silascutler
commented
1 year ago Thanks, I think we fixed this in a previous update. There was an extra dbg print that was ending up prepended to downloads.
Closed SeaofThought closed 1 year ago
silascutler
commented
1 year ago Thanks, I think we fixed this in a previous update. There was an extra dbg print that was ending up prepended to downloads.
silascutler
commented
1 year ago Please reopen if this is still happening
Hello, thank you for the site, it's very useful. I've been trying to extract IOCs from several Excel files infected with the Emotet/Abracadabra Trojan.
I can successfully extract the IOCs but I noticed that the hash of the downloaded file never corresponds to the hash I requested. On closer inspection it is due to the dowloaded file having a few extra bytes at the start.
This happens both with md5 and sha256 hashes.
I can easily fix the hashes by running:
tail -c +13 downloaded_file > fixed_fileFor example for the file with sha256 56e665d85d3621e561d7848e2175ff184d81d0543ab5f84675b4a7e2ac7dfa86
tail -c +13 56e665d85d3621e561d7848e2175ff184d81d0543ab5f84675b4a7e2ac7dfa86 > 56e665d85d3621e561d7848e2175ff184d81d0543ab5f84675b4a7e2ac7dfa86.fixedAnd I then get the proper results:
Probably this is by design and it's explained somewhere , but, since I couldn't find this behavior in the documentation, I'm just asking here to make sure it's not a bug.
Thanks again.