Avred

File 30177917A5DCE25A.SharpRDP.exe.avg.exe

Name:	30177917A5DCE25A.SharpRDP.exe.avg.exe
Size:	329,728 bytes
Type:	EXE PE.NET
MD5:	288e3ae4f3a8e68c65db570d0f6de218

Scanner Name:	avg
Appraisal:	Robust (OR) based
Scan Debug:	Duration: 82s / Chunks: 22 / Matches: 5
Scan date:	2023-07-07 15:59:46

Matches

#	Offset	Size	Section	SectionType	Conclusion
0	16540	11	.text #Strings	DATA	Robust signature. Check verifier
1	16559	17	.text #Strings	DATA	Robust signature. Check verifier
2	16665	12	.text #Strings	DATA	Robust signature. Check verifier

Match 0: 16540 (size: 11)

Robust signature. Check verifier

.text #Strings

0000409C   6D 6F 72 79 53 74 72 65 61 6D 00                   moryStream.

Match 1: 16559 (size: 17)

Robust signature. Check verifier

.text #Strings

000040AF   67 65 74 5F 49 74 65 6D 00 73 65 74 5F 49 74 65    get_Item.set_Ite
000040BF   6D                                                 m

Match 2: 16665 (size: 12)

Robust signature. Check verifier

.text #Strings

00004119   61 69 6E 00 64 6F 6D 61 69 6E 00 53                ain.domain.S

Test #	MatchOrder	ModifyPosition	Match#0 #Strings 11b	Match#1 #Strings 17b	Match#2 #Strings 12b
0	ISOLATED	MIDDLE8
1	ISOLATED	THIRDS4
2	ISOLATED	FULL
3	ISOLATED	FULLB
4	INCREMENTAL	MIDDLE8		1
5	INCREMENTAL	FULL	0	1	2
6	DECREMENTAL	FULL	2	1	0
7	ALL	MIDDLE8		0
8	ALL	THIRDS4		0
9	ALL	FULL	0	0	0
Result			d	d	d

Explanation

Colors

Green: Not detected
Red: Detected by AV

Match Order

Isolated: Test each match individually, by themselves. At most one match is modified per scan
Incremental: Modify each match after another, additive. At the end, all matches are modified
Decremental: Modify each match after another, additive, downwards (last first)

