Avred

File 8021A70FB5CF073B.Seatbelt.exe.avira.exe

Name:	8021A70FB5CF073B.Seatbelt.exe.avira.exe
Size:	611,840 bytes
Type:	EXE PE.NET
MD5:	fc15a64503b4c20ddecff587d6b11c15

Scanner Name:	avira
Appraisal:	One based
Scan Debug:	Duration: 23s / Chunks: 26 / Matches: 6
Scan date:	2023-07-22 00:00:24

Matches

#	Iteration	Offset	Size	Section	Detail	SectionType	Conclusion
0	0	609804	3	.rsrcIMAGE_DIRECTORY_ENTRY_RESOURCE		DATA	Dominant. Modify this to make file undetected

Match 0: 609804 (size: 3)

Dominant. Modify this to make file undetected

.rsrcIMAGE_DIRECTORY_ENTRY_RESOURCE

00094E0C   00 00 02                                           ...

Test #	MatchOrder	ModifyPosition	Match#0 3b	Match#1 9b	Match#2 3b	Match#3 3b	Match#4 3b
0	ISOLATED	MIDDLE8
1	ISOLATED	THIRDS4
2	ISOLATED	FULL
3	ISOLATED	FULLB
4	INCREMENTAL	MIDDLE8
5	INCREMENTAL	FULL	0	1	2	3	4
6	DECREMENTAL	FULL	4	3	2	1	0
7	ALL	MIDDLE8
8	ALL	THIRDS4
9	ALL	FULL	0	0	0	0	0
Result			d

Explanation

Colors

Green: Not detected
Red: Detected by AV

Match Order

Isolated: Test each match individually, by themselves. At most one match is modified per scan
Incremental: Modify each match after another, additive. At the end, all matches are modified
Decremental: Modify each match after another, additive, downwards (last first)

Position

ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa

[INFO    ][2023-07-22 00:00:20,568] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-07-22 00:00:20,568] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-07-22 00:00:20,569] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-22 00:00:21,090] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-22 00:00:21,090] handleFile() :: Using scanner from command line: avira
[INFO    ][2023-07-22 00:00:21,091] load() :: Loading HashCache
[INFO    ][2023-07-22 00:00:21,275] load() ::   68240 hashes loaded
[INFO    ][2023-07-22 00:00:24,544] handleFile() :: QuickCheck: 8021A70FB5CF073B.Seatbelt.exe.avira.exe is detected by avira and not hash based
[INFO    ][2023-07-22 00:00:24,544] handleFile() :: Scanning for matches...
[INFO    ][2023-07-22 00:00:24,544] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-22 00:00:24,624] findDetectedSections() :: Hide: .text -> Detected: False
[INFO    ][2023-07-22 00:00:24,626] findDetectedSections() :: Hide: .rsrc -> Detected: False
[INFO    ][2023-07-22 00:00:24,627] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-22 00:00:26,300] findDetectedSections() :: Hide: Header -> Detected: False
[INFO    ][2023-07-22 00:00:27,956] findDetectedSections() :: Hide: DotNet Header -> Detected: True
[INFO    ][2023-07-22 00:00:29,592] findDetectedSections() :: Hide: Metadata Header -> Detected: True
[INFO    ][2023-07-22 00:00:29,594] findDetectedSections() :: Hide: methods -> Detected: True
[INFO    ][2023-07-22 00:00:31,178] findDetectedSections() :: Hide: #~ Stream Header -> Detected: True
[INFO    ][2023-07-22 00:00:32,756] findDetectedSections() :: Hide: #Strings Stream Header -> Detected: True
[INFO    ][2023-07-22 00:00:34,323] findDetectedSections() :: Hide: #US Stream Header -> Detected: True
