Avred

File 945ACE2428D95A13.Rubeus.exe.avira.exe

Name:	945ACE2428D95A13.Rubeus.exe.avira.exe
Size:	457,216 bytes
Type:	EXE PE.NET
MD5:	66368745046c31217b2a1e7fc7c11f24

Scanner Name:	avira
Appraisal:	One based
Scan Debug:	Duration: 33s / Chunks: 23 / Matches: 5
Scan date:	2023-07-08 09:03:46

Matches

#	Iteration	Offset	Size	Section	Detail	SectionType	Conclusion
0	0	455180	3	.rsrcIMAGE_DIRECTORY_ENTRY_RESOURCE		DATA	Dominant. Modify this to make file undetected

Match 0: 455180 (size: 3)

Dominant. Modify this to make file undetected

.rsrcIMAGE_DIRECTORY_ENTRY_RESOURCE

0006F20C   00 00 02                                           ...

Test #	MatchOrder	ModifyPosition	Match#0 3b	Match#1 12b	Match#2 3b	Match#3 3b	Match#4 3b
0	ISOLATED	MIDDLE8
1	ISOLATED	THIRDS4
2	ISOLATED	FULL
3	ISOLATED	FULLB
4	INCREMENTAL	MIDDLE8
5	INCREMENTAL	FULL	0	1	2	3	4
6	DECREMENTAL	FULL	4	3	2	1	0
7	ALL	MIDDLE8
8	ALL	THIRDS4
9	ALL	FULL	0	0	0	0	0
Result			d

Explanation

Colors

Green: Not detected
Red: Detected by AV

Match Order

Isolated: Test each match individually, by themselves. At most one match is modified per scan
Incremental: Modify each match after another, additive. At the end, all matches are modified
Decremental: Modify each match after another, additive, downwards (last first)

Position

ModifyPosition FULL: Overwrite complete match: MMMMMMMMMMMM
ModifyPosition MIDDLE8: Overwrite 8 bytes in the middle of the match (partial): aaaaMMMMMMMMaaaa
ModifyPosition THIRD8: Overwrite 8 bytes in the first and second third of the match (partial): aaaaMMMMMMMMaaaaMMMMMMMMaaaa

