public sealed class ShellcodeAnalyzer : IPeAnalyzer
{
    public string Name => nameof(ShellcodeAnalyzer);

    public Task<IReadOnlyList<AnalysisFinding>> AnalyzeAsync(PeImageInfo peInfo, CancellationToken cancellationToken)
    {
        var findings = new List<AnalysisFinding>();

        var highEntropySections = peInfo.Sections.Count(s => s.Entropy >= 7.4);
        if (highEntropySections > 0 && peInfo.Imports.Count == 0)
        {
            findings.Add(new AnalysisFinding(Name, FindingSeverity.Suspicious, "Shellcode-like characteristics", "High entropy with no imports is shellcode-like."));
        }

        if (peInfo.Sections.Count == 1 && peInfo.Imports.Count == 0)
        {
            findings.Add(new AnalysisFinding(Name, FindingSeverity.Suspicious, "Single-section image", "Single-section executable with no imports is suspicious."));
        }

        return Task.FromResult((IReadOnlyList<AnalysisFinding>)findings);
    }
}