PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 620,00 KB SHA-256 Hash: 14EDB638B1C3303C2F8DBB80D8D9E8839019520BD3B34B605C9BEAED65C3376C SHA-1 Hash: 015ACE9FCCA5541773C12F11708D63235E3B6B9A MD5 Hash: 0DAB29ADCAFD4F0B0D177972DC20E706 Imphash: 95F6D998B8DB3323C46753A8E4FA0033 MajorOSVersion: 6 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 4EF44 SizeOfHeaders: 400 SizeOfImage: A3000 ImageBase: 0000000140000000 Architecture: x64 ImportTable: 92068 IAT: 7B000 Characteristics: 22 TimeDateStamp: 68AEF1AD Date: 27/08/2025 11:53:17 File Type: EXE Number Of Sections: 7 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, _RDATA, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 79600 | 1000 | 79428 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
79A00 | 18200 | 7B000 | 18054 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
91C00 | 2000 | 94000 | 59FC |
|
|
| .pdata | 0x40000040 Initialized Data Readable |
93C00 | 6000 | 9A000 | 5EA4 |
|
|
| _RDATA | 0x40000040 Initialized Data Readable |
99C00 | 200 | A0000 | F4 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
99E00 | 600 | A1000 | 438 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
9A400 | C00 | A2000 | A58 |
|
|
| Description |
| OriginalFilename: preserving.exe ProductName: Preserving Service FileVersion: 12.1.3.1 FileDescription: Preserving ProductVersion: 12.1.3.1 Language: English (United States) (ID=0x409) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) have the Entry Point Information -> EntryPoint (calculated) - 4E344 Code -> 4883EC28E8A30500004883C428E97AFEFFFFCCCC4883EC284D8B4138488BCA498BD1E80D000000B8010000004883C428C3CC Assembler |SUB RSP, 0X28 |CALL 0X15AC |ADD RSP, 0X28 |JMP 0XE8C |INT3 |INT3 |SUB RSP, 0X28 |MOV R8, QWORD PTR [R9 + 0X38] |MOV RCX, RDX |MOV RDX, R9 |CALL 0X1034 |MOV EAX, 1 |ADD RSP, 0X28 |RET |INT3 |
| Signatures |
| Rich Signature Analyzer: Code -> D602EC129263824192638241926382417613814098638241761387403A6382417613864081638241C016864082638241C016814098638241C0168740CB6382417613844093638241761383409D638241926383412D6382415C168B40886382415C167D419363824192631541936382415C168040936382415269636892638241 Footprint md5 Hash -> A8A8464A7D3BA7303F0C7A30ACD4C03D • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Detect It Easy (die) • PE+(64): compiler: Microsoft Visual C/C++(-)[-] • PE+(64): linker: Microsoft Linker(14.29**)[-] • Entropy: 6.05613 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | CreateToolhelp32Snapshot | Creates a snapshot of the specified processes, heaps, threads, and modules. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| KERNEL32.DLL | DeleteFileA | Deletes an existing file. |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| File Access |
| SHELL32.dll ADVAPI32.dll USER32.dll KERNEL32.dll WTSAPI32.dll SHLWAPI.dll \001.dat \002.dat //www.dat @.dat |
