1 1 1 1 1 1 1 The file is not Portable Executable (PE) The MZ signature is missing The size of the file has reached the minimum threshold provided (%i bytes) The size of the file has reached the maximum threshold provided (%i bytes) The size of the Optional Header is Suspicious (it should be %i) The size of the File Header is Suspicious The size of the digital Certificate has reached the minimum threshold (%i bytes) provided The size of the digital Certificate has reached the minimum threshold (%i bytes) provided The content of the Digital Certificate is unexpected The file is managed (.NET) The file references (%s) Debug symbols The file is digitally signed with (%i) Certificate(s) The file is bound to %i Libraries The file is Code-less The file uses static Thread Local Storage (TLS) The file checksum is invalid The Entry Point is outside the file The Certificate issuer (%s) has expired (%s) The Certificate subject (%s) has expired (%s) The file is not signed with a Digital Certificate The file has no Manifest The file will be copied to the system swap file and will run from it if started from a Network Location The file will be copied to the system swap file and will run from it if started from a Removable Media The file runs in the Visual Basic Virtual Machine The file is a Device Driver The file is statically linked to the C Runtime Library The file uses Data Execution Prevention (DEP) as Mitigation technique The file ignores Data Execution Prevention (DEP) as Mitigation technique The file uses Address Space Layout Randomization (ASLR) as Mitigation technique The file ignores Address Space Layout Randomization (ASLR) as Mitigation technique The file does not use Structured Exception Handling (SEH) The file uses Cookies placed on the Stack (GS) as Mitigation technique The file ignores Cookies placed on the Stack (GS) as Mitigation technique The file ignores Code Integrity The file is isolation aware but should not be isolated The file uses Safe Structured Exception Handling (SafeSEH) as Mitigation technique The file registers (%i) Exception Handlers The Virustotal score (%i/%i) of the overlay has reached the minimum threshold (%i) provided The Virustotal score (%i/%i) of the overlay has reached the maximum threshold (%i) provided The Checksum (0x%08X) detected is different than the Checksum (0x%08X) computed The Virustotal score (%i/%i) of the file has reached the minimum threshold (%i) provided The Virustotal score (%i/%i) of the file has reached the maximum threshold (%i) provided The preferred Virustotal AV Engine (%s) has detected the file as Infected The preferred Virustotal AV Engine (%s) has detected the file as Clean The Debug data is invalid The Debug file name is different than the file name (%s) The Debug file name extension is suspicous The debug file name contains %i unprintable characters The Age of the Debug Symbol file has reached the minimum threshold (%i) provided The Age of the Debug Symbol file has reached the maximum threshold (%i) provided The PointerToSymbolTable (0x%08X) is invalid (should be zero) The NumberOfSymbols (0x%08X) is invalid (should be zero) The SizeOfCode (0x%08X) is suspicious The BaseOfCode (0x%08X) is invalid The BaseOfData (0x%08X) is invalid The FileAlignment (0x%08X) is invalid The SizeOfImage (0x%08X) is invalid The size of initialized data has reached the maximum threshold (%i bytes) provided The SizeOfHeaders (0x%08X) is invalid The NumberOfRvaAndSizes (0x%08X) is invalid (Maximum is %i) The Entry point is suspicious The count of shared section(s) has reached the maximum threshold (%i) provided The count of section(s) has reached the maximum threshold (%i) provided The count of writable and Executable section(s) has reached the maximum threshold (%i) provided The count of Nameless section(s) has reached the maximum threshold (%i) provided The file contains writable and Shared section which presents a vector attack The last section is Executable The first section (name:%s) is writable The Entry point (0x%08X) is outside the first section The Entry point (0x%08X) is in the first section (Name:%s) The file size (%i bytes) of the section (name:%s) has reached the minimum threshold (%i bytes) provided The file signature is '%s' The file is resource-less The count (%i) of Languages in the resources has reached the maximum threshold (%i) provided The file contains %i custom resource Item(s) The file contains %i Built-in resources Item(s) The file contains %i resource(s) in a Language (%s) defined as blacklisted The ico (%s) resource is invalid The signature of the resource (%s:%s) is Unknown The file contains a resource (%s:%s) which is not supported anymore The Manifest does not contain Trust Information The Manifest Identity name (%s) is different than the file name The Manifest 'description' name (%s) is different than the file name The size (%i bytes) of the resource (%s.%s) has reached the minimum threshold (%i bytes) provided The size (%i bytes) of the resource (%s.