtfdump.py file.rtf-s 5-H -d out.bin. Extract object from group 5 and save it into out.bin. Pyxswf.py-xo file.doc. Autodesk inventor 10 free download. Even open-source parsers such as rtfobj.py from oletools have difficulties extracting the embedded OLE: This article explains how the malware author modified the RTF file in order to bypass security protection and frustrate malware researchers. Need to get RTF text off the clipboard? Use the IDataObject interface to see if there is RTF data on the clipboard. In the sample below, copy some RTF data onto the clipboard from another application ….
Rtvobj Oletools
Rtfobj.exe
Oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format o.
oletools is a package of python tools to analyze Microsoft OLE2 files (also called Structured Storage, Compound File Binary Format or Compound Document File Format), such as Microsoft Office documents or Outlook messages, mainly for malware analysis, forensics and debugging. It is based on the olefile parser. See http://www.decalage.info/python/oletools for more info.
2016-11-01 v0.50: all oletools now support python 2 and 3.
olevba: several bugfixes and improvements.
mraptor: improved detection, added mraptor_milter for Sendmail/Postfix integration.
rtfobj: brand new RTF parser, obfuscation-aware, improved display, detect executable files in OLE Package objects.
setup: now creates handy command-line scripts to run oletools from any directory.
2016-06-10 v0.47: olevba added PPT97 macros support, improved handling of malformed/incomplete documents, improved error handling and JSON output, now returns an exit code based on analysis results, new –relaxed option. rtfobj: improved parsing to handle obfuscated RTF documents, added -d option to set output dir. Moved repository and documentation to GitHub.
2016-04-19 v0.46: olevba does not deobfuscate VBA expressions by default (much faster), new option –deobf to enable it. Fixed color display bug on Windows for several tools.
2016-04-12 v0.45: improved rtfobj to handle several anti-analysis tricks, improved olevba to export results in JSON format.
olebrowse: A simple GUI to browse OLE files (e.g. MS Word, Excel, Powerpoint documents), to view and extract individual data streams.
oleid: to analyze OLE files to detect specific characteristics usually found in malicious files.
olemeta: to extract all standard properties (metadata) from OLE files.
oletimes: to extract creation and modification timestamps of all streams and storages.
oledir: to display all the directory entries of an OLE file, including free and orphaned entries.
olemap: to display a map of all the sectors in an OLE file.
olevba: to extract and analyze VBA Macro source code from MS Office documents (OLE and OpenXML).
MacroRaptor: to detect malicious VBA Macros
pyxswf: to detect, extract and analyze Flash objects (SWF) that may be embedded in files such as MS Office documents (e.g. Word, Excel) and RTF, which is especially useful for malware analysis.
oleobj: to extract embedded objects from OLE files.
rtfobj: to extract embedded objects from RTF files.
and a few others (coming soon)
oletools are used by a number of projects and online malware analysis services, including Viper, REMnux, FAME, Hybrid-analysis.com, Joe Sandbox, Deepviz, Laika BOSS, Cuckoo Sandbox, Anlyz.io, ViperMonkey, pcodedmp, dridex.malwareconfig.com, and probably VirusTotal. (Please contact me if you have or know a project using oletools)
Download and Install:
The recommended way to download and install/update the latest stable release of oletools is to use pip:

Rtvobj OletoolsOn Linux/Mac: sudo -H pip install -U oletools
On Windows: pip install -U oletools

This should automatically create command-line scripts to run each tool from any directory: olevba, mraptor, rtfobj, etc.
To get the latest development version instead:
On Linux/Mac: sudo -H pip install -U https://github.com/decalage2/oletools/archive/master.zip
On Windows: pip install -U https://github.com/decalage2/oletools/archive/master.zip
See the documentation for other installation options.
Documentation:
The latest version of the documentation can be found online, otherwise a copy is provided in the doc subfolder of the package.
Πηγή : kitploit
Running python script from the command line or terminal is pretty easy, you just have to type run python script_name.py and it is done. Take a look at the example below to see how it is done:
But, what if you want to run the script from IDLE python shell itself? Sometimes I run the script from the python itself to just showoff :D. Here's how you can do it too.
Commands

For Python2: If you are using Python2 like me, then you can use execfile() function like this:
Check out the example for more clarity
For Python3: But, if you use python version 3+, you can't really use execfile() as the function's been deprecated(to read more info about that, read here). Instead of that, you can exec(open('path/script_name.py').read()). It is just the same.
The above steps will work just fine, but what if your script takes command-line arguments? Well, there's a way to pass the command-line arguments too. But first, let's make one easy script using the command-line arguments in it.
Now, to be able to execute the above script from the Python shell, we first have to set the command-line args. Below are the steps to execute the above script from the python shell:

Rtvobj OletoolsOn Linux/Mac: sudo -H pip install -U oletools
On Windows: pip install -U oletools
This should automatically create command-line scripts to run each tool from any directory: olevba, mraptor, rtfobj, etc.
To get the latest development version instead:
On Linux/Mac: sudo -H pip install -U https://github.com/decalage2/oletools/archive/master.zip
On Windows: pip install -U https://github.com/decalage2/oletools/archive/master.zip
See the documentation for other installation options.
Documentation:
The latest version of the documentation can be found online, otherwise a copy is provided in the doc subfolder of the package.
Πηγή : kitploit
Running python script from the command line or terminal is pretty easy, you just have to type run python script_name.py and it is done. Take a look at the example below to see how it is done:
But, what if you want to run the script from IDLE python shell itself? Sometimes I run the script from the python itself to just showoff :D. Here's how you can do it too.
CommandsFor Python2: If you are using Python2 like me, then you can use execfile() function like this:
Check out the example for more clarity
For Python3: But, if you use python version 3+, you can't really use execfile() as the function's been deprecated(to read more info about that, read here). Instead of that, you can exec(open('path/script_name.py').read()). It is just the same.
The above steps will work just fine, but what if your script takes command-line arguments? Well, there's a way to pass the command-line arguments too. But first, let's make one easy script using the command-line arguments in it.
Now, to be able to execute the above script from the Python shell, we first have to set the command-line args. Below are the steps to execute the above script from the python shell:
CommandsFind the attached screenshot to understand the steps better.
Note:The above steps are for python 2.7.13, for python 3, just replace execfile('path_to_script') with exec(open('path/script_name.py').read()) and it should work just fine.
Rtfobj.exeThat's all, folks !!!