Name: | 470207F763636745.cobaltstrike-default-64.exe.avira.exe |
Size: | 17,920 bytes |
Type: | EXE PE64 |
MD5: | 61f9ae123f5fe14b9696afc3f4e49126 |
Scanner Name: | avira |
Appraisal: | Fragile (AND) based |
Scan Debug: | Duration: 3s / Chunks: 247 / Matches: 71 |
Scan date: | 2023-07-21 23:56:10 |
# | Iteration | Offset | Size | Section | Detail | SectionType | Conclusion |
---|---|---|---|---|---|---|---|
15 | 1 | 14346 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
16 | 1 | 14366 | 5 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
17 | 1 | 14396 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
18 | 1 | 14411 | 5 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
19 | 1 | 14421 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
20 | 1 | 14436 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
21 | 1 | 14451 | 5 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
22 | 1 | 14461 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
23 | 1 | 14476 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
24 | 1 | 14491 | 5 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
25 | 1 | 14501 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
26 | 1 | 14516 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
27 | 1 | 14531 | 20 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
28 | 1 | 14556 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
29 | 1 | 14571 | 5 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
30 | 1 | 14581 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
31 | 1 | 14596 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
32 | 1 | 14611 | 20 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
33 | 1 | 14636 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
39 | 1 | 14771 | 115 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
40 | 1 | 15436 | 20 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
41 | 1 | 15796 | 20 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
42 | 1 | 15996 | 20 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
43 | 1 | 16056 | 20 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
44 | 1 | 16406 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
45 | 1 | 16576 | 20 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
46 | 1 | 16716 | 10 | .idata | IMAGE_DIRECTORY_ENTRY_IMPORT | DATA | Dominant. Modify this to make file undetected |
Dominant. Modify this to make file undetected |
0000380A 00 00 C8 98 00 00 44 92 00 00 ......D...
Dominant. Modify this to make file undetected |
0000381E 00 00 4C 99 00 ..L..
Dominant. Modify this to make file undetected |
0000383C 4C 94 00 00 00 00 00 00 5A 94 L.......Z.
Dominant. Modify this to make file undetected |
0000384B 00 6E 94 00 00 .n...
Dominant. Modify this to make file undetected |
00003855 94 00 00 00 00 00 00 90 94 00 ..........
Dominant. Modify this to make file undetected |
00003864 A0 94 00 00 00 00 00 00 B8 94 ..........
Dominant. Modify this to make file undetected |
00003873 00 D0 94 00 00 .....
Dominant. Modify this to make file undetected |
0000387D 94 00 00 00 00 00 00 FA 94 00 ..........
Dominant. Modify this to make file undetected |
0000388C 10 95 00 00 00 00 00 00 20 95 ........ .
Dominant. Modify this to make file undetected |
0000389B 00 34 95 00 00 .4...
Dominant. Modify this to make file undetected |
000038A5 95 00 00 00 00 00 00 58 95 00 .......X..
Dominant. Modify this to make file undetected |
000038B4 72 95 00 00 00 00 00 00 82 95 r.........
Dominant. Modify this to make file undetected |
000038C3 00 9E 95 00 00 00 00 00 00 B6 95 00 00 00 00 00 ................ 000038D3 00 C6 95 00 ....
Dominant. Modify this to make file undetected |
000038DC E0 95 00 00 00 00 00 00 EC 95 ..........
Dominant. Modify this to make file undetected |
000038EB 00 02 96 00 00 .....
Dominant. Modify this to make file undetected |
000038F5 96 00 00 00 00 00 00 30 96 00 .......0..
Dominant. Modify this to make file undetected |
00003904 44 96 00 00 00 00 00 00 62 96 D.......b.
Dominant. Modify this to make file undetected |
00003913 00 6A 96 00 00 00 00 00 00 7E 96 00 00 00 00 00 .j.......~...... 00003923 00 8C 96 00 ....
Dominant. Modify this to make file undetected |
0000392C A8 96 00 00 00 00 00 00 B8 96 ..........
Dominant. Modify this to make file undetected |
000039B3 00 98 97 00 00 00 00 00 00 A4 97 00 00 00 00 00 ................ 000039C3 00 AC 97 00 00 00 00 00 00 B6 97 00 00 00 00 00 ................ 000039D3 00 C0 97 00 00 00 00 00 00 C8 97 00 00 00 00 00 ................ 000039E3 00 D2 97 00 00 00 00 00 00 DA 97 00 00 00 00 00 ................ 000039F3 00 E4 97 00 00 00 00 00 00 EC 97 00 00 00 00 00 ................ 00003A03 00 F6 97 00 00 00 00 00 00 00 98 00 00 00 00 00 ................ 00003A13 00 0A 98 00 00 00 00 00 00 14 98 00 00 00 00 00 ................ 00003A23 00 1E 98 ...
Dominant. Modify this to make file undetected |
00003C4C 55 00 43 6C 6F 73 65 48 61 6E 64 6C 65 00 68 00 U.CloseHandle.h. 00003C5C 43 6F 6E 6E Conn
Dominant. Modify this to make file undetected |
00003DB4 00 00 4F 03 4C 6F 61 64 4C 69 62 72 61 72 79 57 ..O.LoadLibraryW 00003DC4 00 00 B8 03 ....
