Peter M. Groen / oletools

Commit f6d7601fc775ce352dde1363d70257424463b095

Authored by Philippe Lagadec
Committed by GitHub
2 parents 9780dc7c 2f90ec8e

Merge pull request #378 from r3comp1le/master 

added md5 to rtfobj
Inline Side-by-side
Showing 1 changed file with 10 additions and 4 deletions
oletools/rtfobj.py
  View file @f6d7601
... ... @@ -103,7 +103,7 @@ __version__ = '0.54dev1'
103 103  
104 104 # === IMPORTS =================================================================
105 105  
106   -import re, os, sys, binascii, logging, optparse
  106 +import re, os, sys, binascii, logging, optparse, hashlib
107 107 import os.path
108 108 from time import time
109 109  
... ... @@ -678,6 +678,7 @@ class RtfObjParser(RtfParser):
678 678 rtfobj.hexdata = hexdata
679 679 object_data = binascii.unhexlify(hexdata)
680 680 rtfobj.rawdata = object_data
  681 + rtfobj.rawdata_md5 = hashlib.md5(object_data).hexdigest()
681 682 # TODO: check if all hex data is extracted properly
682 683  
683 684 obj = oleobj.OleObject()
... ... @@ -687,6 +688,7 @@ class RtfObjParser(RtfParser):
687 688 rtfobj.class_name = obj.class_name
688 689 rtfobj.oledata_size = obj.data_size
689 690 rtfobj.oledata = obj.data
  691 + rtfobj.oledata_md5 = hashlib.md5(obj.data).hexdigest()
690 692 rtfobj.is_ole = True
691 693 if obj.class_name.lower() == b'package':
692 694 opkg = oleobj.OleNativeStream(bindata=obj.data,
... ... @@ -695,6 +697,7 @@ class RtfObjParser(RtfParser):
695 697 rtfobj.src_path = opkg.src_path
696 698 rtfobj.temp_path = opkg.temp_path
697 699 rtfobj.olepkgdata = opkg.data
  700 + rtfobj.olepkgdata_md5 = hashlib.md5(opkg.data).hexdigest()
698 701 rtfobj.is_package = True
699 702 else:
700 703 if olefile.isOleFile(obj.data):
... ... @@ -878,6 +881,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False):
878 881 ole_column += '\nFilename: %r' % rtfobj.filename
879 882 ole_column += '\nSource path: %r' % rtfobj.src_path
880 883 ole_column += '\nTemp path = %r' % rtfobj.temp_path
  884 + ole_column += '\nMD5 = %r' % rtfobj.olepkgdata_md5
881 885 ole_color = 'yellow'
882 886 # check if the file extension is executable:
883 887  
... ... @@ -892,8 +896,8 @@ def process_file(container, filename, data, output_dir=None, save_object=False):
892 896 if re_executable_extensions.match(temp_ext) or re_executable_extensions.match(file_ext):
893 897 ole_color = 'red'
894 898 ole_column += '\nEXECUTABLE FILE'
895   - # else:
896   - # pkg_column = 'Not an OLE Package'
  899 + else:
  900 + ole_column += '\nMD5 = %r' % rtfobj.oledata_md5
897 901 if rtfobj.clsid is not None:
898 902 ole_column += '\nCLSID: %s' % rtfobj.clsid
899 903 ole_column += '\n%s' % rtfobj.clsid_desc
... ... @@ -942,6 +946,7 @@ def process_file(container, filename, data, output_dir=None, save_object=False):
942 946 else:
943 947 fname = '%s_object_%08X.noname' % (fname_prefix, rtfobj.start)
944 948 print(' saving to file %s' % fname)
  949 + print(' md5 %s' % rtfobj.olepkgdata_md5)
945 950 open(fname, 'wb').write(rtfobj.olepkgdata)
946 951 # When format_id=TYPE_LINKED, oledata_size=None
947 952 elif rtfobj.is_ole and rtfobj.oledata_size is not None:
... ... @@ -959,11 +964,13 @@ def process_file(container, filename, data, output_dir=None, save_object=False):
959 964 ext = 'bin'
960 965 fname = '%s_object_%08X.%s' % (fname_prefix, rtfobj.start, ext)
961 966 print(' saving to file %s' % fname)
  967 + print(' md5 %s' % rtfobj.oledata_md5)
962 968 open(fname, 'wb').write(rtfobj.oledata)
963 969 else:
964 970 print('Saving raw data in object #%d:' % i)
965 971 fname = '%s_object_%08X.raw' % (fname_prefix, rtfobj.start)
966 972 print(' saving object to file %s' % fname)
  973 + print(' md5 %s' % rtfobj.rawdata_md5)
967 974 open(fname, 'wb').write(rtfobj.rawdata)
968 975  
969 976  
... ... @@ -1047,4 +1054,3 @@ if __name__ == '__main__':
1047 1054 main()
1048 1055  
1049 1056 # This code was developed while listening to The Mary Onettes "Lost"
1050   -
... ...