PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 869,04 KB
SHA-256 Hash: A157DBA2B543B1A5CBFE2EDB6D9AB909C7EB5E6A34B5893BDE0FBEFA88B350C3
SHA-1 Hash: D5D029C28397318BA506B5DE906E1DC56BC2802F
MD5 Hash: 0F72F7E78E9E04C84F97B459309600B1
Imphash: 1E03A18E50185B75699D9160E44FF8AD
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 000E7119
EntryPoint (rva): 4E8E8
SizeOfHeaders: 400
SizeOfImage: DE000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: AB094
IAT: 80000
Characteristics: 22
TimeDateStamp: 68EAA2A7
Date: 11/10/2025 18:32:07
File Type: EXE
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	400	7F000	1000	7EEBC	6.4253	3394303.81
.rdata	0x40000040 Initialized Data Readable	7F400	2DA00	80000	2D9E4	4.9997	8322096.97
.data	0xC0000040 Initialized Data Readable Writeable	ACE00	9200	AE000	C864	4.6334	939316.01
.pdata	0x40000040 Initialized Data Readable	B6000	6600	BB000	64F8	5.7783	603592.02
.rsrc	0x40000040 Initialized Data Readable	BC600	19400	C2000	19340	5.2719	3052226.8
.reloc	0x42000040 Initialized Data GP-Relative Readable	D5A00	1200	DC000	10FC	5.3087	34378.11

Description

OriginalFilename: ZoomIt.exe
CompanyName: Sysinternals - www.sysinternals.com
LegalCopyright: %2.1f
ProductName: Sysinternals ZoomIt
FileVersion: 9.10
FileDescription: Sysinternals Screen Magnifier
ProductVersion: 9.10
Language: English (United States) (ID=0x409)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 4DCE8
Code -> 4883EC28E8BB0700004883C428E97AFEFFFFCCCC48895C241048896C24184889742420574883EC1033C033C90FA281F16E74

Assembler

|SUB RSP, 0X28

|CALL 0X17C4

|ADD RSP, 0X28

|JMP 0XE8C

|INT3

|MOV QWORD PTR [RSP + 0X10], RBX

|MOV QWORD PTR [RSP + 0X18], RBP

|MOV QWORD PTR [RSP + 0X20], RSI

|PUSH RDI

|SUB RSP, 0X10

|XOR EAX, EAX

|XOR ECX, ECX

|CPUID

Signatures

Rich Signature Analyzer:
Code -> EBB89B94AFD9F5C7AFD9F5C7AFD9F5C7E4A1F6C6A7D9F5C7E4A1F0C615D9F5C72850F1C6BED9F5C72850F6C6A3D9F5C72850F0C6CCD9F5C7A6A166C7A9D9F5C7E4A1F1C6BDD9F5C7E4A1F3C6AED9F5C7E4A1F4C6B6D9F5C7AFD9F4C70ED8F5C73F50F1C6ADD9F5C73F50F0C6A5D9F5C73F500AC7AED9F5C73F50F7C6AED9F5C752696368AFD9F5C7
Footprint md5 Hash -> 0E99FAC20CE3E7090743A2375B46C09B
• The Rich header apparently has not been modified
Certificate - Digital Signature:
• The file is signed and the signature is correct

Packer/Compiler

Compiler: Microsoft Visual Studio
Detect It Easy (die)
• PE+(64): compiler: Microsoft Visual C/C++(-)[-]
• PE+(64): linker: Microsoft Linker(14.44**)[-]
• PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7]
• Entropy: 6.34121

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	GetModuleFileNameA	Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.
USER32.DLL	GetAsyncKeyState	Retrieves the status of a virtual key asynchronously.
SHELL32.DLL	ShellExecuteW	Performs a run operation on a specific file.

Windows REG (UNICODE)

Software\Sysinternals\%s
Software\Microsoft\windows nt\currentversion
Software\Microsoft\Windows NT\CurrentVersion\Server\ServerLevels
Software\Sysinternals
SOFTWARE\Microsoft\Windows NT\CurrentVersion
Software\Sysinternals\ZoomIt
Software\Sysinternals\Zoomit
Software\Microsoft\Windows\CurrentVersion\Run
Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Run

File Access

api-ms-win-core-winrt-error-l1-1-0.dll
api-ms-win-core-winrt-error-l1-1-1.dll
api-ms-win-core-winrt-l1-1-0.dll
OLEAUT32.dll
ole32.dll
SHELL32.dll
ADVAPI32.dll
COMDLG32.dll
GDI32.dll
USER32.dll
KERNEL32.dll
MSIMG32.dll
gdiplus.dll
WINMM.dll
VERSION.dll
//www.sys
.dat
@.dat
Temp

