Package modules :: Package packages :: Module doc
[hide private]
[frames] | no frames]

Source Code for Module modules.packages.doc

 1  # Copyright (C) 2010-2013 Claudio Guarnieri. 
 2  # Copyright (C) 2014-2016 Cuckoo Foundation. 
 3  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
 4  # See the file 'docs/LICENSE' for copying permission. 
 5   
 6  from _winreg import HKEY_CURRENT_USER 
 7   
 8  from lib.common.abstracts import Package 
 9   
10 -class DOC(Package):
11 """Word analysis package.""" 12 PATHS = [ 13 ("ProgramFiles", "Microsoft Office", "WINWORD.EXE"), 14 ("ProgramFiles", "Microsoft Office", "Office10", "WINWORD.EXE"), 15 ("ProgramFiles", "Microsoft Office", "Office11", "WINWORD.EXE"), 16 ("ProgramFiles", "Microsoft Office", "Office12", "WINWORD.EXE"), 17 ("ProgramFiles", "Microsoft Office", "Office14", "WINWORD.EXE"), 18 ("ProgramFiles", "Microsoft Office", "Office15", "WINWORD.EXE"), 19 ("ProgramFiles", "Microsoft Office", "Office16", "WINWORD.EXE"), 20 ("ProgramFiles", "Microsoft Office 15", "root", "office15", "WINWORD.EXE"), 21 ("ProgramFiles", "Microsoft Office", "root", "Office16", "WINWORD.EXE"), 22 ("ProgramFiles", "Microsoft Office", "WORDVIEW.EXE"), 23 ] 24 25 REGKEYS = [ 26 [ 27 HKEY_CURRENT_USER, 28 "Software\\Microsoft\\Office\\12.0\\Common\\General", 29 { 30 # "Welcome to the 2007 Microsoft Office system" 31 "ShownOptIn": 1, 32 }, 33 ], 34 [ 35 HKEY_CURRENT_USER, 36 "Software\\Microsoft\\Office\\12.0\\Word\\Security", 37 { 38 # Enable VBA macros in Office 2007. 39 "VBAWarnings": 1, 40 "AccessVBOM": 1, 41 42 # "The file you are trying to open .xyz is in a different 43 # format than specified by the file extension. Verify the file 44 # is not corrupted and is from trusted source before opening 45 # the file. Do you want to open the file now?" 46 "ExtensionHardening": 0, 47 }, 48 ], 49 [ 50 HKEY_CURRENT_USER, 51 "Software\\Microsoft\\Office\\16.0\\Word\\Security", 52 { 53 # Enable VBA macros in Office 2016. 54 "VBAWarnings": 1, 55 "AccessVBOM": 1, 56 }, 57 ], 58 ] 59
60 - def start(self, path):
61 word = self.get_path("Microsoft Office Word") 62 return self.execute( 63 word, args=[path], mode="office", trigger="file:%s" % path 64 )
65