| File Access (UNICODE) |
| preserving.exe mscoree.dll api-ms-win-core-synch-l1-2-0.dll kernel32.dll |
| Interest's Words |
| exec start |
| URLs |
| http://www.datapower.com/schemas/json http://www.w3.org/2001/XMLSchema-instance http://www.ibm.com/xmlns/prod/2009/jsonx |
| IP Addresses |
| 12.1.3.1 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Service (OpenSCManager) |
| Text | Ascii | Service (CreateService) |
| Text | Ascii | Service (StartServiceCtrlDispatcher) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (CreateToolhelp32Snapshot) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Execution (CreateProcessA) |
| Text | Ascii | Execution (CreateSemaphoreW) |
| Text | Ascii | Execution (CreateEventW) |
| Text | Unicode | Privileges (SeTcbPrivilege) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 (DLL) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \VERSION\1\1033 | A10A0 | 218 | 99EA0 | 180234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000100 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\1033 | A12B8 | 17D | 9A0B8 | 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779 | <?xml version='1.0' encoding='UTF-8' standalone='y |
| Intelligent String |
| • 12.1.3.1 • \001.dat • kernel32.dll • api-ms-win-core-synch-l1-2-0.dll • mscoree.dll • xsi:schemaLocation="http://www.datapower.com/schemas/json jsonx.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:json="http://www.ibm.com/xmlns/prod/2009/jsonx" • "%s" /d /c timeout 60 • \002.dat • KERNEL32.dll • USER32.dll • ADVAPI32.dll • preserving.exe |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| D02D | N/A | .text | JMP QWORD PTR [RIP+0x89480000] |
| FBCD | N/A | .text | JMP QWORD PTR [RIP+0xE00] |
| 119A9 | N/A | .text | JMP QWORD PTR [RIP+0x3000] |
| 11C59 | N/A | .text | JMP QWORD PTR [RIP+0x3000] |
| 1237B | N/A | .text | JMP QWORD PTR [RIP+0x4000] |
| 1254A | N/A | .text | JMP QWORD PTR [RIP+0x1C0] |
| 14024 | N/A | .text | JMP QWORD PTR [RIP+0xE00] |
| 142F6 | N/A | .text | JMP QWORD PTR [RIP+0x1C0] |
| 148F4 | N/A | .text | JMP QWORD PTR [RIP+0x3000] |
| 14CCA | N/A | .text | JMP QWORD PTR [RIP+0x1C0] |
| 19860 | N/A | .text | JMP QWORD PTR [RIP+0x4000] |
| 1AEB9 | N/A | .text | JMP QWORD PTR [RIP+0x3000] |
| 387D1 | N/A | .text | CALL QWORD PTR [RIP+0x41E09] |
| 387DC | N/A | .text | CALL QWORD PTR [RIP+0x41DF6] |
| 387FF | N/A | .text | CALL QWORD PTR [RIP+0x41DCB] |
| 38B15 | N/A | .text | CALL QWORD PTR [RIP+0x41AAD] |
| 3BAE0 | N/A | .text | CALL QWORD PTR [RIP+0x3EA4A] |
| 3BC15 | N/A | .text | CALL QWORD PTR [RIP+0x3E8DD] |
| 3BD1C | N/A | .text | CALL QWORD PTR [RIP+0x3E7A6] |
| 3BE9A | N/A | .text | CALL QWORD PTR [RIP+0x3E640] |
| 3C090 | N/A | .text | CALL QWORD PTR [RIP+0x3E44A] |
