PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 602,00 KB
SHA-256 Hash: 2D32DA462D14AFA55F5CB135B241BCF008AA2A1A93BE17A78773DDC956B439D2
SHA-1 Hash: 5BEC097502EDE0516638651DB7B18FC5125B7216
MD5 Hash: 0F47467CE022EDEA499552CFB02D16AC
Imphash: 065DC5FF8F05B1A2B423672D3D5501F2
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 55834
SizeOfHeaders: 400
SizeOfImage: 9B000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 74648
IAT: 5C000
Characteristics: 22
TimeDateStamp: 69DF3C53
Date: 15/04/2026 7:20:51
File Type: EXE
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	400	5AC00	1000	5AB2F	6.3261	2912836.27
.rdata	0x40000040 Initialized Data Readable	5B000	1CA00	5C000	1C9C6	5.1848	4194221.31
.data	0xC0000040 Initialized Data Readable Writeable	77A00	4400	79000	4CE0	4.8748	324975.65
.pdata	0x40000040 Initialized Data Readable	7BE00	3200	7E000	31E0	5.7385	292501.04
.rsrc	0x40000040 Initialized Data Readable	7F000	17200	82000	17200	4.0306	3421800.95
.reloc	0x42000040 Initialized Data GP-Relative Readable	96200	600	9A000	448	4.4476	50112.67

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 54C34
Code -> 4883EC28E8970400004883C428E97AFEFFFFCCCC4883EC284D8B4138488BCA498BD1E80D000000B8010000004883C428C3CC

Assembler

|SUB RSP, 0X28

|CALL 0X14A0

|ADD RSP, 0X28

|JMP 0XE8C

|INT3

|SUB RSP, 0X28

|MOV R8, QWORD PTR [R9 + 0X38]

|MOV RCX, RDX

|MOV RDX, R9

|CALL 0X1034

|MOV EAX, 1

|ADD RSP, 0X28

|RET

|INT3

Signatures

Rich Signature Analyzer:
Code -> 3B475EBE7F2630ED7F2630ED7F2630ED765EA3ED6B2630ED06A735EC7E2630ED06A737EC7E2630ED34AC33EC7B2630ED34AC34EC752630ED34AC35EC5A2630ED34AC31EC792630ED06A734EC7C2630ED06A736EC7E2630ED06A731EC5F2630ED7F2630ED7C2630ED7F2631EDA32730EDF2AD39EC742630EDF2ADCFED7E2630ED7F26A7ED7E2630EDF2AD32EC7E2630ED526963687F2630ED
Footprint md5 Hash -> 231421C03E90ACFFA882CC47D69648C5
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Compiler: Microsoft Visual Studio
Detect It Easy (die)
• PE+(64): compiler: Microsoft Visual C/C++(-)[-]
• PE+(64): linker: Microsoft Linker(14.50**)[-]
• Entropy: 6.19995

Suspicious Functions

Library	Function	Description
Ws2_32.DLL	socket \| Possible Call API By Name	Create a communication endpoint for networking applications.
Ws2_32.DLL	connect \| Possible Call API By Name	Establish a connection to a specified socket.
SHELL32.DLL	ShellExecuteW \| Possible Call API By Name	Performs a run operation on a specific file.
KERNEL32.DLL	CreateToolhelp32Snapshot	Creates a snapshot of the specified processes, heaps, threads, and modules.
USER32.DLL	GetAsyncKeyState	Retrieves the status of a virtual key asynchronously.
SHELL32.DLL	ShellExecuteW	Performs a run operation on a specific file.

File Access

api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
VCRUNTIME140.dll
VCRUNTIME140_1.dll
bcrypt.dll
MFReadWrite.dll
MFPlat.DLL
MF.dll
CRYPT32.dll
WINTRUST.dll
wlanapi.dll
gdiplus.dll
MSVCP140.dll
SHELL32.dll
ADVAPI32.dll
GDI32.dll
USER32.dll
KERNEL32.dll
WS2_32.dll
ole32.dll
WINHTTP.dll
WebView2Loader.dll
.dat
@.dat