File Access (UNICODE)

www.sys
Sysinternals - www.sys
ZoomIt.exe
mscoree.dll
kernel32.dll
d3d11.dll
DwmIsCompositionEnableddwmapi.dll
shell32.dll
magnification.dll
GetMonitorInfoASHAutoCompleteShlwapi.dll
User32.dll
uxtheme.dll
GetDpiForWindowuser32.dll
Shell32.dll
Riched32.dll
combase.dll
ntdll.dll
//www.sys
ril.Sys
You bear the risk of using it.Sys
WinDir
UserProfile

Interest's Words

lockbit
PassWord
exec
attrib
start
shutdown
expand

Interest's Words (UNICODE)

PassWord
start
pause
ping

URLs

http://www.microsoft.com/exporting
http://www.microsoft.com/exporting}}}}\f0\fs19
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://schemas.microsoft.com/SMI/2016/WindowsSettings
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt
http://www.microsoft.com/pkiops/docs/primarycps.htm
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt
http://www.microsoft.com/pkiops/Docs/Repository.htm
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
https://www.sysinternals.com

URLs (UNICODE)

https://www.sysinternals.com">Sysinternals - www.sysinternals.com</a>

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Unicode	WinAPI Sockets (accept)
Text	Ascii	WinAPI Sockets (connect)
Text	Unicode	WinAPI Sockets (send)
Text	Ascii	Registry (RegCreateKeyEx)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	Registry (RegSetValueEx)
Text	Ascii	Registry (RegGetValue)
Text	Ascii	File (GetTempPath)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Anti-Analysis VM (GetVersion)
Text	Ascii	Reconnaissance (FindFirstFileW)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (ExitThread)
Text	Ascii	Stealth (ReleaseSemaphore)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Execution (ShellExecute)
Text	Ascii	Execution (CreateEventW)
Text	Unicode	Keyboard Key (Ctrl+C)
Text	Unicode	Keyboard Key (Ctrl+D)
Text	Unicode	Keyboard Key (Ctrl+S)
Text	Ascii	Process of gathering information about network resources (Enumeration)
Text	Unicode	Process of gathering information about network resources (Enumeration)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\AFX_DIALOG_LAYOUT\BREAK\1033	DAE40	2	D5440	0000	..
\AFX_DIALOG_LAYOUT\DEMOTYPE\1033	DAE48	2	D5448	0000	..
\AFX_DIALOG_LAYOUT\DRAW\1033	DAE18	2	D5418	0000	..
\AFX_DIALOG_LAYOUT\LIVEZOOM\1033	DAE10	2	D5410	0000	..
\AFX_DIALOG_LAYOUT\OPTIONS\1033	DAE08	2	D5408	0000	..
\AFX_DIALOG_LAYOUT\RECORD\1033	DAE20	2	D5420	0000	..
\AFX_DIALOG_LAYOUT\SNIP\1033	DAE38	2	D5438	0000	..
\AFX_DIALOG_LAYOUT\TYPE\1033	DAE28	2	D5428	0000	..
\AFX_DIALOG_LAYOUT\ZOOM\1033	DAE30	2	D5430	0000	..
\CURSOR\1\1033	C2810	134	BCE10	000000002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\ICON\2\1033	C2960	468	BCF60	2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000	(....... ..... ...................................
\ICON\3\1033	C2DC8	988	BD3C8	2800000018000000300000000100200000000000000000000000000000000000000000000000000000000000000000000000	(.......0..... ...................................
\ICON\4\1033	C3750	10A8	BDD50	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\5\1033	C47F8	25A8	BEDF8	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...0........ ...................................
\ICON\6\1033	C6DA0	4228	C13A0	2800000040000000800000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...@......... ...................................
\ICON\7\1033	CAFC8	94A8	C55C8	2800000060000000C00000000100200000000000000000000000000000000000000000000000000000000000000000000000	(............ ...................................
\ICON\8\1033	D4470	2BDE	CEA70	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000200049444154789CED9D79781CD595	.PNG........IHDR.............\r.f.. .IDATx...yx...
\DIALOG\ADVANCED_BREAK\1033	D7740	508	D1D40	0100FFFF0000000000000000C808C880190000000000D100DB000000000041006400760061006E0063006500640020004200	..............................A.d.v.a.n.c.e.d. .B.
\DIALOG\BREAK\1033	D8F58	51A	D3558	0100FFFF0000000000000000480408400A000000000004017B000000000000000800900100014D0053002000530068006500	............H..@........{.............M.S. .S.h.e.
\DIALOG\DEMOTYPE\1033	DA3B8	A30	D49B8	0100FFFF0000000000000000480408441100000000000301F9000000000000000800900100014D0053002000530068006500	............H..D......................M.S. .S.h.e.
\DIALOG\DRAW\1033	D8300	938	D2900	0100FFFF0000000000000000480408400D00000000000401E4000000000000000800900100014D0053002000530068006500	............H..@......................M.S. .S.h.e.
\DIALOG\LIVEZOOM\1033	D9670	596	D3C70	0100FFFF000000000000000048040840060000000000040186000000000000000800900100014D0053002000530068006500	............H..@......................M.S. .S.h.e.
\DIALOG\OPTIONS\1033	D73E8	358	D19E8	0100FFFF0000000000000100C808C88409000000000017014501000000005A006F006F006D004900740020002D0020005300	........................E.....Z.o.o.m.I.t. .-. .S.
\DIALOG\RECORD\1033	D9C08	5D2	D4208	0100FFFF0000000000000000480408400D00000000000401A9000000000000000800900100014D0053002000530068006500	............H..@......................M.S. .S.h.e.
\DIALOG\SNIP\1033	DA1E0	1D2	D47E0	0100FFFF000000000000000048040844030000000000040144000000000000000800900100014D0053002000530068006500	............H..D........D.............M.S. .S.h.e.
\DIALOG\TYPE\1033	D8C38	31E	D3238	0100FFFF000000000000000048040840040000000000040168000000000000000800900100014D0053002000530068006500	............H..@........h.............M.S. .S.h.e.
\DIALOG\ZOOM\1033	D7C48	6B8	D2248	0100FFFF0000000000000000480408440F00000000000401AA000000000000000800900100014D0053002000530068006500	............H..D......................M.S. .S.h.e.
\DIALOG\1543\1033	D9478	1F4	D3A78	0100FFFF0000000000000000C000C8800A0064003200D8008300000000005A006F006F006D0049007400200046006F006E00	..................d.2.........Z.o.o.m.I.t. .F.o.n.
\ACCELERATOR\ACCELERATORS\1033	DADE8	20	D53E8	0B004300449C00000B005300429C00000F004300489C00008F005300499C0000	..C.D.....S.B.....C.H.....S.I...
\GROUP_CURSOR\NULLCURSOR\1033	C2948	14	BCF48	0000020001002000400001000100340100000100	...... .@.....4.....
\GROUP_ICON\APPICON\1033	D7050	68	D1650	000001000700101000000100200068040000020018180000010020008809000003002020000001002000A810000004003030	............ .h........... ....... .... .......00
\VERSION\1\1033	D70B8	330	D16B8	300334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000A00	0.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\1033	DAE50	4ED	D5450	3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279	<?xml version="1.0" encoding="UTF-8" standalone="y