Dominant. Modify this to make file undetected |
00003E7C 00 00 BE 04 54 6C 73 47 65 74 56 61 6C 75 65 00 ....TlsGetValue. 00003E8C CB 04 55 6E ..Un
Dominant. Modify this to make file undetected |
00003EB8 E9 04 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74 ..VirtualProtect 00003EC8 00 00 EB 04 ....
Dominant. Modify this to make file undetected |
00004016 73 70 72 69 6E 74 66 00 46 04 sprintf.F.
Dominant. Modify this to make file undetected |
000040C0 00 90 00 00 00 90 00 00 4B 45 52 4E 45 4C 33 32 ........KERNEL32 000040D0 2E 64 6C 6C .dll
Dominant. Modify this to make file undetected |
0000414C 6D 73 76 63 72 74 2E 64 6C 6C msvcrt.dll
Test # | MatchOrder | ModifyPosition |
Match#0 .text 5b |
Match#1 .text 4b |
Match#2 .text 4b |
Match#3 .text 5b |
Match#4 .text 4b |
Match#5 .text 5b |
Match#6 .text 9b |
Match#7 .text 5b |
Match#8 .text 5b |
Match#9 .text 4b |
Match#10 .text 4b |
Match#11 .text 4b |
Match#12 .text 4b |
Match#13 .text 4b |
Match#14 .text 5b |
Match#15 .idata 10b |
Match#16 .idata 5b |
Match#17 .idata 10b |
Match#18 .idata 5b |
Match#19 .idata 10b |
Match#20 .idata 10b |
Match#21 .idata 5b |
Match#22 .idata 10b |
Match#23 .idata 10b |
Match#24 .idata 5b |
Match#25 .idata 10b |
Match#26 .idata 10b |
Match#27 .idata 20b |
Match#28 .idata 10b |
Match#29 .idata 5b |
Match#30 .idata 10b |
Match#31 .idata 10b |
Match#32 .idata 20b |
Match#33 .idata 10b |
Match#34 .idata 10b |
Match#35 .idata 20b |
Match#36 .idata 10b |
Match#37 .idata 20b |
Match#38 .idata 10b |
Match#39 .idata 115b |
Match#40 .idata 20b |
Match#41 .idata 20b |
Match#42 .idata 20b |
Match#43 .idata 20b |
Match#44 .idata 10b |
Match#45 .idata 20b |
Match#46 .idata 10b |
0 | ISOLATED | MIDDLE8 | |||||||||||||||||||||||||||||||||||||||||||||||
1 | ISOLATED | THIRDS4 | |||||||||||||||||||||||||||||||||||||||||||||||
2 | ISOLATED | FULL | |||||||||||||||||||||||||||||||||||||||||||||||
3 | ISOLATED | FULLB | |||||||||||||||||||||||||||||||||||||||||||||||
4 | INCREMENTAL | MIDDLE8 | 27 | 32 | 35 | 37 | 39 | 40 | 41 | 42 | 43 | 45 | |||||||||||||||||||||||||||||||||||||
5 | INCREMENTAL | FULL | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 |
6 | DECREMENTAL | FULL | 46 | 45 | 44 | 43 | 42 | 41 | 40 | 39 | 38 | 37 | 36 | 35 | 34 | 33 | 32 | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
7 | ALL | MIDDLE8 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||||||||||||||||||||||||||||||||||||
8 | ALL | THIRDS4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |||||||||||||||||||||||||||||||||||||
9 | ALL | FULL | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Result |
[INFO ][2023-07-21 23:56:10,148] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-07-21 23:56:10,149] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-07-21 23:56:10,149] handleFile() :: Using parser for file type EXE [WARNING ][2023-07-21 23:56:10,161] parseFile() :: Section is invalid, not scanning: .bss 0 0 [INFO ][2023-07-21 23:56:10,161] handleFile() :: Using scanner from command line: avira [INFO ][2023-07-21 23:56:10,162] load() :: Loading HashCache [INFO ][2023-07-21 23:56:10,257] load() :: 67834 hashes loaded [INFO ][2023-07-21 23:56:10,396] handleFile() :: QuickCheck: 470207F763636745.cobaltstrike-default-64.exe.avira.exe is detected by avira and not hash based [INFO ][2023-07-21 23:56:10,397] handleFile() :: Scanning for matches... [INFO ][2023-07-21 23:56:10,397] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact) [INFO ][2023-07-21 23:56:10,397] findDetectedSections() :: Hide: .text -> Detected: False [INFO ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .data -> Detected: True [INFO ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .rdata -> Detected: True [INFO ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .pdata -> Detected: True [INFO ][2023-07-21 23:56:10,398] findDetectedSections() :: Hide: .xdata -> Detected: True [INFO ][2023-07-21 23:56:10,399] findDetectedSections() :: Hide: .idata -> Detected: False [INFO ][2023-07-21 23:56:10,399] findDetectedSections() :: Hide: .CRT -> Detected: True [INFO ][2023-07-21 23:56:10,399] findDetectedSections() :: Hide: .tls -> Detected: True [INFO ][2023-07-21 23:56:10,475] findDetectedSections() :: Hide: Header -> Detected: False [INFO ][2023-07-21 23:56:10,475] scanForMatchesInPe() :: 2 section(s) trigger the antivirus independantly [INFO ][2023-07-21 23:56:10,475] scanForMatchesInPe() :: section: .text [INFO ][2023-07-21 23:56:10,475] scanForMatchesInPe() :: section: .idata [INFO ][2023-07-21 23:56:10,693] scanForMatchesInPe() :: Launching bytes analysis on section: .text (1024-9728) [INFO ][2023-07-21 23:56:10,693] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:2 MinMatchSize:4 [INFO ][2023-07-21 23:56:10,693] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added) [INFO ][2023-07-21 23:56:10,694] _scanDataPart() :: Result: 1852-1857 (5b minChunk:2 X) 0000073C 8B 35 C6 6C 00 .5.l. [INFO ][2023-07-21 23:56:10,694] _scanDataPart() :: Result: 1946-1950 (4b minChunk:2 X) 0000079A 2D 69 6C 00 -il. [INFO ][2023-07-21 23:56:10,695] _scanDataPart() :: Result: 1959-1963 (4b minChunk:2 X) 000007A7 65 6C 00 00 el.. [INFO ][2023-07-21 23:56:10,695] _scanDataPart() :: Result: 1971-1976 (5b minChunk:2 X) 000007B3 0D 4C 6C 00 00 .Ll.. [INFO ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 1980-1984 (4b minChunk:2 X) 000007BC 8B 05 4E 6C ..Nl [INFO ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 1988-1993 (5b minChunk:2 X) 000007C4 15 3F 6C 00 00 .?l.. [INFO ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 2001-2005 (4b minChunk:2 X) 000007D1 47 6C 00 00 Gl.. [INFO ][2023-07-21 23:56:10,696] _scanDataPart() :: Result: 2005-2010 (5b minChunk:2 X) 000007D5 89 05 3D 6C 00 ..=l. [INFO ][2023-07-21 23:56:10,697] _scanDataPart() :: Result: 2022-2027 (5b minChunk:2 X) 000007E6 05 15 6C 00 00 ..l.. [INFO ][2023-07-21 23:56:10,697] _scanDataPart() :: Result: 2039-2044 (5b minChunk:2 X) 000007F7 1D 6C 00 00 48 .l..H [INFO ][2023-07-21 23:56:10,698] _scanDataPart() :: Result: 5835-5839 (4b minChunk:2 X) 000016CB 65 E0 5B 5E e.[^ [INFO ][2023-07-21 23:56:10,699] _scanDataPart() :: Result: 5873-5877 (4b minChunk:2 X) 000016F1 48 83 E0 F0 H... [INFO ][2023-07-21 23:56:10,700] _scanDataPart() :: Result: 6417-6421 (4b minChunk:2 X) 00001911 D0 74 E0 77 .t.w [INFO ][2023-07-21 23:56:10,700] _scanDataPart() :: Result: 6455-6459 (4b minChunk:2 X) 00001937 CD 4D 09 E0 .M.. [INFO ][2023-07-21 23:56:10,701] _scanDataPart() :: Result: 7131-7135 (4b minChunk:2 X) 00001BDB E8 E0 FD FF .... [INFO ][2023-07-21 23:56:10,702] _scanDataPart() :: Result: 7224-7229 (5b minChunk:2 X) 00001C38 C0 74 E0 8B 58 .t..X [INFO ][2023-07-21 23:56:10,702] scan() :: Reducer Result: Time:0 Chunks:84 MatchesAdded:16 MatchesFinal:15 [INFO ][2023-07-21 23:56:11,187] scanForMatchesInPe() :: Launching bytes analysis on section: .idata (14336-16896) [INFO ][2023-07-21 23:56:11,187] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:2 MinMatchSize:4 [INFO ][2023-07-21 23:56:11,187] _printStatus() :: Reducing: 85 chunks done, found 0 matches (16 added) [INFO ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14346-14351 (5b minChunk:2 X) 0000380A 00 00 C8 98 00 ..... [INFO ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14351-14356 (5b minChunk:2 X) 0000380F 00 44 92 00 00 .D... [INFO ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14366-14371 (5b minChunk:2 X) 0000381E 00 00 4C 99 00 ..L.. [INFO ][2023-07-21 23:56:11,188] _scanDataPart() :: Doubling: minChunkSize: 2 minMatchSize: 4 [INFO ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14396-14406 (10 bytes) 0000383C 4C 94 00 00 00 00 00 00 5A 94 L.......Z. [INFO ][2023-07-21 23:56:11,188] _scanDataPart() :: Result: 14411-14416 (5b minChunk:4 X) 0000384B 00 6E 94 00 00 .n... [INFO ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14421-14426 (5b minChunk:4 X) 00003855 94 00 00 00 00 ..... [INFO ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14426-14431 (5b minChunk:4 X) 0000385A 00 00 90 94 00 ..... [INFO ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14436-14446 (10 bytes) 00003864 A0 94 00 00 00 00 00 00 B8 94 .......... [INFO ][2023-07-21 23:56:11,189] _scanDataPart() :: Result: 14451-14456 (5b minChunk:4 X) 00003873 00 D0 94 00 00 ..... [INFO ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14461-14466 (5b minChunk:4 X) 0000387D 94 00 00 00 00 ..... [INFO ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14466-14471 (5b minChunk:4 X) 00003882 00 00 FA 94 00 ..... [INFO ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14476-14486 (10 bytes) 0000388C 10 95 00 00 00 00 00 00 20 95 ........ . [INFO ][2023-07-21 23:56:11,190] _scanDataPart() :: Result: 14491-14496 (5b minChunk:4 X) 0000389B 00 34 95 00 00 .4... [INFO ][2023-07-21 23:56:11,336] _scanDataPart() :: Result: 14501-14506 (5b minChunk:4 X) 000038A5 95 00 00 00 00 ..... [INFO ][2023-07-21 23:56:11,337] _scanDataPart() :: Result: 14506-14511 (5b minChunk:4 X) 000038AA 00 00 58 95 00 ..X.. [INFO ][2023-07-21 23:56:11,486] _scanDataPart() :: Result: 14516-14526 (10 bytes) 000038B4 72 95 00 00 00 00 00 00 82 95 r......... [INFO ][2023-07-21 23:56:11,486] _scanDataPart() :: Result: 14531-14536 (5b minChunk:4 X) 000038C3 00 9E 95 00 00 ..... [INFO ][2023-07-21 23:56:11,689] _scanDataPart() :: Result: 14536-14546 (10 bytes) 000038C8 00 00 00 00 B6 95 00 00 00 00 .......... [INFO ][2023-07-21 23:56:11,689] _scanDataPart() :: Result: 14546-14551 (5b minChunk:4 X) 000038D2 00 00 C6 95 00 ..... [INFO ][2023-07-21 23:56:11,854] _scanDataPart() :: Result: 14556-14566 (10 bytes) 000038DC E0 95 