File 5A67B4365B569C43.SharpUp.exe.avira.exe

Name: 5A67B4365B569C43.SharpUp.exe.avira.exe
Size: 38,912 bytes
Type: EXE PE.NET
MD5: 320349c343b691b41cbbebf6eb3461ca
Scanner Name: avira
Appraisal: Fragile (AND) based
Scan Debug: Duration: 2s / Chunks: 175 / Matches: 29
Scan date: 2023-07-21 23:59:33

Matches

# Iteration Offset Size Section Detail SectionType Conclusion
17 1 12046 5 .text #~ DATA Dominant. Modify this to make file undetected
18 1 12531 6 .text #~ TypeRef DATA Dominant. Modify this to make file undetected

Match 17: 12046 (size: 5)

Dominant. Modify this to make file undetected

.text #~

00002F0E   00 00 01 00 00                                     .....

Match 18: 12531 (size: 6)

Dominant. Modify this to make file undetected

.text #~ TypeRef

000030F3   00 15 09 5A 0C 06                                  ...Z..

0x30f2: TypeRef[73]: ResolutionScope: ref table AssemblyRef[1] TypeName: Byte TypeNamespace: System
0x30f8: TypeRef[74]: ResolutionScope: ref table AssemblyRef[1] TypeName: RuntimeHelpers TypeNamespace: System.Runtime.CompilerServices

Test # MatchOrder ModifyPosition Match#0
methods 3b
Match#1
methods 3b
Match#2
methods 5b
Match#3
methods 8b
Match#4
methods 8b
Match#5
methods 3b
Match#6
methods 6b
Match#7
methods 3b
Match#8
methods 8b
Match#9
methods 3b
Match#10
methods 3b
Match#11
methods 5b
Match#12
methods 6b
Match#13
methods 5b
Match#14
methods 11b
Match#15
#~ 5b
Match#16
#~ 10b
Match#17
#~ 5b
Match#18
#~ 6b
Match#19
#~ 5b
Match#20
#~ 3b
Match#21
#~ 5b
Match#22
#~ 3b
Match#23
#~ 5b
0 ISOLATED MIDDLE8
1 ISOLATED THIRDS4
2 ISOLATED FULL
3 ISOLATED FULLB
4 INCREMENTAL MIDDLE8
5 INCREMENTAL FULL 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
6 DECREMENTAL FULL 23 22 21 20 19 18 17 16 15 14 13 12 11 10 9 8 7 6 5 4 3 2 1 0
7 ALL MIDDLE8
8 ALL THIRDS4
9 ALL FULL 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Result

Explanation

Colors

  • Green: Not detected
  • Red: Detected by AV

Match Order

  • Isolated: Test each match individually, by themselves. At most one match is modified per scan
  • Incremental: Modify each match after another, additive. At the end, all matches are modified
  • Decremental: Modify each match after another, additive, downwards (last first)