Intelligent String

• ZoomIt - Sysinternals: www.sysinternals.com
• *.png
• *.wav
• ntdll.dll
• C:\__w\1\s\packages\Microsoft.Windows.ImplementationLibrary.1.0.231216.1\include\wil\resource.hkernelbase.dll
• C:\__w\1\s\packages\Microsoft.Windows.ImplementationLibrary.1.0.231216.1\include\wil\result_macros.h
• combase.dll
• .dll
• \caps\fs20 6.\tab\fs19 Export Restrictions\caps0 .\b0The software is subject to United States export laws and regulations. You must comply with all domestic and international export laws and regulations that apply to the software. These laws include restrictions on destinations, end users and end use. For additional information, see {\cf1\ul{\field{\*\fldinst{HYPERLINK www.microsoft.com/exporting }}{\fldrslt{www.microsoft.com/exporting}}}}\cf1\ul\f0\fs19 <{{\field{\*\fldinst{HYPERLINK "http://www.microsoft.com/exporting"}}{\fldrslt{http://www.microsoft.com/exporting}}}}\f0\fs19 >\cf0\ulnone .\b\par
• The software is subject to United States export laws and regulations.You must comply with all domestic and international export laws and regulations that apply to the software.These laws include restrictions on destinations, end users and end use.For additional information, see www.microsoft.com / exporting .
• Riched32.dll
• Shell32.dll
• C:\__w\1\s\modules\PowerToys\src\modules\ZoomIt\ZoomIt\SelectRectangle.cpp
• *.bmp
• *.bmp;*.dib
• *.gif
• C:\__w\1\s\modules\PowerToys\src\modules\ZoomIt\ZoomIt\Zoomit.cpp
• .png
• uxtheme.dll
• User32.dll
• Shlwapi.dll
• magnification.dll
• shell32.dll
• d3d11.dll
• kernel32.dll
• mscoree.dll
• C:\__w\1\s\x64\Release\ZoomIt64.pdb
• .tls
• .bss
• gdiplus.dll
• OLEAUT32.dll
• api-ms-win-core-winrt-l1-1-0.dll
• api-ms-win-core-winrt-error-l1-1-1.dll
• api-ms-win-core-winrt-error-l1-1-0.dll
• Sysinternals - www.sysinternals.com
• ZoomIt.exe
• <a HREF="https://www.sysinternals.com">Sysinternals - www.sysinternals.com</a>
• <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true/PM</dpiAware>
• <dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2</dpiAwareness>