%s) is bigger than the maximum threshold (%i bytes) provided The section (name:%s) is blacklisted The count of executable section(s) has reached the maximum threshold (%i) provided The file has no executable section The count of blacklisted section(s) has reached the maximum threshold (%i) provided The file Exports %i Obsolete Symbols The file Exports %i Anonymous Symbols The file exports %i Forwarded Symbols The file exports %i Decorated Symbols The count of exported blacklisted functions has reached the maximum threshold (%i) provided The count of deprecated imported functions has reached the maximum threshold (%i) provided The file imports %i anonymous Symbols The file imports %i forwarded Symbols The file imports %i decorated Symbols The count of imported functions has reached the maximum threshold (%i) provided The count of imported blacklisted functions has reached the maximum threshold (%i) provided The imported ordinal (%s) has been resolved to a Function Name (%s) The Symbol (%s) is imported several (%i) times The file imports %i Anonymous Symbol(s) that have been resolved The count of Antidebug imported functions has reached the maximum threshold (%i) provided The count of Undocumented imported functions has reached the maximum threshold (%i) provided The count of Ordinal imported functions has reached the maximum threshold (%i) provided The count of Unsafe imported functions has reached the maximum threshold (%i) provided The file is compressed (obfuscated) The %s Directory is missing The %s Directory is invalid The %s Directory is outside the file The Offset (0x%08X) of the %s Directory is outside a section The Virtual Address (0x%08X) of the %s Directory is suspicious The count (%i) of empty directories has reached the maximum threshold (%i) provided The time stamp of the File Header is empty The time stamp of the File Header (Year:%i) has reached the maximum threshold (Year:%i) provided The time stamp of the File Header (Year:%i) has reached the minimum threshold (Year:%i) provided The time stamp of the Debug block (Year:%i) has reached the maximum threshold (Year:%i) provided The time stamp of the Debug block (Year:%i) has reached the minimum threshold (Year:%i) provided The Manifest requires Administrative permission The file requests User Interface Privilege Isolation (UIPI) The file has no Cave The file original name is "%s" The count of strings has reached the minimum threshold (%i) provided The count of blacklisted strings has reached the maximum threshold (%i) provided The file contains %i MIME64 Encoding string(s) The file contains a hardcoded IP Address (%s) The count of blacklisted strings has reached the minimum threshold (%i) provided The file contains (%i) Function names mapped to another name The file imports %i Library(s) with invalid Name The file imports %i Library(s) with Suspicious Name The count of imported Libraries has reached the minimum threshold (%i) provided The count of blacklisted imported Library(s) has reached the maximum threshold (%i) provided The Version has no Translation data The Version contains suspicious data The size (%i bytes) of the Version resource is bigger than the maximum threshold (%i) provided The Version '%s' is Empty The Version '%s' is suspicious The Version instance '%s' is suspicious The Version does NOT contain the '%s' section The Version translation block internal Name is Misspelled The Version file OS (%s) is suspicious The file supports OLE Self-Registration The file is missing the Root structure that contains all other Version information The file embeds a file (Type: %s, MD5: %s, Virustotal: %i/%i) The file is target for % Machine .. The count of functions with Elevated (Administrative) privilege has reached the maximum threshold (%i) provided The count (%i) of Registered Exception Handlers has reached the maximum threshold provided (%i) The size (%i bytes) of the MS-DOS Header has reached the minimum threshold (%i bytes) provided The size (%i bytes) of the MS-DOS Header is bigger than the maximum threshold (%i bytes) provided The file is a fake Microsoft executable The size of the MS-DOS Stub has reached the minimum threshold (%i bytes) provided The size of the MS-DOS Stub is bigger than the maximum threshold (%i bytes) provided The resource (%s.%s) has been detected as '%s' The OriginalFilename (%s) is different than the file name The Entry Point is in the last section The count of Sections has reached the minimum threshold (%i) provided The count of Sections has reached the maximum threshold (%i) provided The file embeds a file (Type: %s, MD5: %s) The file references the '%s' Windows builtin Service The file has no version information The file is self-extractable with IEXPRESS The count of strings (type: %s) has reached the maximum threshold (%i) provided The size of code is bigger than the size (%i bytes) of the file The count of regex items detected has reached the maximum threshold (%i) provided The section (name: %s) is not Readable The count of Windows built-in Privileges detected has reached the maximum threshold (%i) provided The count of Object IDs (OID) items detected has reached the maximum threshold (%i) provided The file signature (%s) is blacklisted The file signature (%s) of the overlay is blacklisted The file signature (%s) of the resource (%s.