File Access (UNICODE)

cursor.exe
xcode.exe
nvim.exe
atom.exe
sublime_text.exe
devenv.exe
idea64.exe
code.exe
nissrv.exe
msmpeng.exe
securityhealthservice.exe
sgrmbroker.exe
dashost.exe
wudfhost.exe
audiodg.exe
spoolsv.exe
searchfilterhost.exe
searchprotocolhost.exe
searchindexer.exe
runtimebroker.exe
ctfmon.exe
sihost.exe
taskhostw.exe
conhost.exe
fontdrvhost.exe
lsass.exe
wininit.exe
smss.exe
services.exe
csrss.exe
winlogon.exe
svchost.exe
dwm.exe
\token.dat
\exam_heartbeat.dat
\open_exam_debug.log
\exam_force_kill.log
\working_folder.txt
AppData
UserProfile

Interest's Words

exec
netsh
attrib
start
shutdown
ping

Interest's Words (UNICODE)

ToolBar
exec
start
ping

URLs

https://portal.rikkei.edu.vn/raia-auth?socket-id=

URLs (UNICODE)

https://portal.rikkei.edu.vn/

AV Services (UNICODE)

msmpeng.exe - (Defender)

IP Addresses

127.0.0.1

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (connect)
Text	Unicode	WinAPI Sockets (connect)
Text	Ascii	WinAPI Sockets (send)
Text	Unicode	WinAPI Sockets (send)
Text	Ascii	File (CreateFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Encryption API (CryptAcquireContext)
Text	Ascii	Encryption API (CryptReleaseContext)
Text	Ascii	Anti-Analysis VM (CreateToolhelp32Snapshot)
Text	Ascii	Reconnaissance (FindFirstFileW)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Execution (CreateProcessA)
Text	Ascii	Execution (ShellExecute)
Text	Unicode	Execution (ShellExecute)
Text	Unicode	Malicious code executed after exploiting a vulnerability (Payload)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\ICON\1\1033	82570	115A	7F570	89504E470D0A1A0A0000000D49484452000001000000010008030000006BAC5854000000017352474200AECE1CE900000004	.PNG........IHDR.............k.XT....sRGB.........
\ICON\2\1033	836D0	EA8	806D0	2800000030000000600000000100080000000000000900000000000000000000000100000001000000000000424242004D4D	(...0......................................BBB.MM
\ICON\3\1033	84578	8A8	81578	2800000020000000400000000100080000000000000400000000000000000000000100000001000000000000424242004D4D	(... ...@...................................BBB.MM
\ICON\4\1033	84E20	568	81E20	2800000010000000200000000100080000000000000100000000000000000000000100000001000000000000424242004D4D	(....... ...................................BBB.MM
\ICON\5\1033	85388	90B	82388	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000000017352474200AECE1CE900000004	.PNG........IHDR.............\r.f....sRGB.........
\ICON\6\1033	85C98	4228	82C98	2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000	(...@......... ......B............................
\ICON\7\1033	89EC0	25A8	86EC0	2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000	(...0........ ......%............................
\ICON\8\1033	8C468	10A8	89468	2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\9\1033	8D510	468	8A510	280000001000000020000000010020000000000040040000000000000000000000000000000000000000000000000000F6F6	(....... ..... .....@.............................
\ICON\10\1033	8DA00	115A	8AA00	89504E470D0A1A0A0000000D49484452000001000000010008030000006BAC5854000000017352474200AECE1CE900000004	.PNG........IHDR.............k.XT....sRGB.........
\ICON\11\1033	8EB60	EA8	8BB60	2800000030000000600000000100080000000000000900000000000000000000000100000001000000000000424242004D4D	(...0......................................BBB.MM
\ICON\12\1033	8FA08	8A8	8CA08	2800000020000000400000000100080000000000000400000000000000000000000100000001000000000000424242004D4D	(... ...@...................................BBB.MM
\ICON\13\1033	902B0	568	8D2B0	2800000010000000200000000100080000000000000100000000000000000000000100000001000000000000424242004D4D	(....... ...................................BBB.MM
\ICON\14\1033	90818	90B	8D818	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000000017352474200AECE1CE900000004	.PNG........IHDR.............\r.f....sRGB.........
\ICON\15\1033	91128	4228	8E128	2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000	(...@......... ......B............................
\ICON\16\1033	95350	25A8	92350	2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000	(...0........ ......%............................
\ICON\17\1033	978F8	10A8	948F8	2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\18\1033	989A0	468	959A0	280000001000000020000000010020000000000040040000000000000000000000000000000000000000000000000000F6F6	(....... ..... .....@.............................
\MENU\109\1033	98E90	4A	95E90	0000000010002600460069006C00650000008000690045002600780069007400000090002600480065006C0070000000800068002600410062006F007500740020002E002E002E000000	......&.F.i.l.e.....i.E.&.x.i.t.....&.H.e.l.p.....h.&.A.b.o.u.t. .........
\DIALOG\103\1033	98EF0	148	95EF0	0100FFFF0000000000000000C800C880040000000000AA003E0000000000410062006F00750074002000770069006E006400	........................>.....A.b.o.u.t. .w.i.n.d.
\STRING\7\1033	99038	46	96038	0000000000000000000000000000080052004100490041002000410050005000000000000000000000000B00570049004E0044004F0057005200410049004100430000000000	................R.A.I.A. .A.P.P.............W.I.N.D.O.W.R.A.I.A.C.....
\ACCELERATOR\109\1033	98EE0	10	95EE0	10003F006800000090002F0068000000	..?.h...../.h...
\GROUP_ICON\107\1033	8D978	84	8A978	00000100090000000000010008005A11000001003030000001000800A80E000002002020000001000800A808000003001010	..............Z.....00............ ..............
\GROUP_ICON\108\1033	98E08	84	95E08	00000100090000000000010008005A1100000A003030000001000800A80E00000B002020000001000800A80800000C001010	..............Z.....00............ ..............
\24\1\1033	99080	17D	96080	3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779	<?xml version='1.0' encoding='UTF-8' standalone='y