[INFO    ][2023-07-08 09:03:42,940] main() :: Using file: app/upload/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-07-08 09:03:42,940] handleFile() :: Handle file: app/upload/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-07-08 09:03:42,941] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-07-08 09:03:43,235] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-08 09:03:43,236] load() :: Loading HashCache
[INFO    ][2023-07-08 09:03:43,316] load() ::   40078 hashes loaded
[INFO    ][2023-07-08 09:03:46,601] handleFile() :: QuickCheck: 945ACE2428D95A13.Rubeus.exe.avira.exe is detected by avira and not hash based
[INFO    ][2023-07-08 09:03:46,601] handleFile() :: Scanning for matches...
[INFO    ][2023-07-08 09:03:46,601] scanForMatchesInPe() :: Section Detection: Zero section (leave all others intact)
[INFO    ][2023-07-08 09:03:47,626] findDetectedSections() :: Hide: .rsrc -> Detected: False
[INFO    ][2023-07-08 09:03:48,711] findDetectedSections() :: Hide: .reloc -> Detected: True
[INFO    ][2023-07-08 09:03:49,383] findDetectedSections() :: Hide: methods -> Detected: True
[INFO    ][2023-07-08 09:03:50,121] findDetectedSections() :: Hide: #~ -> Detected: True
[INFO    ][2023-07-08 09:03:51,099] findDetectedSections() :: Hide: #Strings -> Detected: True
[INFO    ][2023-07-08 09:03:52,034] findDetectedSections() :: Hide: #US -> Detected: True
[INFO    ][2023-07-08 09:03:53,127] findDetectedSections() :: Hide: #GUID -> Detected: True
[INFO    ][2023-07-08 09:03:54,149] findDetectedSections() :: Hide: #Blob -> Detected: True
[INFO    ][2023-07-08 09:03:54,149] scanForMatchesInPe() :: 1 section(s) trigger the antivirus independantly
[INFO    ][2023-07-08 09:03:54,149] scanForMatchesInPe() ::   section: .rsrc
[INFO    ][2023-07-08 09:03:54,149] scanForMatchesInPe() :: Launching bytes analysis on section: .rsrc (455168-456704)
[INFO    ][2023-07-08 09:03:54,149] scan() :: Reducer Start: ScanSpeed:ScanSpeed.Normal Iteration:0
[INFO    ][2023-07-08 09:03:54,149] _printStatus() :: Reducing: 1 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 09:03:56,243] _printStatus() :: Reducing: 2 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 09:03:58,341] _printStatus() :: Reducing: 3 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 09:04:00,485] _printStatus() :: Reducing: 4 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 09:04:02,567] _printStatus() :: Reducing: 5 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 09:04:04,664] _printStatus() :: Reducing: 6 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 09:04:06,727] _printStatus() :: Reducing: 7 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 09:04:08,824] _printStatus() :: Reducing: 9 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 09:04:10,910] _printStatus() :: Reducing: 10 chunks done, found 0 matches (0 added)
[INFO    ][2023-07-08 09:04:10,911] _scanDataPart() :: Result: 455180-455183 (3 bytes)
0006F20C   00 00 02                                           ...
[INFO    ][2023-07-08 09:04:13,006] _printStatus() :: Reducing: 12 chunks done, found 1 matches (1 added)
[INFO    ][2023-07-08 09:04:15,096] _scanDataPart() :: Result: 455192-455204 (12 bytes)
0006F218   18 00 00 00 50 00 00 80 00 00 00 00                ....P.......
[INFO    ][2023-07-08 09:04:15,096] _printStatus() :: Reducing: 13 chunks done, found 2 matches (2 added)
[INFO    ][2023-07-08 09:04:15,098] _scanDataPart() :: Result: 455213-455216 (3 bytes)
0006F22D   00 01 00                                           ...
[INFO    ][2023-07-08 09:04:17,189] _printStatus() :: Reducing: 17 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 09:04:19,352] _printStatus() :: Reducing: 18 chunks done, found 3 matches (3 added)
[INFO    ][2023-07-08 09:04:19,355] _scanDataPart() :: Result: 455243-455246 (3 bytes)
0006F24B   00 80 00                                           ...
[INFO    ][2023-07-08 09:04:19,357] _scanDataPart() :: Result: 455261-455264 (3 bytes)
0006F25D   00 01 00                                           ...
[INFO    ][2023-07-08 09:04:19,357] scan() :: Reducer Result: Time:25 Chunks:23 MatchesAdded:5 MatchesFinal:5
[INFO    ][2023-07-08 09:04:19,358] handleFile() :: Result: 5 matches
[INFO    ][2023-07-08 09:04:19,358] saveToFile() :: Saving results to: app/upload/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-07-08 09:04:20,407] save() :: Saving HashCache (40114)
[INFO    ][2023-07-08 09:04:20,445] verifyFile() :: Perform verification of matches
[INFO    ][2023-07-08 09:04:20,445] runVerifications() :: Verify 5 matches
[INFO    ][2023-07-08 09:04:20,445] runVerifications() :: Verification run: 0 MIDDLE8 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 09:04:20,445] runVerifications() :: Verification run: 1 THIRDS4 ISOLATED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 09:04:25,814] runVerifications() :: Verification run: 2 FULL ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-08 09:04:31,136] runVerifications() :: Verification run: 3 FULLB ISOLATED
  result: ScanResult.NOT_DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED
  result: ScanResult.DETECTED

[INFO    ][2023-07-08 09:04:31,136] runVerifications() :: Verification run: 4 MIDDLE8 INCREMENTAL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 09:04:35,301] runVerifications() :: Verification run: 5 FULL INCREMENTAL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 4  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-08 09:04:38,445] runVerifications() :: Verification run: 6 FULL DECREMENTAL
  Idx: 4  result: ScanResult.NOT_DETECTED
  Idx: 3  result: ScanResult.NOT_DETECTED
  Idx: 2  result: ScanResult.NOT_DETECTED
  Idx: 1  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.DETECTED

[INFO    ][2023-07-08 09:04:38,446] runVerifications() :: Verification run: 7 MIDDLE8 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 09:04:38,446] runVerifications() :: Verification run: 8 THIRDS4 ALL
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED
  result: ScanResult.NOT_SCANNED