[INFO    ][2023-07-22 00:00:35,978] findDetectedSections() :: Hide: #GUID Stream Header -> Detected: True
[INFO    ][2023-07-22 00:00:37,599] findDetectedSections() :: Hide: #Blob Stream Header -> Detected: True
[INFO    ][2023-07-22 00:00:37,601] findDetectedSections() :: Hide: #~ -> Detected: True
[INFO    ][2023-07-22 00:00:37,602] findDetectedSections() :: Hide: #Strings -> Detected: True
[INFO    ][2023-07-22 00:00:37,603] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-22 00:00:37,604] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-22 00:00:37,605] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-22 00:00:37,605] scanForMatchesInPe() :: 1 section(s) trigger the antivirus independantly
[INFO    ][2023-07-22 00:00:37,605] scanForMatchesInPe() ::   section: .rsrc
[INFO    ][2023-07-22 00:00:44,076] scanForMatchesInPe() :: Launching bytes analysis on section: .rsrc (609792-611328)
[INFO    ][2023-07-22 00:00:44,076] scan() :: Reducer Start: ScanSpeed:Normal Iteration:0 MinChunkSize:2 MinMatchSize:4
[INFO    ][2023-07-22 00:00:44,076] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-22 00:00:44,091] _scanDataPart() :: Result: 609804-609807 (3b minChunk:2 X)
00094E0C   00 00 02                                           ...
[INFO    ][2023-07-22 00:00:47,354] _scanDataPart() :: Result: 609816-609822 (6 bytes)
00094E18   18 00 00 00 50 00                                  ....P.
[INFO    ][2023-07-22 00:00:47,355] _printStatus() :: Reducing: 14 chunks done, found 2 matches (2 added)
[INFO    ][2023-07-22 00:00:47,356] _scanDataPart() :: Result: 609822-609825 (3b minChunk:2 X)
00094E1E   00 80 00                                           ...
[INFO    ][2023-07-22 00:00:47,360] _scanDataPart() :: Result: 609837-609840 (3b minChunk:2 X)
00094E2D   00 01 00                                           ...
[INFO    ][2023-07-22 00:00:47,366] _scanDataPart() :: Result: 609867-609870 (3b minChunk:2 X)
00094E4B   00 80 00                                           ...
[INFO    ][2023-07-22 00:00:47,370] _scanDataPart() :: Result: 609885-609888 (3b minChunk:2 X)
00094E5D   00 01 00                                           ...
[INFO    ][2023-07-22 00:00:47,371] scan() :: Reducer Result: Time:3 Chunks:26 MatchesAdded:6 MatchesFinal:5
[INFO    ][2023-07-22 00:00:47,371] handleFile() :: Result: 5 matches
[INFO    ][2023-07-22 00:00:47,371] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-07-22 00:00:47,372] save() :: Saving HashCache (68257)
[INFO    ][2023-07-22 00:00:47,443] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-22 00:00:47,443] runVerifications() :: Verify 5 matches
[INFO    ][2023-07-22 00:00:47,444] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-22 00:00:47,444] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-22 00:00:49,074] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-22 00:00:50,658] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-22 00:00:50,658] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-22 00:00:57,093] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-22 00:00:58,655] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.DETECTED