Position

ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa

[INFO    ][2023-07-07 15:59:40,613] main() :: Using file: app/upload/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-07-07 15:59:40,613] handleFile() :: Handle file: app/upload/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-07-07 15:59:40,614] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-07 15:59:40,665] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-07 15:59:40,667] load() :: Loading HashCache
[INFO    ][2023-07-07 15:59:40,685] load() ::   22490 hashes loaded
[INFO    ][2023-07-07 15:59:46,994] handleFile() :: QuickCheck: 30177917A5DCE25A.SharpRDP.exe.avg.exe is detected by avg and not hash based
[INFO    ][2023-07-07 15:59:46,994] handleFile() :: Scanning for matches...
[INFO    ][2023-07-07 15:59:46,995] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-07 15:59:49,053] findDetectedSections() :: Hide: .rsrc -> Detected: True
[INFO    ][2023-07-07 15:59:51,126] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-07 15:59:53,205] findDetectedSections() :: Hide: methods -> Detected: True
[INFO    ][2023-07-07 15:59:55,302] findDetectedSections() :: Hide: #~ -> Detected: True
[INFO    ][2023-07-07 15:59:56,708] findDetectedSections() :: Hide: #Strings -> Detected: False
[INFO    ][2023-07-07 15:59:58,803] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-07 16:00:00,929] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-07 16:00:02,960] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-07 16:00:02,960] scanForMatchesInPe() :: 1 section(s) trigger the antivirus independantly
[INFO    ][2023-07-07 16:00:02,960] scanForMatchesInPe() ::   section: #Strings
[INFO    ][2023-07-07 16:00:02,960] scanForMatchesInPe() :: Launching bytes analysis on section: #Strings (12868-18744)
[INFO    ][2023-07-07 16:00:02,960] scan() :: Reducer Start: ScanSpeed:ScanSpeed.Normal Iteration:0
[INFO    ][2023-07-07 16:00:02,960] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 16:00:06,460] _printStatus() :: Reducing: 2 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 16:00:09,938] _printStatus() :: Reducing: 3 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 16:00:13,428] _printStatus() :: Reducing: 4 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 16:00:16,949] _printStatus() :: Reducing: 5 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 16:00:20,443] _printStatus() :: Reducing: 6 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 16:00:24,609] _printStatus() :: Reducing: 7 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 16:00:28,164] _printStatus() :: Reducing: 8 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 16:00:30,990] _printStatus() :: Reducing: 9 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 16:00:33,798] _printStatus() :: Reducing: 10 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-07 16:00:36,690] _scanDataPart() :: Result: 16540-16551 (11 bytes)
0000409C   6D 6F 72 79 53 74 72 65 61 6D 00                   moryStream.
[INFO    ][2023-07-07 16:00:36,690] _printStatus() :: Reducing: 11 chunks done, found 1 matches (1 added)
[INFO    ][2023-07-07 16:00:40,220] _printStatus() :: Reducing: 12 chunks done, found 1 matches (1 added)
[INFO    ][2023-07-07 16:00:43,707] _printStatus() :: Reducing: 13 chunks done, found 1 matches (1 added)
[INFO    ][2023-07-07 16:00:43,707] _scanDataPart() :: Result: 16559-16562 (3 bytes)
000040AF   67 65 74                                           get
[INFO    ][2023-07-07 16:00:46,609] _printStatus() :: Reducing: 15 chunks done, found 2 matches (2 added)
[INFO    ][2023-07-07 16:00:49,438] _scanDataPart() :: Result: 16562-16573 (11 bytes)
000040B2   5F 49 74 65 6D 00 73 65 74 5F 49                   _Item.set_I
[INFO    ][2023-07-07 16:00:49,438] _printStatus() :: Reducing: 16 chunks done, found 2 matches (3 added)
[INFO    ][2023-07-07 16:00:52,910] _printStatus() :: Reducing: 17 chunks done, found 2 matches (3 added)
[INFO    ][2023-07-07 16:00:56,294] _printStatus() :: Reducing: 18 chunks done, found 2 matches (3 added)
[INFO    ][2023-07-07 16:00:56,294] _scanDataPart() :: Result: 16573-16576 (3 bytes)
000040BD   74 65 6D                                           tem
[INFO    ][2023-07-07 16:00:59,734] _printStatus() :: Reducing: 20 chunks done, found 2 matches (4 added)
[INFO    ][2023-07-07 16:01:03,136] _printStatus() :: Reducing: 21 chunks done, found 2 matches (4 added)
[INFO    ][2023-07-07 16:01:06,561] _printStatus() :: Reducing: 22 chunks done, found 2 matches (4 added)
[INFO    ][2023-07-07 16:01:09,351] _scanDataPart() :: Result: 16665-16677 (12 bytes)
00004119   61 69 6E 00 64 6F 6D 61 69 6E 00 53                ain.domain.S
[INFO    ][2023-07-07 16:01:09,351] scan() :: Reducer Result: Time:66 Chunks:22 MatchesAdded:5 MatchesFinal:3
[INFO    ][2023-07-07 16:01:09,351] handleFile() :: Result: 3 matches
[INFO    ][2023-07-07 16:01:09,352] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-07-07 16:01:10,732] save() :: Saving HashCache (22542)
[INFO    ][2023-07-07 16:01:10,754] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-07 16:01:10,754] runVerifications() :: Verify 3 matches
[INFO    ][2023-07-07 16:01:12,818] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-07 16:01:14,952] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-07 16:01:21,350] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-07 16:01:27,671] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-07 16:01:27,672] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  result: ScanResult.NOT_SCANNED
  Idx: 1  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-07 16:01:31,167] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-07 16:01:32,530] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.DETECTED

