Thanks, I'll give that a go, It's not a trojan as I remember creating it, I just can't remember how :)<div><br></div><div>it says - Zip archive data, at least v1.0 to extract</div><div><br></div><div>but neither windows nor my mac will unzip it...</div>
<div><br></div><div>Paul<br><br><div class="gmail_quote">On 28 December 2012 10:28, Jay Vaughan <span dir="ltr"><<a href="mailto:jayv@synth.net" target="_blank">jayv@synth.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
If you have a Linux machine handy, just type the command "file Philip.zip" and it will analyze the file for you and tell you what it thinks it is based on an analysis of the contents (not just extension type) .. seriously, its a wonderfully underappreciated tool in Linux-land .. and it may well tell you that its a .DLL or .EXE or some other trojan'ish thing ..<br>
<br>
<br>
j.<br>
<div><div class="h5"><br>
<br>
On 28/12/2012, at 10:37 AM, Paul Maddox <Yo@Vacoloco.net> wrote:<br>
<br>
> Hi all, I've found a file called "Philip.zip" but I can't unzip it using<br>
> either my mac or my pc.<br>
> I'm beginning to think it may not be a .zip file, can anyone help me<br>
> identify it from the hex in the header?<br>
><br>
><br>
> 504B03040A00000000008E66BB36000000000000000000000000070010005068696C69702F55580C00B8705946FB705946F5015000504B03041400080008008E66BB36000000000000000000000000100010005068696C69702F2E44535F53746F726555580C0072715946FB705946F5015000ED983B0EC2301044678D0B4B342E29DD70006E6045C909B8000557A0F7D121DA11B214525025827992F5568A7F691C4F00D8F0B85F800C20C18D333E92D81684AE36CE21841042887D63AE74DC761B42881D329F0F85AE74731B9F073A7663325DE84A37B7B15FA0239DE84C17BAD2CDCD43CB183E8C2B1B138A318558A1EB57AF2CC4DF7070E5F9FB3F6135FF0B217E188BE3751CF00E04CB0EAF76EBEA86F54B40F09F85A76E6CA12BDDDCBA0808B1154F504B07086A00886DB200000004180000504B03040A0000000000CE66BB36000000000000000000000000090010005F5F4D41434F53582F55580C007371594673715946F501F501504B03040A0000000000CE66BB36000000000000000000000000100010005F5F4D41434F53582F5068696C69702F55580C007371594673715946F501F501504B03041400080008008E66BB360000000000000000000000001B0010005F5F4D41434F53582F5068696C69702F2E5F2E44535F53746F726555580C0072715946FB705946F501500063601563676062C00420314E2036026205283F08598103164D200000504B07080D8E23771C00000052000000504B030414000800080011B8E52E000000000000000000000000130010005068696C69702F494D475F303038312E6A7067<br>
><br>
> which translates in ascii to -<br>
><br>
> PK<br>
> éfª6 Philip/UX ∏pYF˚pYFı PPK éfª6 Philip/.DS_StoreUX<br>
> rqYF˚pYFı PÌò; ¬0 Dgç K4.)›pn`E… ∏ W†˜—!⁄ ≤ RP%ÇyíıVä i Oÿ∏_Ä<br>
> ¡ç3>íÿ ÑÆ6Œ!Ñ Bà}cÆt‹v Bà 2ü ÖÆts ü :vc2]ËJ7∑±_†#ùËL ∫“ÕÕCÀ >å+ ä1ÖX°ÎWØ,ƒflpp¢˚?a5ˇ<br>
> !~ ã„u À ØvÎÍÜıK@üÖßnl°+›‹∫ ± OPK jàm≤ PK<br>
> Œfª6 __MACOSX/UX sqYFsqYFı ı PK<br>
> Œfª6 __MACOSX/Philip/UX<br>
> sqYFsqYFı ı PK éfª6 __MACOSX/Philip/._.DS_StoreUX rqYF˚pYFı Pc` cg`b¿<br>
> 1N 6 b (? YÅ M PK<br>
> é#w RPK ∏Â. Philip/IMG_0081.jpg<br>
><br>
> it's clearly a compression of some kind as you can the files in the folder.<br>
> I'm wondering if the "PK" at the front means it's a PKZIP?<br>
><br>
> Paul<br>
</div></div>> _______________________________________________<br>
> music-bar mailing list<br>
> <a href="mailto:music-bar@lists.music-bar.org">music-bar@lists.music-bar.org</a><br>
> <a href="http://lists.music-bar.org/cgi-bin/mailman/listinfo/music-bar" target="_blank">http://lists.music-bar.org/cgi-bin/mailman/listinfo/music-bar</a><br>
<br>
;<br>
--<br>
Jay Vaughan<br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
music-bar mailing list<br>
<a href="mailto:music-bar@lists.music-bar.org">music-bar@lists.music-bar.org</a><br>
<a href="http://lists.music-bar.org/cgi-bin/mailman/listinfo/music-bar" target="_blank">http://lists.music-bar.org/cgi-bin/mailman/listinfo/music-bar</a><br>
</blockquote></div><br></div>