[INFO    ][2023-07-08 09:04:38,447] runVerifications() :: Verification run: 9 FULL ALL
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED
  Idx: 0  result: ScanResult.NOT_DETECTED

[INFO    ][2023-07-08 09:04:38,447] saveToFile() :: Saving results to: app/upload/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-07-08 09:04:38,448] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-07-08 09:04:38,713] getDotNetSections() :: Offset: 7680
[INFO    ][2023-07-08 09:04:40,649] saveToFile() :: Saving results to: app/upload/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-07-08 09:04:40,649] outflankFile() :: Attempt to outflank the file
[INFO    ][2023-07-08 09:04:40,649] outflankDotnet() :: Outflank failed with attempted 0 patches
[INFO    ][2023-07-08 09:04:40,649] saveToFile() :: Saving results to: app/upload/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-07-08 09:04:40,649] save() :: Saving HashCache (40131)
[INFO    ][2023-09-01 05:26:55,022] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-01 05:26:55,022] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-01 05:26:55,024] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-01 05:26:55,317] getDotNetSections() :: Offset: 7680
[WARNING ][2023-09-01 05:26:55,318] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-01 05:26:55,319] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-01 05:26:55,320] load() :: Loading HashCache
[INFO    ][2023-09-01 05:26:55,449] load() ::   85943 hashes loaded
[INFO    ][2023-09-01 05:26:55,449] save() :: Saving HashCache (85943)
[INFO    ][2023-09-01 05:26:55,531] save() :: Saving HashCache (85943)
[INFO    ][2023-09-24 19:22:19,503] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-24 19:22:19,503] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-24 19:22:19,505] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-24 19:22:19,505] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-24 19:22:19,525] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-24 19:22:19,525] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-24 19:22:19,525] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-24 19:22:19,525] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-24 19:22:19,525] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-24 19:22:19,525] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-24 19:22:19,526] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-24 19:22:19,526] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-24 19:22:19,526] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-24 19:22:19,526] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-24 19:22:19,526] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-24 19:22:19,526] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-24 19:22:19,526] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-24 19:22:19,526] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-24 19:22:19,799] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-24 19:22:20,097] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-24 19:22:20,098] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:22:20,099] load() :: Loading HashCache
[INFO    ][2023-09-24 19:22:20,259] load() ::   101712 hashes loaded
[INFO    ][2023-09-24 19:22:20,260] save() :: Saving HashCache (101712)
[INFO    ][2023-09-24 19:22:20,355] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-24 19:22:24,298] init() :: DotnetData entries: 12128
[INFO    ][2023-09-24 19:22:24,313] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-24 19:22:24,313] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:15:38,072] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-25 18:15:38,073] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-25 18:15:38,074] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:15:38,074] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:15:38,093] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:15:38,093] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:15:38,093] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:15:38,093] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:15:38,334] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:15:38,634] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:15:38,635] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:15:38,635] load() :: Loading HashCache
[INFO    ][2023-09-25 18:15:38,792] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:15:38,793] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:15:38,888] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:15:42,966] init() :: DotnetData entries: 12128
[INFO    ][2023-09-25 18:15:42,980] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:15:42,980] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:22:39,694] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-25 18:22:39,694] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-25 18:22:39,695] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-25 18:22:39,695] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-25 18:22:39,714] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-25 18:22:39,714] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-25 18:22:39,714] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-25 18:22:39,714] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-25 18:22:39,715] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-25 18:22:39,715] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-25 18:22:39,715] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-25 18:22:39,715] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-25 18:22:39,715] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-25 18:22:39,715] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-25 18:22:39,715] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-25 18:22:39,715] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-25 18:22:39,715] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-25 18:22:39,715] parseDotNetSections() :: FilePe: Parse DotNet Sections
[INFO    ][2023-09-25 18:22:39,954] parseDotNetRegions() :: FilePe: Parse DotNet Regions
[WARNING ][2023-09-25 18:22:40,252] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-25 18:22:40,253] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:22:40,254] load() :: Loading HashCache