00 00 00 00 00 00 EC 95 .......... [INFO ][2023-07-21 23:56:11,854] _scanDataPart() :: Result: 14571-14576 (5b minChunk:4 X) 000038EB 00 02 96 00 00 ..... [INFO ][2023-07-21 23:56:12,048] _scanDataPart() :: Result: 14581-14586 (5b minChunk:4 X) 000038F5 96 00 00 00 00 ..... [INFO ][2023-07-21 23:56:12,048] _scanDataPart() :: Result: 14586-14591 (5b minChunk:4 X) 000038FA 00 00 30 96 00 ..0.. [INFO ][2023-07-21 23:56:12,282] _scanDataPart() :: Result: 14596-14606 (10 bytes) 00003904 44 96 00 00 00 00 00 00 62 96 D.......b. [INFO ][2023-07-21 23:56:12,283] _scanDataPart() :: Result: 14611-14616 (5b minChunk:4 X) 00003913 00 6A 96 00 00 .j... [INFO ][2023-07-21 23:56:12,427] _scanDataPart() :: Result: 14616-14626 (10 bytes) 00003918 00 00 00 00 7E 96 00 00 00 00 ....~..... [INFO ][2023-07-21 23:56:12,428] _scanDataPart() :: Result: 14626-14631 (5b minChunk:4 X) 00003922 00 00 8C 96 00 ..... [INFO ][2023-07-21 23:56:12,428] _scanDataPart() :: Result: 14636-14646 (10 bytes) 0000392C A8 96 00 00 00 00 00 00 B8 96 .......... [INFO ][2023-07-21 23:56:12,574] _scanDataPart() :: Result: 14676-14686 (10 bytes) 00003954 E6 96 00 00 00 00 00 00 FE 96 .......... [INFO ][2023-07-21 23:56:12,575] _scanDataPart() :: Result: 14691-14696 (5b minChunk:4 X) 00003963 00 0C 97 00 00 ..... [INFO ][2023-07-21 23:56:12,762] _scanDataPart() :: Result: 14696-14701 (5b minChunk:4 X) 00003968 00 00 00 00 1C ..... [INFO ][2023-07-21 23:56:12,762] _scanDataPart() :: Result: 14701-14706 (5b minChunk:4 X) 0000396D 97 00 00 00 00 ..... [INFO ][2023-07-21 23:56:12,763] _scanDataPart() :: Result: 14706-14711 (5b minChunk:4 X) 00003972 00 00 28 97 00 ..(.. [INFO ][2023-07-21 23:56:12,910] _scanDataPart() :: Result: 14716-14726 (10 bytes) 0000397C 36 97 00 00 00 00 00 00 46 97 6.......F. [INFO ][2023-07-21 23:56:12,911] _scanDataPart() :: Result: 14731-14736 (5b minChunk:4 X) 0000398B 00 58 97 00 00 .X... [INFO ][2023-07-21 23:56:13,174] _scanDataPart() :: Result: 14736-14741 (5b minChunk:4 X) 00003990 00 00 00 00 6C ....l [INFO ][2023-07-21 23:56:13,174] _scanDataPart() :: Result: 14741-14746 (5b minChunk:4 X) 00003995 97 00 00 00 00 ..... [INFO ][2023-07-21 23:56:13,174] _scanDataPart() :: Result: 14746-14751 (5b minChunk:4 X) 0000399A 00 00 76 97 00 ..v.. [INFO ][2023-07-21 23:56:13,308] _scanDataPart() :: Result: 14756-14766 (10 bytes) 000039A4 84 97 00 00 00 00 00 00 8E 97 .......... [INFO ][2023-07-21 23:56:13,309] _printStatus() :: Reducing: 193 chunks done, found 24 matches (55 added) [INFO ][2023-07-21 23:56:13,309] _scanDataPart() :: Result: 14771-14776 (5b minChunk:4 X) 000039B3 00 98 97 00 00 ..... [INFO ][2023-07-21 23:56:13,460] _scanDataPart() :: Result: 14776-14781 (5b minChunk:4 X) 000039B8 00 00 00 00 A4 ..... [INFO ][2023-07-21 23:56:13,460] _scanDataPart() :: Result: 14781-14786 (5b minChunk:4 X) 000039BD 97 00 00 00 00 ..... [INFO ][2023-07-21 23:56:13,460] _scanDataPart() :: Doubling: minChunkSize: 4 minMatchSize: 8 [INFO ][2023-07-21 23:56:13,460] _scanDataPart() :: Result: 14786-14796 (10b minChunk:8 X) 000039C2 00 00 AC 97 00 00 00 00 00 00 .......... [INFO ][2023-07-21 23:56:13,461] _scanDataPart() :: Result: 14796-14816 (20 bytes) 000039CC B6 97 00 00 00 00 00 00 C0 97 00 00 00 00 00 00 ................ 000039DC C8 97 00 00 .... [INFO ][2023-07-21 23:56:13,461] _scanDataPart() :: Result: 14816-14836 (20 bytes) 000039E0 00 00 00 00 D2 97 00 00 00 00 00 00 DA 97 00 00 ................ 000039F0 00 00 00 00 .... [INFO ][2023-07-21 23:56:13,462] _scanDataPart() :: Result: 14836-14856 (20 bytes) 000039F4 E4 97 00 00 00 00 00 00 EC 97 00 00 00 00 00 00 ................ 00003A04 F6 97 00 00 .... [INFO ][2023-07-21 23:56:13,462] _scanDataPart() :: Result: 14856-14876 (20 bytes) 00003A08 00 00 00 00 00 98 00 00 00 00 00 00 0A 98 00 00 ................ 00003A18 00 00 00 00 .... [INFO ][2023-07-21 23:56:13,463] _scanDataPart() :: Result: 14876-14886 (10b minChunk:8 X) 00003A1C 14 98 00 00 00 00 00 00 1E 98 .......... [INFO ][2023-07-21 23:56:13,463] _scanDataPart() :: Result: 15436-15456 (20 bytes) 00003C4C 55 00 43 6C 6F 73 65 48 61 6E 64 6C 65 00 68 00 U.CloseHandle.h. 00003C5C 43 6F 6E 6E Conn [INFO ][2023-07-21 23:56:13,464] _scanDataPart() :: Result: 15796-15816 (20 bytes) 00003DB4 00 00 4F 03 4C 6F 61 64 4C 69 62 72 61 72 79 57 ..O.LoadLibraryW 00003DC4 00 00 B8 03 .... [INFO ][2023-07-21 23:56:13,465] _scanDataPart() :: Result: 15996-16016 (20 bytes) 00003E7C 00 00 BE 04 54 6C 73 47 65 74 56 61 6C 75 65 00 ....TlsGetValue. 