Position

  • ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
  • ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
  • ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa
[INFO    ][2023-07-21 23:59:33,170] main() :: Using file: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-07-21 23:59:33,170] handleFile() :: Handle file: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-07-21 23:59:33,171] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-21 23:59:33,202] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-21 23:59:33,203] handleFile() :: Using scanner from command line: avira
[INFO    ][2023-07-21 23:59:33,203] load() :: Loading HashCache
[INFO    ][2023-07-21 23:59:33,290] load() ::   68200 hashes loaded
[INFO    ][2023-07-21 23:59:33,639] handleFile() :: QuickCheck: 5A67B4365B569C43.SharpUp.exe.avira.exe is detected by avira and not hash based
[INFO    ][2023-07-21 23:59:33,639] handleFile() :: Scanning for matches...
[INFO    ][2023-07-21 23:59:33,639] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-21 23:59:33,709] findDetectedSections() :: Hide: .text -> Detected: False
[INFO    ][2023-07-21 23:59:33,710] findDetectedSections() :: Hide: .rsrc -> Detected: True
[INFO    ][2023-07-21 23:59:33,710] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-21 23:59:33,782] findDetectedSections() :: Hide: Header -> Detected: False
[INFO    ][2023-07-21 23:59:33,875] findDetectedSections() :: Hide: DotNet Header -> Detected: True
[INFO    ][2023-07-21 23:59:34,001] findDetectedSections() :: Hide: Metadata Header -> Detected: True
[INFO    ][2023-07-21 23:59:34,001] findDetectedSections() :: Hide: methods -> Detected: False
[INFO    ][2023-07-21 23:59:34,132] findDetectedSections() :: Hide: #~ Stream Header -> Detected: True
[INFO    ][2023-07-21 23:59:34,232] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: True
[INFO    ][2023-07-21 23:59:34,351] findDetectedSections() :: Hide: #US Stream Header -> Detected: True
[INFO    ][2023-07-21 23:59:34,573] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True
[INFO    ][2023-07-21 23:59:34,673] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True
[INFO    ][2023-07-21 23:59:34,674] findDetectedSections() :: Hide: #~ -> Detected: False
[INFO    ][2023-07-21 23:59:34,674] findDetectedSections() :: Hide: #Strings -> Detected: True
[INFO    ][2023-07-21 23:59:34,674] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-21 23:59:34,675] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-21 23:59:34,675] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-21 23:59:34,675] scanForMatchesInPe() :: 2 section(s) trigger the antivirus independantly
[INFO    ][2023-07-21 23:59:34,675] scanForMatchesInPe() ::   section: methods
[INFO    ][2023-07-21 23:59:34,675] scanForMatchesInPe() ::   section: #~
[INFO    ][2023-07-21 23:59:34,815] scanForMatchesInPe() :: Launching bytes analysis on section: methods (584-11872)
[INFO    ][2023-07-21 23:59:34,815] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:2 MinMatchSize:4
[INFO    ][2023-07-21 23:59:34,815] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-21 23:59:34,816] _scanDataPart() :: Result: 6544-6547 (3b minChunk:2 X)
00001990   FF FF DE                                           ...
[INFO    ][2023-07-21 23:59:34,818] _scanDataPart() :: Result: 7379-7382 (3b minChunk:2 X)
00001CD3   49 FF FF                                           I..
[INFO    ][2023-07-21 23:59:34,818] _scanDataPart() :: Result: 7396-7401 (5b minChunk:2 X)
00001CE4   3F F5 FE FF FF                                     ?....
[INFO    ][2023-07-21 23:59:34,819] _scanDataPart() :: Result: 7705-7710 (5b minChunk:2 X)