| 3C20D | N/A | .text | CALL QWORD PTR [RIP+0x3E2CD] |
| 3C3AB | N/A | .text | CALL QWORD PTR [RIP+0x3E12F] |
| 3C522 | N/A | .text | CALL QWORD PTR [RIP+0x3DFA0] |
| 3C696 | N/A | .text | CALL QWORD PTR [RIP+0x3DE44] |
| 3C85D | N/A | .text | CALL QWORD PTR [RIP+0x3DC7D] |
| 3CA5E | N/A | .text | CALL QWORD PTR [RIP+0x3DA7C] |
| 3CC71 | N/A | .text | CALL QWORD PTR [RIP+0x3D869] |
| 3CDEC | N/A | .text | CALL QWORD PTR [RIP+0x3D6EE] |
| 3CFB9 | N/A | .text | CALL QWORD PTR [RIP+0x3D521] |
| 3D1A1 | N/A | .text | CALL QWORD PTR [RIP+0x3D339] |
| 3D38D | N/A | .text | CALL QWORD PTR [RIP+0x3D14D] |
| 3D505 | N/A | .text | CALL QWORD PTR [RIP+0x3CFD5] |
| 3DCD5 | N/A | .text | CALL QWORD PTR [RIP+0x3C7BD] |
| 3DD2A | N/A | .text | CALL QWORD PTR [RIP+0x3C758] |
| 3DDB5 | N/A | .text | CALL QWORD PTR [RIP+0x3C6CD] |
| 3DDE4 | N/A | .text | CALL QWORD PTR [RIP+0x3C6A6] |
| 3EA19 | N/A | .text | CALL QWORD PTR [RIP+0x3BAE1] |
| 3FB6C | N/A | .text | JMP QWORD PTR [RIP+0x80000000] |
| 3FE62 | N/A | .text | CALL QWORD PTR [RIP+0x3A6A0] |
| 3FEDA | N/A | .text | CALL QWORD PTR [RIP+0x3A628] |
| 402B2 | N/A | .text | CALL QWORD PTR [RIP+0x3A550] |
| 40474 | N/A | .text | CALL QWORD PTR [RIP+0x3A38E] |
| 4068A | N/A | .text | CALL QWORD PTR [RIP+0x3A178] |
| 409E0 | N/A | .text | CALL QWORD PTR [RIP+0x39E52] |
| 40A55 | N/A | .text | CALL QWORD PTR [RIP+0x39B85] |
| 40A79 | N/A | .text | CALL QWORD PTR [RIP+0x39B51] |
| 40BC1 | N/A | .text | CALL QWORD PTR [RIP+0x39949] |
| 40BD3 | N/A | .text | CALL QWORD PTR [RIP+0x3993F] |
| 40C15 | N/A | .text | CALL QWORD PTR [RIP+0x399AD] |
| 40D16 | N/A | .text | CALL QWORD PTR [RIP+0x3977C] |
| 40D88 | N/A | .text | CALL QWORD PTR [RIP+0x39AB2] |
| 40D9A | N/A | .text | CALL QWORD PTR [RIP+0x396F0] |
| 40E43 | N/A | .text | CALL QWORD PTR [RIP+0x399E7] |
| 40E5C | N/A | .text | CALL QWORD PTR [RIP+0x3962E] |
| 40E91 | N/A | .text | CALL QWORD PTR [RIP+0x395F9] |
| 41A28 | N/A | .text | CALL QWORD PTR [RIP+0x38AD2] |
| 41A68 | N/A | .text | CALL QWORD PTR [RIP+0x38DE2] |
| 41A97 | N/A | .text | CALL QWORD PTR [RIP+0x38DBB] |
| 41AE2 | N/A | .text | CALL QWORD PTR [RIP+0x38D18] |
| 41B21 | N/A | .text | CALL QWORD PTR [RIP+0x389D9] |
| 41B45 | N/A | .text | CALL QWORD PTR [RIP+0x38AAD] |
| 41C6E | N/A | .text | CALL QWORD PTR [RIP+0x388AC] |
| 41C7C | N/A | .text | CALL QWORD PTR [RIP+0x38B8E] |
| 42909 | N/A | .text | CALL QWORD PTR [RIP+0x37B89] |
| 4295B | N/A | .text | CALL QWORD PTR [RIP+0x37ECF] |
| 42976 | N/A | .text | CALL QWORD PTR [RIP+0x37B14] |
| 42A12 | N/A | .text | CALL QWORD PTR [RIP+0x37A80] |
| 42A7E | N/A | .text | CALL QWORD PTR [RIP+0x37DBC] |
| 42AA7 | N/A | .text | CALL QWORD PTR [RIP+0x379E3] |
| 42DA5 | N/A | .text | CALL QWORD PTR [RIP+0x37835] |
| 42DDC | N/A | .text | CALL QWORD PTR [RIP+0x377EE] |