%s) is blacklisted The file contains self-modifying code The count of file extensions detected has reached the maximum threshold (%i) provided The count of Keyboard Keys detected has reached the maximum threshold (%i) provided The file references a Smartcard The file references virtual machine (VM) The file references the Remote Desktop Session Host Server The file references the Protected Storage The file references the Active Directory (AD) The file references the Windows Native API The file references the Simple Network Management Protocol (SNMP) The file references the Security Descriptor Definition Language (SDDL) The file references the cabinet (CAB) interface tbd The file references the Lightweight Directory Access Protocol (LDAP) The file modifies the registry The file references the Security Account Manager (SAM) The file references the Clipboard The file references the installation of Hook(s) to change or control the behaviour of the system The file references the Security Descriptor Definition Language (SDDL) The file references the Service Control Manager (SCM) The file references the Windows Indexing engine The file references the Desktop window The file references the Router Administration interface The file references the Mail (MAPI) interface The file references the Microsoft Identity Manager The file references data from a Socket The file references the Internet Protocol Helper to retrieve or modify network configuration settings The file accesses libraries at runtime The file starts child Processes The file references the Microsoft Digest Access The file references the Windows Cryptographic Primitives Library The file references the Local Security Authority Server (LSASS) The file references the Local Security Authority (LSA) process The file references the Internet Explorer Zone Manager The file references the Credential Manager User Interface The file references the Windows Setup API The file references the Windows Cryptographic interface The file references the Windows Debug Helper The file references the Windows IP Helper The file references the Power Profile Helper The file references the Multiple Provider Router The file references the File Transfer Protocol (FTP) The file references users credentials The file references the resources of an executable The file queries for files and streams The file references the Backup API The file creates and or modifies file(s) The file references the Remote Access Service (RAS) The file references the Performance Counters The file references the Event Log The file references the system Power The file references the HTML Help Control The file queries for Processes and Modules The file references Inter-Process Communication (IPC) The file references the Console The file references the Scheduler The file references the Windows Management Instrumentation (WMI) The file dynamically binds to the .NET runtime The file references the Windows default safe DLL search path The file references a Printer Driver The file references Dynamic Data Exchange (DDE) The file queries for visible/invisible window The file references Function(s) callback executed when the program exits The file transfers control to a Debugger The file references the AutoIt scripting Engine The file references Microsoft the Setup Interface (MSI) The file references Microsoft Detour to trojanize other executable The file references the Domain Name System (DNS) API The file creates temporary file(s) The file references the WLAN interface The file references the environment variables The file provides a Control Panel Application callback The file monitors Registry operations The file exposes the Password Secrets of Internet Explorer The file references the DHCP Client Service The file changes the NetBIOS or the DNS name of the local computer The file scans the mounted folders on a volume The file sends data on a Socket The file references the Internet Explorer (IE) server The file logs the Internet Explorer (IE) hits The file synthesizes mouse motion and button clicks The file changes the protection of the Virtual Address Space The file references the RPC Network Data Representation (NDR) Engine The file references the Windows Software Quality Metrics (SQM) The file references the Event Tracing for Windows (ETW) framework The file inserts itself in the chain of the Clipboard Listeners The file references the Open Database Connectivity (ODBC) installer The file references the Single-Instance Store (SIS) backup framework The file installs a Device or a Driver The file invokes the ODBC Driver Tracing mechanism The file references Bitlocker The file registers itself as a boot Driver The file walks up and records the stack information The file references the Windows Scripting Host engine The file references the Console Based Script Host engine The file references the HTML Application Host engine The file references the VB Scripting Encoder/Decoder engine The file references the Java Scripting Encoder/Decoder engine The file references the Windows File Protection The file simulates keyboard input The file references the Multimedia Class Scheduler service (MMCSS) The file references the Group Policy (GP) The file references a communications device The file monitors a communications device The file references the local Running Object Table (ROT) The file references the Human Interface Devices (HID) Protocol The file references Simple Mail Transfer Protocol (SMTP) The file references the Internet