00003E8C CB 04 55 6E ..Un [INFO ][2023-07-21 23:56:13,465] _scanDataPart() :: Result: 16056-16076 (20 bytes) 00003EB8 E9 04 56 69 72 74 75 61 6C 50 72 6F 74 65 63 74 ..VirtualProtect 00003EC8 00 00 EB 04 .... [INFO ][2023-07-21 23:56:13,466] _scanDataPart() :: Result: 16406-16416 (10b minChunk:8 X) 00004016 73 70 72 69 6E 74 66 00 46 04 sprintf.F. [INFO ][2023-07-21 23:56:13,467] _scanDataPart() :: Result: 16576-16596 (20 bytes) 000040C0 00 90 00 00 00 90 00 00 4B 45 52 4E 45 4C 33 32 ........KERNEL32 000040D0 2E 64 6C 6C .dll [INFO ][2023-07-21 23:56:13,467] _scanDataPart() :: Result: 16716-16726 (10b minChunk:8 X) 0000414C 6D 73 76 63 72 74 2E 64 6C 6C msvcrt.dll [INFO ][2023-07-21 23:56:13,467] scan() :: Reducer Result: Time:2 Chunks:247 MatchesAdded:71 MatchesFinal:32 [INFO ][2023-07-21 23:56:13,468] handleFile() :: Result: 47 matches [INFO ][2023-07-21 23:56:13,468] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-07-21 23:56:13,532] save() :: Saving HashCache (67871) [INFO ][2023-07-21 23:56:13,633] verifyFile() :: Perform verification of matches [INFO ][2023-07-21 23:56:13,633] runVerifications() :: Verify 47 matches [INFO ][2023-07-21 23:56:13,983] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED [INFO ][2023-07-21 23:56:14,330] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED [INFO ][2023-07-21 23:56:15,328] runVerifications() :: Verification run: 2 FULL ISOLATED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 23:56:16,522] runVerifications() :: Verification run: 3 FULLB ISOLATED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 23:56:17,497] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 27 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 32 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 35 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 37 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 39 result: ScanResult.NOT_DETECTED Idx: 40 result: ScanResult.NOT_DETECTED Idx: 41 result: ScanResult.NOT_DETECTED Idx: 42 result: ScanResult.NOT_DETECTED Idx: 43 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 45 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED [INFO ][2023-07-21 23:56:19,084] runVerifications() :: Verification run: 5 FULL INCREMENTAL Idx: 0 result: ScanResult.DETECTED Idx: 1 result: ScanResult.DETECTED Idx: 2 result: ScanResult.DETECTED Idx: 3 result: ScanResult.DETECTED Idx: 4 result: ScanResult.DETECTED Idx: 5 result: ScanResult.DETECTED Idx: 6 result: ScanResult.DETECTED Idx: 7 result: ScanResult.DETECTED Idx: 8 result: ScanResult.DETECTED Idx: 9 result: ScanResult.DETECTED Idx: 10 result: ScanResult.DETECTED Idx: 11 result: ScanResult.DETECTED Idx: 12 result: ScanResult.DETECTED Idx: 13 result: ScanResult.DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED Idx: 22 result: ScanResult.NOT_DETECTED Idx: 23 result: ScanResult.NOT_DETECTED Idx: 24 result: ScanResult.NOT_DETECTED Idx: 25 result: ScanResult.NOT_DETECTED Idx: 26 result: ScanResult.NOT_DETECTED Idx: 27 result: ScanResult.NOT_DETECTED Idx: 28 result: ScanResult.NOT_DETECTED Idx: 29 result: ScanResult.NOT_DETECTED Idx: 30 result: ScanResult.NOT_DETECTED Idx: 31 result: ScanResult.NOT_DETECTED Idx: 32 result: ScanResult.NOT_DETECTED Idx: 33 result: ScanResult.NOT_DETECTED Idx: 34 result: ScanResult.NOT_DETECTED Idx: 35 result: ScanResult.NOT_DETECTED Idx: 36 result: ScanResult.NOT_DETECTED Idx: 37 result: ScanResult.NOT_DETECTED Idx: 38 result: ScanResult.NOT_DETECTED Idx: 39 result: ScanResult.NOT_DETECTED Idx: 40 result: ScanResult.NOT_DETECTED Idx: 41 result: ScanResult.NOT_DETECTED Idx: 42 result: ScanResult.NOT_DETECTED Idx: 43 result: ScanResult.NOT_DETECTED Idx: 44 result: ScanResult.NOT_DETECTED Idx: 45 result: ScanResult.NOT_DETECTED Idx: 46 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 23:56:21,188] runVerifications() :: Verification run: 6 FULL DECREMENTAL Idx: 46 result: ScanResult.NOT_DETECTED Idx: 45 result: ScanResult.NOT_DETECTED Idx: 44 result: ScanResult.NOT_DETECTED Idx: 43 result: ScanResult.NOT_DETECTED Idx: 42 result: ScanResult.NOT_DETECTED Idx: 41 result: ScanResult.NOT_DETECTED Idx: 40 result: ScanResult.NOT_DETECTED Idx: 39 result: ScanResult.NOT_DETECTED Idx: 38 result: ScanResult.NOT_DETECTED Idx: 37 result: ScanResult.NOT_DETECTED Idx: 36 result: ScanResult.NOT_DETECTED Idx: 35 result: ScanResult.NOT_DETECTED Idx: 34 result: ScanResult.NOT_DETECTED Idx: 33 result: ScanResult.NOT_DETECTED Idx: 32 result: ScanResult.NOT_DETECTED Idx: 31 result: ScanResult.NOT_DETECTED Idx: 30 result: ScanResult.NOT_DETECTED Idx: 29 result: ScanResult.NOT_DETECTED Idx: 28 result: ScanResult.NOT_DETECTED Idx: 27 result: ScanResult.NOT_DETECTED Idx: 26 result: ScanResult.NOT_DETECTED Idx: 25 result: ScanResult.NOT_DETECTED Idx: 24 result: ScanResult.NOT_DETECTED Idx: 23 result: ScanResult.NOT_DETECTED Idx: 22 result: ScanResult.NOT_DETECTED Idx: 21 result: ScanResult.NOT_DETECTED Idx: 20 result: ScanResult.NOT_DETECTED Idx: 19 result: ScanResult.NOT_DETECTED Idx: 18 result: ScanResult.NOT_DETECTED Idx: 17 result: ScanResult.NOT_DETECTED Idx: 16 result: ScanResult.NOT_DETECTED