00001E19   00 0A 3A 4C FF                                     ..:L.
[INFO    ][2023-07-21 23:59:34,819] _scanDataPart() :: Result: 7710-7713 (3b minChunk:2 X)
00001E1E   FF FF DE                                           ...
[INFO    ][2023-07-21 23:59:34,820] _scanDataPart() :: Result: 8079-8084 (5b minChunk:2 X)
00001F8F   69 3F 07 FF FF                                     i?...
[INFO    ][2023-07-21 23:59:34,820] _scanDataPart() :: Result: 8084-8087 (3b minChunk:2 X)
00001F94   FF 2A 00                                           .*.
[INFO    ][2023-07-21 23:59:34,821] _scanDataPart() :: Result: 8238-8241 (3b minChunk:2 X)
0000202E   20 FF 01                                            ..
[INFO    ][2023-07-21 23:59:34,822] _scanDataPart() :: Result: 8679-8682 (3b minChunk:2 X)
000021E7   3F 4E FF                                           ?N.
[INFO    ][2023-07-21 23:59:34,823] _scanDataPart() :: Result: 8682-8685 (3b minChunk:2 X)
000021EA   FF FF 11                                           ...
[INFO    ][2023-07-21 23:59:34,823] _scanDataPart() :: Result: 8694-8697 (3b minChunk:2 X)
000021F6   FF FF DE                                           ...
[INFO    ][2023-07-21 23:59:34,824] _scanDataPart() :: Result: 8741-8746 (5b minChunk:2 X)
00002225   69 3F 15 FE FF                                     i?...
[INFO    ][2023-07-21 23:59:34,824] _scanDataPart() :: Result: 8746-8749 (3b minChunk:2 X)
0000222A   FF 2A 41                                           .*A
[INFO    ][2023-07-21 23:59:34,825] _scanDataPart() :: Result: 9286-9289 (3b minChunk:2 X)
00002446   0F FF FF                                           ...
[INFO    ][2023-07-21 23:59:34,826] _scanDataPart() :: Result: 9330-9333 (3b minChunk:2 X)
00002472   FF FF 2A                                           ..*
[INFO    ][2023-07-21 23:59:34,827] _scanDataPart() :: Result: 10063-10068 (5b minChunk:2 X)
0000274F   4F FF FF FF 2A                                     O...*
[INFO    ][2023-07-21 23:59:34,827] _scanDataPart() :: Doubling: minChunkSize: 2  minMatchSize: 4
[INFO    ][2023-07-21 23:59:34,829] _scanDataPart() :: Result: 10510-10516 (6b minChunk:4 X)
0000290E   3F 1E FF FF FF 07                                  ?.....
[INFO    ][2023-07-21 23:59:34,830] _scanDataPart() :: Result: 11463-11468 (5b minChunk:4 X)
00002CC7   3C FF FF FF 07                                     <....
[INFO    ][2023-07-21 23:59:34,830] _scanDataPart() :: Result: 11474-11485 (11 bytes)
00002CD2   69 3F 01 FE FF FF 2A 2E 73 3C 00                   i?....*.s<.
[INFO    ][2023-07-21 23:59:34,830] scan() :: Reducer Result: Time:0 Chunks:119 MatchesAdded:19 MatchesFinal:15
[INFO    ][2023-07-21 23:59:35,198] scanForMatchesInPe() :: Launching bytes analysis on section: #~ (11980-17272)
[INFO    ][2023-07-21 23:59:35,198] scan() :: Reducer Start: ScanSpeed:Normal Iteration:1 MinChunkSize:2 MinMatchSize:4
[INFO    ][2023-07-21 23:59:35,198] _printStatus() :: Reducing: 120 chunks done, found 0 matches (19 added)
[INFO    ][2023-07-21 23:59:35,199] _scanDataPart() :: Result: 11985-11990 (5b minChunk:2 X)
00002ED1   00 00 01 57 BF                                     ...W.
[INFO    ][2023-07-21 23:59:35,200] _scanDataPart() :: Result: 12000-12005 (5b minChunk:2 X)
00002EE0   00 16 00 00 01                                     .....
[INFO    ][2023-07-21 23:59:35,200] _scanDataPart() :: Result: 12005-12010 (5b minChunk:2 X)
00002EE5   00 00 00 7A 00                                     ...z.
[INFO    ][2023-07-21 23:59:35,200] _scanDataPart() :: Result: 12046-12051 (5b minChunk:2 X)
00002F0E   00 00 01 00 00                                     .....
[INFO    ][2023-07-21 23:59:35,201] _scanDataPart() :: Result: 12531-12537 (6 bytes)
