Author Topic: explanation of output (Read 10617 times)

dan · « **on:** February 17, 2007, 09:47:27 PM »

Is there any explanation to what the extra numbers on each file def hit mean ?
ie. from the output:

TrID/32 - File Identifier v2.02 - (C) 2003-06 By M.Pontello
Definitions found: 2396
Analyzing...

Collecting data from file: trid.exe
42.6% (.EXE) UPX compressed Win32 Executable (30569/9/7)
37.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
14.6% (.EXE) Win32 Executable Generic (10527/13/4)
2.7% (.EXE) Generic Win/DOS Executable (2002/3)
2.7% (.EXE) DOS Executable Generic (2000/1)
0.0% (.VXD) VXD Driver (31/22)
0.0% (.CEL) Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3)

what does
(30569/9/7), (26569/9/4), (10527/13/4), (2002/3), (2000/1), (31/22), (7/3)
mean?

thanks

/dan

Mark0 · « **Reply #1 on:** February 18, 2007, 07:07:13 PM »

Hi!

The first is the number of "points" that the corresponding filetype "scored" against the file analyzed.
The other two are most for debugging / testing purposes, as they correspond to internal vars used by the detection engine. They are most of intereste for me, rather than the user.
In short, the highest the score, the higher probablility of a match.

Bye!

Mark0's Forum

News:

Author Topic: explanation of output (Read 10617 times)

dan

explanation of output

Mark0

Re: explanation of output