Avred

File 06AA6C08707CD9B6.Seatbelt.exe.avira.exe

Name:	06AA6C08707CD9B6.Seatbelt.exe.avira.exe
Size:	611,840 bytes
Type:	EXE PE.NET
MD5:	d82ac3aa2e83b5fc3e26acffb688c93f

Scanner Name:	avira
Appraisal:	One based
Scan Debug:	Duration: 24s / Chunks: 26 / Matches: 6
Scan date:	2023-07-21 23:53:33

Matches

#	Iteration	Offset	Size	Section	Detail	SectionType	Conclusion
0	0	609804	3	.rsrcIMAGE_DIRECTORY_ENTRY_RESOURCE		DATA	Dominant. Modify this to make file undetected

Match 0: 609804 (size: 3)

Dominant. Modify this to make file undetected

.rsrcIMAGE_DIRECTORY_ENTRY_RESOURCE

00094E0C   00 00 02                                           ...

Test #	MatchOrder	ModifyPosition	Match#0 3b	Match#1 9b	Match#2 3b	Match#3 3b	Match#4 3b
0	ISOLATED	MIDDLE8
1	ISOLATED	THIRDS4
2	ISOLATED	FULL
3	ISOLATED	FULLB
4	INCREMENTAL	MIDDLE8
5	INCREMENTAL	FULL	0	1	2	3	4
6	DECREMENTAL	FULL	4	3	2	1	0
7	ALL	MIDDLE8
8	ALL	THIRDS4
9	ALL	FULL	0	0	0	0	0
Result			d

Explanation

Colors

Green: Not detected
Red: Detected by AV

Match Order

Isolated: Test each match individually, by themselves. At most one match is modified per scan
Incremental: Modify each match after another, additive. At the end, all matches are modified
Decremental: Modify each match after another, additive, downwards (last first)

Position

ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa

[INFO    ][2023-07-21 23:53:29,001] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-07-21 23:53:29,001] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-07-21 23:53:29,002] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-21 23:53:29,520] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-21 23:53:29,521] handleFile() :: Using scanner from command line: avira
[INFO    ][2023-07-21 23:53:29,522] load() :: Loading HashCache
[INFO    ][2023-07-21 23:53:29,705] load() ::   67601 hashes loaded
[INFO    ][2023-07-21 23:53:33,536] handleFile() :: QuickCheck: 06AA6C08707CD9B6.Seatbelt.exe.avira.exe is detected by avira and not hash based
[INFO    ][2023-07-21 23:53:33,537] handleFile() :: Scanning for matches...
[INFO    ][2023-07-21 23:53:33,537] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-21 23:53:33,977] findDetectedSections() :: Hide: .text -> Detected: False
[INFO    ][2023-07-21 23:53:33,979] findDetectedSections() :: Hide: .rsrc -> Detected: False
[INFO    ][2023-07-21 23:53:33,980] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-21 23:53:35,803] findDetectedSections() :: Hide: Header -> Detected: False
[INFO    ][2023-07-21 23:53:37,524] findDetectedSections() :: Hide: DotNet Header -> Detected: True
[INFO    ][2023-07-21 23:53:39,242] findDetectedSections() :: Hide: Metadata Header -> Detected: True
[INFO    ][2023-07-21 23:53:39,243] findDetectedSections() :: Hide: methods -> Detected: True
[INFO    ][2023-07-21 23:53:40,902] findDetectedSections() :: Hide: #~ Stream Header -> Detected: True
[INFO    ][2023-07-21 23:53:42,584] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: True
[INFO    ][2023-07-21 23:53:44,189] findDetectedSections() :: Hide: #US Stream Header -> Detected: True
[INFO    ][2023-07-21 23:53:45,886] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True
[INFO    ][2023-07-21 23:53:47,602] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True
[INFO    ][2023-07-21 23:53:47,604] findDetectedSections() :: Hide: #~ -> Detected: True
[INFO    ][2023-07-21 23:53:47,605] findDetectedSections() :: Hide: #Strings -> Detected: True
[INFO    ][2023-07-21 23:53:47,606] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-21 23:53:47,607] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-21 23:53:47,608] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-21 23:53:47,608] scanForMatchesInPe() :: 1 section(s) trigger the antivirus independantly
[INFO    ][2023-07-21 23:53:47,608] scanForMatchesInPe() ::   section: .rsrc
[INFO    ][2023-07-21 23:53:54,246] scanForMatchesInPe() :: Launching bytes analysis on section: .rsrc (609792-611328)
[INFO    ][2023-07-21 23:53:54,246] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:2 MinMatchSize:4
[INFO    ][2023-07-21 23:53:54,246] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-21 23:53:54,262] _scanDataPart() :: Result: 609804-609807 (3b minChunk:2 X)
00094E0C   00 00 02                                           ...
[INFO    ][2023-07-21 23:53:57,406] _scanDataPart() :: Result: 609816-609822 (6 bytes)
00094E18   18 00 00 00 50 00                                  ....P.
[INFO    ][2023-07-21 23:53:57,407] _printStatus() :: Reducing: 14 chunks done, found 2 matches (2 added)
[INFO    ][2023-07-21 23:53:57,408] _scanDataPart() :: Result: 609822-609825 (3b minChunk:2 X)
00094E1E   00 80 00                                           ...
[INFO    ][2023-07-21 23:53:57,412] _scanDataPart() :: Result: 609837-609840 (3b minChunk:2 X)
00094E2D   00 01 00                                           ...
[INFO    ][2023-07-21 23:53:57,418] _scanDataPart() :: Result: 609867-609870 (3b minChunk:2 X)
00094E4B   00 80 00                                           ...
[INFO    ][2023-07-21 23:53:57,422] _scanDataPart() :: Result: 609885-609888 (3b minChunk:2 X)
00094E5D   00 01 00                                           ...
[INFO    ][2023-07-21 23:53:57,422] scan() :: Reducer Result: Time:3 Chunks:26 MatchesAdded:6 MatchesFinal:5
[INFO    ][2023-07-21 23:53:57,422] handleFile() :: Result: 5 matches
[INFO    ][2023-07-21 23:53:57,422] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:53:57,423] save() :: Saving HashCache (67618)
[INFO    ][2023-07-21 23:53:57,494] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-21 23:53:57,494] runVerifications() :: Verify 5 matches
[INFO    ][2023-07-21 23:53:57,494] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:53:57,494] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:53:59,122] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 23:54:00,871] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 23:54:00,871] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:54:07,478] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:54:09,058] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.DETECTED