Idx: 15 result: ScanResult.NOT_DETECTED Idx: 14 result: ScanResult.NOT_DETECTED Idx: 13 result: ScanResult.NOT_DETECTED Idx: 12 result: ScanResult.NOT_DETECTED Idx: 11 result: ScanResult.NOT_DETECTED Idx: 10 result: ScanResult.NOT_DETECTED Idx: 9 result: ScanResult.NOT_DETECTED Idx: 8 result: ScanResult.NOT_DETECTED Idx: 7 result: ScanResult.NOT_DETECTED Idx: 6 result: ScanResult.NOT_DETECTED Idx: 5 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 23:56:21,189] runVerifications() :: Verification run: 7 MIDDLE8 ALL result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED [INFO ][2023-07-21 23:56:21,235] runVerifications() :: Verification run: 8 THIRDS4 ALL result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED Idx: 0 result: ScanResult.NOT_DETECTED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED [INFO ][2023-07-21 23:56:21,236] runVerifications() :: Verification run: 9 FULL ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-21 23:56:21,236] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-07-21 23:56:21,237] augmentFile() :: Perform augmentation of matches [INFO ][2023-07-21 23:56:21,539] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-07-21 23:56:21,540] outflankFile() :: Attempt to outflank the file [INFO ][2023-07-21 23:56:21,540] outflankPe() :: Outflank failed with attempted 0 patches [INFO ][2023-07-21 23:56:21,540] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-07-21 23:56:21,541] save() :: Saving HashCache (67985) [INFO ][2023-08-04 18:23:28,067] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-08-04 18:23:28,067] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-08-04 18:23:28,068] handleFile() :: Using parser for file type EXE [WARNING ][2023-08-04 18:23:28,080] parseFile() :: Section is invalid, not scanning: .bss 0 0 [WARNING ][2023-08-04 18:23:28,081] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-08-04 18:23:28,081] load() :: Loading HashCache [INFO ][2023-08-04 18:23:28,184] load() :: 77569 hashes loaded [INFO ][2023-08-04 18:23:28,184] save() :: Saving HashCache (77569) [INFO ][2023-08-04 18:23:28,263] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-04 18:23:28,564] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-08-04 18:23:28,565] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:48:29,689] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-08-06 16:48:29,689] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-08-06 16:48:29,690] handleFile() :: Using parser for file type EXE [WARNING ][2023-08-06 16:48:29,702] parseFile() :: Section is invalid, not scanning: .bss 0 0 [WARNING ][2023-08-06 16:48:29,703] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-08-06 16:48:29,703] load() :: Loading HashCache [INFO ][2023-08-06 16:48:29,801] load() :: 77569 hashes loaded [INFO ][2023-08-06 16:48:29,801] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:48:29,877] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 16:48:30,180] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-08-06 16:48:30,182] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:22:41,640] main() :: Using file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-08-06 17:22:41,640] handleFile() :: Handle file: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-08-06 17:22:41,640] handleFile() :: Using parser for file type EXE [WARNING ][2023-08-06 17:22:41,652] parseFile() :: Section is invalid, not scanning: .bss 0 0 [WARNING ][2023-08-06 17:22:41,653] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-08-06 17:22:41,653] load() :: Loading HashCache [INFO ][2023-08-06 17:22:41,752] load() :: 77569 hashes loaded [INFO ][2023-08-06 17:22:41,752] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:22:41,828] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 17:22:42,128] saveToFile() :: Saving results to: app/upload/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-08-06 17:22:42,129] save() :: Saving HashCache (77569) [INFO ][2023-09-01 05:26:43,123] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-01 05:26:43,124] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-01 05:26:43,125] handleFile() :: Using parser for file type EXE [INFO ][2023-09-01 05:26:43,137] parseFile() :: Section is invalid, not scanning: .bss addr:0 size:0 [WARNING ][2023-09-01 05:26:43,138] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-01 05:26:43,138] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-01 05:26:43,139] load() :: Loading HashCache [INFO ][2023-09-01 05:26:43,244] load() :: 85943 hashes loaded [INFO ][2023-09-01 05:26:43,244] save() :: Saving HashCache (85943) [INFO ][2023-09-01 05:26:43,328] save() :: Saving HashCache (85943) [INFO ][2023-09-24 19:21:24,546] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-24 19:21:24,546] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-24 