decalage2
commented
5 years ago That's interesting! Do you have a sample file so that I can test it?
Open shuxin opened 5 years ago
decalage2
commented
5 years ago That's interesting! Do you have a sample file so that I can test it?
shuxin
commented
5 years ago https://github.com/outflanknl/EvilClippy/blob/master/README.md
Get Outlook for iOShttps://aka.ms/o0ukef
From: Philippe Lagadec notifications@github.com Sent: Friday, March 8, 2019 9:50:13 PM To: decalage2/olefile Cc: shuxin; Author Subject: Re: [decalage2/olefile] bug on list kids (#115)
That's interesting! Do you have a sample file so that I can test it?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fdecalage2%2Folefile%2Fissues%2F115%23issuecomment-470934612&data=02%7C01%7C%7Cb4f5c741ad68430ae7cd08d6a3ccfd71%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636876498145852601&sdata=iToMCwTx5Kl58jwbK9jNoeUDDMJerUTJssJo5JKqZPo%3D&reserved=0, or mute the threadhttps://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAAs1pXOjw6bLwoNcVmE9oe3RbtmpFKe8ks5vUmqVgaJpZM4bkmrG&data=02%7C01%7C%7Cb4f5c741ad68430ae7cd08d6a3ccfd71%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636876498145862618&sdata=5le6n3WBSkQQsm7t6uyND60Kmmz8tK46JPjDO0ypnmk%3D&reserved=0.
decalage2
commented
5 years ago Which option of EvilClippy do you use to do this? Also if you have a hash of a real sample, that would be great.
some virus mark the micro dir type as stgty_empty instead of stgty_storage to hide itself. so, we should try to list the kids of stgty_empty if there are micros be hidden.