| 42F05 | N/A | .text | CALL QWORD PTR [RIP+0x376BD] |
| 42FA9 | N/A | .text | CALL QWORD PTR [RIP+0x37561] |
| 43001 | N/A | .text | CALL QWORD PTR [RIP+0x37479] |
| 43036 | N/A | .text | CALL QWORD PTR [RIP+0x3743C] |
| 431AD | N/A | .text | CALL QWORD PTR [RIP+0x372BD] |
| 431C8 | N/A | .text | CALL QWORD PTR [RIP+0x3735A] |
| 431E2 | N/A | .text | CALL QWORD PTR [RIP+0x37470] |
| 43319 | N/A | .text | CALL QWORD PTR [RIP+0x372D9] |
| 43515 | N/A | .text | CALL QWORD PTR [RIP+0x370DD] |
| 4358E | N/A | .text | CALL QWORD PTR [RIP+0x37064] |
| 435E0 | N/A | .text | CALL QWORD PTR [RIP+0x36F52] |
| 43644 | N/A | .text | CALL QWORD PTR [RIP+0x36FAE] |
| 4369F | N/A | .text | CALL QWORD PTR [RIP+0x36F53] |
| 4398E | N/A | .text | CALL QWORD PTR [RIP+0x36B94] |
| 448D7 | N/A | .text | CALL QWORD PTR [RIP+0x35D1B] |
| 452B5 | N/A | .text | CALL QWORD PTR [RIP+0x351AD] |
| 452F2 | N/A | .text | CALL QWORD PTR [RIP+0x35168] |
| 4580C | N/A | .text | CALL QWORD PTR [RIP+0x34C46] |
| 45964 | N/A | .text | CALL QWORD PTR [RIP+0x34F0E] |
| 459C6 | N/A | .text | CALL QWORD PTR [RIP+0x34A84] |
| 459D0 | N/A | .text | CALL QWORD PTR [RIP+0x34ADA] |
| 45A58 | N/A | .text | CALL QWORD PTR [RIP+0x349F2] |
| 45A9E | N/A | .text | CALL QWORD PTR [RIP+0x349A4] |
| 45B53 | N/A | .text | CALL QWORD PTR [RIP+0x34D27] |
| 45B7B | N/A | .text | CALL QWORD PTR [RIP+0x34CE7] |
| 45BB6 | N/A | .text | CALL QWORD PTR [RIP+0x3498C] |
| 45BF7 | N/A | .text | CALL QWORD PTR [RIP+0x34C73] |
| 45C47 | N/A | .text | CALL QWORD PTR [RIP+0x34C1B] |
| 93C00 | 1000 | .pdata | ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata |
| 93C0C | 1020 | .pdata | ExceptionHook | Pointer to 1020 - 0x420 .text + UnwindInfo: .rdata |
| 93C18 | 1040 | .pdata | ExceptionHook | Pointer to 1040 - 0x440 .text + UnwindInfo: .rdata |
| 93C24 | 1060 | .pdata | ExceptionHook | Pointer to 1060 - 0x460 .text + UnwindInfo: .rdata |
| 93C30 | 1090 | .pdata | ExceptionHook | Pointer to 1090 - 0x490 .text + UnwindInfo: .rdata |
| 93C3C | 10C0 | .pdata | ExceptionHook | Pointer to 10C0 - 0x4C0 .text + UnwindInfo: .rdata |
| 93C48 | 10F0 | .pdata | ExceptionHook | Pointer to 10F0 - 0x4F0 .text + UnwindInfo: .rdata |
| 93C54 | 1120 | .pdata | ExceptionHook | Pointer to 1120 - 0x520 .text + UnwindInfo: .rdata |
| 93C60 | 1144 | .pdata | ExceptionHook | Pointer to 1144 - 0x544 .text + UnwindInfo: .rdata |
| 93C6C | 117C | .pdata | ExceptionHook | Pointer to 117C - 0x57C .text + UnwindInfo: .rdata |
| 93C78 | 11A8 | .pdata | ExceptionHook | Pointer to 11A8 - 0x5A8 .text + UnwindInfo: .rdata |
| 93C84 | 11D0 | .pdata | ExceptionHook | Pointer to 11D0 - 0x5D0 .text + UnwindInfo: .rdata |
| 93C90 | 1210 | .pdata | ExceptionHook | Pointer to 1210 - 0x610 .text + UnwindInfo: .rdata |
| 93C9C | 1250 | .pdata | ExceptionHook | Pointer to 1250 - 0x650 .text + UnwindInfo: .rdata |