19:21:24,547] handleFile() :: Using parser for file type EXE [INFO ][2023-09-24 19:21:24,547] parseFile() :: FilePe: Parse File [INFO ][2023-09-24 19:21:24,559] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-24 19:21:24,559] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0 [INFO ][2023-09-24 19:21:24,559] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 2 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 5 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 14 has address 0, skipping [WARNING ][2023-09-24 19:21:24,559] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [WARNING ][2023-09-24 19:21:24,560] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-24 19:21:24,561] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-24 19:21:24,562] load() :: Loading HashCache [INFO ][2023-09-24 19:21:24,700] load() :: 101712 hashes loaded [INFO ][2023-09-24 19:21:24,701] save() :: Saving HashCache (101712) [INFO ][2023-09-24 19:21:24,797] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-24 19:21:24,798] augmentFilePe() :: Augment: File PE [INFO ][2023-09-24 19:21:24,950] augmentFilePe() :: R2: Analyze [INFO ][2023-09-24 19:21:25,042] init() :: R2: Get all strings [INFO ][2023-09-24 19:21:25,042] augmentFilePe() :: Augment: Matches [INFO ][2023-09-24 19:21:25,090] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-24 19:21:25,091] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:14:42,102] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-25 18:14:42,102] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-25 18:14:42,103] handleFile() :: Using parser for file type EXE [INFO ][2023-09-25 18:14:42,103] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:14:42,111] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:14:42,112] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0 [INFO ][2023-09-25 18:14:42,112] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 2 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 5 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 14 has address 0, skipping [WARNING ][2023-09-25 18:14:42,112] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [WARNING ][2023-09-25 18:14:42,113] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-25 18:14:42,113] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-25 18:14:42,114] load() :: Loading HashCache [INFO ][2023-09-25 18:14:42,251] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:14:42,251] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:14:42,348] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:14:42,348] augmentFilePe() :: Augment: File PE [INFO ][2023-09-25 18:14:42,502] augmentFilePe() :: R2: Analyze [INFO ][2023-09-25 18:14:42,593] init() :: R2: Get all strings [INFO ][2023-09-25 18:14:42,594] augmentFilePe() :: Augment: Matches [INFO ][2023-09-25 18:14:42,641] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-25 18:14:42,642] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:21:43,864] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-25 18:21:43,864] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-25 18:21:43,864] handleFile() :: Using parser for file type EXE [INFO ][2023-09-25 18:21:43,865] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:21:43,873] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:21:43,873] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0 [INFO ][2023-09-25 18:21:43,873] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 2 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 5 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 14 has address 0, skipping [WARNING ][2023-09-25 18:21:43,873] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [WARNING ][2023-09-25 18:21:43,874] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-25 18:21:43,875] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-25 18:21:43,876] load() :: Loading HashCache [INFO ][2023-09-25 18:21:44,010] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:21:44,010] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:21:44,107] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:21:44,107] augmentFilePe() :: Augment: File PE [INFO ][2023-09-25 18:21:44,262] augmentFilePe() :: R2: Analyze [INFO ][2023-09-25 18:21:44,353] init() :: R2: Get all strings [INFO ][2023-09-25 18:21:44,354] augmentFilePe() :: Augment: Matches [INFO ][2023-09-25 18:21:44,402] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-25 18:21:44,403] save() :: Saving HashCache (101712) [INFO ][2023-09-29 10:07:17,686] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-29 10:07:17,686] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-29 10:07:17,687] handleFile() :: Using parser for file type EXE [INFO ][2023-09-29 10:07:17,687] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 