Intelligent String

• api-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-runtime-l1-1-0.dll
• api-ms-win-crt-stdio-l1-1-0.dll
• .git
• \*.jpg
• frame_%06d.jpg
• \exam_heartbeat.dat
• \exam_force_kill.log
• \open_exam_debug.log
• \token.dat
• \working_folder.txt
• :///exam-download
• dwm.exe
• svchost.exe
• winlogon.exe
• csrss.exe
• services.exe
• smss.exe
• wininit.exe
• lsass.exe
• fontdrvhost.exe
• conhost.exe
• taskhostw.exe
• sihost.exe
• ctfmon.exe
• runtimebroker.exe
• searchindexer.exe
• searchprotocolhost.exe
• searchfilterhost.exe
• spoolsv.exe
• audiodg.exe
• wudfhost.exe
• dashost.exe
• sgrmbroker.exe
• securityhealthservice.exe
• msmpeng.exe
• nissrv.exe
• code.exe
• idea64.exe
• .exe
• ip-api.com
• [GPS] ERROR: Cannot connect to ip-api.com
• [GPS] Connected to ip-api.com
• 127.0.0.1
• netsh advfirewall firewall add rule name="Raia Mobile Connect" dir=in action=allow protocol=TCP localport=%d
• devenv.exe
• sublime_text.exe
• atom.exe
• nvim.exe
• xcode.exe
• cursor.exe
• .svn
• C:\Users\PhuocNTB\Desktop\raia_v3\app_win\x64\Release\window_raia_c.pdb
• .tls
• .bss
• WebView2Loader.dll
• getaddrinfoWS2_32.dll
• ADVAPI32.dll
• WINTRUST.dll
• bcrypt.dll
• VCRUNTIME140_1.dll
• VCRUNTIME140.dll
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-filesystem-l1-1-0.dll
• api-ms-win-crt-convert-l1-1-0.dll
• api-ms-win-crt-environment-l1-1-0.dll
• api-ms-win-crt-time-l1-1-0.dll
• api-ms-win-crt-math-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll

Flow Anomalies

Offset	RVA	Section	Description
7A3	N/A	.text	CALL QWORD PTR [RIP+0x5B7CF]
7E4	N/A	.text	CALL QWORD PTR [RIP+0x5B4AE]
83D	N/A	.text	CALL QWORD PTR [RIP+0x5B45D]
87F	N/A	.text	JMP QWORD PTR [RIP+0x5B41B]
904	N/A	.text	CALL QWORD PTR [RIP+0x5B38E]
944	N/A	.text	CALL QWORD PTR [RIP+0x5B34E]
96B	N/A	.text	CALL QWORD PTR [RIP+0x5AF47]
9EF	N/A	.text	CALL QWORD PTR [RIP+0x5AC5B]
A66	N/A	.text	CALL QWORD PTR [RIP+0x5ABE4]
B39	N/A	.text	CALL QWORD PTR [RIP+0x5AA19]
BA6	N/A	.text	CALL QWORD PTR [RIP+0x5A9AC]
167A	N/A	.text	CALL QWORD PTR [RIP+0x5A880]
181A	N/A	.text	CALL QWORD PTR [RIP+0x59D60]
1838	N/A	.text	CALL QWORD PTR [RIP+0x59D42]
1861	N/A	.text	CALL QWORD PTR [RIP+0x59D19]
1883	N/A	.text	CALL QWORD PTR [RIP+0x5A477]
1891	N/A	.text	CALL QWORD PTR [RIP+0x59CE1]
18B9	N/A	.text	CALL QWORD PTR [RIP+0x59CC1]
1917	N/A	.text	CALL QWORD PTR [RIP+0x5A40B]
1936	N/A	.text	CALL QWORD PTR [RIP+0x5A3D4]
1945	N/A	.text	CALL QWORD PTR [RIP+0x59C2D]
196D	N/A	.text	CALL QWORD PTR [RIP+0x59C0D]
1976	N/A	.text	CALL QWORD PTR [RIP+0x5A38C]
19EA	N/A	.text	CALL QWORD PTR [RIP+0x5A308]
19FC	N/A	.text	CALL QWORD PTR [RIP+0x59B76]
1A24	N/A	.text	CALL QWORD PTR [RIP+0x59B56]
1A2E	N/A	.text	CALL QWORD PTR [RIP+0x5A2D4]
1A37	N/A	.text	CALL QWORD PTR [RIP+0x5A2CB]
1A9C	N/A	.text	CALL QWORD PTR [RIP+0x5A24E]
1AAA	N/A	.text	CALL QWORD PTR [RIP+0x59AC8]
1AD2	N/A	.text	CALL QWORD PTR [RIP+0x59AA8]
1ADB	N/A	.text	CALL QWORD PTR [RIP+0x5A227]
1AE5	N/A	.text	CALL QWORD PTR [RIP+0x5A21D]
1AEE	N/A	.text	CALL QWORD PTR [RIP+0x5A214]
1B7B	N/A	.text	CALL QWORD PTR [RIP+0x599DF]
1B9B	N/A	.text	CALL QWORD PTR [RIP+0x59D2F]
1BC5	N/A	.text	CALL QWORD PTR [RIP+0x5A125]
1BD3	N/A	.text	CALL QWORD PTR [RIP+0x5999F]
1BFB	N/A	.text	CALL QWORD PTR [RIP+0x5997F]
1C04	N/A	.text	CALL QWORD PTR [RIP+0x5A0FE]
1C0E	N/A	.text	CALL QWORD PTR [RIP+0x5A0F4]
1C17	N/A	.text	CALL QWORD PTR [RIP+0x5A0EB]
1C7D	N/A	.text	CALL QWORD PTR [RIP+0x5A095]
1C8B	N/A	.text	CALL QWORD PTR [RIP+0x598E7]
1CB3	N/A	.text	CALL QWORD PTR [RIP+0x598C7]
1CBC	N/A	.text	CALL QWORD PTR [RIP+0x5A046]
1CC6	N/A	.text	CALL QWORD PTR [RIP+0x5A03C]
1CCF	N/A	.text	CALL QWORD PTR [RIP+0x5A033]
1D20	N/A	.text	CALL QWORD PTR [RIP+0x59FBA]
1D2E	N/A	.text	CALL QWORD PTR [RIP+0x59844]
1D56	N/A	.text	CALL QWORD PTR [RIP+0x59824]
1D5F	N/A	.text	CALL QWORD PTR [RIP+0x59FA3]
1D69	N/A	.text	CALL QWORD PTR [RIP+0x59F99]
1D72	N/A	.text	CALL QWORD PTR [RIP+0x59F90]
1DC3	N/A	.text	CALL QWORD PTR [RIP+0x59EFF]
1DD0	N/A	.text	CALL QWORD PTR [RIP+0x59F32]
1DE1	N/A	.text	CALL QWORD PTR [RIP+0x59791]
1E09	N/A	.text	CALL QWORD PTR [RIP+0x59771]
1E13	N/A	.text	CALL QWORD PTR [RIP+0x59EEF]
