Affected tool: olevba

The sample with hash fd3c0fd62a55bdfb2f4d53de5846c296b38ffa27d2a72d7c6f6cc69aa3309bb2 (available on VirusTotal) is not parsed and handled correctly by olevba. Detailed stack trace of parsing issue is as below:

(py38ole60) C:\Windows\System32>olevba C:\samples\Release\vt-sample\DOC-Sample\PPT\fd3c0fd62a55bdfb2f4d53de5846c296b38ffa27d2a72d7c6f6cc69aa3309bb2
olevba 0.60.2 on Python 3.8.19 - http://decalage.info/python/oletools
ERROR Failed to open C:\samples\Release\vt-sample\DOC-Sample\PPT\fd3c0fd62a55bdfb2f4d53de5846c296b38ffa27d2a72d7c6f6cc69aa3309bb2 -- probably not supported!
Traceback (most recent call last):
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 4473, in process_file
vba_parser = VBA_Parser_CLI(filename, data=data, container=container,
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 4032, in init
super(VBA_Parser_CLI, self).init(*args, **kwargs)
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 2773, in init
self.open_ppt()
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 3112, in open_ppt
self.append_subfile(None, vba_data, container='PptParser')
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 3178, in append_subfile
self.ole_subfiles.append(VBA_Parser(filename, data, container,
File "C:\ProgramData\anaconda3\envs\py38ole60\lib\site-packages\oletools\olevba.py", line 2824, in init
raise FileOpenError(msg)
oletools.olevba.FileOpenError: Failed to open file None is not a supported file type, cannot extract VBA Macros.

(py38ole60) C:\Windows\System32>

Version information: python 3.8 Windows 10

18946789059.zip

• oletools version: 0.60-2

Additional context
Sample file is attached, pascode- infected