public ResContainer ParseResVerbose() { ResContainer resCont = new ResContainer(); var logFile = File.ReadAllLines(ResFname); foreach (var line in logFile) { try { float rate = float.Parse(line); Console.WriteLine("#####################RATE " + rate.ToString()); if (rate == 1) { break; } if (rate > 0.2) { resCont.isMalware = true; resCont.suspiciousAttr.Add(line); break; } if (rate > 0.1) { resCont.isSuspicious = true; resCont.suspiciousAttr.Add(line); break; } } catch (Exception e) { Console.WriteLine("Exception caught."); } } return(resCont); }
public ResContainer ParseResVerbose() { ResContainer resCont = new ResContainer(); var logFile = File.ReadAllLines(ResFname); foreach (var line in logFile) { if (line.Contains("LoadLibraryExW")) { resCont.isSuspicious = true; } if (line.Contains("WinExec")) { resCont.isSuspicious = true; } if (line.Contains("ReadProcessMemory")) { resCont.isSuspicious = true; } if (line.Contains("WriteProcessMemory")) { resCont.isSuspicious = true; } if (line.Contains("SetWindowsHookExA")) { resCont.isSuspicious = true; } if (line.Contains("IsDebuggerPresent")) { resCont.isMalware = true; } if (line.Contains("CreateServiceA")) { resCont.isSuspicious = true; } if (line.Contains("GetSystemDirectoryW")) { resCont.isSuspicious = true; } if (line.Contains("GetSystemTime")) { resCont.isSuspicious = true; } } return(resCont); }
public ResContainer ParseResVerbose() { ResContainer resCont = new ResContainer(); var logFile = File.ReadAllLines(ResFname); foreach (var line in logFile) { if (line.Contains("suspicious")) { resCont.isSuspicious = true; } if (line.Contains("malware")) { resCont.isMalware = true; } if (line.Contains("too many matches")) { resCont.isMalware = true; } resCont.suspiciousAttr.Add(line); } return(resCont); }