1E1C	N/A	.text	CALL QWORD PTR [RIP+0x59EE6]
1ED8	N/A	.text	CALL QWORD PTR [RIP+0x59692]
1F1B	N/A	.text	CALL QWORD PTR [RIP+0x59F8F]
1F38	N/A	.text	CALL QWORD PTR [RIP+0x59FC2]
1F93	N/A	.text	CALL QWORD PTR [RIP+0x59F17]
1FB0	N/A	.text	CALL QWORD PTR [RIP+0x59F4A]
1FD9	N/A	.text	CALL QWORD PTR [RIP+0x595A1]
2061	N/A	.text	JMP QWORD PTR [RIP+0x1B00005]
2076	N/A	.text	CALL QWORD PTR [RIP+0x59844]
2087	N/A	.text	CALL QWORD PTR [RIP+0x59833]
20A0	N/A	.text	CALL QWORD PTR [RIP+0x594DA]
20C7	N/A	.text	CALL QWORD PTR [RIP+0x59C53]
20D3	N/A	.text	CALL QWORD PTR [RIP+0x59807]
20EE	N/A	.text	CALL QWORD PTR [RIP+0x597F4]
2105	N/A	.text	CALL QWORD PTR [RIP+0x597D5]
2115	N/A	.text	CALL QWORD PTR [RIP+0x597A5]
212C	N/A	.text	CALL QWORD PTR [RIP+0x597B6]
213B	N/A	.text	CALL QWORD PTR [RIP+0x5977F]
2152	N/A	.text	CALL QWORD PTR [RIP+0x59BB0]
2169	N/A	.text	CALL QWORD PTR [RIP+0x59B99]
217F	N/A	.text	CALL QWORD PTR [RIP+0x59B83]
21FD	N/A	.text	CALL QWORD PTR [RIP+0x59AE5]
222D	N/A	.text	CALL QWORD PTR [RIP+0x5934D]
235B	N/A	.text	CALL QWORD PTR [RIP+0x599CF]
2395	N/A	.text	CALL QWORD PTR [RIP+0x591E5]
23EC	N/A	.text	CALL QWORD PTR [RIP+0x5917E]
2549	N/A	.text	CALL QWORD PTR [RIP+0x59381]
2574	N/A	.text	CALL QWORD PTR [RIP+0x59006]
26C1	N/A	.text	CALL QWORD PTR [RIP+0x58EA1]
26DF	N/A	.text	CALL QWORD PTR [RIP+0x58E8B]
2723	N/A	.text	CALL QWORD PTR [RIP+0x58E57]
284B	N/A	.text	CALL QWORD PTR [RIP+0x58D0F]
28D3	N/A	.text	CALL QWORD PTR [RIP+0x59677]
29A3	N/A	.text	CALL QWORD PTR [RIP+0x595A7]
2A03	N/A	.text	CALL QWORD PTR [RIP+0x59547]
2A63	N/A	.text	CALL QWORD PTR [RIP+0x594F7]
2B5D	N/A	.text	CALL QWORD PTR [RIP+0x58D6D]
2F9F	N/A	.text	CALL QWORD PTR [RIP+0x58933]
328B	N/A	.text	CALL QWORD PTR [RIP+0x58627]
332B	N/A	.text	CALL QWORD PTR [RIP+0x58597]
337D	N/A	.text	CALL QWORD PTR [RIP+0x58CF5]
7BE00	1200	.pdata	ExceptionHook \| Pointer to 1200 - 0x600 .text + UnwindInfo: .rdata
7BE0C	1300	.pdata	ExceptionHook \| Pointer to 1300 - 0x700 .text + UnwindInfo: .rdata
7BE18	1360	.pdata	ExceptionHook \| Pointer to 1360 - 0x760 .text + UnwindInfo: .rdata
7BE24	13C0	.pdata	ExceptionHook \| Pointer to 13C0 - 0x7C0 .text + UnwindInfo: .rdata
7BE30	1420	.pdata	ExceptionHook \| Pointer to 1420 - 0x820 .text + UnwindInfo: .rdata
7BE3C	14C0	.pdata	ExceptionHook \| Pointer to 14C0 - 0x8C0 .text + UnwindInfo: .rdata
7BE48	14E0	.pdata	ExceptionHook \| Pointer to 14E0 - 0x8E0 .text + UnwindInfo: .rdata
7BE54	1520	.pdata	ExceptionHook \| Pointer to 1520 - 0x920 .text + UnwindInfo: .rdata
7BE60	1560	.pdata	ExceptionHook \| Pointer to 1560 - 0x960 .text + UnwindInfo: .rdata
7BE6C	1580	.pdata	ExceptionHook \| Pointer to 1580 - 0x980 .text + UnwindInfo: .rdata