000030F3   00 15 09 5A 0C 06                                  ...Z..
[INFO    ][2023-07-21 23:59:35,202] _scanDataPart() :: Result: 12868-12873 (5b minChunk:2 X)
00003244   02 00 07 00 81                                     .....
[INFO    ][2023-07-21 23:59:35,202] _scanDataPart() :: Result: 12886-12889 (3b minChunk:2 X)
00003256   81 01 10                                           ...
[INFO    ][2023-07-21 23:59:35,203] _scanDataPart() :: Result: 12899-12904 (5b minChunk:2 X)
00003263   00 81 01 10 00                                     .....
[INFO    ][2023-07-21 23:59:35,204] _scanDataPart() :: Result: 12927-12930 (3b minChunk:2 X)
0000327F   00 81 00                                           ...
[INFO    ][2023-07-21 23:59:35,205] _scanDataPart() :: Result: 16878-16883 (5b minChunk:2 X)
000041EE   01 00 20 00 00                                     .. ..
[INFO    ][2023-07-21 23:59:35,205] scan() :: Reducer Result: Time:0 Chunks:175 MatchesAdded:29 MatchesFinal:9
[INFO    ][2023-07-21 23:59:35,205] handleFile() :: Result: 24 matches
[INFO    ][2023-07-21 23:59:35,205] saveToFile() :: Saving results to: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:59:35,205] save() :: Saving HashCache (68216)
[INFO    ][2023-07-21 23:59:35,288] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-21 23:59:35,288] runVerifications() :: Verify 24 matches
[INFO    ][2023-07-21 23:59:35,289] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:59:35,289] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:59:35,296] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 23:59:35,304] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-21 23:59:35,305] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:59:35,307] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.DETECTED
  Idx: 2  result: ScanResult.DETECTED
  Idx: 3  result: ScanResult.DETECTED
  Idx: 4  result: ScanResult.DETECTED
  Idx: 5  result: ScanResult.DETECTED
  Idx: 6  result: ScanResult.DETECTED
  Idx: 7  result: ScanResult.DETECTED
  Idx: 8  result: ScanResult.DETECTED
  Idx: 9  result: ScanResult.DETECTED
  Idx: 10  result: ScanResult.DETECTED
  Idx: 11  result: ScanResult.DETECTED
  Idx: 12  result: ScanResult.DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.DETECTED
  Idx: 16  result: ScanResult.DETECTED
  Idx: 17  result: ScanResult.DETECTED
  Idx: 18  result: ScanResult.DETECTED
  Idx: 19  result: ScanResult.DETECTED
  Idx: 20  result: ScanResult.DETECTED
  Idx: 21  result: ScanResult.DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 23  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:59:35,308] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 23  result: ScanResult.NOT_DETECTED
  Idx: 22  result: ScanResult.NOT_DETECTED
  Idx: 21  result: ScanResult.NOT_DETECTED
  Idx: 20  result: ScanResult.NOT_DETECTED
  Idx: 19  result: ScanResult.NOT_DETECTED
  Idx: 18  result: ScanResult.NOT_DETECTED
  Idx: 17  result: ScanResult.NOT_DETECTED
  Idx: 16  result: ScanResult.NOT_DETECTED
  Idx: 15  result: ScanResult.NOT_DETECTED
  Idx: 14  result: ScanResult.NOT_DETECTED
  Idx: 13  result: ScanResult.NOT_DETECTED
  Idx: 12  result: ScanResult.NOT_DETECTED
  Idx: 11  result: ScanResult.NOT_DETECTED
  Idx: 10  result: ScanResult.NOT_DETECTED
  Idx: 9  result: ScanResult.NOT_DETECTED
  Idx: 8  result: ScanResult.NOT_DETECTED
  Idx: 7  result: ScanResult.NOT_DETECTED
  Idx: 6  result: ScanResult.NOT_DETECTED
  Idx: 5  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.DETECTED
  Idx: 3  result: ScanResult.DETECTED
  Idx: 2  result: ScanResult.DETECTED
  Idx: 1  result: ScanResult.DETECTED
  Idx: 0  result: ScanResult.DETECTED

