This version:
* Improves the directory check against VirusTotal (-d option). The
"AV Detection" column is renamed to "AV", the Sample and other
columns are narrowed and realigned, and two new local-analysis
columns are added for each sample: "Overlay", indicating whether
the PE has an overlay (YES/NO, or N/A for non-PE files), and
"Ent", showing the file entropy as a value from 0.00 to 8.00. The
entropy is the highest per-section entropy of the PE (the best
signal for packed or encrypted sections), falling back to the
whole-file Shannon entropy for non-PE files.
* Shows the overlay size in the VirusTotal file report (-v 1/2/3).
When a PE has an overlay, an "Overlay Size" field is now printed
right below the "Overlay" field, formatted in KB/MB rather than
raw bytes.
* Shows overlay information in the VirusTotal hash report (-v 8).
The report by hash now reports whether the sample has an overlay
(and its size, in KB/MB) directly from VirusTotal's pe_info data,
without downloading the sample.
* Shows the file entropy in the VirusTotal file report (-v 1/2/3).
An "Entropy" field is now printed below the overlay information,
using the same value as the -d directory check: the highest
per-section entropy of the PE (0.00 to 8.00), falling back to the
whole-file Shannon entropy for non-PE files.