| 93CA8 | 1270 | .pdata | ExceptionHook | Pointer to 1270 - 0x670 .text + UnwindInfo: .rdata |
| 93CB4 | 12B0 | .pdata | ExceptionHook | Pointer to 12B0 - 0x6B0 .text + UnwindInfo: .rdata |
| 93CC0 | 12D0 | .pdata | ExceptionHook | Pointer to 12D0 - 0x6D0 .text + UnwindInfo: .rdata |
| 93CCC | 1300 | .pdata | ExceptionHook | Pointer to 1300 - 0x700 .text + UnwindInfo: .rdata |
| 93CD8 | 1320 | .pdata | ExceptionHook | Pointer to 1320 - 0x720 .text + UnwindInfo: .rdata |
| 93CE4 | 1340 | .pdata | ExceptionHook | Pointer to 1340 - 0x740 .text + UnwindInfo: .rdata |
| 93CF0 | 1410 | .pdata | ExceptionHook | Pointer to 1410 - 0x810 .text + UnwindInfo: .rdata |
| 93CFC | 1460 | .pdata | ExceptionHook | Pointer to 1460 - 0x860 .text + UnwindInfo: .rdata |
| 93D08 | 1530 | .pdata | ExceptionHook | Pointer to 1530 - 0x930 .text + UnwindInfo: .rdata |
| 93D14 | 15A0 | .pdata | ExceptionHook | Pointer to 15A0 - 0x9A0 .text + UnwindInfo: .rdata |
| 93D20 | 1640 | .pdata | ExceptionHook | Pointer to 1640 - 0xA40 .text + UnwindInfo: .rdata |
| 93D2C | 16A0 | .pdata | ExceptionHook | Pointer to 16A0 - 0xAA0 .text + UnwindInfo: .rdata |
| 93D38 | 1760 | .pdata | ExceptionHook | Pointer to 1760 - 0xB60 .text + UnwindInfo: .rdata |
| 93D44 | 1840 | .pdata | ExceptionHook | Pointer to 1840 - 0xC40 .text + UnwindInfo: .rdata |
| 93D50 | 18F0 | .pdata | ExceptionHook | Pointer to 18F0 - 0xCF0 .text + UnwindInfo: .rdata |
| 93D5C | 1930 | .pdata | ExceptionHook | Pointer to 1930 - 0xD30 .text + UnwindInfo: .rdata |
| 93D68 | 1AE0 | .pdata | ExceptionHook | Pointer to 1AE0 - 0xEE0 .text + UnwindInfo: .rdata |
| 93D74 | 1B20 | .pdata | ExceptionHook | Pointer to 1B20 - 0xF20 .text + UnwindInfo: .rdata |
| 93D80 | 1B40 | .pdata | ExceptionHook | Pointer to 1B40 - 0xF40 .text + UnwindInfo: .rdata |
| 93D8C | 1B80 | .pdata | ExceptionHook | Pointer to 1B80 - 0xF80 .text + UnwindInfo: .rdata |
| 93D98 | 1BB0 | .pdata | ExceptionHook | Pointer to 1BB0 - 0xFB0 .text + UnwindInfo: .rdata |
| 93DA4 | 1BF0 | .pdata | ExceptionHook | Pointer to 1BF0 - 0xFF0 .text + UnwindInfo: .rdata |
| 93DB0 | 1C10 | .pdata | ExceptionHook | Pointer to 1C10 - 0x1010 .text + UnwindInfo: .rdata |
| 93DBC | 1DD0 | .pdata | ExceptionHook | Pointer to 1DD0 - 0x11D0 .text + UnwindInfo: .rdata |
| 93DC8 | 1FC0 | .pdata | ExceptionHook | Pointer to 1FC0 - 0x13C0 .text + UnwindInfo: .rdata |
| 93DD4 | 1FF0 | .pdata | ExceptionHook | Pointer to 1FF0 - 0x13F0 .text + UnwindInfo: .rdata |
| 93DE0 | 2090 | .pdata | ExceptionHook | Pointer to 2090 - 0x1490 .text + UnwindInfo: .rdata |
| 93DEC | 2140 | .pdata | ExceptionHook | Pointer to 2140 - 0x1540 .text + UnwindInfo: .rdata |
| 93DF8 | 2280 | .pdata | ExceptionHook | Pointer to 2280 - 0x1680 .text + UnwindInfo: .rdata |
