Name: | 8021A70FB5CF073B.Seatbelt.exe.avira.exe |
Size: | 611,840 bytes |
Type: | EXE PE.NET |
MD5: | fc15a64503b4c20ddecff587d6b11c15 |
Scanner Name: | avira |
Appraisal: | One based |
Scan Debug: | Duration: 23s / Chunks: 26 / Matches: 6 |
Scan date: | 2023-07-22 00:00:24 |
# | Iteration | Offset | Size | Section | Detail | SectionType | Conclusion |
---|---|---|---|---|---|---|---|
0 | 0 | 609804 | 3 | .rsrcIMAGE_DIRECTORY_ENTRY_RESOURCE | DATA | Dominant. Modify this to make file undetected |
Dominant. Modify this to make file undetected |
00094E0C 00 00 02 ...
Test # | MatchOrder | ModifyPosition |
Match#0 3b |
Match#1 9b |
Match#2 3b |
Match#3 3b |
Match#4 3b |
0 | ISOLATED | MIDDLE8 | |||||
1 | ISOLATED | THIRDS4 | |||||
2 | ISOLATED | FULL | |||||
3 | ISOLATED | FULLB | |||||
4 | INCREMENTAL | MIDDLE8 | |||||
5 | INCREMENTAL | FULL | 0 | 1 | 2 | 3 | 4 |
6 | DECREMENTAL | FULL | 4 | 3 | 2 | 1 | 0 |
7 | ALL | MIDDLE8 | |||||
8 | ALL | THIRDS4 | |||||
9 | ALL | FULL | 0 | 0 | 0 | 0 | 0 |
Result |
[INFO ][2023-07-22 00:00:20,568] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-07-22 00:00:20,568] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-07-22 00:00:20,569] handleFile() :: Using parser for file type DOTNET [INFO ][2023-07-22 00:00:21,090] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-22 00:00:21,090] handleFile() :: Using scanner from command line: avira [INFO ][2023-07-22 00:00:21,091] load() :: Loading HashCache [INFO ][2023-07-22 00:00:21,275] load() :: 68240 hashes loaded [INFO ][2023-07-22 00:00:24,544] handleFile() :: QuickCheck: 8021A70FB5CF073B.Seatbelt.exe.avira.exe is detected by avira and not hash based [INFO ][2023-07-22 00:00:24,544] handleFile() :: Scanning for matches... [INFO ][2023-07-22 00:00:24,544] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact) [INFO ][2023-07-22 00:00:24,624] findDetectedSections() :: Hide: .text -> Detected: False [INFO ][2023-07-22 00:00:24,626] findDetectedSections() :: Hide: .rsrc -> Detected: False [INFO ][2023-07-22 00:00:24,627] findDetectedSections() :: Hide: .reloc -> Detected: True [INFO ][2023-07-22 00:00:26,300] findDetectedSections() :: Hide: Header -> Detected: False [INFO ][2023-07-22 00:00:27,956] findDetectedSections() :: Hide: DotNet Header -> Detected: True [INFO ][2023-07-22 00:00:29,592] findDetectedSections() :: Hide: Metadata Header -> Detected: True [INFO ][2023-07-22 00:00:29,594] findDetectedSections() :: Hide: methods -> Detected: True [INFO ][2023-07-22 00:00:31,178] findDetectedSections() :: Hide: #~ Stream Header -> Detected: True [INFO ][2023-07-22 00:00:32,756] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: True [INFO ][2023-07-22 00:00:34,323] findDetectedSections() :: Hide: #US Stream Header -> Detected: True [INFO ][2023-07-22 00:00:35,978] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True [INFO ][2023-07-22 00:00:37,599] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True [INFO ][2023-07-22 00:00:37,601] findDetectedSections() :: Hide: #~ -> Detected: True [INFO ][2023-07-22 00:00:37,602] findDetectedSections() :: Hide: #Strings -> Detected: True [INFO ][2023-07-22 00:00:37,603] findDetectedSections() :: Hide: #US -> Detected: True [INFO ][2023-07-22 00:00:37,604] findDetectedSections() :: Hide: #GUID -> Detected: True [INFO ][2023-07-22 00:00:37,605] findDetectedSections() :: Hide: #Blob -> Detected: True [INFO ][2023-07-22 00:00:37,605] scanForMatchesInPe() :: 1 section(s) trigger the antivirus independantly [INFO ][2023-07-22 00:00:37,605] scanForMatchesInPe() :: section: .rsrc [INFO ][2023-07-22 00:00:44,076] scanForMatchesInPe() :: Launching bytes analysis on section: .rsrc (609792-611328) [INFO ][2023-07-22 00:00:44,076] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:2 MinMatchSize:4 [INFO ][2023-07-22 00:00:44,076] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added) [INFO ][2023-07-22 00:00:44,091] _scanDataPart() :: Result: 609804-609807 (3b minChunk:2 X) 00094E0C 00 00 02 ... [INFO ][2023-07-22 00:00:47,354] _scanDataPart() :: Result: 609816-609822 (6 bytes) 00094E18 18 00 00 00 50 00 ....P. [INFO ][2023-07-22 00:00:47,355] _printStatus() :: Reducing: 14 chunks done, found 2 matches (2 added) [INFO ][2023-07-22 00:00:47,356] _scanDataPart() :: Result: 609822-609825 (3b minChunk:2 X) 00094E1E 00 80 00 ... [INFO ][2023-07-22 00:00:47,360] _scanDataPart() :: Result: 609837-609840 (3b minChunk:2 X) 00094E2D 00 01 00 ... [INFO ][2023-07-22 00:00:47,366] _scanDataPart() :: Result: 609867-609870 (3b minChunk:2 X) 00094E4B 00 80 00 ... [INFO ][2023-07-22 00:00:47,370] _scanDataPart() :: Result: 609885-609888 (3b minChunk:2 X) 00094E5D 