import os
import json
import ember
import adobe
import numpy as np
import pandas as pd
import lightgbm as lgb
import matplotlib.pyplot as plt
from sklearn.metrics import roc_auc_score, roc_curve
data_dir = "/data/ember2018/"
emberdf = ember.read_metadata(data_dir)
X_train, y_train, X_test, y_test = ember.read_vectorized_features(data_dir)
lgbm_model = lgb.Booster(model_file=os.path.join(data_dir, "ember_model_2018.txt"))
y_test_pred = lgbm_model.predict(X_test)
y_train_pred = lgbm_model.predict(X_train)
emberdf["y_pred_ember"] = np.hstack((y_train_pred, y_test_pred))
nclasses = 15
detections = []
avclass_counts = emberdf[emberdf.subset == "train"].avclass.value_counts()
for i, family in enumerate(avclass_counts.index[:nclasses]):
familydf = emberdf[(emberdf.subset == "test") & (emberdf.avclass == family)]
detections.append((familydf.y_pred_ember > 0.8336).sum() / len(familydf))
plt.figure(figsize=(8, 8))
plt.barh(np.arange(nclasses), avclass_counts[:nclasses], align='center')
plt.yticks(np.arange(nclasses))
plt.gca().set_yticklabels(avclass_counts.index[:nclasses])
plt.gca().invert_yaxis() # labels read top-to-bottom
plt.xlabel('number in training set')
plt.title('Most Numerous avclass Labels')
plt.show()
plt.figure(figsize=(8, 8))
plt.barh(np.arange(nclasses), detections, align='center')
plt.yticks(np.arange(nclasses))
plt.gca().set_yticklabels(avclass_counts.index[:nclasses])
plt.gca().invert_yaxis() # labels read top-to-bottom
plt.xlim([0.75, 1.025])
plt.xlabel('detection rate')
plt.title('Test Set Detection at 1% FPR')
plt.show()
lgbm_model = lgb.Booster(model_file=os.path.join(data_dir, "ember_model_2018_weighted.txt"))
y_test_pred = lgbm_model.predict(X_test)
y_train_pred = lgbm_model.predict(X_train)
emberdf["y_pred_ember_weighted"] = np.hstack((y_train_pred, y_test_pred))
testdf = emberdf[emberdf["subset"] == "test"]
print(f"Original AUC: {roc_auc_score(testdf.label, testdf.y_pred_ember)}")
print(f"Weighted AUC: {roc_auc_score(testdf.label, testdf.y_pred_ember_weighted)}")
plt.figure(figsize=(8, 8))
fpr_plot, tpr_plot, _ = roc_curve(testdf.label, testdf.y_pred_ember)
plt.plot(fpr_plot, tpr_plot, lw=4, color='k', label="ember")
fpr_plot, tpr_plot, _ = roc_curve(testdf.label, testdf.y_pred_ember_weighted)
plt.plot(fpr_plot, tpr_plot, lw=2, color='r', label="ember_weighted")
plt.gca().set_xscale("log")
plt.yticks(np.arange(22) / 20.0)
plt.xlim([4e-5, 1.0])
plt.ylim([0.65, 1.01])
plt.legend(loc="best")
plt.gca().grid(True)
plt.xlabel("False positive rate")
plt.ylabel("True positive rate")
_ = plt.title("Ember Model ROC Curve")
Original AUC: 0.9964289467999999 Weighted AUC: 0.9964181642000001
adobe_model = adobe.AdobeModel()
train_raw_feature_paths = [os.path.join(data_dir, "train_features_{}.jsonl".format(i)) for i in range(6)]