7BE78	15CF	.pdata	ExceptionHook \| Pointer to 15CF - 0x9CF .text + UnwindInfo: .rdata
7BE84	16A2	.pdata	ExceptionHook \| Pointer to 16A2 - 0xAA2 .text + UnwindInfo: .rdata
7BE90	16C0	.pdata	ExceptionHook \| Pointer to 16C0 - 0xAC0 .text + UnwindInfo: .rdata
7BE9C	1712	.pdata	ExceptionHook \| Pointer to 1712 - 0xB12 .text + UnwindInfo: .rdata
7BEA8	17C5	.pdata	ExceptionHook \| Pointer to 17C5 - 0xBC5 .text + UnwindInfo: .rdata
7BEB4	17E0	.pdata	ExceptionHook \| Pointer to 17E0 - 0xBE0 .text + UnwindInfo: .rdata
7BEC0	1A60	.pdata	ExceptionHook \| Pointer to 1A60 - 0xE60 .text + UnwindInfo: .rdata
7BECC	1AC0	.pdata	ExceptionHook \| Pointer to 1AC0 - 0xEC0 .text + UnwindInfo: .rdata
7BED8	1B60	.pdata	ExceptionHook \| Pointer to 1B60 - 0xF60 .text + UnwindInfo: .rdata
7BEE4	1C90	.pdata	ExceptionHook \| Pointer to 1C90 - 0x1090 .text + UnwindInfo: .rdata
7BEF0	1CB1	.pdata	ExceptionHook \| Pointer to 1CB1 - 0x10B1 .text + UnwindInfo: .rdata
7BEFC	1CF2	.pdata	ExceptionHook \| Pointer to 1CF2 - 0x10F2 .text + UnwindInfo: .rdata
7BF08	1DBC	.pdata	ExceptionHook \| Pointer to 1DBC - 0x11BC .text + UnwindInfo: .rdata
7BF14	1DC2	.pdata	ExceptionHook \| Pointer to 1DC2 - 0x11C2 .text + UnwindInfo: .rdata
7BF20	1DD0	.pdata	ExceptionHook \| Pointer to 1DD0 - 0x11D0 .text + UnwindInfo: .rdata
7BF2C	1E40	.pdata	ExceptionHook \| Pointer to 1E40 - 0x1240 .text + UnwindInfo: .rdata
7BF38	1E73	.pdata	ExceptionHook \| Pointer to 1E73 - 0x1273 .text + UnwindInfo: .rdata
7BF44	1EBC	.pdata	ExceptionHook \| Pointer to 1EBC - 0x12BC .text + UnwindInfo: .rdata
7BF50	1EE0	.pdata	ExceptionHook \| Pointer to 1EE0 - 0x12E0 .text + UnwindInfo: .rdata
7BF5C	1F10	.pdata	ExceptionHook \| Pointer to 1F10 - 0x1310 .text + UnwindInfo: .rdata
7BF68	2038	.pdata	ExceptionHook \| Pointer to 2038 - 0x1438 .text + UnwindInfo: .rdata
7BF74	203E	.pdata	ExceptionHook \| Pointer to 203E - 0x143E .text + UnwindInfo: .rdata
7BF80	2050	.pdata	ExceptionHook \| Pointer to 2050 - 0x1450 .text + UnwindInfo: .rdata
7BF8C	2073	.pdata	ExceptionHook \| Pointer to 2073 - 0x1473 .text + UnwindInfo: .rdata
7BF98	20B4	.pdata	ExceptionHook \| Pointer to 20B4 - 0x14B4 .text + UnwindInfo: .rdata
7BFA4	20E0	.pdata	ExceptionHook \| Pointer to 20E0 - 0x14E0 .text + UnwindInfo: .rdata
7BFB0	210E	.pdata	ExceptionHook \| Pointer to 210E - 0x150E .text + UnwindInfo: .rdata
7BFBC	2262	.pdata	ExceptionHook \| Pointer to 2262 - 0x1662 .text + UnwindInfo: .rdata
7BFC8	2268	.pdata	ExceptionHook \| Pointer to 2268 - 0x1668 .text + UnwindInfo: .rdata
7BFD4	2270	.pdata	ExceptionHook \| Pointer to 2270 - 0x1670 .text + UnwindInfo: .rdata
7BFE0	2290	.pdata	ExceptionHook \| Pointer to 2290 - 0x1690 .text + UnwindInfo: .rdata