Flow Anomalies

Offset	RVA	Section	Description
B11	N/A	.text	CALL QWORD PTR [RIP+0x7EB99]
B65	N/A	.text	CALL QWORD PTR [RIP+0x7EB45]
BEC	N/A	.text	CALL QWORD PTR [RIP+0x7EA16]
BFA	N/A	.text	CALL QWORD PTR [RIP+0x7EA00]
C2A	N/A	.text	CALL QWORD PTR [RIP+0x7E9D8]
C38	N/A	.text	CALL QWORD PTR [RIP+0x7E9C2]
DD5	N/A	.text	CALL QWORD PTR [RIP+0x7E82D]
DE3	N/A	.text	CALL QWORD PTR [RIP+0x7E817]
E13	N/A	.text	CALL QWORD PTR [RIP+0x7E7EF]
E21	N/A	.text	CALL QWORD PTR [RIP+0x7E7D9]
16C3	N/A	.text	CALL QWORD PTR [RIP+0x7DFB7]
17C0	N/A	.text	CALL QWORD PTR [RIP+0x7DE02]
1830	N/A	.text	CALL QWORD PTR [RIP+0x7DDA2]
1975	N/A	.text	CALL QWORD PTR [RIP+0x7DD05]
1A70	N/A	.text	CALL QWORD PTR [RIP+0x7DB52]
1B15	N/A	.text	CALL QWORD PTR [RIP+0x7DABD]
1B5D	N/A	.text	CALL QWORD PTR [RIP+0xB4D45]
1C4F	N/A	.text	CALL QWORD PTR [RIP+0x7DA2B]
1D3A	N/A	.text	CALL QWORD PTR [RIP+0x7D888]
1DAA	N/A	.text	CALL QWORD PTR [RIP+0x7D828]
1F29	N/A	.text	CALL QWORD PTR [RIP+0x7D751]
200F	N/A	.text	CALL QWORD PTR [RIP+0x7D5B3]
207E	N/A	.text	CALL QWORD PTR [RIP+0x7D554]
35CA	N/A	.text	CALL QWORD PTR [RIP+0x7C098]
35DC	N/A	.text	CALL QWORD PTR [RIP+0x7C006]
35EB	N/A	.text	CALL QWORD PTR [RIP+0x7BFF7]
35F6	N/A	.text	CALL QWORD PTR [RIP+0x7BFE4]
360B	N/A	.text	CALL QWORD PTR [RIP+0x7BFDF]
3625	N/A	.text	CALL QWORD PTR [RIP+0x7C03D]
3637	N/A	.text	CALL QWORD PTR [RIP+0x7BFAB]
3646	N/A	.text	CALL QWORD PTR [RIP+0x7BF9C]
3651	N/A	.text	CALL QWORD PTR [RIP+0x7BF89]
3666	N/A	.text	CALL QWORD PTR [RIP+0x7BF84]
3680	N/A	.text	CALL QWORD PTR [RIP+0x7BFE2]
3692	N/A	.text	CALL QWORD PTR [RIP+0x7BF50]
36A1	N/A	.text	CALL QWORD PTR [RIP+0x7BF41]
36AC	N/A	.text	CALL QWORD PTR [RIP+0x7BF2E]
36BD	N/A	.text	CALL QWORD PTR [RIP+0x7BF2D]
40C0	N/A	.text	CALL QWORD PTR [RIP+0x7B542]
40CE	N/A	.text	CALL QWORD PTR [RIP+0x7B52C]
42FC	N/A	.text	CALL QWORD PTR [RIP+0x7B2DE]
4339	N/A	.text	JMP QWORD PTR [RIP+0x7B2D1]
43AF	N/A	.text	CALL QWORD PTR [RIP+0x7B293]
43DC	N/A	.text	CALL QWORD PTR [RIP+0x7B23E]
4452	N/A	.text	CALL QWORD PTR [RIP+0x7B188]
4469	N/A	.text	CALL QWORD PTR [RIP+0x7B171]
4480	N/A	.text	CALL QWORD PTR [RIP+0x7B15A]
45D3	N/A	.text	CALL QWORD PTR [RIP+0x7B02F]
45E1	N/A	.text	CALL QWORD PTR [RIP+0x7B019]
45FF	N/A	.text	CALL QWORD PTR [RIP+0x7B003]
460D	N/A	.text	CALL QWORD PTR [RIP+0x7AFED]
4894	N/A	.text	CALL QWORD PTR [RIP+0x7ADDE]
48D0	N/A	.text	CALL QWORD PTR [RIP+0x7AD8A]
491A	N/A	.text	CALL QWORD PTR [RIP+0x7AD28]
4A5A	N/A	.text	CALL QWORD PTR [RIP+0x7AB80]
4A72	N/A	.text	CALL QWORD PTR [RIP+0x7AB68]
4A80	N/A	.text	CALL QWORD PTR [RIP+0x7AB82]
4A8E	N/A	.text	CALL QWORD PTR [RIP+0x7AB6C]
4B1E	N/A	.text	CALL QWORD PTR [RIP+0x7AB14]
4B34	N/A	.text	CALL QWORD PTR [RIP+0x7AAA6]