[INFO    ][2023-07-07 16:01:32,531] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-07 16:01:32,532] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  Idx: 0  result: ScanResult.DETECTED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-07 16:01:32,533] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-07 16:01:32,533] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-07-07 16:01:32,533] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-07 16:01:32,560] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-07 16:01:32,660] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-07-07 16:01:32,660] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-07 16:01:32,660] outflankDotnet() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-07 16:01:32,660] saveToFile() :: Saving results to: app/upload/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-07-07 16:01:32,661] save() :: Saving HashCache (22553)
[INFO    ][2023-09-01 05:26:36,766] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-01 05:26:36,766] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-01 05:26:36,767] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:36,821] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:36,821] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-01 05:26:36,822] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-01 05:26:36,823] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:36,920] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:36,920] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:37,003] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:20:53,588] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-24 19:20:53,588] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-24 19:20:53,597] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:20:53,598] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:20:53,613] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:20:53,613] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:20:53,614] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:20:53,614] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:20:53,614] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:20:53,614] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:20:53,614] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:20:53,614] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:20:53,614] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:20:53,614] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:20:53,614] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:20:53,614] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:20:53,614] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:20:53,650] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:20:53,678] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-24 19:20:53,679] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-24 19:20:53,679] load() :: Loading HashCache
[INFO    ][2023-09-24 19:20:53,807] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:20:53,807] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:20:53,903] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:20:54,095] init() :: DotnetData entries: 606
[INFO    ][2023-09-24 19:20:54,096] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-24 19:20:54,096] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:10,993] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-25 18:14:10,994] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-25 18:14:10,995] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:14:10,995] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:14:11,008] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:14:11,009] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:14:11,009] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,009] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,009] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,009] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,009] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,009] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,009] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,009] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,009] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:14:11,009] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:14:11,009] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:14:11,038] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:14:11,074] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-25 18:14:11,075] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:14:11,075] load() :: Loading HashCache
[INFO    ][2023-09-25 18:14:11,202] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:14:11,202] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:11,299] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:14:11,499] init() :: DotnetData entries: 606
[INFO    ][2023-09-25 18:14:11,499] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:14:11,500] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:12,751] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-25 18:21:12,752] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-25 18:21:12,752] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:21:12,753] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:21:12,766] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:21:12,766] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:21:12,766] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:21:12,766] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:21:12,766] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:21:12,767] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:21:12,767] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:21:12,767] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:21:12,767] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:21:12,767] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:21:12,767] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:21:12,767] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:21:12,767] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:21:12,796] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:21:12,831] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-25 18:21:12,832] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:21:12,833] load() :: Loading HashCache
[INFO    ][2023-09-25 18:21:12,960] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:21:12,960] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:13,055] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:21:13,256] init() :: DotnetData entries: 606
[INFO    ][2023-09-25 18:21:13,256] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-25 18:21:13,257] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:06:48,888] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-29 10:06:48,888] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-29 10:06:48,889] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:06:48,889] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:06:48,903] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:06:48,903] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:06:48,903] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,903] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,903] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,904] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,904] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,904] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,904] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,904] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,904] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:06:48,904] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:06:48,904] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:06:48,933] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-29 10:06:48,934] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-29 10:06:48,935] load() :: Loading HashCache
[INFO    ][2023-09-29 10:06:49,067] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:06:49,067] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:06:49,162] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:06:49,362] init() :: DotnetData entries: 606
[INFO    ][2023-09-29 10:06:49,363] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-29 10:06:49,363] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:22,239] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-29 12:11:22,239] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-29 12:11:22,240] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:11:22,240] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:11:22,254] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:11:22,254] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:11:22,254] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:11:22,254] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:11:22,254] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:11:22,254] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:11:22,254] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:11:22,254] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:11:22,254] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:11:22,254] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:11:22,254] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:11:22,254] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:11:22,254] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:11:22,283] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-29 12:11:22,284] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-29 12:11:22,284] load() :: Loading HashCache
[INFO    ][2023-09-29 12:11:22,419] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:11:22,419] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:22,516] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:11:22,717] init() :: DotnetData entries: 606
[INFO    ][2023-09-29 12:11:22,717] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-29 12:11:22,717] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:32:16,927] main() :: Using file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-30 10:32:16,927] handleFile() :: Handle file: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe
[INFO    ][2023-09-30 10:32:16,928] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:32:16,928] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:32:16,942] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:32:16,942] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:32:16,942] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,942] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,942] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,942] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,942] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,942] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,942] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,942] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,942] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:32:16,942] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:32:16,942] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:32:16,971] handleFile() :: Using scanner as defined in outcome: avg
[INFO    ][2023-09-30 10:32:16,972] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-30 10:32:16,973] load() :: Loading HashCache
[INFO    ][2023-09-30 10:32:17,108] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:32:17,108] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:32:17,207] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:32:17,407] init() :: DotnetData entries: 606
[INFO    ][2023-09-30 10:32:17,407] saveToFile() :: Saving results to: app/examples/30177917A5DCE25A.SharpRDP.exe.avg.exe.outcome
[INFO    ][2023-09-30 10:32:17,408] save() :: Saving HashCache (102072)

File 30177917A5DCE25A.SharpRDP.exe.avg.exe

Matches

Match 0: 16540 (size: 11)

Info

Hexdump

Match 1: 16559 (size: 17)

Info

Hexdump

Match 2: 16665 (size: 12)

Info

Hexdump

Explanation

Colors

Match Order

Position