7BFEC	22C0	.pdata	ExceptionHook \| Pointer to 22C0 - 0x16C0 .text + UnwindInfo: .rdata
7BFF8	2C90	.pdata	ExceptionHook \| Pointer to 2C90 - 0x2090 .text + UnwindInfo: .rdata
7C004	2DA0	.pdata	ExceptionHook \| Pointer to 2DA0 - 0x21A0 .text + UnwindInfo: .rdata
7C010	2DE1	.pdata	ExceptionHook \| Pointer to 2DE1 - 0x21E1 .text + UnwindInfo: .rdata
7C01C	2E60	.pdata	ExceptionHook \| Pointer to 2E60 - 0x2260 .text + UnwindInfo: .rdata
7C028	2E80	.pdata	ExceptionHook \| Pointer to 2E80 - 0x2280 .text + UnwindInfo: .rdata
7C034	3280	.pdata	ExceptionHook \| Pointer to 3280 - 0x2680 .text + UnwindInfo: .rdata
7C040	33D0	.pdata	ExceptionHook \| Pointer to 33D0 - 0x27D0 .text + UnwindInfo: .rdata
7C04C	3490	.pdata	ExceptionHook \| Pointer to 3490 - 0x2890 .text + UnwindInfo: .rdata
7C058	34F0	.pdata	ExceptionHook \| Pointer to 34F0 - 0x28F0 .text + UnwindInfo: .rdata
7C064	3560	.pdata	ExceptionHook \| Pointer to 3560 - 0x2960 .text + UnwindInfo: .rdata
7C070	35C0	.pdata	ExceptionHook \| Pointer to 35C0 - 0x29C0 .text + UnwindInfo: .rdata
7C07C	3620	.pdata	ExceptionHook \| Pointer to 3620 - 0x2A20 .text + UnwindInfo: .rdata
7C088	3680	.pdata	ExceptionHook \| Pointer to 3680 - 0x2A80 .text + UnwindInfo: .rdata
7C094	36E0	.pdata	ExceptionHook \| Pointer to 36E0 - 0x2AE0 .text + UnwindInfo: .rdata
7C0A0	3711	.pdata	ExceptionHook \| Pointer to 3711 - 0x2B11 .text + UnwindInfo: .rdata
7C0AC	3735	.pdata	ExceptionHook \| Pointer to 3735 - 0x2B35 .text + UnwindInfo: .rdata
7C0B8	3750	.pdata	ExceptionHook \| Pointer to 3750 - 0x2B50 .text + UnwindInfo: .rdata
7C0C4	3770	.pdata	ExceptionHook \| Pointer to 3770 - 0x2B70 .text + UnwindInfo: .rdata
7C0D0	37E0	.pdata	ExceptionHook \| Pointer to 37E0 - 0x2BE0 .text + UnwindInfo: .rdata
7C0DC	3910	.pdata	ExceptionHook \| Pointer to 3910 - 0x2D10 .text + UnwindInfo: .rdata
7C0E8	3960	.pdata	ExceptionHook \| Pointer to 3960 - 0x2D60 .text + UnwindInfo: .rdata
7C0F4	3986	.pdata	ExceptionHook \| Pointer to 3986 - 0x2D86 .text + UnwindInfo: .rdata
7C100	39BF	.pdata	ExceptionHook \| Pointer to 39BF - 0x2DBF .text + UnwindInfo: .rdata
7C10C	3A7B	.pdata	ExceptionHook \| Pointer to 3A7B - 0x2E7B .text + UnwindInfo: .rdata
7C118	3A81	.pdata	ExceptionHook \| Pointer to 3A81 - 0x2E81 .text + UnwindInfo: .rdata
7C124	3A90	.pdata	ExceptionHook \| Pointer to 3A90 - 0x2E90 .text + UnwindInfo: .rdata
7C130	3ADF	.pdata	ExceptionHook \| Pointer to 3ADF - 0x2EDF .text + UnwindInfo: .rdata
7C13C	3B7D	.pdata	ExceptionHook \| Pointer to 3B7D - 0x2F7D .text + UnwindInfo: .rdata
7C148	3B83	.pdata	ExceptionHook \| Pointer to 3B83 - 0x2F83 .text + UnwindInfo: .rdata
