PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 5,01 MB SHA-256 Hash: ED340B7BDE08E27EFCDA4F734AF2AECCE606906940573A24277A7579B653E233 SHA-1 Hash: 2AA90D9D0B58DC7E3C983D38AD090B67350B30C7 MD5 Hash: 0EB4F863AFE8EFB6D7FFA007A6A1B76A Imphash: 146C4A9ADCFC058A5C5A3E517786060B MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 005054E3 EntryPoint (rva): 14B0 SizeOfHeaders: 400 SizeOfImage: 509000 ImageBase: 400000 Architecture: x86 ImportTable: 503000 IAT: 503248 Characteristics: 32E TimeDateStamp: 68A32286 Date: 18/08/2025 12:54:30 File Type: EXE Number Of Sections: 9 ASLR: Enabled Section Names: .text, .data, .rdata, .eh_fram, .bss, .idata, .CRT, .tls, .reloc Number Of Executable Sections: 1 Subsystem: Windows Console |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000060 Code Initialized Data Executable Readable |
400 | 44000 | 1000 | 43EA4 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
44400 | 200 | 45000 | 90 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
44600 | 4B4400 | 46000 | 4B42C0 |
|
|
| .eh_fram | 0x40000040 Initialized Data Readable |
4F8A00 | 6E00 | 4FB000 | 6D48 |
|
|
| .bss | 0xC0000080 Uninitialized Data Readable Writeable |
0 | 0 | 502000 | B54 |
|
|
| .idata | 0xC0000040 Initialized Data Readable Writeable |
4FF800 | 1000 | 503000 | E20 |
|
|
| .CRT | 0xC0000040 Initialized Data Readable Writeable |
500800 | 200 | 504000 | 38 |
|
|
| .tls | 0xC0000040 Initialized Data Readable Writeable |
500A00 | 200 | 505000 | 8 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
500C00 | 2200 | 506000 | 212C |
|
|
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 8B0 Code -> C705082B900000000000E9A1FCFFFF9083EC1C8B442420890424E8D1A9030083F80119C083C41CC390909090909090905589 Assembler |MOV DWORD PTR [0X902B08], 0 |JMP 0XCB0 |NOP |SUB ESP, 0X1C |MOV EAX, DWORD PTR [ESP + 0X20] |MOV DWORD PTR [ESP], EAX |CALL 0X3B9F0 |CMP EAX, 1 |SBB EAX, EAX |ADD ESP, 0X1C |RET |NOP |NOP |NOP |NOP |NOP |NOP |NOP |NOP |PUSH EBP |
| Signatures |
| Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Detect It Easy (die) • PE: linker: GNU linker ld (GNU Binutils)(2.40)[-] • Entropy: 7.5127 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | CreateMutexA | Create a named or unnamed mutex object for controlling access to a shared resource. |
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | CreateToolhelp32Snapshot | Creates a snapshot of the specified processes, heaps, threads, and modules. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| File Access |
| ntdll.dll msvcrt.dll KERNEL32.dll dbghelp.dll libgcc_s_dw2-1.dll .dat Temp |
| Interest's Words |
| start systeminfo ping |
| Anti-VM/Sandbox/Debug Tricks |
| OllyDbg Libary - dbghelp.dll |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | Anti-Analysis VM (CreateToolhelp32Snapshot) |
| Text | Ascii | Stealth (ReleaseSemaphore) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (IsBadReadPtr) |
| Text | Ascii | Stealth (UnmapViewOfFile) |
| Text | Ascii | Stealth (MapViewOfFile) |
| Text | Ascii | Stealth (CreateFileMappingA) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Execution (CreateSemaphoreW) |
| Intelligent String |
| • @.bss • .CRT • .tls • C:\Users\runneradmin\.cargo\registry\src\index.crates.io-1cd66030c949c28d\rustc-demangle-0.1.23\src\legacy.rs • C:\Users\runneradmin\.cargo\registry\src\index.crates.io-1cd66030c949c28d\rustc-demangle-0.1.23\src\v0.rs • C:\Users\runneradmin\.cargo\registry\src\index.crates.io-1cd66030c949c28d\rustc-demangle-0.1.23\src\lib.rsxj • C:\Users\runneradmin\.cargo\registry\src\index.crates.io-1cd66030c949c28d\object-0.32.0\src\read\coff\symbol.rs o • C:\Users\runneradmin\.cargo\registry\src\index.crates.io-1cd66030c949c28d\addr2line-0.21.0\src\lib.rs • C:\Users\runneradmin\.cargo\registry\src\index.crates.io-1cd66030c949c28d\addr2line-0.21.0\src\function.rs • msvcrt.dll • 0PKERNEL32.dll • (0P(0Pntdll.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 638 | 903324 | .text | CALL [static] | Indirect call to absolute memory address |
| 833 | 9032C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 8F0 | 9032B0 | .text | CALL [static] | Indirect call to absolute memory address |
| 906 | 9032F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 9A4 | 90327C | .text | CALL [static] | Indirect call to absolute memory address |
| 173DE | 1C244489 | .text | CALL [static] | Indirect call to absolute memory address |
| 1903F | 1C244489 | .text | CALL [static] | Indirect call to absolute memory address |
| 1FC91 | 1C244489 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36600 | 903360 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36608 | 903358 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36610 | 903354 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36618 | 903340 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36620 | 90333C | .text | JMP [static] | Indirect jump to absolute memory address |
| 36628 | 903338 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36630 | 903334 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36638 | 903330 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36640 | 90332C | .text | JMP [static] | Indirect jump to absolute memory address |
| 36648 | 903320 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36650 | 90331C | .text | JMP [static] | Indirect jump to absolute memory address |
| 36658 | 903318 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36660 | 903310 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36668 | 90330C | .text | JMP [static] | Indirect jump to absolute memory address |
| 36670 | 903308 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36678 | 903304 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36680 | 903300 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36688 | 9032FC | .text | JMP [static] | Indirect jump to absolute memory address |
