This a .NET sample that unpacks the payload in the non-executable memory:
PE-sieve with option /data 1 which is: .NET: scan non-executable in .NET applications should scan it.
However, it scans it and detect the payload only in /data 3 mode (unconditional scan).
It suggests an error in the condition check. The sample is validly detected as .NET according to scan_report.json:
Sample:
This a .NET sample that unpacks the payload in the non-executable memory:
PE-sieve with option
/data 1
which is:.NET: scan non-executable in .NET applications
should scan it. However, it scans it and detect the payload only in/data 3
mode (unconditional scan).It suggests an error in the condition check. The sample is validly detected as .NET according to
scan_report.json
: