Closed cccs-kevin closed 8 months ago
The issue exists for sure according to what you report. But again I can not download the sample from VirusTotal. Would you mind sharing this sample too? Thanks!
Thanks!
@cccs-kevin I don't know why but I get an empty file when I try to download the sample. BTW it seems like the same issue occurs while analyzing the sample related to the issue https://github.com/buffer/thug/issues/368. FYI I already implemented the URL objects methods createObjectURL and revokeObjectURL (which work quite good) but still facing this ZIP issue. Hopefully I'll be able to figure out the issue soon and fix it.
14638142477.zip Hmm sorry about that. Try this one, password: "thug"
Thanks. I confirm that the PR I am working on fixes this issue too
Hi @buffer,
Something that I noticed regarding the extracted ZIP from 1e98af662c337468274d2a20e1f5eb66645c8fff55269ee09fa9ba6e0733ce98 is that when I base64-decode the
data
in the entry within the"files"
key, the decoded data looks like this:b'b\'PK\\x03\\x04\\...\x06\\x07\\x00\\x00\\x00\''
, so I think there is a bug regarding how data is stored/base64-encoded?Let me know what you think!