What does `no (yes)` mean? yes / no?

Question

What does `no (yes)` mean? yes / no?

Opened this issue 4 years ago · 1 comments

...and what is the difference between "Anti-Debug" and "AntiDebug"?

import json
import pypeid
scan = pypeid.PEiDScanner()
obj = scan.scan_file("65860a5486c5d7597d69339d6ca9d4c104508834.bin")
obj_s = json.dumps(obj,ensure_ascii=False,sort_keys=True,separators=(",",":"))
print(obj_s)

{
  "Anti-Debug": "no (yes)",
  "AntiDebug": [],
  "Console Program": "no (yes)",
  "DLL": "no",
  "GUI Program": "yes",
  "PE": "32 bit",
  "PEiD": [
    "UPX_wwwupxsourceforgenet_additional",
    "yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h",
    "Netopsystems_FEAD_Optimizer_1",
    "UPX_290_LZMA",
    "UPX_290_LZMA_Markus_Oberhumer_Laszlo_Molnar_John_Reiser",
    "UPX_290_LZMA_additional",
    "UPX_wwwupxsourceforgenet"
  ],
  "Packed": "yes",
  "contains base64": "yes",
  "mutex": "no"
}

sample is attached
65860a5486c5d7597d69339d6ca9d4c104508834.bin.zip

Answer 1 · 2020-05-28T11:34:42.000Z

Thank you for your interest in pypeid.

What does no (yes) mean?

'no' means that pypeid did not find any indicators of anti-debugging techniques.
'(yes)' means that the sample is packed. In the case, pypeid might overlook anti-debugging techniques in the unpacked payload.

what is the difference between "Anti-Debug" and "AntiDebug"?

Anti-Debug means whether anti-debugging techniques are used or not. AntiDebug means what kind of anti-debugging techniques are used. pypeid is a re-implementation of PEiD. The naming convention of these records follows the original one.