10:07:17,695] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 10:07:17,695] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0 [INFO ][2023-09-29 10:07:17,696] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 2 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 5 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 14 has address 0, skipping [WARNING ][2023-09-29 10:07:17,696] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [WARNING ][2023-09-29 10:07:17,697] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-29 10:07:17,697] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-29 10:07:17,698] load() :: Loading HashCache [INFO ][2023-09-29 10:07:17,833] load() :: 102070 hashes loaded [INFO ][2023-09-29 10:07:17,833] save() :: Saving HashCache (102070) [INFO ][2023-09-29 10:07:17,928] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 10:07:17,928] augmentFilePe() :: Augment: File PE [INFO ][2023-09-29 10:07:18,082] augmentFilePe() :: R2: Analyze [INFO ][2023-09-29 10:07:18,173] init() :: R2: Get all strings [INFO ][2023-09-29 10:07:18,174] augmentFilePe() :: Augment: Matches [INFO ][2023-09-29 10:07:18,221] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-29 10:07:18,222] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:11:51,032] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-29 12:11:51,032] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-29 12:11:51,033] handleFile() :: Using parser for file type EXE [INFO ][2023-09-29 12:11:51,033] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 12:11:51,041] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 12:11:51,041] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0 [INFO ][2023-09-29 12:11:51,041] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 12:11:51,041] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 2 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 5 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 14 has address 0, skipping [WARNING ][2023-09-29 12:11:51,042] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [WARNING ][2023-09-29 12:11:51,043] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-29 12:11:51,043] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-29 12:11:51,044] load() :: Loading HashCache [INFO ][2023-09-29 12:11:51,180] load() :: 102070 hashes loaded [INFO ][2023-09-29 12:11:51,181] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:11:51,280] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 12:11:51,280] augmentFilePe() :: Augment: File PE [INFO ][2023-09-29 12:11:51,437] augmentFilePe() :: R2: Analyze [INFO ][2023-09-29 12:11:51,528] init() :: R2: Get all strings [INFO ][2023-09-29 12:11:51,529] augmentFilePe() :: Augment: Matches [INFO ][2023-09-29 12:11:51,577] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-29 12:11:51,578] save() :: Saving HashCache (102070) [INFO ][2023-09-30 10:32:45,746] main() :: Using file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-30 10:32:45,746] handleFile() :: Handle file: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe [INFO ][2023-09-30 10:32:45,747] handleFile() :: Using parser for file type EXE [INFO ][2023-09-30 10:32:45,747] parseFile() :: FilePe: Parse File [INFO ][2023-09-30 10:32:45,755] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-30 10:32:45,755] parsePeSections() :: Section is invalid, not scanning: .bss addr:0 size:0 [INFO ][2023-09-30 10:32:45,755] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-30 10:32:45,755] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-30 10:32:45,755] parsePeRegions() :: Data Directory Section 2 has address 0, skipping [WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 5 has address 0, skipping [WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 14 has address 0, skipping [WARNING ][2023-09-30 10:32:45,756] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [WARNING ][2023-09-30 10:32:45,757] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-30 10:32:45,757] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-30 10:32:45,758] load() :: Loading HashCache [INFO ][2023-09-30 10:32:45,893] load() :: 102072 hashes loaded [INFO ][2023-09-30 10:32:45,893] save() :: Saving HashCache (102072) [INFO ][2023-09-30 10:32:45,992] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-30 10:32:45,992] augmentFilePe() :: Augment: File PE [INFO ][2023-09-30 10:32:46,149] augmentFilePe() :: R2: Analyze [INFO ][2023-09-30 10:32:46,240] init() :: R2: Get all strings [INFO ][2023-09-30 10:32:46,241] augmentFilePe() :: Augment: Matches [INFO ][2023-09-30 10:32:46,289] saveToFile() :: Saving results to: app/examples/470207F763636745.cobaltstrike-default-64.exe.avira.exe.outcome [INFO ][2023-09-30 10:32:46,290] save() :: Saving HashCache (102072)