Package modules :: Package packages :: Module pub
[hide private]
[frames] | no frames]

Source Code for Module modules.packages.pub

 1  # Copyright (C) 2010-2013 Claudio Guarnieri. 
 2  # Copyright (C) 2014-2016 Cuckoo Foundation. 
 3  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
 4  # See the file 'docs/LICENSE' for copying permission. 
 5   
 6  from _winreg import HKEY_CURRENT_USER 
 7   
 8  from lib.common.abstracts import Package 
 9   
10 -class PUB(Package):
11 """Word analysis package.""" 12 PATHS = [ 13 ("ProgramFiles", "Microsoft Office", "MSPUB.EXE"), 14 ("ProgramFiles", "Microsoft Office", "Office10", "MSPUB.EXE"), 15 ("ProgramFiles", "Microsoft Office", "Office11", "MSPUB.EXE"), 16 ("ProgramFiles", "Microsoft Office", "Office12", "MSPUB.EXE"), 17 ("ProgramFiles", "Microsoft Office", "Office14", "MSPUB.EXE"), 18 ("ProgramFiles", "Microsoft Office", "Office15", "MSPUB.EXE"), 19 ("ProgramFiles", "Microsoft Office", "Office16", "MSPUB.EXE"), 20 ("ProgramFiles", "Microsoft Office 15", "root", "office15", "MSPUB.EXE"), 21 ("ProgramFiles", "Microsoft Office", "root", "Office16", "MSPUB.EXE"), 22 ] 23 24 REGKEYS = [ 25 [ 26 HKEY_CURRENT_USER, 27 "Software\\Microsoft\\Office\\12.0\\Publisher\\Security", 28 { 29 # Enable VBA macros in Office 2007. 30 "VBAWarnings": 1, 31 "AccessVBOM": 1, 32 33 # "The file you are trying to open .xyz is in a different 34 # format than specified by the file extension. Verify the file 35 # is not corrupted and is from trusted source before opening 36 # the file. Do you want to open the file now?" 37 "ExtensionHardening": 0, 38 }, 39 ], 40 [ 41 HKEY_CURRENT_USER, 42 "Software\\Microsoft\\Office\\15.0\\Publisher\\Security", 43 { 44 # Enable VBA macros in Office 2013. 45 "VBAWarnings": 1, 46 "AccessVBOM": 1, 47 48 # "The file you are trying to open .xyz is in a different 49 # format than specified by the file extension. Verify the file 50 # is not corrupted and is from trusted source before opening 51 # the file. Do you want to open the file now?" 52 "ExtensionHardening": 0, 53 }, 54 ], 55 [ 56 HKEY_CURRENT_USER, 57 "Software\\Microsoft\\Office\\16.0\\Publisher\\Security", 58 { 59 # Enable VBA macros in Office 2016. 60 "VBAWarnings": 1, 61 "AccessVBOM": 1, 62 }, 63 ], 64 ] 65
66 - def start(self, path):
67 publisher = self.get_path("Microsoft Office Publisher") 68 return self.execute( 69 publisher, args=["/o", path], mode="office", trigger="file:%s" % path 70 )
71