Inconsistency of entropy values to its graph #103

dyussekeyev · 2021-11-12T04:44:49Z

Dear developers,

When I analyzed a malware sample (MD5 73AFAC6E5799747168D49B8957AA757E) I have found an inconsistency of entropy values to its graph.

I tried to use various versions of the software: 3.02, 3.03 pre-release and 1.01. At the picture below I might see that the entropy of section '.data' is 2.4, but it does not correlate with a graph. Similar issues for other sections.

Is it a bug or normal behaviour?

Best regards,
Askar.

horsicq · 2021-11-12T08:25:36Z

It is normal behavior. We are using 100 parts of the file to draw the graph.
We need more parts to make the entropy of the section is more visible.
I will make a custom parameter "count" to increase number of parts.

dyussekeyev · 2021-11-12T09:51:57Z

Understood. Thank you.

Could you please to modify the code so that one section should be not less that 1 part to ensure that it will be shown on a graph.

horsicq · 2021-11-12T11:42:50Z

Yes. I will make it. I will release version 3.03 in a few days,
It will be in version 3.04.

dyussekeyev · 2022-02-25T05:18:53Z

Checked this sample again. Looks well in the 3.04. Thank you.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Inconsistency of entropy values to its graph #103

Inconsistency of entropy values to its graph #103

dyussekeyev commented Nov 12, 2021

horsicq commented Nov 12, 2021

dyussekeyev commented Nov 12, 2021

horsicq commented Nov 12, 2021 •

edited

dyussekeyev commented Feb 25, 2022

Inconsistency of entropy values to its graph #103

Inconsistency of entropy values to its graph #103

Comments

dyussekeyev commented Nov 12, 2021

horsicq commented Nov 12, 2021

dyussekeyev commented Nov 12, 2021

horsicq commented Nov 12, 2021 • edited

dyussekeyev commented Feb 25, 2022

horsicq commented Nov 12, 2021 •

edited