[INFO    ][2023-09-25 18:22:40,411] load() ::   101712 hashes loaded
[INFO    ][2023-09-25 18:22:40,411] save() :: Saving HashCache (101712)
[INFO    ][2023-09-25 18:22:40,509] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-25 18:22:44,580] init() :: DotnetData entries: 12128
[INFO    ][2023-09-25 18:22:44,594] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-25 18:22:44,594] save() :: Saving HashCache (101712)
[INFO    ][2023-09-29 10:08:09,257] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-29 10:08:09,257] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-29 10:08:09,258] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 10:08:09,258] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 10:08:09,278] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 10:08:09,278] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 10:08:09,278] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 10:08:09,278] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 10:08:09,278] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 10:08:09,278] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 10:08:09,279] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 10:08:09,279] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 10:08:09,279] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 10:08:09,279] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 10:08:09,279] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 10:08:09,279] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 10:08:09,279] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 10:08:09,279] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 10:08:09,518] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 10:08:09,520] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-29 10:08:09,520] load() :: Loading HashCache
[INFO    ][2023-09-29 10:08:09,687] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 10:08:09,687] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 10:08:09,782] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 10:08:13,899] init() :: DotnetData entries: 12128
[INFO    ][2023-09-29 12:12:42,623] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-29 12:12:42,623] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-29 12:12:42,624] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-29 12:12:42,624] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-29 12:12:42,643] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-29 12:12:42,643] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-29 12:12:42,643] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-29 12:12:42,643] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-29 12:12:42,643] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-29 12:12:42,644] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-29 12:12:42,644] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-29 12:12:42,644] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-29 12:12:42,644] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-29 12:12:42,644] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-29 12:12:42,644] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-29 12:12:42,644] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-29 12:12:42,644] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-29 12:12:42,644] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-29 12:12:42,884] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-29 12:12:42,886] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:12:42,886] load() :: Loading HashCache
[INFO    ][2023-09-29 12:12:43,052] load() ::   102070 hashes loaded
[INFO    ][2023-09-29 12:12:43,052] save() :: Saving HashCache (102070)
[INFO    ][2023-09-29 12:12:43,149] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-29 12:12:47,268] init() :: DotnetData entries: 12128
[INFO    ][2023-09-29 12:12:47,282] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-29 12:12:47,283] save() :: Saving HashCache (102070)
[INFO    ][2023-09-30 10:33:37,438] main() :: Using file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-30 10:33:37,438] handleFile() :: Handle file: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe
[INFO    ][2023-09-30 10:33:37,439] handleFile() :: Using parser for file type DOTNET
[INFO    ][2023-09-30 10:33:37,440] parseFile() :: FilePe: Parse File
[INFO    ][2023-09-30 10:33:37,459] parsePeSections() :: FilePe: Parse PE Sections
[INFO    ][2023-09-30 10:33:37,459] parsePeRegions() :: FilePe: Parse PE Regions
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 0 has address 0, skipping
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 3 has address 0, skipping
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 4 has address 0, skipping
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 6 has address 0, skipping
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 7 has address 0, skipping
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 8 has address 0, skipping
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 9 has address 0, skipping
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 10 has address 0, skipping
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 11 has address 0, skipping
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 13 has address 0, skipping
[WARNING ][2023-09-30 10:33:37,459] parsePeRegions() :: Data Directory Section 15 has address 0, skipping
[INFO    ][2023-09-30 10:33:37,459] parseDotNetSections() :: FilePe: Parse DotNet Sections
[WARNING ][2023-09-30 10:33:37,700] handleFile() :: Using scanner as defined in outcome: avira
[INFO    ][2023-09-30 10:33:37,702] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:33:37,702] load() :: Loading HashCache
[INFO    ][2023-09-30 10:33:37,869] load() ::   102072 hashes loaded
[INFO    ][2023-09-30 10:33:37,869] save() :: Saving HashCache (102072)
[INFO    ][2023-09-30 10:33:37,966] augmentFile() :: Perform augmentation of matches
[INFO    ][2023-09-30 10:33:42,042] init() :: DotnetData entries: 12128
[INFO    ][2023-09-30 10:33:42,056] saveToFile() :: Saving results to: app/examples/945ACE2428D95A13.Rubeus.exe.avira.exe.outcome
[INFO    ][2023-09-30 10:33:42,057] save() :: Saving HashCache (102072)

File 945ACE2428D95A13.Rubeus.exe.avira.exe

Matches

Match 0: 455180 (size: 3)

Info

Hexdump

Explanation

Colors

Match Order

Position