Peter M. Groen / oletools

Commit 2f90ec8e24d33d3e358cfa1a3dfb4e09f698fd58

Authored by r3comp1le
1 parent 55483626

added md5 to rtfobj

Inline Side-by-side
Showing 1 changed file with 10 additions and 4 deletions
oletools/rtfobj.py
  View file @2f90ec8
... ... @@ -103,7 +103,7 @@ __version__ = '0.54dev1'
103 103  
104 104 # === IMPORTS =================================================================
105 105  
106   -import re, os, sys, binascii, logging, optparse
  106 +import re, os, sys, binascii, logging, optparse, hashlib
107 107 import os.path
108 108 from time import time
109 109  
... ... @@ -678,6 +678,7 @@ class RtfObjParser(RtfParser):
678 678 rtfobj.hexdata = hexdata
679 679 object_data = binascii.unhexlify(hexdata)
680 680 rtfobj.rawdata = object_data
  681 + rtfobj.rawdata_md5 = hashlib.md5(object_data).hexdigest()
681 682 # TODO: check if all hex data is extracted properly
682 683  
683 684 obj = oleobj.OleObject()
... ... @@ -687,6 +688,7 @@ class RtfObjParser(RtfParser):
687 688 rtfobj.class_name = obj.class_name
688 689 rtfobj.oledata_size = obj.data_size
689 690 rtfobj.oledata = obj.data
  691 + rtfobj.oledata_md5 = hashlib.md5(obj.data).hexdigest()
690 692 rtfobj.is_ole = True
691 693 if obj.class_name.lower() == b'package':
692 694 opkg = oleobj.OleNativeStream(bindata=obj.data,
... ... @@ -695,6 +697,7 @@ class RtfObjParser(RtfParser):
695 697 rtfobj.src_path = opkg.src_path
696 698 rtfobj.temp_path = opkg.temp_path
697 699 rtfobj.olepkgdata = opkg.data
  700 + rtfobj.olepkgdata_md5 = hashlib.md5(opkg.data).hexdigest()
698 701 rtfobj.is_package = True
699 702 else:
700 703 if olefile.isOleFile(obj.data):
... ... @@ -878,6 +881,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False):
878 881 ole_column += '\nFilename: %r' % rtfobj.filename
879 882 ole_column += '\nSource path: %r' % rtfobj.src_path
880 883 ole_column += '\nTemp path = %r' % rtfobj.temp_path
  884 + ole_column += '\nMD5 = %r' % rtfobj.olepkgdata_md5
881 885 ole_color = 'yellow'
882 886 # check if the file extension is executable:
883 887 _, ext = os.path.splitext(rtfobj.filename)
... ... @@ -885,8 +889,8 @@ def process_file(container, filename, data, output_dir=None, save_object=False):
885 889 if re_executable_extensions.match(ext):
886 890 ole_color = 'red'
887 891 ole_column += '\nEXECUTABLE FILE'
888   - # else:
889   - # pkg_column = 'Not an OLE Package'
  892 + else:
  893 + ole_column += '\nMD5 = %r' % rtfobj.oledata_md5
890 894 if rtfobj.clsid is not None:
891 895 ole_column += '\nCLSID: %s' % rtfobj.clsid
892 896 ole_column += '\n%s' % rtfobj.clsid_desc
... ... @@ -930,6 +934,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False):
930 934 else:
931 935 fname = '%s_object_%08X.noname' % (fname_prefix, rtfobj.start)
932 936 print(' saving to file %s' % fname)
  937 + print(' md5 %s' % rtfobj.olepkgdata_md5)
933 938 open(fname, 'wb').write(rtfobj.olepkgdata)
934 939 # When format_id=TYPE_LINKED, oledata_size=None
935 940 elif rtfobj.is_ole and rtfobj.oledata_size is not None:
... ... @@ -947,11 +952,13 @@ def process_file(container, filename, data, output_dir=None, save_object=False):
947 952 ext = 'bin'
948 953 fname = '%s_object_%08X.%s' % (fname_prefix, rtfobj.start, ext)
949 954 print(' saving to file %s' % fname)
  955 + print(' md5 %s' % rtfobj.oledata_md5)
950 956 open(fname, 'wb').write(rtfobj.oledata)
951 957 else:
952 958 print('Saving raw data in object #%d:' % i)
953 959 fname = '%s_object_%08X.raw' % (fname_prefix, rtfobj.start)
954 960 print(' saving object to file %s' % fname)
  961 + print(' md5 %s' % rtfobj.rawdata_md5)
955 962 open(fname, 'wb').write(rtfobj.rawdata)
956 963  
957 964  
... ... @@ -1035,4 +1042,3 @@ if __name__ == '__main__':
1035 1042 main()
1036 1043  
1037 1044 # This code was developed while listening to The Mary Onettes "Lost"
1038   -
... ...