1
2
3
4
5
6 from _winreg import HKEY_CURRENT_USER
7
8 from lib.common.abstracts import Package
9
11 """Excel analysis package."""
12 PATHS = [
13 ("ProgramFiles", "Microsoft Office", "EXCEL.EXE"),
14 ("ProgramFiles", "Microsoft Office", "Office10", "EXCEL.EXE"),
15 ("ProgramFiles", "Microsoft Office", "Office11", "EXCEL.EXE"),
16 ("ProgramFiles", "Microsoft Office", "Office12", "EXCEL.EXE"),
17 ("ProgramFiles", "Microsoft Office", "Office14", "EXCEL.EXE"),
18 ("ProgramFiles", "Microsoft Office", "Office15", "EXCEL.EXE"),
19 ("ProgramFiles", "Microsoft Office", "Office16", "EXCEL.EXE"),
20 ("ProgramFiles", "Microsoft Office 15", "root", "office15", "EXCEL.EXE"),
21 ]
22
23 REGKEYS = [
24 [
25 HKEY_CURRENT_USER,
26 "Software\\Microsoft\\Office\\12.0\\Common\\General",
27 {
28
29 "ShownOptIn": 1,
30 },
31 ],
32 [
33 HKEY_CURRENT_USER,
34 "Software\\Microsoft\\Office\\12.0\\Excel\\Security",
35 {
36
37 "VBAWarnings": 1,
38 "AccessVBOM": 1,
39
40
41
42
43
44 "ExtensionHardening": 0,
45 },
46 ],
47 ]
48
50 excel = self.get_path("Microsoft Office Excel")
51 return self.execute(
52 excel, args=[path], mode="office", trigger="file:%s" % path
53 )
54