52D4	N/A	.text	CALL QWORD PTR [RIP+0x7A396]
5328	N/A	.text	CALL QWORD PTR [RIP+0x7A2BA]
53D1	N/A	.text	CALL QWORD PTR [RIP+0x7A299]
540A	N/A	.text	CALL QWORD PTR [RIP+0x7A1D8]
5471	N/A	.text	JMP QWORD PTR [RIP+0x7A159]
55AA	N/A	.text	CALL QWORD PTR [RIP+0x7A0D0]
5661	N/A	.text	CALL QWORD PTR [RIP+0x7A019]
59EF	N/A	.text	CALL QWORD PTR [RIP+0x79CB3]
5A70	N/A	.text	CALL QWORD PTR [RIP+0x79C0A]
5BEF	N/A	.text	CALL QWORD PTR [RIP+0x799F3]
5C5F	N/A	.text	CALL QWORD PTR [RIP+0x79983]
5D57	N/A	.text	CALL QWORD PTR [RIP+0x7993B]
5D98	N/A	.text	CALL QWORD PTR [RIP+0x798EA]
615C	N/A	.text	CALL QWORD PTR [RIP+0x7951E]
62E2	N/A	.text	CALL QWORD PTR [RIP+0x79358]
633A	N/A	.text	CALL QWORD PTR [RIP+0x792F0]
6374	N/A	.text	CALL QWORD PTR [RIP+0x792B6]
637E	N/A	.text	CALL QWORD PTR [RIP+0x79264]
63A5	N/A	.text	CALL QWORD PTR [RIP+0x79285]
63E9	N/A	.text	CALL QWORD PTR [RIP+0x79241]
63F3	N/A	.text	CALL QWORD PTR [RIP+0x791EF]
6405	N/A	.text	CALL QWORD PTR [RIP+0x79235]
84E6	N/A	.text	CALL QWORD PTR [RIP+0x7712C]
880A	N/A	.text	CALL QWORD PTR [RIP+0x76E00]
8814	N/A	.text	CALL QWORD PTR [RIP+0x76E06]
88B4	N/A	.text	CALL QWORD PTR [RIP+0x76D4E]
88C5	N/A	.text	CALL QWORD PTR [RIP+0x76D2D]
88E9	N/A	.text	CALL QWORD PTR [RIP+0x76DA1]
88FE	N/A	.text	CALL QWORD PTR [RIP+0x76D9C]
8C92	N/A	.text	CALL QWORD PTR [RIP+0xADB00]
8D70	N/A	.text	CALL QWORD PTR [RIP+0x768D2]
8DAF	N/A	.text	CALL QWORD PTR [RIP+0x76833]
8DBA	N/A	.text	CALL QWORD PTR [RIP+0x76820]
8DCA	N/A	.text	CALL QWORD PTR [RIP+0x76820]
8DE1	N/A	.text	CALL QWORD PTR [RIP+0x76801]
8DEC	N/A	.text	CALL QWORD PTR [RIP+0x767EE]
8DFC	N/A	.text	CALL QWORD PTR [RIP+0x767EE]
8E0F	N/A	.text	CALL QWORD PTR [RIP+0x767D3]
8E1A	N/A	.text	CALL QWORD PTR [RIP+0x76818]
8E2A	N/A	.text	CALL QWORD PTR [RIP+0x767C0]
B6000	1100	.pdata	ExceptionHook \| Pointer to 1100 - 0x500 .text + UnwindInfo: .rdata
B600C	1130	.pdata	ExceptionHook \| Pointer to 1130 - 0x530 .text + UnwindInfo: .rdata
B6018	1170	.pdata	ExceptionHook \| Pointer to 1170 - 0x570 .text + UnwindInfo: .rdata
B6024	1470	.pdata	ExceptionHook \| Pointer to 1470 - 0x870 .text + UnwindInfo: .rdata
B6030	1500	.pdata	ExceptionHook \| Pointer to 1500 - 0x900 .text + UnwindInfo: .rdata
B603C	1530	.pdata	ExceptionHook \| Pointer to 1530 - 0x930 .text + UnwindInfo: .rdata
B6048	1564	.pdata	ExceptionHook \| Pointer to 1564 - 0x964 .text + UnwindInfo: .rdata
B6054	15B4	.pdata	ExceptionHook \| Pointer to 15B4 - 0x9B4 .text + UnwindInfo: .rdata
B6060	1604	.pdata	ExceptionHook \| Pointer to 1604 - 0xA04 .text + UnwindInfo: .rdata
B606C	1648	.pdata	ExceptionHook \| Pointer to 1648 - 0xA48 .text + UnwindInfo: .rdata