7C154	3B90	.pdata	ExceptionHook \| Pointer to 3B90 - 0x2F90 .text + UnwindInfo: .rdata
7C160	3BC0	.pdata	ExceptionHook \| Pointer to 3BC0 - 0x2FC0 .text + UnwindInfo: .rdata
7C16C	3BDC	.pdata	ExceptionHook \| Pointer to 3BDC - 0x2FDC .text + UnwindInfo: .rdata
7C178	3C21	.pdata	ExceptionHook \| Pointer to 3C21 - 0x3021 .text + UnwindInfo: .rdata
7C184	3C60	.pdata	ExceptionHook \| Pointer to 3C60 - 0x3060 .text + UnwindInfo: .rdata
7C190	3CD0	.pdata	ExceptionHook \| Pointer to 3CD0 - 0x30D0 .text + UnwindInfo: .rdata
7C19C	3CFE	.pdata	ExceptionHook \| Pointer to 3CFE - 0x30FE .text + UnwindInfo: .rdata
7C1A8	3E73	.pdata	ExceptionHook \| Pointer to 3E73 - 0x3273 .text + UnwindInfo: .rdata
7C1B4	3E79	.pdata	ExceptionHook \| Pointer to 3E79 - 0x3279 .text + UnwindInfo: .rdata
7C1C0	3E80	.pdata	ExceptionHook \| Pointer to 3E80 - 0x3280 .text + UnwindInfo: .rdata
7C1CC	3EA0	.pdata	ExceptionHook \| Pointer to 3EA0 - 0x32A0 .text + UnwindInfo: .rdata
7C1D8	3F20	.pdata	ExceptionHook \| Pointer to 3F20 - 0x3320 .text + UnwindInfo: .rdata
7C1E4	3F60	.pdata	ExceptionHook \| Pointer to 3F60 - 0x3360 .text + UnwindInfo: .rdata
7C1F0	3FC0	.pdata	ExceptionHook \| Pointer to 3FC0 - 0x33C0 .text + UnwindInfo: .rdata
7C1FC	4070	.pdata	ExceptionHook \| Pointer to 4070 - 0x3470 .text + UnwindInfo: .rdata
7C208	4100	.pdata	ExceptionHook \| Pointer to 4100 - 0x3500 .text + UnwindInfo: .rdata
7C214	4130	.pdata	ExceptionHook \| Pointer to 4130 - 0x3530 .text + UnwindInfo: .rdata
7C220	4160	.pdata	ExceptionHook \| Pointer to 4160 - 0x3560 .text + UnwindInfo: .rdata
7C22C	41A0	.pdata	ExceptionHook \| Pointer to 41A0 - 0x35A0 .text + UnwindInfo: .rdata
7C238	4240	.pdata	ExceptionHook \| Pointer to 4240 - 0x3640 .text + UnwindInfo: .rdata
7C244	4290	.pdata	ExceptionHook \| Pointer to 4290 - 0x3690 .text + UnwindInfo: .rdata
7C250	4310	.pdata	ExceptionHook \| Pointer to 4310 - 0x3710 .text + UnwindInfo: .rdata
7C25C	4370	.pdata	ExceptionHook \| Pointer to 4370 - 0x3770 .text + UnwindInfo: .rdata
7C268	43D0	.pdata	ExceptionHook \| Pointer to 43D0 - 0x37D0 .text + UnwindInfo: .rdata
7C274	4430	.pdata	ExceptionHook \| Pointer to 4430 - 0x3830 .text + UnwindInfo: .rdata
7C280	44C0	.pdata	ExceptionHook \| Pointer to 44C0 - 0x38C0 .text + UnwindInfo: .rdata
7C28C	45B0	.pdata	ExceptionHook \| Pointer to 45B0 - 0x39B0 .text + UnwindInfo: .rdata
7C298	45D0	.pdata	ExceptionHook \| Pointer to 45D0 - 0x39D0 .text + UnwindInfo: .rdata
7C2A4	4610	.pdata	ExceptionHook \| Pointer to 4610 - 0x3A10 .text + UnwindInfo: .rdata

Extra Analysis

Metric	Value	Percentage
Ascii Code	361137	58,5835%
Null Byte Code	123861	20,0927%

PESCAN.IO - Analysis Report Basic