public sealed class PackerAnalyzer : IPeAnalyzer
{
    public string Name => nameof(PackerAnalyzer);

    public Task<IReadOnlyList<AnalysisFinding>> AnalyzeAsync(PeImageInfo peInfo, CancellationToken cancellationToken)
    {
        var findings = new List<AnalysisFinding>();

        if (peInfo.Sections.Any(s => s.Entropy > 7.5))
        {
            findings.Add(new AnalysisFinding(Name, FindingSeverity.Warning, "High entropy section", "A section entropy above threshold suggests packing or compression."));
        }

        if (peInfo.Warnings.Contains("Overlay detected."))
        {
            findings.Add(new AnalysisFinding(Name, FindingSeverity.Warning, "Overlay present", "Overlay data often appears in packed or modified binaries."));
        }

        if (peInfo.Sections.Any(s => s.Name is ".upx0" or ".upx1" or "UPX0" or "UPX1"))
        {
            findings.Add(new AnalysisFinding(Name, FindingSeverity.Malicious, "Common packer marker", "UPX-like section name found."));
        }

        return Task.FromResult((IReadOnlyList<AnalysisFinding>)findings);
    }
}