00 01 00 ... [INFO ][2023-07-22 00:00:47,371] scan() :: Reducer Result: Time:3 Chunks:26 MatchesAdded:6 MatchesFinal:5 [INFO ][2023-07-22 00:00:47,371] handleFile() :: Result: 5 matches [INFO ][2023-07-22 00:00:47,371] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-07-22 00:00:47,372] save() :: Saving HashCache (68257) [INFO ][2023-07-22 00:00:47,443] verifyFile() :: Perform verification of matches [INFO ][2023-07-22 00:00:47,443] runVerifications() :: Verify 5 matches [INFO ][2023-07-22 00:00:47,444] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED [INFO ][2023-07-22 00:00:47,444] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED [INFO ][2023-07-22 00:00:49,074] runVerifications() :: Verification run: 2 FULL ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-22 00:00:50,658] runVerifications() :: Verification run: 3 FULLB ISOLATED result: ScanResult.NOT_DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED result: ScanResult.DETECTED [INFO ][2023-07-22 00:00:50,658] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED [INFO ][2023-07-22 00:00:57,093] runVerifications() :: Verification run: 5 FULL INCREMENTAL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 4 result: ScanResult.NOT_DETECTED [INFO ][2023-07-22 00:00:58,655] runVerifications() :: Verification run: 6 FULL DECREMENTAL Idx: 4 result: ScanResult.NOT_DETECTED Idx: 3 result: ScanResult.NOT_DETECTED Idx: 2 result: ScanResult.NOT_DETECTED Idx: 1 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.DETECTED [INFO ][2023-07-22 00:00:58,656] runVerifications() :: Verification run: 7 MIDDLE8 ALL result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED [INFO ][2023-07-22 00:00:58,657] runVerifications() :: Verification run: 8 THIRDS4 ALL result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED result: ScanResult.NOT_SCANNED [INFO ][2023-07-22 00:00:58,658] runVerifications() :: Verification run: 9 FULL ALL Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED Idx: 0 result: ScanResult.NOT_DETECTED [INFO ][2023-07-22 00:00:58,658] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-07-22 00:00:58,658] augmentFile() :: Perform augmentation of matches [INFO ][2023-07-22 00:00:59,157] getDotNetSections() :: Offset: 7680 [INFO ][2023-07-22 00:01:01,810] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-07-22 00:01:01,810] outflankFile() :: Attempt to outflank the file [INFO ][2023-07-22 00:01:01,811] outflankDotnet() :: Outflank failed with attempted 0 patches [INFO ][2023-07-22 00:01:01,811] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-07-22 00:01:01,811] save() :: Saving HashCache (68264) [INFO ][2023-08-04 18:27:21,527] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-08-04 18:27:21,527] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-08-04 18:27:21,528] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-04 18:27:22,041] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-04 18:27:22,042] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-08-04 18:27:22,042] load() :: Loading HashCache [INFO ][2023-08-04 18:27:22,232] load() :: 77569 hashes loaded [INFO ][2023-08-04 18:27:22,233] save() :: Saving HashCache (77569) [INFO ][2023-08-04 18:27:22,309] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-04 18:27:22,862] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-04 18:27:29,587] init() :: DotnetData entries: 23564 [INFO ][2023-08-04 18:27:29,606] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-08-04 18:27:29,607] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:53:21,410] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-08-06 16:53:21,410] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-08-06 16:53:21,411] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 16:53:21,946] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 16:53:21,947] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-08-06 16:53:21,947] load() :: Loading HashCache [INFO ][2023-08-06 16:53:22,139] load() :: 77569 hashes loaded [INFO ][2023-08-06 16:53:22,140] save() :: Saving HashCache (77569) [INFO ][2023-08-06 16:53:22,219] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 16:53:22,785] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 16:53:29,577] init() :: DotnetData entries: 23564 [INFO ][2023-08-06 16:53:29,597] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-08-06 16:53:29,598] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:27:32,480] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-08-06 17:27:32,480] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-08-06 17:27:32,481] handleFile() :: Using parser for file type DOTNET [INFO ][2023-08-06 