Walter.IO
ContainsMoreThanOrEqualTo Method
Example 
Walter.IO Assembly > Walter.IO Namespace > FileInfoExtensions Class : ContainsMoreThanOrEqualTo Method
The file to inspect for padding.
The threshold percentage of padding to check for. The method interprets an integer value, such as 20 for 20% or 60 for 60%, to determine whether the padding exceeds these thresholds.
Determines whether a file contains padding that exceeds a specified percentage of its total size. This method is particularly useful for identifying files that may use excessive padding as a technique to evade malware detection, as some malicious software may add significant padding to alter the file's signature or hash value, making it harder to identify based on known patterns.
Syntax
public static bool ContainsMoreThanOrEqualTo( 
   FileInfo file,
   int percentagePadding
)

Parameters

file
The file to inspect for padding.
percentagePadding
The threshold percentage of padding to check for. The method interprets an integer value, such as 20 for 20% or 60 for 60%, to determine whether the padding exceeds these thresholds.

Return Value

true if the file contains padding that meets or exceeds the specified percentage; otherwise, false. This can indicate potential efforts to obscure the file's true nature or content through padding.
Example
This sample demonstrates how to iterate over all files in the Downloads folder, checking for excessive padding that could indicate an attempt to evade malware detection. Files smaller than 5MB are checked for more than 20% padding, while larger files are checked for more than 60% padding, based on common evasion tactics observed in malware distribution. 
using System;
using System.IO;
            
class Program
{
    static void Main(string[] args)
    {
        string downloadsPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile), "Downloads");
            
        if (!Directory.Exists(downloadsPath))
        {
            Console.WriteLine("Downloads folder does not exist.");
            return;
        }
            
        foreach (string filePath in Directory.GetFiles(downloadsPath))
        {
            FileInfo file = new FileInfo(filePath);
            int percentagePaddingThreshold = file.Length < 5 * 1024 * 1024 ? 20 : 60; // Threshold based on file size
            
            if (file.ContainsMoreThanOrEqualTo(percentagePaddingThreshold))
            {
                Console.WriteLine($"{file.Name} may be using padding to evade detection with more than {percentagePaddingThreshold}% padding.");
            }
            else
            {
                Console.WriteLine($"{file.Name} does not contain significant padding.");
            }
        }
    }
}
Requirements

Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2

See Also

Reference

FileInfoExtensions Class
FileInfoExtensions Members

Send Feedback