| 93E04 | 22D0 | .pdata | ExceptionHook | Pointer to 22D0 - 0x16D0 .text + UnwindInfo: .rdata |
| 93E10 | 2310 | .pdata | ExceptionHook | Pointer to 2310 - 0x1710 .text + UnwindInfo: .rdata |
| 93E1C | 2330 | .pdata | ExceptionHook | Pointer to 2330 - 0x1730 .text + UnwindInfo: .rdata |
| 93E28 | 23A0 | .pdata | ExceptionHook | Pointer to 23A0 - 0x17A0 .text + UnwindInfo: .rdata |
| 93E34 | 2400 | .pdata | ExceptionHook | Pointer to 2400 - 0x1800 .text + UnwindInfo: .rdata |
| 93E40 | 2440 | .pdata | ExceptionHook | Pointer to 2440 - 0x1840 .text + UnwindInfo: .rdata |
| 93E4C | 2460 | .pdata | ExceptionHook | Pointer to 2460 - 0x1860 .text + UnwindInfo: .rdata |
| 93E58 | 2490 | .pdata | ExceptionHook | Pointer to 2490 - 0x1890 .text + UnwindInfo: .rdata |
| 93E64 | 24E0 | .pdata | ExceptionHook | Pointer to 24E0 - 0x18E0 .text + UnwindInfo: .rdata |
| 93E70 | 2520 | .pdata | ExceptionHook | Pointer to 2520 - 0x1920 .text + UnwindInfo: .rdata |
| 93E7C | 2630 | .pdata | ExceptionHook | Pointer to 2630 - 0x1A30 .text + UnwindInfo: .rdata |
| 93E88 | 26A0 | .pdata | ExceptionHook | Pointer to 26A0 - 0x1AA0 .text + UnwindInfo: .rdata |
| 93E94 | 26D0 | .pdata | ExceptionHook | Pointer to 26D0 - 0x1AD0 .text + UnwindInfo: .rdata |
| 93EA0 | 2710 | .pdata | ExceptionHook | Pointer to 2710 - 0x1B10 .text + UnwindInfo: .rdata |
| 93EAC | 2730 | .pdata | ExceptionHook | Pointer to 2730 - 0x1B30 .text + UnwindInfo: .rdata |
| 93EB8 | 2780 | .pdata | ExceptionHook | Pointer to 2780 - 0x1B80 .text + UnwindInfo: .rdata |
| 93EC4 | 29A0 | .pdata | ExceptionHook | Pointer to 29A0 - 0x1DA0 .text + UnwindInfo: .rdata |
| 93ED0 | 29E0 | .pdata | ExceptionHook | Pointer to 29E0 - 0x1DE0 .text + UnwindInfo: .rdata |
| 93EDC | 2A70 | .pdata | ExceptionHook | Pointer to 2A70 - 0x1E70 .text + UnwindInfo: .rdata |
| 93EE8 | 2AA0 | .pdata | ExceptionHook | Pointer to 2AA0 - 0x1EA0 .text + UnwindInfo: .rdata |
| 93EF4 | 2BF0 | .pdata | ExceptionHook | Pointer to 2BF0 - 0x1FF0 .text + UnwindInfo: .rdata |
| 93F00 | 2CF0 | .pdata | ExceptionHook | Pointer to 2CF0 - 0x20F0 .text + UnwindInfo: .rdata |
| 93F0C | 2D90 | .pdata | ExceptionHook | Pointer to 2D90 - 0x2190 .text + UnwindInfo: .rdata |
| 93F18 | 2DC0 | .pdata | ExceptionHook | Pointer to 2DC0 - 0x21C0 .text + UnwindInfo: .rdata |
| 93F24 | 2E60 | .pdata | ExceptionHook | Pointer to 2E60 - 0x2260 .text + UnwindInfo: .rdata |
| 93F30 | 2ED0 | .pdata | ExceptionHook | Pointer to 2ED0 - 0x22D0 .text + UnwindInfo: .rdata |
| 93F3C | 2F00 | .pdata | ExceptionHook | Pointer to 2F00 - 0x2300 .text + UnwindInfo: .rdata |
| 93F48 | 2F50 | .pdata | ExceptionHook | Pointer to 2F50 - 0x2350 .text + UnwindInfo: .rdata |
| 93F54 | 2FA0 | .pdata | ExceptionHook | Pointer to 2FA0 - 0x23A0 .text + UnwindInfo: .rdata |