| 36690 | 9032F8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36698 | 9032F4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 366A0 | 9032E0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 366A8 | 9032DC | .text | JMP [static] | Indirect jump to absolute memory address |
| 366B0 | 9032D8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 366B8 | 9032D4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 366C0 | 9032D0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 366C8 | 9032C8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 366D0 | 9032C0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 366D8 | 9032BC | .text | JMP [static] | Indirect jump to absolute memory address |
| 366E0 | 9032B0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 366E8 | 9032AC | .text | JMP [static] | Indirect jump to absolute memory address |
| 366F0 | 9032A8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 366F8 | 9032A4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36700 | 9032A0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36708 | 90329C | .text | JMP [static] | Indirect jump to absolute memory address |
| 36710 | 903298 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36718 | 903294 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36720 | 903290 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36728 | 90328C | .text | JMP [static] | Indirect jump to absolute memory address |
| 36730 | 903288 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36738 | 903284 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36740 | 903280 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36748 | 903278 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36750 | 903270 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36758 | 903268 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36760 | 903260 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36768 | 90325C | .text | JMP [static] | Indirect jump to absolute memory address |
| 36770 | 903258 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36778 | 903254 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36780 | 903250 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36788 | 90324C | .text | JMP [static] | Indirect jump to absolute memory address |
| 36790 | 903248 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36798 | 903438 | .text | JMP [static] | Indirect jump to absolute memory address |
| 367A0 | 903434 | .text | JMP [static] | Indirect jump to absolute memory address |
| 392AC | 903264 | .text | CALL [static] | Indirect call to absolute memory address |
| 394B0 | 903314 | .text | CALL [static] | Indirect call to absolute memory address |
| 39517 | 903264 | .text | CALL [static] | Indirect call to absolute memory address |
| 39558 | 903354 | .text | CALL [static] | Indirect call to absolute memory address |
| 395E5 | 903314 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A651 | 903314 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A689 | 903264 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A710 | 903354 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A7E1 | 903314 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A819 | 903264 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A8A0 | 903354 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A973 | 903314 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A9BB | 903264 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AA40 | 903354 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AB02 | 903314 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AB47 | 903264 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AB90 | 903354 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AC82 | 903314 | .text | CALL [static] | Indirect call to absolute memory address |
| 3ACC7 | 903264 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AD10 | 903354 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AE0C | 903314 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AE57 | 903264 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AEA0 | 903354 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B103 | 903314 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B162 | 903264 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B1A7 | 903354 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B216 | 903314 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B260 | 90336C | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B268 | 903378 | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B270 | 90337C | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B278 | 903380 | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B280 | 903384 | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B288 | 90338C | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B290 | 903390 | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B298 | 9033A4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B2A0 | 9033B0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B2A8 | 9033BC | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B2B0 | 9033C4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 3B2B8 | 9033CC | .text | JMP [static] | Indirect jump to absolute memory address |
| 31C457-31CC58 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 1025 |
| 41973F-41974C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 419763-419776 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 4197B7-4197C4 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 419955-41996E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 13 |
| 41A01B-41A034 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 13 |
| 41A191-41A1B8 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 20 |