17:27:33,005] getDotNetSections() :: Offset: 7680 [WARNING ][2023-08-06 17:27:33,005] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-08-06 17:27:33,005] load() :: Loading HashCache [INFO ][2023-08-06 17:27:33,197] load() :: 77569 hashes loaded [INFO ][2023-08-06 17:27:33,198] save() :: Saving HashCache (77569) [INFO ][2023-08-06 17:27:33,275] augmentFile() :: Perform augmentation of matches [INFO ][2023-08-06 17:27:33,836] getDotNetSections() :: Offset: 7680 [INFO ][2023-08-06 17:27:40,540] init() :: DotnetData entries: 23564 [INFO ][2023-08-06 17:27:40,559] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-08-06 17:27:40,560] save() :: Saving HashCache (77569) [INFO ][2023-09-01 05:26:48,132] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-01 05:26:48,132] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-01 05:26:48,134] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-01 05:26:48,645] getDotNetSections() :: Offset: 7680 [WARNING ][2023-09-01 05:26:48,646] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-01 05:26:48,647] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-01 05:26:48,648] load() :: Loading HashCache [INFO ][2023-09-01 05:26:48,843] load() :: 85943 hashes loaded [INFO ][2023-09-01 05:26:48,843] save() :: Saving HashCache (85943) [INFO ][2023-09-01 05:26:48,925] save() :: Saving HashCache (85943) [INFO ][2023-09-24 19:21:45,463] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-24 19:21:45,463] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-24 19:21:45,473] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-24 19:21:45,473] parseFile() :: FilePe: Parse File [INFO ][2023-09-24 19:21:45,500] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-24 19:21:45,501] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-24 19:21:45,501] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-24 19:21:45,979] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-24 19:21:46,601] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-24 19:21:46,602] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-24 19:21:46,603] load() :: Loading HashCache [INFO ][2023-09-24 19:21:46,802] load() :: 101712 hashes loaded [INFO ][2023-09-24 19:21:46,802] save() :: Saving HashCache (101712) [INFO ][2023-09-24 19:21:46,898] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-24 19:21:53,361] init() :: DotnetData entries: 23564 [INFO ][2023-09-24 19:21:53,380] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-24 19:21:53,381] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:15:03,316] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-25 18:15:03,316] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-25 18:15:03,317] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:15:03,318] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:15:03,344] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:15:03,344] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:15:03,344] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:15:03,344] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:15:03,344] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:15:03,344] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:15:03,345] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:15:03,816] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:15:04,377] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-25 18:15:04,378] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-25 18:15:04,379] load() :: Loading HashCache [INFO ][2023-09-25 18:15:04,605] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:15:04,606] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:15:04,704] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:15:11,605] init() :: DotnetData entries: 23564 [INFO ][2023-09-25 18:15:11,623] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-25 18:15:11,624] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:22:04,986] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-25 18:22:04,986] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-25 18:22:04,987] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-25 18:22:04,987] parseFile() :: FilePe: Parse File [INFO ][2023-09-25 18:22:05,012] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-25 18:22:05,012] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-25 18:22:05,013] parseDotNetSections() :: FilePe: Parse DotNet Sections [INFO ][2023-09-25 18:22:05,483] parseDotNetRegions() :: FilePe: Parse DotNet Regions [WARNING ][2023-09-25 18:22:06,041] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-25 18:22:06,042] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-25 