[INFO    ][2023-07-21 23:59:35,309] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:59:35,309] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-21 23:59:35,310] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-21 23:59:35,310] saveToFile() :: Saving results to: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:59:35,310] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-21 23:59:35,329] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-21 23:59:35,432] disassembleDotNet() :: Match physical 6544/0x1990, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,433] disassembleDotNet() :: Match physical 7379/0x1CD3, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,433] disassembleDotNet() :: Match physical 7396/0x1CE4, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,433] disassembleDotNet() :: Match physical 7705/0x1E19, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,433] disassembleDotNet() :: Match physical 8079/0x1F8F, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,433] disassembleDotNet() :: Match physical 8238/0x202E, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,433] disassembleDotNet() :: Match physical 8679/0x21E7, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,433] disassembleDotNet() :: Match physical 8694/0x21F6, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,433] disassembleDotNet() :: Match physical 8741/0x2225, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,433] disassembleDotNet() :: Match physical 9286/0x2446, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,434] disassembleDotNet() :: Match physical 9330/0x2472, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,434] disassembleDotNet() :: Match physical 10063/0x274F, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,434] disassembleDotNet() :: Match physical 10510/0x290E, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,434] disassembleDotNet() :: Match physical 11463/0x2CC7, method disassemblies found: 1
[INFO    ][2023-07-21 23:59:35,434] disassembleDotNet() :: Match physical 11474/0x2CD2, method disassemblies found: 2
[INFO    ][2023-07-21 23:59:35,435] saveToFile() :: Saving results to: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:59:35,435] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-21 23:59:35,435] outflankDotnet() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-21 23:59:35,435] saveToFile() :: Saving results to: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-07-21 23:59:35,436] save() :: Saving HashCache (68216)
[INFO    ][2023-08-04 18:25:36,406] main() :: Using file: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-08-04 18:25:36,406] handleFile() :: Handle file: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-08-04 18:25:36,406] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-04 18:25:36,438] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-04 18:25:36,439] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-04 18:25:36,439] load() :: Loading HashCache
[INFO    ][2023-08-04 18:25:36,533] load() ::   77569 hashes loaded
[INFO    ][2023-08-04 18:25:36,534] save() :: Saving HashCache (77569)
[INFO    ][2023-08-04 18:25:36,610] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-04 18:25:36,629] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-04 18:25:36,871] init() :: DotnetData entries: 739
[INFO    ][2023-08-04 18:25:36,871] disassembleDotNet() :: Match physical 6544/0x1990, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,871] disassembleDotNet() :: Match physical 7379/0x1CD3, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,871] disassembleDotNet() :: Match physical 7396/0x1CE4, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,872] disassembleDotNet() :: Match physical 7705/0x1E19, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,872] disassembleDotNet() :: Match physical 8079/0x1F8F, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,872] disassembleDotNet() :: Match physical 8238/0x202E, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,872] disassembleDotNet() :: Match physical 8679/0x21E7, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,872] disassembleDotNet() :: Match physical 8694/0x21F6, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,872] disassembleDotNet() :: Match physical 8741/0x2225, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,872] disassembleDotNet() :: Match physical 9286/0x2446, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,872] disassembleDotNet() :: Match physical 9330/0x2472, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,873] disassembleDotNet() :: Match physical 10063/0x274F, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,873] disassembleDotNet() :: Match physical 10510/0x290E, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,873] disassembleDotNet() :: Match physical 11463/0x2CC7, method disassemblies found: 1
[INFO    ][2023-08-04 18:25:36,873] disassembleDotNet() :: Match physical 11474/0x2CD2, method disassemblies found: 2
[INFO    ][2023-08-04 18:25:36,874] saveToFile() :: Saving results to: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-08-04 18:25:36,875] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:51:16,993] main() :: Using file: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-08-06 16:51:16,994] handleFile() :: Handle file: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-08-06 16:51:16,994] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 16:51:17,027] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 16:51:17,027] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 16:51:17,027] load() :: Loading HashCache
[INFO    ][2023-08-06 16:51:17,119] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 16:51:17,119] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:51:17,196] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 16:51:17,214] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 16:51:17,463] init() :: DotnetData entries: 739
[INFO    ][2023-08-06 16:51:17,464] disassembleDotNet() :: Match physical 6544/0x1990, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,464] disassembleDotNet() :: Match physical 7379/0x1CD3, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,464] disassembleDotNet() :: Match physical 7396/0x1CE4, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,464] disassembleDotNet() :: Match physical 7705/0x1E19, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,464] disassembleDotNet() :: Match physical 8079/0x1F8F, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,464] disassembleDotNet() :: Match physical 8238/0x202E, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,464] disassembleDotNet() :: Match physical 8679/0x21E7, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,464] disassembleDotNet() :: Match physical 8694/0x21F6, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,465] disassembleDotNet() :: Match physical 8741/0x2225, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,465] disassembleDotNet() :: Match physical 9286/0x2446, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,465] disassembleDotNet() :: Match physical 9330/0x2472, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,465] disassembleDotNet() :: Match physical 10063/0x274F, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,465] disassembleDotNet() :: Match physical 10510/0x290E, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,465] disassembleDotNet() :: Match physical 11463/0x2CC7, method disassemblies found: 1
