Detect-It-Easy icon indicating copy to clipboard operation
Detect-It-Easy copied to clipboard

Published 20 hours ago verified publisher icon horsicq

Inconsistency of entropy values to its graph

Open dyussekeyev opened this issue 4 years ago • 4 comments

Dear developers,

When I analyzed a malware sample (MD5 73AFAC6E5799747168D49B8957AA757E) I have found an inconsistency of entropy values to its graph.

I tried to use various versions of the software: 3.02, 3.03 pre-release and 1.01. At the picture below I might see that the entropy of section '.data' is 2.4, but it does not correlate with a graph. Similar issues for other sections.

die

Is it a bug or normal behaviour?

Best regards, Askar.

dyussekeyev avatar Nov 12 '21 04:11 dyussekeyev

It is normal behavior. We are using 100 parts of the file to draw the graph. We need more parts to make the entropy of the section is more visible. I will make a custom parameter "count" to increase number of parts.

horsicq avatar Nov 12 '21 08:11 horsicq

Understood. Thank you.

Could you please to modify the code so that one section should be not less that 1 part to ensure that it will be shown on a graph.

dyussekeyev avatar Nov 12 '21 09:11 dyussekeyev

Yes. I will make it. I will release version 3.03 in a few days, It will be in version 3.04.

horsicq avatar Nov 12 '21 11:11 horsicq

Checked this sample again. Looks well in the 3.04. Thank you.

image

dyussekeyev avatar Feb 25 '22 05:02 dyussekeyev