y_train_pred = adobe_model.predict_raw_features(map(json.loads, ember.raw_feature_iterator(train_raw_feature_paths)))
test_raw_feature_paths = [os.path.join(data_dir, "test_features.jsonl")]
y_test_pred = adobe_model.predict_raw_features(map(json.loads, ember.raw_feature_iterator(test_raw_feature_paths)))
emberdf["y_pred_adobe"] = np.hstack((y_train_pred, y_test_pred))
testdf = emberdf[emberdf["subset"] == "test"]
plt.figure(figsize=(8, 8))
fpr_plot_ember, tpr_plot_ember, _ = roc_curve(testdf.label, testdf.y_pred_ember)
fpr_plot_adobe, tpr_plot_adobe, _ = roc_curve(testdf.label, testdf.y_pred_adobe)
plt.plot(fpr_plot_ember, tpr_plot_ember, lw=2, color='r', label='ember')
plt.plot(fpr_plot_adobe, tpr_plot_adobe, lw=2, color='b', label='adobe')
plt.plot(np.arange(0, 1, 0.01), np.arange(0, 1, 0.01), lw=2, ls="dashed", color='k')
plt.legend(loc="best")
plt.xlabel("False positive rate")
plt.ylabel("True positive rate")
_ = plt.title("ROC Curve")
X_train_adobe, y_train_adobe, X_test_adobe, y_test_adobe = adobe.read_vectorized_features(data_dir)
updated_adobe_model = lgb.Booster(model_file=os.path.join(data_dir, "adobe_model.txt"))
y_test_pred = updated_adobe_model.predict(X_test_adobe)
y_train_pred = updated_adobe_model.predict(X_train_adobe)
emberdf["y_pred_adobe_updated"] = np.hstack((y_train_pred, y_test_pred))
testdf = emberdf[emberdf["subset"] == "test"]
plt.figure(figsize=(8, 8))
fpr_plot_ember, tpr_plot_ember, _ = roc_curve(testdf.label, testdf.y_pred_ember)
fpr_plot_adobe, tpr_plot_adobe, _ = roc_curve(testdf.label, testdf.y_pred_adobe)
fpr_plot_adobe_updated, tpr_plot_adobe_updated, _ = roc_curve(testdf.label, testdf.y_pred_adobe_updated)
plt.plot(fpr_plot_ember, tpr_plot_ember, lw=2, color='r', label='ember')
plt.plot(fpr_plot_adobe, tpr_plot_adobe, lw=2, color='b', alpha=0.5, label='adobe')
plt.plot(fpr_plot_adobe_updated, tpr_plot_adobe_updated, lw=2, color='b', label='adobe_updated')
plt.plot(np.arange(0, 1, 0.01), np.arange(0, 1, 0.01), lw=2, ls="dashed", color='k')
plt.legend(loc="best")
plt.xlabel("False positive rate")
plt.ylabel("True positive rate")
_ = plt.title("ROC Curve")
optimized_adobe_model = lgb.Booster(model_file=os.path.join(data_dir, "adobe_model_optimized.txt"))
y_test_pred = optimized_adobe_model.predict(X_test_adobe)
y_train_pred = optimized_adobe_model.predict(X_train_adobe)
emberdf["y_pred_adobe_optimized"] = np.hstack((y_train_pred, y_test_pred))
testdf = emberdf[emberdf["subset"] == "test"]
plt.figure(figsize=(8, 8))
fpr_plot_ember, tpr_plot_ember, _ = roc_curve(testdf.label, testdf.y_pred_ember)
fpr_plot_adobe, tpr_plot_adobe, _ = roc_curve(testdf.label, testdf.y_pred_adobe)
fpr_plot_adobe_updated, tpr_plot_adobe_updated, _ = roc_curve(testdf.label, testdf.y_pred_adobe_updated)