[INFO    ][2023-08-06 16:51:17,465] disassembleDotNet() :: Match physical 11474/0x2CD2, method disassemblies found: 2
[INFO    ][2023-08-06 16:51:17,467] saveToFile() :: Saving results to: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-08-06 16:51:17,467] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:25:28,850] main() :: Using file: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-08-06 17:25:28,850] handleFile() :: Handle file: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-08-06 17:25:28,851] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 17:25:28,882] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 17:25:28,883] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 17:25:28,883] load() :: Loading HashCache
[INFO    ][2023-08-06 17:25:28,978] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:25:28,978] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:25:29,053] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:25:29,071] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 17:25:29,315] init() :: DotnetData entries: 739
[INFO    ][2023-08-06 17:25:29,315] disassembleDotNet() :: Match physical 6544/0x1990, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,316] disassembleDotNet() :: Match physical 7379/0x1CD3, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,316] disassembleDotNet() :: Match physical 7396/0x1CE4, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,316] disassembleDotNet() :: Match physical 7705/0x1E19, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,316] disassembleDotNet() :: Match physical 8079/0x1F8F, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,316] disassembleDotNet() :: Match physical 8238/0x202E, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,316] disassembleDotNet() :: Match physical 8679/0x21E7, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,316] disassembleDotNet() :: Match physical 8694/0x21F6, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,316] disassembleDotNet() :: Match physical 8741/0x2225, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,317] disassembleDotNet() :: Match physical 9286/0x2446, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,317] disassembleDotNet() :: Match physical 9330/0x2472, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,317] disassembleDotNet() :: Match physical 10063/0x274F, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,317] disassembleDotNet() :: Match physical 10510/0x290E, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,317] disassembleDotNet() :: Match physical 11463/0x2CC7, method disassemblies found: 1
[INFO    ][2023-08-06 17:25:29,317] disassembleDotNet() :: Match physical 11474/0x2CD2, method disassemblies found: 2
[INFO    ][2023-08-06 17:25:29,318] saveToFile() :: Saving results to: app/upload/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-08-06 17:25:29,319] save() :: Saving HashCache (77569)
[INFO    ][2023-09-01 05:26:45,030] main() :: Using file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-01 05:26:45,030] handleFile() :: Handle file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-01 05:26:45,031] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:45,062] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:45,063] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-01 05:26:45,064] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-01 05:26:45,064] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:45,161] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:45,161] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:45,243] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:21:27,422] main() :: Using file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-24 19:21:27,422] handleFile() :: Handle file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-24 19:21:27,423] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:21:27,423] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:21:27,426] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:21:27,427] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:21:27,427] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:21:27,427] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:21:27,455] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:21:27,474] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-24 19:21:27,475] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:21:27,476] load() :: Loading HashCache
[INFO    ][2023-09-24 19:21:27,608] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:21:27,608] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:21:27,702] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:21:27,919] init() :: DotnetData entries: 739
[INFO    ][2023-09-24 19:21:27,920] disassembleDotNet() :: Match physical 6544/0x1990, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,920] disassembleDotNet() :: Match physical 7379/0x1CD3, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,920] disassembleDotNet() :: Match physical 7396/0x1CE4, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,920] disassembleDotNet() :: Match physical 7705/0x1E19, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,920] disassembleDotNet() :: Match physical 8079/0x1F8F, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,920] disassembleDotNet() :: Match physical 8238/0x202E, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,920] disassembleDotNet() :: Match physical 8679/0x21E7, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,920] disassembleDotNet() :: Match physical 8694/0x21F6, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,921] disassembleDotNet() :: Match physical 8741/0x2225, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,921] disassembleDotNet() :: Match physical 9286/0x2446, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,921] disassembleDotNet() :: Match physical 9330/0x2472, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,921] disassembleDotNet() :: Match physical 10063/0x274F, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,921] disassembleDotNet() :: Match physical 10510/0x290E, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,921] disassembleDotNet() :: Match physical 11463/0x2CC7, method disassemblies found: 1
[INFO    ][2023-09-24 19:21:27,921] disassembleDotNet() :: Match physical 11474/0x2CD2, method disassemblies found: 2
[INFO    ][2023-09-24 19:21:27,922] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:21:27,923] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:44,828] main() :: Using file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-25 18:14:44,828] handleFile() :: Handle file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-25 18:14:44,829] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:14:44,829] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:14:44,832] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:14:44,832] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:14:44,832] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:14:44,832] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:14:44,851] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:14:44,878] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:14:44,879] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:14:44,879] load() :: Loading HashCache