Control Message Protocol (ICMP) The file fingerprints Antivirus (AV) or monitoring tools The file references the Windows Capture Library The file references Microsoft Office The file enumerates Network resources or existing connections The file references Alternate Data Stream (ADS) The file fingerprints for Web browsers The file fingerprints for Sandboxes The file fingerprints for Email clients The file references the Firefox API The file references the Shim Engine The file references the Windows Address Book The count (%i) of Security Management Functions has reached the maximum threshold (%i) provided The count (%i) of Authorization Functions has reached the maximum threshold (%i) provided The count (%i) of Registry Functions has reached the maximum threshold (%i) provided The count (%i) of Memory Management Functions has reached the maximum threshold (%i) provided The count (%i) of Tool Help Functions has reached the maximum threshold (%i) provided The count (%i) of Backup Functions has reached the maximum threshold (%i) provided The count (%i) of Event Logging Functions has reached the maximum threshold (%i) provided The count (%i) of Event Tracing Functions has reached the maximum threshold (%i) provided The count (%i) of Error Handling Functions has reached the maximum threshold (%i) provided The count (%i) of Directory Management Functions has reached the maximum threshold (%i) provided The count (%i) of Debugging Functions has reached the maximum threshold (%i) provided The count (%i) of Console Functions has reached the maximum threshold (%i) provided The count (%i) of ImageHlp Functions has reached the maximum threshold (%i) provided The count (%i) of Communication Functions has reached the maximum threshold (%i) provided The count (%i) of COM Functions has reached the maximum threshold (%i) provided The count (%i) of System Information Functions has reached the maximum threshold (%i) provided The count (%i) of Package Query Functions has reached the maximum threshold (%i) provided The count (%i) of Setup Functions has reached the maximum threshold (%i) provided The count (%i) of Structured Storage Functions has reached the maximum threshold (%i) provided The count (%i) of Dynamic Data Exchange Management Library (DDEML) Functions has reached the maximum threshold (%i) provided The count (%i) of Clipboard Functions has reached the maximum threshold (%i) provided The count (%i) of WinINet Functions has reached the maximum threshold (%i) provided The count (%i) of Dynamic-Link Library Functions has reached the maximum threshold (%i) provided The count (%i) of Process and Thread Functions has reached the maximum threshold (%i) provided The count (%i) of WinHttp Functions has reached the maximum threshold (%i) provided The count (%i) of Zw Functions has reached the maximum threshold (%i) provided The count (%i) of Rtl Functions has reached the maximum threshold (%i) provided The count (%i) of Native (Nt) Functions has reached the maximum threshold (%i) provided The count (%i) of DHCP Server Management Functions has reached the maximum threshold (%i) provided The count (%i) of Network Management Functions has reached the maximum threshold (%i) provided The count (%i) of DNS Functions has reached the maximum threshold (%i) provided The count (%i) of Mailslot Functions has reached the maximum threshold (%i) provided The count (%i) of RPC Functions has reached the maximum threshold (%i) provided The count (%i) of SEH Functions has reached the maximum threshold (%i) provided The count (%i) of Service Functions has reached the maximum threshold (%i) provided The count (%i) of File Management Functions has reached the maximum threshold (%i) provided The count (%i) of Video Capture Functions has reached the maximum threshold (%i) provided The count (%i) of Cabinet Functions has reached the maximum threshold (%i) provided The count (%i) of Single-Instance Store (SIS) Backup Functions has reached the maximum threshold (%i) provided The count (%i) of Performance Counters Functions has reached the maximum threshold (%i) provided The count (%i) of Atom Functions has reached the maximum threshold (%i) provided The count (%i) of Device Management Functions has reached the maximum threshold (%i) provided The count (%i) of Remote Access Service Functions has reached the maximum threshold (%i) provided The count (%i) of Remote Access Service Custom Scripting Functions has reached the maximum threshold (%i) provided The count (%i) of WinSNMP Functions has reached the maximum threshold (%i) provided The count (%i) of Router Information Functions has reached the maximum threshold (%i) provided The count (%i) of Network Data Representation (Ndr) Functions has reached the maximum threshold (%i) provided The count (%i) of Power Management Functions has reached the maximum threshold (%i) provided The count (%i) of Remote Desktop Functions has reached the maximum threshold (%i) provided The count (%i) of WLAN Functions has reached the maximum threshold (%i) provided The count (%i) of SNMP Functions has reached the maximum threshold (%i) provided The count (%i) of WinDbgExt Functions has reached the maximum threshold (%i) provided The count (%i) of DDE Functions has reached the maximum threshold (%i) provided