fpr_plot_adobe_optimized, tpr_plot_adobe_optimized, _ = roc_curve(testdf.label, testdf.y_pred_adobe_optimized)
plt.plot(fpr_plot_ember, tpr_plot_ember, lw=2, color='r', label='ember')
plt.plot(fpr_plot_adobe, tpr_plot_adobe, lw=2, color='b', alpha=0.5, label='adobe')
plt.plot(fpr_plot_adobe_updated, tpr_plot_adobe_updated, lw=2, color='b', alpha=0.5, label='adobe_updated')
plt.plot(fpr_plot_adobe_optimized, tpr_plot_adobe_optimized, lw=2, color='b', label='adobe_optimized')
plt.plot(np.arange(0, 1, 0.01), np.arange(0, 1, 0.01), lw=2, ls="dashed", color='k')
plt.legend(loc="best")
plt.xlabel("False positive rate")
plt.ylabel("True positive rate")
_ = plt.title("ROC Curve")
plt.figure(figsize=(8, 8))
fpr_plot, tpr_plot, _ = roc_curve(testdf.label, testdf.y_pred_ember)
plt.plot(fpr_plot, tpr_plot, lw=1, color='k', alpha=0.5, label="official")
max_prediction_diff = 0
for i in range(10):
lgbm_model = lgb.Booster(model_file=os.path.join(data_dir, f"ember_model_2018_random{i}.txt"))
y_test_pred_random = lgbm_model.predict(X_test)
fpr_plot, tpr_plot, _ = roc_curve(testdf.label, y_test_pred_random)
plt.plot(fpr_plot, tpr_plot, lw=1, color='r', alpha=0.25)
max_prediction_diff = max(max_prediction_diff, np.abs(testdf.y_pred_ember - y_test_pred_random).max())
plt.gca().set_xscale("log")
plt.yticks(np.arange(22) / 20.0)
plt.xlim([4e-5, 1.0])
plt.ylim([0.65, 1.01])
plt.gca().grid(True)
plt.xlabel("False positive rate")
plt.ylabel("True positive rate")
plt.title("Ember Model ROC Curve")
print(f"Maximum prediction difference: {max_prediction_diff}")
Maximum prediction difference: 0.0073483582668516095
adobe.find_disagreements("/data/ember2018/", "/data/ember2018-select/samples/")
81a0f5837383fbddd26f7d8114d7acfbcbfe98357e8d646b7c0106f8ad95443c VirtualSize2: pefile: 450210 lief: 12 e02f983b96334a9b17069ba0f6dc4b95fc6e98b9c22282439666ffad4274b6ac VirtualSize2: pefile: 3174400 lief: 2297856 cba7391b257afb3e860447a995835e83561ea2c37ccdf2f460b235fcd856f767 NumberOfSections: pefile: 5 lief: 0 d20a0de799c85ce2881e18041e83a1320d6f837eb4cb9b2f54107e9ff6f3c052 NumberOfSections: pefile: 5 lief: 0 d1a2cc755fd53855df606b769536cbc3861eab87128c18668dbebc7c78c8a57a VirtualSize2: pefile: 79607 lief: 12 9036983d74deb79733849e03b01c2700b1924c20ed88b78acb6e9b3968d2f5d3 VirtualSize2: pefile: 41424 lief: 592 a6f790a38bce7812932b84ddbc0644e4e9f95e1a537ab5163e0dd85c32a44d7a VirtualSize2: pefile: 0 lief: 188678144 8c2e7599b2b6d8481f7e0367927885b6fd8c6fa98207e7ebc712dced7394ab0d VirtualSize2: pefile: 2620555 lief: 637448 344c77fe8279524caed3b173e46486fffe3c9da68f63496ecff1e89138ecbf74 VirtualSize2: pefile: 0 lief: 227668 884d40d9270cc131530ad63c1c7ef451595792eb341d991c2ca460dbe5f3c7a8 VirtualSize2: pefile: 3768 lief: 12 