Package modules :: Package packages :: Module ppt
[hide private]
[frames] | no frames]

Source Code for Module modules.packages.ppt

 1  # Copyright (C) 2010-2013 Claudio Guarnieri. 
 2  # Copyright (C) 2014-2016 Cuckoo Foundation. 
 3  # This file is part of Cuckoo Sandbox - http://www.cuckoosandbox.org 
 4  # See the file 'docs/LICENSE' for copying permission. 
 5   
 6  from _winreg import HKEY_CURRENT_USER 
 7   
 8  from lib.common.abstracts import Package 
 9   
10 -class PPT(Package):
11 """PowerPoint analysis package.""" 12 PATHS = [ 13 ("ProgramFiles", "Microsoft Office", "POWERPNT.EXE"), 14 ("ProgramFiles", "Microsoft Office", "Office10", "POWERPNT.EXE"), 15 ("ProgramFiles", "Microsoft Office", "Office11", "POWERPNT.EXE"), 16 ("ProgramFiles", "Microsoft Office", "Office12", "POWERPNT.EXE"), 17 ("ProgramFiles", "Microsoft Office", "Office14", "POWERPNT.EXE"), 18 ("ProgramFiles", "Microsoft Office", "Office15", "POWERPNT.EXE"), 19 ("ProgramFiles", "Microsoft Office", "Office16", "POWERPNT.EXE"), 20 ("ProgramFiles", "Microsoft Office 15", "root", "office15", "POWERPNT.EXE"), 21 ] 22 23 REGKEYS = [ 24 [ 25 HKEY_CURRENT_USER, 26 "Software\\Microsoft\\Office\\12.0\\Common\\General", 27 { 28 # "Welcome to the 2007 Microsoft Office system" 29 "ShownOptIn": 1, 30 }, 31 ], 32 [ 33 HKEY_CURRENT_USER, 34 "Software\\Microsoft\\Office\\12.0\\Powerpoint\\Security", 35 { 36 # Enable VBA macros in Office 2007. 37 "VBAWarnings": 1, 38 "AccessVBOM": 1, 39 40 # "The file you are trying to open .xyz is in a different 41 # format than specified by the file extension. Verify the file 42 # is not corrupted and is from trusted source before opening 43 # the file. Do you want to open the file now?" 44 "ExtensionHardening": 0, 45 }, 46 ], 47 ] 48
49 - def start(self, path):
50 powerpoint = self.get_path("Microsoft Office PowerPoint") 51 return self.execute( 52 powerpoint, args=["/S", path], mode="office", 53 trigger="file:%s" % path 54 )
55