| 93F60 | 2FE0 | .pdata | ExceptionHook | Pointer to 2FE0 - 0x23E0 .text + UnwindInfo: .rdata |
| 93F6C | 3020 | .pdata | ExceptionHook | Pointer to 3020 - 0x2420 .text + UnwindInfo: .rdata |
| 93F78 | 3040 | .pdata | ExceptionHook | Pointer to 3040 - 0x2440 .text + UnwindInfo: .rdata |
| 93F84 | 30F0 | .pdata | ExceptionHook | Pointer to 30F0 - 0x24F0 .text + UnwindInfo: .rdata |
| 93F90 | 3140 | .pdata | ExceptionHook | Pointer to 3140 - 0x2540 .text + UnwindInfo: .rdata |
| 93F9C | 31A0 | .pdata | ExceptionHook | Pointer to 31A0 - 0x25A0 .text + UnwindInfo: .rdata |
| 93FA8 | 3230 | .pdata | ExceptionHook | Pointer to 3230 - 0x2630 .text + UnwindInfo: .rdata |
| 93FB4 | 3280 | .pdata | ExceptionHook | Pointer to 3280 - 0x2680 .text + UnwindInfo: .rdata |
| 93FC0 | 32D0 | .pdata | ExceptionHook | Pointer to 32D0 - 0x26D0 .text + UnwindInfo: .rdata |
| 93FCC | 3310 | .pdata | ExceptionHook | Pointer to 3310 - 0x2710 .text + UnwindInfo: .rdata |
| 93FD8 | 3350 | .pdata | ExceptionHook | Pointer to 3350 - 0x2750 .text + UnwindInfo: .rdata |
| 93FE4 | 3370 | .pdata | ExceptionHook | Pointer to 3370 - 0x2770 .text + UnwindInfo: .rdata |
| 93FF0 | 33B0 | .pdata | ExceptionHook | Pointer to 33B0 - 0x27B0 .text + UnwindInfo: .rdata |
| 93FFC | 33F0 | .pdata | ExceptionHook | Pointer to 33F0 - 0x27F0 .text + UnwindInfo: .rdata |
| 94008 | 3430 | .pdata | ExceptionHook | Pointer to 3430 - 0x2830 .text + UnwindInfo: .rdata |
| 94014 | 3460 | .pdata | ExceptionHook | Pointer to 3460 - 0x2860 .text + UnwindInfo: .rdata |
| 94020 | 34F0 | .pdata | ExceptionHook | Pointer to 34F0 - 0x28F0 .text + UnwindInfo: .rdata |
| 9402C | 3510 | .pdata | ExceptionHook | Pointer to 3510 - 0x2910 .text + UnwindInfo: .rdata |
| 94038 | 3550 | .pdata | ExceptionHook | Pointer to 3550 - 0x2950 .text + UnwindInfo: .rdata |
| 94044 | 3570 | .pdata | ExceptionHook | Pointer to 3570 - 0x2970 .text + UnwindInfo: .rdata |
| 94050 | 35D0 | .pdata | ExceptionHook | Pointer to 35D0 - 0x29D0 .text + UnwindInfo: .rdata |
| 9405C | 3620 | .pdata | ExceptionHook | Pointer to 3620 - 0x2A20 .text + UnwindInfo: .rdata |
| 94068 | 3750 | .pdata | ExceptionHook | Pointer to 3750 - 0x2B50 .text + UnwindInfo: .rdata |
| 94074 | 3820 | .pdata | ExceptionHook | Pointer to 3820 - 0x2C20 .text + UnwindInfo: .rdata |
| 94080 | 38E0 | .pdata | ExceptionHook | Pointer to 38E0 - 0x2CE0 .text + UnwindInfo: .rdata |
| 9408C | 3920 | .pdata | ExceptionHook | Pointer to 3920 - 0x2D20 .text + UnwindInfo: .rdata |
| 94098 | 3960 | .pdata | ExceptionHook | Pointer to 3960 - 0x2D60 .text + UnwindInfo: .rdata |
| 940A4 | 39C0 | .pdata | ExceptionHook | Pointer to 39C0 - 0x2DC0 .text + UnwindInfo: .rdata |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 376907 | 59,3667% |
| Null Byte Code | 124471 | 19,6054% |
© 2026 All rights reserved.