What does `no (yes)` mean? yes / no?
Opened this issue · 1 comments
evandrix commented
...and what is the difference between "Anti-Debug"
and "AntiDebug"
?
import json
import pypeid
scan = pypeid.PEiDScanner()
obj = scan.scan_file("65860a5486c5d7597d69339d6ca9d4c104508834.bin")
obj_s = json.dumps(obj,ensure_ascii=False,sort_keys=True,separators=(",",":"))
print(obj_s)
{
"Anti-Debug": "no (yes)",
"AntiDebug": [],
"Console Program": "no (yes)",
"DLL": "no",
"GUI Program": "yes",
"PE": "32 bit",
"PEiD": [
"UPX_wwwupxsourceforgenet_additional",
"yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h",
"Netopsystems_FEAD_Optimizer_1",
"UPX_290_LZMA",
"UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser",
"UPX_290_LZMA_additional",
"UPX_wwwupxsourceforgenet"
],
"Packed": "yes",
"contains base64": "yes",
"mutex": "no"
}
sample is attached
65860a5486c5d7597d69339d6ca9d4c104508834.bin.zip
kohnakagawa commented
Thank you for your interest in pypeid.
What does
no (yes)
mean?
'no' means that pypeid did not find any indicators of anti-debugging techniques.
'(yes)' means that the sample is packed. In the case, pypeid might overlook anti-debugging techniques in the unpacked payload.
what is the difference between "Anti-Debug" and "AntiDebug"?
Anti-Debug
means whether anti-debugging techniques are used or not. AntiDebug
means what kind of anti-debugging techniques are used. pypeid is a re-implementation of PEiD. The naming convention of these records follows the original one.