18:22:06,043] load() :: Loading HashCache [INFO ][2023-09-25 18:22:06,267] load() :: 101712 hashes loaded [INFO ][2023-09-25 18:22:06,267] save() :: Saving HashCache (101712) [INFO ][2023-09-25 18:22:06,364] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-25 18:22:13,227] init() :: DotnetData entries: 23564 [INFO ][2023-09-25 18:22:13,246] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-25 18:22:13,246] save() :: Saving HashCache (101712) [INFO ][2023-09-29 10:07:37,605] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-29 10:07:37,605] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-29 10:07:37,607] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 10:07:37,607] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 10:07:37,633] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 10:07:37,633] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 10:07:37,633] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 10:07:38,109] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-29 10:07:38,111] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-29 10:07:38,111] load() :: Loading HashCache [INFO ][2023-09-29 10:07:38,339] load() :: 102070 hashes loaded [INFO ][2023-09-29 10:07:38,339] save() :: Saving HashCache (102070) [INFO ][2023-09-29 10:07:38,436] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 10:07:45,281] init() :: DotnetData entries: 23564 [INFO ][2023-09-29 12:12:11,012] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-29 12:12:11,012] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-29 12:12:11,013] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-29 12:12:11,013] parseFile() :: FilePe: Parse File [INFO ][2023-09-29 12:12:11,038] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-29 12:12:11,039] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-29 12:12:11,039] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-29 12:12:11,510] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-29 12:12:11,512] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-29 12:12:11,512] load() :: Loading HashCache [INFO ][2023-09-29 12:12:11,736] load() :: 102070 hashes loaded [INFO ][2023-09-29 12:12:11,737] save() :: Saving HashCache (102070) [INFO ][2023-09-29 12:12:11,833] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-29 12:12:18,676] init() :: DotnetData entries: 23564 [INFO ][2023-09-29 12:12:18,695] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-29 12:12:18,696] save() :: Saving HashCache (102070) [INFO ][2023-09-30 10:33:05,761] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-30 10:33:05,761] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe [INFO ][2023-09-30 10:33:05,762] handleFile() :: Using parser for file type DOTNET [INFO ][2023-09-30 10:33:05,762] parseFile() :: FilePe: Parse File [INFO ][2023-09-30 10:33:05,787] parsePeSections() :: FilePe: Parse PE Sections [INFO ][2023-09-30 10:33:05,787] parsePeRegions() :: FilePe: Parse PE Regions [WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 0 has address 0, skipping [WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 3 has address 0, skipping [WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 4 has address 0, skipping [WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 6 has address 0, skipping [WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 7 has address 0, skipping [WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 8 has address 0, skipping [WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 9 has address 0, skipping [WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 10 has address 0, skipping [WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 11 has address 0, skipping [WARNING ][2023-09-30 10:33:05,788] parsePeRegions() :: Data Directory Section 13 has address 0, skipping [WARNING ][2023-09-30 10:33:05,788] parsePeRegions() :: Data Directory Section 15 has address 0, skipping [INFO ][2023-09-30 10:33:05,788] parseDotNetSections() :: FilePe: Parse DotNet Sections [WARNING ][2023-09-30 10:33:06,266] handleFile() :: Using scanner as defined in outcome: avira [INFO ][2023-09-30 10:33:06,268] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-30 10:33:06,268] load() :: Loading HashCache [INFO ][2023-09-30 10:33:06,495] load() :: 102072 hashes loaded [INFO ][2023-09-30 10:33:06,495] save() :: Saving HashCache (102072) [INFO ][2023-09-30 10:33:06,595] augmentFile() :: Perform augmentation of matches [INFO ][2023-09-30 10:33:13,442] init() :: DotnetData entries: 23564 [INFO ][2023-09-30 10:33:13,462] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome [INFO ][2023-09-30 10:33:13,462] save() :: Saving HashCache (102072)