[INFO    ][2023-07-21 23:54:09,059] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:54:09,060] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:54:09,061] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:54:09,061] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:54:09,061] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-21 23:54:09,560] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-21 23:54:12,184] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:54:12,184] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-21 23:54:12,185] outflankDotnet() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-21 23:54:12,185] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:54:12,185] save() :: Saving HashCache (67625)
[INFO    ][2023-08-04 18:21:31,997] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-08-04 18:21:31,998] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-08-04 18:21:31,999] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-04 18:21:32,524] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-04 18:21:32,524] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-04 18:21:32,524] load() :: Loading HashCache
[INFO    ][2023-08-04 18:21:32,721] load() ::   77569 hashes loaded
[INFO    ][2023-08-04 18:21:32,721] save() :: Saving HashCache (77569)
[INFO    ][2023-08-04 18:21:32,799] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-04 18:21:33,356] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-04 18:21:40,142] init() :: DotnetData entries: 23564
[INFO    ][2023-08-04 18:21:40,164] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-08-04 18:21:40,164] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:46:30,413] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 16:46:30,414] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 16:46:30,415] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 16:46:30,924] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 16:46:30,924] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 16:46:30,924] load() :: Loading HashCache
[INFO    ][2023-08-06 16:46:31,114] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 16:46:31,114] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:46:31,189] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 16:46:31,733] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 16:46:38,418] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 16:46:38,437] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-08-06 16:46:38,437] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:19:09,699] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 17:19:09,699] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 17:19:09,700] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 17:19:10,210] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 17:19:10,211] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 17:19:10,211] load() :: Loading HashCache
[INFO    ][2023-08-06 17:19:10,395] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:19:10,395] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:19:10,468] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:19:11,029] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 17:19:17,724] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 17:19:58,888] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 17:19:58,888] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 17:19:58,889] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 17:19:59,405] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 17:19:59,406] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 17:19:59,406] load() :: Loading HashCache
[INFO    ][2023-08-06 17:19:59,596] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:19:59,596] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:19:59,670] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:20:00,219] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 17:20:06,944] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 17:20:06,964] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-08-06 17:20:06,964] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:20:42,672] main() :: Using file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 17:20:42,672] handleFile() :: Handle file: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 17:20:42,673] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 17:20:43,195] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 17:20:43,196] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 17:20:43,196] load() :: Loading HashCache
[INFO    ][2023-08-06 17:20:43,386] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:20:43,386] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:20:43,461] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:20:44,014] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 17:20:50,746] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 17:20:50,765] saveToFile() :: Saving results to: app/upload/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-08-06 17:20:50,766] save() :: Saving HashCache (77569)
[INFO    ][2023-09-01 05:24:45,513] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-01 05:26:32,027] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-01 05:26:32,027] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-01 05:26:32,029] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:32,542] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:32,542] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-01 05:26:32,544] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-01 05:26:32,544] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:32,742] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:32,742] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:32,826] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:20:38,625] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-24 19:20:38,626] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-24 19:20:38,635] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:20:38,636] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:20:38,663] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:20:38,663] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:20:38,663] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:20:38,663] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:20:39,136] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:20:39,753] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-24 19:20:39,755] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:20:39,755] load() :: Loading HashCache
[INFO    ][2023-09-24 19:20:39,954] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:20:39,954] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:20:40,051] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:20:46,567] init() :: DotnetData entries: 23564
[INFO    ][2023-09-24 19:20:46,586] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:20:46,586] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:13:55,973] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-25 18:13:55,973] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-25 18:13:55,974] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:13:55,974] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:13:55,999] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:13:55,999] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:13:55,999] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:13:55,999] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:13:56,467] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:13:57,022] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:13:57,023] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:13:57,023] load() :: Loading HashCache