B6078	1674	.pdata	ExceptionHook \| Pointer to 1674 - 0xA74 .text + UnwindInfo: .rdata
B6084	16A0	.pdata	ExceptionHook \| Pointer to 16A0 - 0xAA0 .text + UnwindInfo: .rdata
B6090	17B0	.pdata	ExceptionHook \| Pointer to 17B0 - 0xBB0 .text + UnwindInfo: .rdata
B609C	1880	.pdata	ExceptionHook \| Pointer to 1880 - 0xC80 .text + UnwindInfo: .rdata
B60A8	1990	.pdata	ExceptionHook \| Pointer to 1990 - 0xD90 .text + UnwindInfo: .rdata
B60B4	1996	.pdata	ExceptionHook \| Pointer to 1996 - 0xD96 .text + UnwindInfo: .rdata
B60C0	1A62	.pdata	ExceptionHook \| Pointer to 1A62 - 0xE62 .text + UnwindInfo: .rdata
B60CC	1A80	.pdata	ExceptionHook \| Pointer to 1A80 - 0xE80 .text + UnwindInfo: .rdata
B60D8	1AE0	.pdata	ExceptionHook \| Pointer to 1AE0 - 0xEE0 .text + UnwindInfo: .rdata
B60E4	1B60	.pdata	ExceptionHook \| Pointer to 1B60 - 0xF60 .text + UnwindInfo: .rdata
B60F0	1BB0	.pdata	ExceptionHook \| Pointer to 1BB0 - 0xFB0 .text + UnwindInfo: .rdata
B60FC	1C00	.pdata	ExceptionHook \| Pointer to 1C00 - 0x1000 .text + UnwindInfo: .rdata
B6108	1CD0	.pdata	ExceptionHook \| Pointer to 1CD0 - 0x10D0 .text + UnwindInfo: .rdata
B6114	1E70	.pdata	ExceptionHook \| Pointer to 1E70 - 0x1270 .text + UnwindInfo: .rdata
B6120	1F10	.pdata	ExceptionHook \| Pointer to 1F10 - 0x1310 .text + UnwindInfo: .rdata
B612C	1FB0	.pdata	ExceptionHook \| Pointer to 1FB0 - 0x13B0 .text + UnwindInfo: .rdata
B6138	2060	.pdata	ExceptionHook \| Pointer to 2060 - 0x1460 .text + UnwindInfo: .rdata
B6144	20F0	.pdata	ExceptionHook \| Pointer to 20F0 - 0x14F0 .text + UnwindInfo: .rdata
B6150	2180	.pdata	ExceptionHook \| Pointer to 2180 - 0x1580 .text + UnwindInfo: .rdata
B615C	2210	.pdata	ExceptionHook \| Pointer to 2210 - 0x1610 .text + UnwindInfo: .rdata
B6168	2490	.pdata	ExceptionHook \| Pointer to 2490 - 0x1890 .text + UnwindInfo: .rdata
B6174	2790	.pdata	ExceptionHook \| Pointer to 2790 - 0x1B90 .text + UnwindInfo: .rdata
B6180	2A30	.pdata	ExceptionHook \| Pointer to 2A30 - 0x1E30 .text + UnwindInfo: .rdata
B618C	2D10	.pdata	ExceptionHook \| Pointer to 2D10 - 0x2110 .text + UnwindInfo: .rdata
B6198	2D80	.pdata	ExceptionHook \| Pointer to 2D80 - 0x2180 .text + UnwindInfo: .rdata
B61A4	2DF0	.pdata	ExceptionHook \| Pointer to 2DF0 - 0x21F0 .text + UnwindInfo: .rdata
B61B0	2E24	.pdata	ExceptionHook \| Pointer to 2E24 - 0x2224 .text + UnwindInfo: .rdata
B61BC	2E70	.pdata	ExceptionHook \| Pointer to 2E70 - 0x2270 .text + UnwindInfo: .rdata
B61C8	2EA0	.pdata	ExceptionHook \| Pointer to 2EA0 - 0x22A0 .text + UnwindInfo: .rdata
B61D4	2FA3	.pdata	ExceptionHook \| Pointer to 2FA3 - 0x23A3 .text + UnwindInfo: .rdata
B61E0	2FA9	.pdata	ExceptionHook \| Pointer to 2FA9 - 0x23A9 .text + UnwindInfo: .rdata