67ffcf957d32e457fbc5f87a39048b22d5ccbffcf00c91db4bb857ffeb6675b2 VirtualSize2: pefile: 29413 lief: 0 34e2041ea4264b669650393f1ad118c168921d27a706dcfd8fd5459d9b9d8f3e NumberOfSections: pefile: 5 lief: 0 2773c1ba2c393ad4afdab4912d12af45401ddac6fc92018f1b379d8392185c8d VirtualSize2: pefile: 90 lief: 16364 302d1e8a75ebf62f5d8e52fc1450895118d09969232cf69de6e37b3197cc070a VirtualSize2: pefile: 90 lief: 16332 1e8347caa63924e6507ee4180a18035426c03eb12609e1e363112829f7f6d601 VirtualSize2: pefile: 1020564 lief: 158300 b3ec7792b8e09819b781e465d0d63bb7d35c88a52868a3d2a0ed8b286e147a5e VirtualSize2: pefile: 463435 lief: 0 c4f4a34c3db8e0f3cfb30459734bcd75a3dc8eb86687b7926ec144e9b0dba451 VirtualSize2: pefile: 136672 lief: 20275 48c6b8dc37ef1b59efd2562f700e283ca4ae511d8c4e8287e97418b383add49c VirtualSize2: pefile: 1001512 lief: 157748 6645068d1231a19b17d17ce4f87241c3ddfb68ad06234ecfd6d2cdec6ccb8d2c VirtualSize2: pefile: 1020580 lief: 158300 6be3425a4144eeef5b4105c9197336b4b949fd54ba96e4bb060937a7a9cbfb0b VirtualSize2: pefile: 7292 lief: 12 dee3c5fff7f39aae597c9a16ea4deaffa2a9bdfa952b74cd3c574e8dade09843 VirtualSize2: pefile: 1001464 lief: 157748 ec56d49dbd3092e92ffad9c1e25d879bcc0d16e27a53f25df0dabb981b017257 VirtualSize2: pefile: 1020564 lief: 158300 e00996bea82ede58713a8d81579a3d9bc1be8e19455f7a5025acc0e3506f8fcf VirtualSize2: pefile: 1017344 lief: 158124 f12d52a0a984af39fcfa5bbc2e055318077746fe10f0d9a03f4d6441aee93923 VirtualSize2: pefile: 1000328 lief: 157336 256ef2dbf27ac25425cd2ef2f956093962435b2b914082bd83102a91d8f1a27d VirtualSize2: pefile: 1000360 lief: 157336 74e3dae7e9baa7769d3db4bc0c114211b2f171f7d7d72c7b7d29e9cbb81d20de VirtualSize2: pefile: 1019056 lief: 158484 f190dd2f640ee832facc99bd7e895a75de4fb9a35154334d7d118649acdd1365 VirtualSize2: pefile: 1020388 lief: 158272 1f9c6819f8cd6a2c42bc20fedc618201c1163e7769ee46e7fcadc83f0e759a24 VirtualSize2: pefile: 90 lief: 16364 c8c031e7ca07e7dbb8cd62f1fc4fb6cd0d25e0244235e228f19a0a40974a711c VirtualSize2: pefile: 14146 lief: 0 NumberOfSections: pefile: 5 lief: 0 7197dacbd87387213358ae75136ccc382b84a4f70265a3fe38f80d88a0c8ec34 VirtualSize2: pefile: 273740 lief: 80304 56f3a689bca2db95bec7b0ffeadc26db0216c2ecfc0ee2a42d31da26c8d83b78 VirtualSize2: pefile: 150994944 lief: 0 921d57143b1acf72b9e3297147cb5a0aa537d70f7615ca143d076cda005b0be7 VirtualSize2: pefile: 350767 lief: 76272 b82b219048d835263d10d2b27ff06f3e318673821bd65219c08c2fc96f9c5ab9 NumberOfSections: pefile: 260 lief: 0 1e6836096f763858a47f1ca64b9730b99ac5a91055b7cd3ae20cece022ab82e1 VirtualSize2: pefile: 3940 lief: 0 NumberOfSections: pefile: 8 lief: 0 f4098e2686b7bcbd6830b9f3ba120fced05f36216861bef761b52a81714fae8a VirtualSize2: pefile: 1407248 lief: 96448 b2d5e22927244f8fddd721da381faa391a2cee8e99360e398dc1f9014cbebccf VirtualSize2: pefile: 0 