| 41B7D5-41B7E4 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41B825-41B834 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41B869-41B878 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41B8C9-41B8D8 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41B90B-41B91A | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BA21-41BA30 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BAA3-41BAB2 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BB31-41BB40 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BB7B-41BB8A | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BC15-41BC24 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BCAD-41BCBC | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BCFD-41BD0C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BDE1-41BDF0 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BE79-41BE88 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BF15-41BF24 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41BF83-41BF92 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41C015-41C024 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41C089-41C098 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41C135-41C144 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41C185-41C194 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41C21D-41C22C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41C26D-41C27C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41C2B5-41C2C4 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41C2FD-41C30C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41C399-41C3A8 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 41C431-41C440 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 44A3C7-44A3E0 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 13 |
| 44A5CF-44A5E8 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 13 |
| 47592F-475948 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 13 |
| 475B37-475B50 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 13 |
| 48E1F3-48E200 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 48ECE1-48ECF0 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 48ED35-48ED44 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 48F533-48F540 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 48F60F-48F61E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 48F625-48F638 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 48F69D-48F6B0 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 48F70D-48F71C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 48F71F-48F72E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 48F737-48F74A | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 48F7AB-48F7BA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 490767-490774 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 49093B-490948 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 490F13-490F20 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 491113-491120 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 49115F-49116C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 4911A5-4911B4 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 4911D3-4911E0 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 4911FF-49120C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 4912ED-4912FC | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 491357-491366 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 49137B-491388 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 4913E3-4913F2 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 491447-491456 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 4914A7-4914B6 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 491503-491512 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 49156D-49157C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 4915E3-4915F2 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 491607-491614 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 49167F-49168E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 4916EB-4916FA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 49173F-491750 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 9 |
| 491767-491774 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 491823-491832 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 4918AB-4918BA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 491927-491936 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 491953-491966 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 491993-4919A6 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 4919AD-4919BC | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 4919C7-4919DA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 4919E7-4919FA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 491A3B-491A50 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 11 |
| 491A6F-491A7E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 491A8F-491A9C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 491AE7-491AF6 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 491B4F-491B5E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 491B6F-491B82 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 491BB1-491BC4 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 491BCB-491BDC | N/A | .rdata | Potential obfuscated jump sequence detected, count: 9 |
| 491BE3-491BF8 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 11 |
| 491C05-491C18 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 491C5B-491C6E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 491C8D-491C9C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 4926D3-4926E0 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 500820 | 10170 | .CRT | TLS Callback | Pointer to 410170 - 0xF570 .text |
| 500824 | 412D0 | .CRT | TLS Callback | Pointer to 4412D0 - 0x406D0 .text |
| 500828 | 41280 | .CRT | TLS Callback | Pointer to 441280 - 0x40680 .text |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 3947741 | 75,1284% |
| Null Byte Code | 76945 | 1,4643% |
| NOP Cave Found | 0x9090909090 | Block Count: 56 | Total: 0,0027% |
© 2026 All rights reserved.