B61EC	2FB0	.pdata	ExceptionHook \| Pointer to 2FB0 - 0x23B0 .text + UnwindInfo: .rdata
B61F8	3110	.pdata	ExceptionHook \| Pointer to 3110 - 0x2510 .text + UnwindInfo: .rdata
B6204	3270	.pdata	ExceptionHook \| Pointer to 3270 - 0x2670 .text + UnwindInfo: .rdata
B6210	33D0	.pdata	ExceptionHook \| Pointer to 33D0 - 0x27D0 .text + UnwindInfo: .rdata
B621C	3410	.pdata	ExceptionHook \| Pointer to 3410 - 0x2810 .text + UnwindInfo: .rdata
B6228	35A0	.pdata	ExceptionHook \| Pointer to 35A0 - 0x29A0 .text + UnwindInfo: .rdata
B6234	3720	.pdata	ExceptionHook \| Pointer to 3720 - 0x2B20 .text + UnwindInfo: .rdata
B6240	38A0	.pdata	ExceptionHook \| Pointer to 38A0 - 0x2CA0 .text + UnwindInfo: .rdata
B624C	3A20	.pdata	ExceptionHook \| Pointer to 3A20 - 0x2E20 .text + UnwindInfo: .rdata
B6258	3BA0	.pdata	ExceptionHook \| Pointer to 3BA0 - 0x2FA0 .text + UnwindInfo: .rdata
B6264	3D20	.pdata	ExceptionHook \| Pointer to 3D20 - 0x3120 .text + UnwindInfo: .rdata
B6270	4110	.pdata	ExceptionHook \| Pointer to 4110 - 0x3510 .text + UnwindInfo: .rdata
B627C	4150	.pdata	ExceptionHook \| Pointer to 4150 - 0x3550 .text + UnwindInfo: .rdata
B6288	4360	.pdata	ExceptionHook \| Pointer to 4360 - 0x3760 .text + UnwindInfo: .rdata
B6294	43C0	.pdata	ExceptionHook \| Pointer to 43C0 - 0x37C0 .text + UnwindInfo: .rdata
B62A0	4430	.pdata	ExceptionHook \| Pointer to 4430 - 0x3830 .text + UnwindInfo: .rdata
B62AC	44A0	.pdata	ExceptionHook \| Pointer to 44A0 - 0x38A0 .text + UnwindInfo: .rdata
B62B8	4500	.pdata	ExceptionHook \| Pointer to 4500 - 0x3900 .text + UnwindInfo: .rdata
B62C4	4530	.pdata	ExceptionHook \| Pointer to 4530 - 0x3930 .text + UnwindInfo: .rdata
B62D0	4570	.pdata	ExceptionHook \| Pointer to 4570 - 0x3970 .text + UnwindInfo: .rdata
B62DC	45A0	.pdata	ExceptionHook \| Pointer to 45A0 - 0x39A0 .text + UnwindInfo: .rdata
B62E8	45D0	.pdata	ExceptionHook \| Pointer to 45D0 - 0x39D0 .text + UnwindInfo: .rdata
B62F4	4610	.pdata	ExceptionHook \| Pointer to 4610 - 0x3A10 .text + UnwindInfo: .rdata
B6300	4640	.pdata	ExceptionHook \| Pointer to 4640 - 0x3A40 .text + UnwindInfo: .rdata
B630C	4670	.pdata	ExceptionHook \| Pointer to 4670 - 0x3A70 .text + UnwindInfo: .rdata
B6318	46A0	.pdata	ExceptionHook \| Pointer to 46A0 - 0x3AA0 .text + UnwindInfo: .rdata
B6324	46D0	.pdata	ExceptionHook \| Pointer to 46D0 - 0x3AD0 .text + UnwindInfo: .rdata
B6330	4910	.pdata	ExceptionHook \| Pointer to 4910 - 0x3D10 .text + UnwindInfo: .rdata
B633C	4940	.pdata	ExceptionHook \| Pointer to 4940 - 0x3D40 .text + UnwindInfo: .rdata
B6348	4980	.pdata	ExceptionHook \| Pointer to 4980 - 0x3D80 .text + UnwindInfo: .rdata
B6354	49B0	.pdata	ExceptionHook \| Pointer to 49B0 - 0x3DB0 .text + UnwindInfo: .rdata