lief: 2373447135 1aeafa848891aa47885727e90c825c8fa3aa1e178afb96a1e090a789e3373d44 VirtualSize2: pefile: 2579 lief: 0 NumberOfSections: pefile: 32773 lief: 0 8ef54005d3067f18182ad9a1d2b3c7b2b3342cdc12b045093a555175b72026e4 VirtualSize2: pefile: 0 lief: 4011452443 bee6367671c0f538bb724ec87df678080616e78681ae975472549c55e739c4a0 VirtualSize2: pefile: 0 lief: 2946184623 08a09d69e6fb36d14414a87eaf02315ad652ad9f28bfa653523266c27c53958d VirtualSize2: pefile: 0 lief: 305216 9c5ee9320cee9b6e60e1fbee937fe7a50651993fbd6740dc504fef8feabad441 VirtualSize2: pefile: 0 lief: 305216 a19f0c16545ba1eb696f51d7be05577d81f615e8da7bf11f209998d858dbda2e VirtualSize2: pefile: 6332 lief: 12 7fec933d97eb7d63e6c71d377f02f755c998df0394d5820fadceb157b5311709 VirtualSize2: pefile: 97756 lief: 0 NumberOfSections: pefile: 8195 lief: 0 c15567ce41c09bd7801b7f0915623ea318130fd6a13687bbaf8221479e106e65 VirtualSize2: pefile: 0 lief: 32768 1ed111caff53069491b40822bea200b20c9cf072531b9690dd67ccc766c1c43c VirtualSize2: pefile: 0 lief: 293921207 d19015893a659e24565437dd2401ed35e391c7cf63b8e911fbe144d230752345 VirtualSize2: pefile: 0 lief: 77824 db8605708b8571410f6312afdd9ec19c6755041b6aaba405872dfb42de8f073b VirtualSize2: pefile: 0 lief: 70884092 7f6501909aff69dd67a3b55340f1858e0f8d4b037e2a26521c9f1ba714f2fcd7 VirtualSize2: pefile: 12 lief: 1256 e3360e95c756a180bc161bc7f0eb237f13bed65f1cce6d2cb866c98d09d376c9 VirtualSize2: pefile: 0 lief: 430565231 bbac25e8d2f6e2e2552ab2cc51ff1826882bbeec0c88dbc5f6adede55e108d1f NumberOfSections: pefile: 2 lief: 0 e993a91ebd1e0e3cbe44422e2456e54f05a186af514e26adbc4454658082c8d4 VirtualSize2: pefile: 0 lief: 2005210 3008aee2bfcf080f63622928466ab2b9b1d8e275885f52f0f2bb815377831fe1 VirtualSize2: pefile: 0 lief: 305216 2207400c3b602b03203a3e3501bf43ef7179f2e1459b819cec8389e2d332e88f VirtualSize2: pefile: 1091772 lief: 279576576 c9e4b97a4a978a004667f85d9e3bf54d4decc0a55664e1cb0a3d7d9d4dd44e80 VirtualSize2: pefile: 0 lief: 363012798 ead1410e025a95d32a0007a2d9350a235ea44523f11b2bf768f31887e7c304cd VirtualSize2: pefile: 0 lief: 4247910148 5d732430126d4fcb73805309603fc1fbda1df49e427aa1d395336f6b8dcd3ba3 VirtualSize2: pefile: 0 lief: 3333987409 9dd957b6233bcb07dae7730622847507800461c74146d0014b63507df01fce74 NumberOfSections: pefile: 2 lief: 0 dfb5a1ce077f227e6d235797a953c7a9c8a7cef2ca603cff1c23ab7d5299cce1 VirtualSize2: pefile: 2884 lief: 0 NumberOfSections: pefile: 8 lief: 0 14042f0587b248cd23c38d970fccab10f0a0543c78b950684318a50e2c902c3e VirtualSize2: pefile: 0 lief: 834318403 2adb2933bdbf11bc4ee1d3e7ef495b4abfa58be76a5965a48b281cae8fa38298 VirtualSize2: pefile: 0 lief: 614489965 5750eed05dcc86054e9abeffebac828cb87d4d1955d0df9e7b6dcee78cfddb59 VirtualSize2: pefile: 0 lief: 74103818 bc015dc1f7297f3edde3f34b913776be9b7ab22e92faee00f27d01601f22397e