[INFO    ][2023-09-25 18:14:45,004] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:14:45,004] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:14:45,099] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:14:45,321] init() :: DotnetData entries: 739
[INFO    ][2023-09-25 18:14:45,321] disassembleDotNet() :: Match physical 6544/0x1990, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,321] disassembleDotNet() :: Match physical 7379/0x1CD3, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,322] disassembleDotNet() :: Match physical 7396/0x1CE4, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,322] disassembleDotNet() :: Match physical 7705/0x1E19, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,322] disassembleDotNet() :: Match physical 8079/0x1F8F, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,322] disassembleDotNet() :: Match physical 8238/0x202E, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,322] disassembleDotNet() :: Match physical 8679/0x21E7, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,322] disassembleDotNet() :: Match physical 8694/0x21F6, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,322] disassembleDotNet() :: Match physical 8741/0x2225, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,322] disassembleDotNet() :: Match physical 9286/0x2446, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,323] disassembleDotNet() :: Match physical 9330/0x2472, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,323] disassembleDotNet() :: Match physical 10063/0x274F, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,323] disassembleDotNet() :: Match physical 10510/0x290E, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,323] disassembleDotNet() :: Match physical 11463/0x2CC7, method disassemblies found: 1
[INFO    ][2023-09-25 18:14:45,323] disassembleDotNet() :: Match physical 11474/0x2CD2, method disassemblies found: 2
[INFO    ][2023-09-25 18:14:45,324] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:14:45,325] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:46,567] main() :: Using file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-25 18:21:46,567] handleFile() :: Handle file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-25 18:21:46,568] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:21:46,568] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:21:46,571] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:21:46,571] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:21:46,571] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:21:46,571] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:21:46,590] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:21:46,617] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:21:46,617] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:21:46,618] load() :: Loading HashCache
[INFO    ][2023-09-25 18:21:46,743] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:21:46,743] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:21:46,839] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:21:47,062] init() :: DotnetData entries: 739
[INFO    ][2023-09-25 18:21:47,062] disassembleDotNet() :: Match physical 6544/0x1990, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,062] disassembleDotNet() :: Match physical 7379/0x1CD3, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,062] disassembleDotNet() :: Match physical 7396/0x1CE4, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,062] disassembleDotNet() :: Match physical 7705/0x1E19, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,062] disassembleDotNet() :: Match physical 8079/0x1F8F, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,062] disassembleDotNet() :: Match physical 8238/0x202E, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,063] disassembleDotNet() :: Match physical 8679/0x21E7, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,063] disassembleDotNet() :: Match physical 8694/0x21F6, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,063] disassembleDotNet() :: Match physical 8741/0x2225, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,063] disassembleDotNet() :: Match physical 9286/0x2446, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,063] disassembleDotNet() :: Match physical 9330/0x2472, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,063] disassembleDotNet() :: Match physical 10063/0x274F, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,063] disassembleDotNet() :: Match physical 10510/0x290E, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,063] disassembleDotNet() :: Match physical 11463/0x2CC7, method disassemblies found: 1
[INFO    ][2023-09-25 18:21:47,064] disassembleDotNet() :: Match physical 11474/0x2CD2, method disassemblies found: 2
[INFO    ][2023-09-25 18:21:47,065] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:21:47,065] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:07:20,364] main() :: Using file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-29 10:07:20,365] handleFile() :: Handle file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-29 10:07:20,365] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:07:20,365] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:07:20,368] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:07:20,368] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:07:20,368] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:07:20,368] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:07:20,369] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:07:20,369] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 10:07:20,369] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:07:20,369] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:07:20,369] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:07:20,369] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:07:20,369] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:07:20,369] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:07:20,369] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:07:20,369] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:07:20,388] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 10:07:20,389] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:07:20,390] load() :: Loading HashCache
[INFO    ][2023-09-29 10:07:20,526] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:07:20,526] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:07:20,621] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:07:20,844] init() :: DotnetData entries: 739