B6360	49F0	.pdata	ExceptionHook \| Pointer to 49F0 - 0x3DF0 .text + UnwindInfo: .rdata
B636C	4A20	.pdata	ExceptionHook \| Pointer to 4A20 - 0x3E20 .text + UnwindInfo: .rdata
B6378	4A50	.pdata	ExceptionHook \| Pointer to 4A50 - 0x3E50 .text + UnwindInfo: .rdata
B6384	4A80	.pdata	ExceptionHook \| Pointer to 4A80 - 0x3E80 .text + UnwindInfo: .rdata
B6390	4AB0	.pdata	ExceptionHook \| Pointer to 4AB0 - 0x3EB0 .text + UnwindInfo: .rdata
B639C	4AE0	.pdata	ExceptionHook \| Pointer to 4AE0 - 0x3EE0 .text + UnwindInfo: .rdata
B63A8	4B10	.pdata	ExceptionHook \| Pointer to 4B10 - 0x3F10 .text + UnwindInfo: .rdata
B63B4	4B80	.pdata	ExceptionHook \| Pointer to 4B80 - 0x3F80 .text + UnwindInfo: .rdata
B63C0	4BC0	.pdata	ExceptionHook \| Pointer to 4BC0 - 0x3FC0 .text + UnwindInfo: .rdata
B63CC	4C10	.pdata	ExceptionHook \| Pointer to 4C10 - 0x4010 .text + UnwindInfo: .rdata
B63D8	4C50	.pdata	ExceptionHook \| Pointer to 4C50 - 0x4050 .text + UnwindInfo: .rdata
B63E4	4C80	.pdata	ExceptionHook \| Pointer to 4C80 - 0x4080 .text + UnwindInfo: .rdata
B63F0	4C96	.pdata	ExceptionHook \| Pointer to 4C96 - 0x4096 .text + UnwindInfo: .rdata
B63FC	4CF4	.pdata	ExceptionHook \| Pointer to 4CF4 - 0x40F4 .text + UnwindInfo: .rdata
B6408	4D00	.pdata	ExceptionHook \| Pointer to 4D00 - 0x4100 .text + UnwindInfo: .rdata
B6414	4D40	.pdata	ExceptionHook \| Pointer to 4D40 - 0x4140 .text + UnwindInfo: .rdata
B6420	4DAC	.pdata	ExceptionHook \| Pointer to 4DAC - 0x41AC .text + UnwindInfo: .rdata
B642C	4DF9	.pdata	ExceptionHook \| Pointer to 4DF9 - 0x41F9 .text + UnwindInfo: .rdata
B6438	4E50	.pdata	ExceptionHook \| Pointer to 4E50 - 0x4250 .text + UnwindInfo: .rdata
B6444	4E80	.pdata	ExceptionHook \| Pointer to 4E80 - 0x4280 .text + UnwindInfo: .rdata
B6450	4EF0	.pdata	ExceptionHook \| Pointer to 4EF0 - 0x42F0 .text + UnwindInfo: .rdata
B645C	4F40	.pdata	ExceptionHook \| Pointer to 4F40 - 0x4340 .text + UnwindInfo: .rdata
B6468	4F80	.pdata	ExceptionHook \| Pointer to 4F80 - 0x4380 .text + UnwindInfo: .rdata
B6474	5190	.pdata	ExceptionHook \| Pointer to 5190 - 0x4590 .text + UnwindInfo: .rdata
B6480	5280	.pdata	ExceptionHook \| Pointer to 5280 - 0x4680 .text + UnwindInfo: .rdata
B648C	52C0	.pdata	ExceptionHook \| Pointer to 52C0 - 0x46C0 .text + UnwindInfo: .rdata
B6498	5330	.pdata	ExceptionHook \| Pointer to 5330 - 0x4730 .text + UnwindInfo: .rdata
B64A4	5360	.pdata	ExceptionHook \| Pointer to 5360 - 0x4760 .text + UnwindInfo: .rdata
D6C00	N/A	Overlay	28280000000202003082281A06092A864886F70D \| ((......0.(...*.H...)

Extra Analysis

Metric	Value	Percentage
Ascii Code	510152	57,3271%
Null Byte Code	183752	20,6487%

PESCAN.IO - Analysis Report Basic