VirtualSize2: pefile: 0 lief: 564754685 09397c3ea1a02db3e285aa0431e8eebe5c39cb0ce5a4c51587742da70d2fdd96 VirtualSize2: pefile: 6332 lief: 7528 0148fc1b669f33e9262ee52cb102cef371a97a94a9404097f47d32499002491e VirtualSize2: pefile: 0 lief: 160667609 85220edc96d322f73241f65fc4230a10945a6678ded2aed07bfc1dabb152367c VirtualSize2: pefile: 0 lief: 121536 fe3e33ac99baaa076ec90d296e4c0aaa031d305bfc3aa5593eb56c0cb2012bca VirtualSize2: pefile: 0 lief: 675543842 66fa7a77e74ca8bdbb2b985eeddaccef5741d449804541b4d6df931d4e88a923 VirtualSize2: pefile: 0 lief: 67487232 aab286baf19e29b91e2cd7fa1c52590a39c46d7549f60c8664dc414c9baf2eb4 VirtualSize2: pefile: 0 lief: 769829838 8a539e639106ae4816c8fa41297a111bea5a98d632ca886117dacdd779fb60c7 VirtualSize2: pefile: 0 lief: 1509254293 4e2f7869e275af79313e71e08020d868f07099612da09c3f4987d15e7cf5c14e VirtualSize2: pefile: 0 lief: 3615773956 5b27fbfa27068625ec4dc58bf6230963d2dabbddad4cf8551bc7e8be12be38eb VirtualSize2: pefile: 5880 lief: 12 78dc5c0ed843bcdffd2d84ecc0fb53a83742f2d3838db7d0e943357459ad68aa VirtualSize2: pefile: 378444 lief: 12 c32bbdd0d58de051a9bab3314a2bfd772ccc0d68dc12eb6f7f50faaaa7e87ce2 VirtualSize2: pefile: 901948 lief: 12 55385a1e8c5b42a551be574659d40507f8056aa2e8f17a46f800cecccb5bd998 NumberOfSections: pefile: 3 lief: 0 65e1d7ae55190622d79a75569df7ea3635ba07817754d0f17b217f0bdc7901aa VirtualSize2: pefile: 124808 lief: 12 65ba6c95c0c498788d8452529fa04ed44225abdbe03189c38b02dc185d01f7ef VirtualSize2: pefile: 392712 lief: 12 c71240b35ca12af939c2c33be675f88f2c5ccfe3d72649df6bfae73cbe0658bd VirtualSize2: pefile: 3512 lief: 12 8ef1f16f5e97962efeef6600ad010c18e25652c101b4c13c5fe38f3d1de7e655 VirtualSize2: pefile: 4096 lief: 204800 631d153549494a8978a9ef6db715bf8be1f4c9ff08683f41dbc41b6237c1ee27 VirtualSize2: pefile: 6316 lief: 12 f22ff6ed906a9a589a926f8c74282df858ed49429e0a9c4850716a2841d18de5 VirtualSize2: pefile: 40968 lief: 12 11064ae1c7a94b38fd4e6b1e9b6437a6a4901d996ea09a2bd7359033705b9151 VirtualSize2: pefile: 44012 lief: 12 155f61830bab6610835345eb127168c1038acfe247a27a56cad9772d7a2d6e8a VirtualSize2: pefile: 38808 lief: 12 70ad83a59f5b80a784a3b2506713eb9ad7042ff5f29935bf8f7a6cf498e7e6f3 VirtualSize2: pefile: 3480 lief: 12 99395dc7e71f612b7320ce3477ccaf5cfde11d05440834f89edc53cb627e6bde VirtualSize2: pefile: 4096 lief: 151552 824506c7eb45e8ff6402b9362c3905f7c4dd733d9600fbdb3c23e42d513e0cab VirtualSize2: pefile: 168612 lief: 12 7ccc325d49a82057f1ce9e561052d051d6938ca0d24367e22b75eca6cc8f1692 VirtualSize2: pefile: 3280 lief: 12 d97a0d913bac150bd7a129fcece7b30b058c6aa85578d11615680ca386798f41 VirtualSize2: pefile: 283244 lief: 12 6e7f83eb6fbc72d54b609a5a1a276773ba1518014980bf684fe10a8ac3387eb0 VirtualSize2: pefile: 4480 lief: 12 