[INFO    ][2023-07-22 00:00:58,656] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-22 00:00:58,657] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-22 00:00:58,658] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-22 00:00:58,658] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-07-22 00:00:58,658] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-22 00:00:59,157] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-22 00:01:01,810] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-07-22 00:01:01,810] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-22 00:01:01,811] outflankDotnet() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-22 00:01:01,811] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-07-22 00:01:01,811] save() :: Saving HashCache (68264)
[INFO    ][2023-08-04 18:27:21,527] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-08-04 18:27:21,527] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-08-04 18:27:21,528] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-04 18:27:22,041] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-04 18:27:22,042] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-04 18:27:22,042] load() :: Loading HashCache
[INFO    ][2023-08-04 18:27:22,232] load() ::   77569 hashes loaded
[INFO    ][2023-08-04 18:27:22,233] save() :: Saving HashCache (77569)
[INFO    ][2023-08-04 18:27:22,309] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-04 18:27:22,862] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-04 18:27:29,587] init() :: DotnetData entries: 23564
[INFO    ][2023-08-04 18:27:29,606] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-08-04 18:27:29,607] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:53:21,410] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 16:53:21,410] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 16:53:21,411] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 16:53:21,946] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 16:53:21,947] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 16:53:21,947] load() :: Loading HashCache
[INFO    ][2023-08-06 16:53:22,139] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 16:53:22,140] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 16:53:22,219] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 16:53:22,785] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 16:53:29,577] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 16:53:29,597] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-08-06 16:53:29,598] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:27:32,480] main() :: Using file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 17:27:32,480] handleFile() :: Handle file: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-08-06 17:27:32,481] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-08-06 17:27:33,005] getDotNetSections() :: Offset: 7680
[WARNING ][2023-08-06 17:27:33,005] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-08-06 17:27:33,005] load() :: Loading HashCache
[INFO    ][2023-08-06 17:27:33,197] load() ::   77569 hashes loaded
[INFO    ][2023-08-06 17:27:33,198] save() :: Saving HashCache (77569)
[INFO    ][2023-08-06 17:27:33,275] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-08-06 17:27:33,836] getDotNetSections() :: Offset: 7680
[INFO    ][2023-08-06 17:27:40,540] init() :: DotnetData entries: 23564
[INFO    ][2023-08-06 17:27:40,559] saveToFile() :: Saving results to: app/upload/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-08-06 17:27:40,560] save() :: Saving HashCache (77569)
[INFO    ][2023-09-01 05:26:48,132] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-01 05:26:48,132] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-01 05:26:48,134] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:48,645] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:48,646] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-01 05:26:48,647] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-01 05:26:48,648] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:48,843] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:48,843] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:48,925] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:21:45,463] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-24 19:21:45,463] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-24 19:21:45,473] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:21:45,473] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:21:45,500] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:21:45,501] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:21:45,501] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:21:45,501] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:21:45,979] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:21:46,601] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-24 19:21:46,602] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:21:46,603] load() :: Loading HashCache
[INFO    ][2023-09-24 19:21:46,802] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:21:46,802] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:21:46,898] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:21:53,361] init() :: DotnetData entries: 23564
[INFO    ][2023-09-24 19:21:53,380] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:21:53,381] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:15:03,316] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-25 18:15:03,316] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-25 18:15:03,317] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:15:03,318] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:15:03,344] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:15:03,344] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:15:03,344] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:15:03,344] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:15:03,344] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:15:03,344] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:15:03,345] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:15:03,345] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:15:03,816] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:15:04,377] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:15:04,378] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:15:04,379] load() :: Loading HashCache
[INFO    ][2023-09-25 18:15:04,605] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:15:04,606] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:15:04,704] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:15:11,605] init() :: DotnetData entries: 23564
[INFO    ][2023-09-25 18:15:11,623] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:15:11,624] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:22:04,986] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-25 18:22:04,986] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-25 18:22:04,987] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:22:04,987] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:22:05,012] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:22:05,012] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:22:05,012] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:22:05,013] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:22:05,483] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:22:06,041] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:22:06,042] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:22:06,043] load() :: Loading HashCache
[INFO    ][2023-09-25 18:22:06,267] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:22:06,267] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:22:06,364] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:22:13,227] init() :: DotnetData entries: 23564
[INFO    ][2023-09-25 18:22:13,246] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:22:13,246] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:07:37,605] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-29 10:07:37,605] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-29 10:07:37,607] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:07:37,607] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:07:37,633] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:07:37,633] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:07:37,633] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:07:37,633] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:07:38,109] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 10:07:38,111] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:07:38,111] load() :: Loading HashCache
[INFO    ][2023-09-29 10:07:38,339] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:07:38,339] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:07:38,436] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:07:45,281] init() :: DotnetData entries: 23564
[INFO    ][2023-09-29 12:12:11,012] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-29 12:12:11,012] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-29 12:12:11,013] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:12:11,013] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:12:11,038] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:12:11,039] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:12:11,039] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:12:11,039] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:12:11,510] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 12:12:11,512] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:12:11,512] load() :: Loading HashCache
[INFO    ][2023-09-29 12:12:11,736] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:12:11,737] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:12:11,833] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:12:18,676] init() :: DotnetData entries: 23564
[INFO    ][2023-09-29 12:12:18,695] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:12:18,696] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:33:05,761] main() :: Using file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-30 10:33:05,761] handleFile() :: Handle file: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe
[INFO    ][2023-09-30 10:33:05,762] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:33:05,762] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:33:05,787] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:33:05,787] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:33:05,787] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:33:05,788] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:33:05,788] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:33:05,788] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:33:06,266] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-30 10:33:06,268] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:33:06,268] load() :: Loading HashCache
[INFO    ][2023-09-30 10:33:06,495] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:33:06,495] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:33:06,595] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:33:13,442] init() :: DotnetData entries: 23564
[INFO    ][2023-09-30 10:33:13,462] saveToFile() :: Saving results to: app/examples/8021A70FB5CF073B.Seatbelt.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:33:13,462] save() :: Saving HashCache (102072)

File 8021A70FB5CF073B.Seatbelt.exe.avira.exe

Matches

Match 0: 609804 (size: 3)

Info

Hexdump

Explanation

Colors

Match Order

Position