[INFO    ][2023-09-29 10:07:20,845] disassembleDotNet() :: Match physical 6544/0x1990, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,845] disassembleDotNet() :: Match physical 7379/0x1CD3, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,845] disassembleDotNet() :: Match physical 7396/0x1CE4, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,845] disassembleDotNet() :: Match physical 7705/0x1E19, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,845] disassembleDotNet() :: Match physical 8079/0x1F8F, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,845] disassembleDotNet() :: Match physical 8238/0x202E, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,845] disassembleDotNet() :: Match physical 8679/0x21E7, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,845] disassembleDotNet() :: Match physical 8694/0x21F6, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,845] disassembleDotNet() :: Match physical 8741/0x2225, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,846] disassembleDotNet() :: Match physical 9286/0x2446, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,846] disassembleDotNet() :: Match physical 9330/0x2472, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,846] disassembleDotNet() :: Match physical 10063/0x274F, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,846] disassembleDotNet() :: Match physical 10510/0x290E, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,846] disassembleDotNet() :: Match physical 11463/0x2CC7, method disassemblies found: 1
[INFO    ][2023-09-29 10:07:20,846] disassembleDotNet() :: Match physical 11474/0x2CD2, method disassemblies found: 2
[INFO    ][2023-09-29 10:07:20,847] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:07:20,848] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:53,740] main() :: Using file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-29 12:11:53,740] handleFile() :: Handle file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-29 12:11:53,741] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:11:53,741] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:11:53,743] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:11:53,744] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:11:53,744] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:11:53,744] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:11:53,764] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 12:11:53,764] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:11:53,765] load() :: Loading HashCache
[INFO    ][2023-09-29 12:11:53,901] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:11:53,901] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:11:53,999] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:11:54,221] init() :: DotnetData entries: 739
[INFO    ][2023-09-29 12:11:54,221] disassembleDotNet() :: Match physical 6544/0x1990, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,221] disassembleDotNet() :: Match physical 7379/0x1CD3, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,221] disassembleDotNet() :: Match physical 7396/0x1CE4, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,221] disassembleDotNet() :: Match physical 7705/0x1E19, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,221] disassembleDotNet() :: Match physical 8079/0x1F8F, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,221] disassembleDotNet() :: Match physical 8238/0x202E, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,221] disassembleDotNet() :: Match physical 8679/0x21E7, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,222] disassembleDotNet() :: Match physical 8694/0x21F6, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,222] disassembleDotNet() :: Match physical 8741/0x2225, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,222] disassembleDotNet() :: Match physical 9286/0x2446, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,222] disassembleDotNet() :: Match physical 9330/0x2472, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,222] disassembleDotNet() :: Match physical 10063/0x274F, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,222] disassembleDotNet() :: Match physical 10510/0x290E, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,222] disassembleDotNet() :: Match physical 11463/0x2CC7, method disassemblies found: 1
[INFO    ][2023-09-29 12:11:54,222] disassembleDotNet() :: Match physical 11474/0x2CD2, method disassemblies found: 2
[INFO    ][2023-09-29 12:11:54,223] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:11:54,224] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:32:48,446] main() :: Using file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-30 10:32:48,446] handleFile() :: Handle file: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe
[INFO    ][2023-09-30 10:32:48,447] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:32:48,447] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:32:48,450] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:32:48,450] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:32:48,450] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:32:48,450] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:32:48,450] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:32:48,450] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-30 10:32:48,450] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:32:48,450] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:32:48,450] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:32:48,450] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:32:48,450] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:32:48,450] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:32:48,451] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:32:48,451] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:32:48,470] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-30 10:32:48,471] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:32:48,471] load() :: Loading HashCache
[INFO    ][2023-09-30 10:32:48,605] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:32:48,606] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:32:48,706] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:32:48,928] init() :: DotnetData entries: 739
[INFO    ][2023-09-30 10:32:48,928] disassembleDotNet() :: Match physical 6544/0x1990, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,928] disassembleDotNet() :: Match physical 7379/0x1CD3, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,929] disassembleDotNet() :: Match physical 7396/0x1CE4, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,929] disassembleDotNet() :: Match physical 7705/0x1E19, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,929] disassembleDotNet() :: Match physical 8079/0x1F8F, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,929] disassembleDotNet() :: Match physical 8238/0x202E, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,929] disassembleDotNet() :: Match physical 8679/0x21E7, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,929] disassembleDotNet() :: Match physical 8694/0x21F6, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,929] disassembleDotNet() :: Match physical 8741/0x2225, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,929] disassembleDotNet() :: Match physical 9286/0x2446, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,929] disassembleDotNet() :: Match physical 9330/0x2472, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,930] disassembleDotNet() :: Match physical 10063/0x274F, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,930] disassembleDotNet() :: Match physical 10510/0x290E, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,930] disassembleDotNet() :: Match physical 11463/0x2CC7, method disassemblies found: 1
[INFO    ][2023-09-30 10:32:48,930] disassembleDotNet() :: Match physical 11474/0x2CD2, method disassemblies found: 2
[INFO    ][2023-09-30 10:32:48,931] saveToFile() :: Saving results to: app/examples/5A67B4365B569C43.SharpUp.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:32:48,932] save() :: Saving HashCache (102072)