a7e877573cc520ed581805d1b218763eb6e9d06552d5d66b39309af68cbb0140 VirtualSize2: pefile: 0 lief: 223102 967db5134f700b63a793703edb1f776614d7895cf5a57ccc48858aedde56ac40 VirtualSize2: pefile: 560 lief: 12 1bfbb898be7fac0d1d0fe81ea294601fb261ca6fe3511fd4880c05963794c912 VirtualSize2: pefile: 6620 lief: 12 6f9dc985b808b5e107dcf7e7d3338d485b1d1afd41bbe47f4512278c8fc0b243 VirtualSize2: pefile: 0 lief: 4096 1a39be577d8ec3d4a9faac30cd848d2399744bffa0aa80481da03a641cb38856 VirtualSize2: pefile: 3260 lief: 12 d6acdb82a4162dc34c19b1dc2042d1aafa4d4896060a12d7808701536d052294 VirtualSize2: pefile: 225444 lief: 12 617620d5b7fc2fd478cd8f84d16af3d9f85bd7dc5ab37cc4e13ebda4859d1089 VirtualSize2: pefile: 3552 lief: 12 62b9ecb0bde66186bfadae5493bd2e9485d0fdf7016472d4e77919cc63ff5cf9 VirtualSize2: pefile: 3740 lief: 12 0cc586681e7cb3b70f3e68c655b1e22189d631f6f3fababa786de7c955c48f35 VirtualSize2: pefile: 28672 lief: 4096 aa4477902ac8057a60d582ec870e4e23684db6d1cacc5c11a1650c08af3324fa VirtualSize2: pefile: 313988 lief: 12 ea2e0046205c6f51ffb7bc3479fcafd346adbbf0fbdfe930f145c2fde6008891 VirtualSize2: pefile: 0 lief: 65536 835d67666ef956c044b357243936e1088cb88f598ec7d9dcecd1165a14252877 VirtualSize2: pefile: 311172 lief: 12 028b6cfdabc05f843a5fdbe60984421934a993c7c2c9dd9e6222d37cd369efeb VirtualSize2: pefile: 221336 lief: 12 02114ababcbda5ae4bd462fd020d75bcbc2608655476b58de53d753674655dd9 VirtualSize2: pefile: 23436 lief: 0 f109178243f40d4bd4b2c8a59963c29d38ebcd01bb0f1f0973d63175cae6bf09 VirtualSize2: pefile: 5888 lief: 12 9c4f75e04483febdc2773802ccf072dbfe84763ea73e30ce8e7a8dac49514174 VirtualSize2: pefile: 3928 lief: 12 584770e909f5c50f0f7d3ac17db72cba07ac43115f708fe53cc48d8910cc630e VirtualSize2: pefile: 0 lief: 157988 375246caafabd899e4ced49acde00d6e888eae6fce3b3f500648f73f625daba1 VirtualSize2: pefile: 94208 lief: 0 82799e4b900ea11914674cd62d4f9e4592be71b776d5cacd588a88d42e3cfb9e VirtualSize2: pefile: 22588 lief: 2164 6e7c96bc821835daa08d01ca6beac0c6709ebb7e24ebddd992facceb87533e0c VirtualSize2: pefile: 4432 lief: 4864 12581f85652d5e246200782b0022954fa7309fc6359bc00bb59a17d118b0cc81 VirtualSize2: pefile: 182908 lief: 8588 799f7afdfecbd159ebfafc90c762e3441eed1e64d6b96cf1ef1b62d61eba7726 VirtualSize2: pefile: 0 lief: 1318912 02baa7212144b5e16b6adc413806b75af3af8c06122175f2d0808546196e1717 VirtualSize2: pefile: 0 lief: 545638 8304e1d82915e182e93cad9ae28a7cae2422d24b63ae498258ca8385258ad0d3 VirtualSize2: pefile: 5470 lief: 0 NumberOfSections: pefile: 5 lief: 0 babd89dbf5c02d31606bbb414ef0ebf3147210eb803ce87ea4ea5392f22b4a4c VirtualSize2: pefile: 0 lief: 238026752 3cc034e1beb957d5a8878c041d04ef388a483a2ad95ed2f7d7b77f517eeb13c1 VirtualSize2: pefile: 255594 lief: 17764 648f92b43761d8dce3a2cef0dbc137fba826d3cbae62adfcdd4d3ed7ece58664 VirtualSize2: pefile: 0 lief: 11800