Detects x-msdownload mime type but does not extract it

[beyefendi]

In tcp stream 2, 3, and 4 there are binaries that have content type <application/x-msdownload>. Captipper finds them pretty fine, however neither <dump all> nor <-d> switch does not export those files.

In addition to that there is also another bug in this sample. There are two requests to the following URL path, however CapTipper catches only one of them, particularly the first one.

URL

/?es_sm=108&oq=xfR7L7VUbwq0hBfTewFllYxYA1pGoauojkXQnEOd1JGK_xWJYAsR96KlJLR_mhj2&aqs=chrome.113j102.406q9m8&q=w3rQMvXcJxvQFYbGMvnDSKNbNk_WHViPxo6G9MildZ-qZGX_k7PDfF-qoVvcCgWR&sourceid=chrome&ie=Windows-1252 

Sample

http://www.malware-traffic-analysis.net/2016/12/13/2016-12-13-pseudoDarkleech-Rig-V-sends-Cerber-ransomware.pcap.zip