buffer
commented
8 months ago The issue exists for sure according to what you report. But again I can not download the sample from VirusTotal. Would you mind sharing this sample too? Thanks!
Closed cccs-kevin closed 8 months ago
buffer
commented
8 months ago The issue exists for sure according to what you report. But again I can not download the sample from VirusTotal. Would you mind sharing this sample too? Thanks!
cccs-kevin
commented
8 months ago buffer
commented
8 months ago Thanks!
buffer
commented
8 months ago @cccs-kevin I don't know why but I get an empty file when I try to download the sample. BTW it seems like the same issue occurs while analyzing the sample related to the issue https://github.com/buffer/thug/issues/368. FYI I already implemented the URL objects methods createObjectURL and revokeObjectURL (which work quite good) but still facing this ZIP issue. Hopefully I'll be able to figure out the issue soon and fix it.
cccs-kevin
commented
8 months ago 14638142477.zip Hmm sorry about that. Try this one, password: "thug"
buffer
commented
8 months ago Thanks. I confirm that the PR I am working on fixes this issue too
Hi @buffer,
Something that I noticed regarding the extracted ZIP from 1e98af662c337468274d2a20e1f5eb66645c8fff55269ee09fa9ba6e0733ce98 is that when I base64-decode the
datain the entry within the"files"key, the decoded data looks like this:b'b\'PK\\x03\\x04\\...\x06\\x07\\x00\\x00\\x00\'', so I think there is a bug regarding how data is stored/base64-encoded?Let me know what you think!