unknown file
Jay Vaughan
jayv at synth.net
Fri Dec 28 11:28:19 CET 2012
If you have a Linux machine handy, just type the command "file Philip.zip" and it will analyze the file for you and tell you what it thinks it is based on an analysis of the contents (not just extension type) .. seriously, its a wonderfully underappreciated tool in Linux-land .. and it may well tell you that its a .DLL or .EXE or some other trojan'ish thing ..
j.
On 28/12/2012, at 10:37 AM, Paul Maddox <Yo at Vacoloco.net> wrote:
> Hi all, I've found a file called "Philip.zip" but I can't unzip it using
> either my mac or my pc.
> I'm beginning to think it may not be a .zip file, can anyone help me
> identify it from the hex in the header?
>
>
> 504B03040A00000000008E66BB36000000000000000000000000070010005068696C69702F55580C00B8705946FB705946F5015000504B03041400080008008E66BB36000000000000000000000000100010005068696C69702F2E44535F53746F726555580C0072715946FB705946F5015000ED983B0EC2301044678D0B4B342E29DD70006E6045C909B8000557A0F7D121DA11B214525025827992F5568A7F691C4F00D8F0B85F800C20C18D333E92D81684AE36CE21841042887D63AE74DC761B42881D329F0F85AE74731B9F073A7663325DE84A37B7B15FA0239DE84C17BAD2CDCD43CB183E8C2B1B138A318558A1EB57AF2CC4DF7070E5F9FB3F6135FF0B217E188BE3751CF00E04CB0EAF76EBEA86F54B40F09F85A76E6CA12BDDDCBA0808B1154F504B07086A00886DB200000004180000504B03040A0000000000CE66BB36000000000000000000000000090010005F5F4D41434F53582F55580C007371594673715946F501F501504B03040A0000000000CE66BB36000000000000000000000000100010005F5F4D41434F53582F5068696C69702F55580C007371594673715946F501F501504B03041400080008008E66BB360000000000000000000000001B0010005F5F4D41434F53582F5068696C69702F2E5F2E44535F53746F726555580C0072715946FB705946F501500063601563676062C00420314E2036026205283F08598103164D200000504B07080D8E23771C00000052000000504B030414000800080011B8E52E000000000000000000000000130010005068696C69702F494D475F303038312E6A7067
>
> which translates in ascii to -
>
> PK��
> éfª6��Philip/UX ∏pYF˚pYFı�PPK�����éfª6��Philip/.DS_StoreUX
> rqYF˚pYFı�PÌò;�¬0�Dgç K4.)›pn`E… ∏�W†˜—!⁄�≤�RP%ÇyíıVäi
Oÿ∏_Ä
> ¡ç3>íÿ�ÑÆ6Œ!Ñ�Bà}cÆt‹v�Bà
2ü�ÖÆts�ü�:vc2]ËJ7∑±_†#ùËL�∫“ÕÕCÀ�>å+��ä1ÖX°ÎWØ,ƒflpp¢˚?a5ˇ
> !~�ã„u
��À�ØvÎÍÜıK@üÖßnl°+›‹∫��±�OPK��jàm≤��PK��
> Œfª6 �__MACOSX/UX sqYFsqYFı�ı�PK��
> Œfª6��__MACOSX/Philip/UX
> sqYFsqYFı�ı�PK�����éfª6��__MACOSX/Philip/._.DS_StoreUX rqYF˚pYFı�Pc`�cg`b¿�
> 1N 6�b�(?�Y��M PK��
> é#w
RPK������∏Â.��Philip/IMG_0081.jpg
>
> it's clearly a compression of some kind as you can the files in the folder.
> I'm wondering if the "PK" at the front means it's a PKZIP?
>
> Paul
> _______________________________________________
> music-bar mailing list
> music-bar at lists.music-bar.org
> http://lists.music-bar.org/cgi-bin/mailman/listinfo/music-bar
;
--
Jay Vaughan
More information about the music-bar
mailing list