[INFO    ][2023-09-25 18:13:57,248] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:13:57,248] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:13:57,344] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:14:04,237] init() :: DotnetData entries: 23564
[INFO    ][2023-09-25 18:14:04,256] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:14:04,256] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:20:57,776] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-25 18:20:57,776] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-25 18:20:57,777] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:20:57,777] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:20:57,802] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:20:57,802] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:20:57,802] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:20:57,802] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:20:58,269] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:20:58,825] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:20:58,826] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:20:58,826] load() :: Loading HashCache
[INFO    ][2023-09-25 18:20:59,052] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:20:59,052] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:20:59,150] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:21:06,023] init() :: DotnetData entries: 23564
[INFO    ][2023-09-25 18:21:06,042] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:21:06,043] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:06:35,130] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-29 10:06:35,130] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-29 10:06:35,131] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:06:35,131] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:06:35,156] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:06:35,156] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:06:35,156] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:06:35,156] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:06:35,156] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:06:35,156] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 10:06:35,156] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:06:35,156] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:06:35,156] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:06:35,156] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:06:35,157] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:06:35,157] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:06:35,157] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:06:35,157] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:06:35,627] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 10:06:35,628] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:06:35,629] load() :: Loading HashCache
[INFO    ][2023-09-29 10:06:35,853] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:06:35,853] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:06:35,949] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:06:42,786] init() :: DotnetData entries: 23564
[INFO    ][2023-09-29 12:11:08,551] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-29 12:11:08,551] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-29 12:11:08,552] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:11:08,552] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:11:08,577] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:11:08,577] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:11:08,577] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:11:08,577] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:11:08,577] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:11:08,578] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 12:11:08,578] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:11:08,578] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:11:08,578] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:11:08,578] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:11:08,578] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:11:08,578] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:11:08,578] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:11:08,578] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:11:09,050] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 12:11:09,052] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:11:09,052] load() :: Loading HashCache
[INFO    ][2023-09-29 12:11:09,277] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:11:09,278] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:09,374] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:11:16,222] init() :: DotnetData entries: 23564
[INFO    ][2023-09-29 12:11:16,241] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:11:16,242] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:32:03,133] main() :: Using file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-30 10:32:03,133] handleFile() :: Handle file: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe
[INFO    ][2023-09-30 10:32:03,134] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:32:03,134] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:32:03,159] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:32:03,159] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:32:03,159] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:32:03,159] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:32:03,159] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:32:03,159] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-30 10:32:03,159] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:32:03,159] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:32:03,159] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:32:03,159] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:32:03,159] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:32:03,159] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:32:03,160] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:32:03,160] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:32:03,636] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-30 10:32:03,637] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:32:03,637] load() :: Loading HashCache
[INFO    ][2023-09-30 10:32:03,864] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:32:03,865] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:32:03,962] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:32:10,881] init() :: DotnetData entries: 23564
[INFO    ][2023-09-30 10:32:10,900] saveToFile() :: Saving results to: app/examples/06AA6C08707CD9B6.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:32:10,901] save() :: Saving HashCache (102072)

File 06AA6C08707CD9B6.Seatbelt.exe.avira.exe

Matches

Match 0: 609804 (size: 3)

Info

Hexdump

Explanation

Colors

Match Order

Position