PESCAN.IO — Analysis Report

PREMIUM PESCAN.IO - Analysis Report

File Structure

PE Chart Code

Executable header (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 1,08 MB
SHA-256 Hash: ED113062652D388BDF3397D05A197A48D3558E8DB4C94F0CF37D2B0A0FE463E2
SHA-1 Hash: CC9E0F72780BB1AFA1E732BC8A5DA64C81C08ADD
MD5 Hash: 14986666CE64CDC5B6B598B4EE6FD52F
Imphash: C65ED3A99850B1C3DEA70F50EA322588
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 4E5F8
SizeOfHeaders: 600
SizeOfImage: 112000
ImageBase: 0000000180000000
Architecture: x64
ExportTable: B78E0
ImportTable: B7928
IAT: 80000
Characteristics: 2022
TimeDateStamp: 69889A6E
Date: 08/02/2026 14:15:10
File Type: DLL
Number Of Sections: 8
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .fptable, .rsrc, .reloc, .text
Number Of Executable Sections: 2
Subsystem: Windows GUI

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	60000020 (Code, Executable, Readable)	1000	7E200	1000	7E12C	6,5003	3100155,83
.rdata	40000040 (Initialized Data, Readable)	80000	38600	80000	38560	5,0139	10804812,91
.data	C0000040 (Initialized Data, Readable, Writeable)	B9000	5E00	B9000	8B64	4,5161	745187,49
.pdata	40000040 (Initialized Data, Readable)	C2000	6400	C2000	6390	5,8640	559235,38
.fptable	C0000040 (Initialized Data, Readable, Writeable)	C9000	200	C9000	100	0,0000	130560,00
.rsrc	40000040 (Initialized Data, Readable)	CA000	37C00	CA000	37AD0	7,9794	11616,24
.reloc	42000040 (Initialized Data, GP-Relative, Readable)	102000	1E00	102000	1D24	5,4129	45049,47
.text	60000020 (Code, Executable, Readable)	104000	E000	104000	E000	6,4044	503028,41

Description

OriginalFilename: AcroRd32.exe
CompanyName: Adobe Systems Incorporated
LegalCopyright: Copyright 1984-2012 Adobe Systems Incorporated and its licensors. All rights reserved.
ProductName: Adobe Reader
FileVersion: 11.0.19.15
FileDescription: Adobe Reader
ProductVersion: 11.0.19.15
Language: English (United States) (ID=0x409)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Binder/Joiner/Crypter

Dropper code detected (EOF) - 7,12 KB

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 4E5F8
Code -> 48895C24084889742410574883EC20498BF88BDA488BF183FA017505E8BB0900004C8BC78BD3488BCE488B5C2430488B7424
• MOV QWORD PTR [RSP + 8], RBX
• MOV QWORD PTR [RSP + 0X10], RSI
• PUSH RDI
• SUB RSP, 0X20
• MOV RDI, R8
• MOV EBX, EDX
• MOV RSI, RCX
• CMP EDX, 1
• JNE 0X1021
• CALL 0X19DC
• MOV R8, RDI
• MOV EDX, EBX
• MOV RCX, RSI
• MOV RBX, QWORD PTR [RSP + 0X30]

Signatures

Rich Signature Analyzer:
Code -> B71D2C1BF37C4248F37C4248F37C424887FD47495A7C424887FD4649E57C424887FD4149F97C424874F54149F97C424874F54649FD7C424874F54749A67C424862F54749D47C424887FD4349F87C4248F37C4348587C424862F54B49F57C424862F54149F07C424862F54249F27C424862F5BD48F27C4248F37CD548F27C424862F54049F27C424852696368F37C4248
Footprint md5 Hash -> 77DC5785A7CB294ADAE93F10374DC72C
• The Rich header apparently has not been modified
Certificate - Digital Signature:
• The file is signed but has been modified

Duplicate Sections

Section .text duplicate 2 times

Packer/Compiler

Detect It Easy (die)
• PE+(64): compiler: Microsoft Visual C/C++(-)[-]
• PE+(64): linker: Microsoft Linker(14.44**)[-]
• PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7]
• Entropy: 6.78975

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryW	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.

ET Functions (carving)

Original Name -> WindowsDll.dll
Start

File Access

ADVAPI32.dll
SHLWAPI.dll
ntdll.dll
USER32.dll
KERNEL32.dll
WindowsDll.dll
.dat
@.dat
Temp

File Access (UNICODE)

AcroRd32.exe
ntdll.dll
mscoree.dll
kernel32.dll
shared_log.txt

Interest's Words

Encrypt
Decrypt
Encryption
exec
start
cipher
ping

URLs

http://s.symcb.com/pca3-g5.crl
http://s.symcd.com
http://sw.symcb.com/sw.crl
http://sw.symcd.com
http://sw1.symcb.com/sw.crt
http://s.symcb.com/universal-root.crl
http://ts-crl.ws.symantec.com/sha256-tss-ca.crl
http://ts-ocsp.ws.symantec.com
http://ts-aia.ws.symantec.com/sha256-tss-ca.cer
https://d.symcb.com/cps0%
https://d.symcb.com/rpa0)
https://d.symcb.com/rpa0+
https://d.symcb.com/rpa0.
https://d.symcb.com/rpa0@

IP Addresses

11.0.19.15

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (connect)
Text	Ascii	File (GetTempPath)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Encryption (CipherMode)
Text	Ascii	Encryption (Rijndael)
Text	Ascii	Encryption API (CryptAcquireContext)
Text	Ascii	Encryption API (CryptReleaseContext)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Stealth (NtWriteVirtualMemory)
Text	Ascii	Antivirus Software (Symantec)
Text	Ascii	Malicious code executed after exploiting a vulnerability (Payload)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\ICON\1\1033	CA310	EA8	CA310	2800000030000000600000000100080000000000000000000000000000000000000100000000000006067A008686CE004646	(...0....................................z.....FF
\ICON\2\1033	CB1D0	6C8	CB1D0	2800000018000000300000000100080000000000000000000000000000000000000100000000000006067E008282DE004646	(.......0.................................~.....FF
\MENU\109\1033	1014B0	4A	1014B0	0000000010002600460069006C00650000008000690045002600780069007400000090002600480065006C0070000000800068002600410062006F007500740020002E002E002E000000	......&.F.i.l.e.....i.E.&.x.i.t.....&.H.e.l.p.....h.&.A.b.o.u.t. .........
\DIALOG\103\1033	101510	14C	101510	0100FFFF0000000000000000C800C880040000000000AA003E0000000000410062006F00750074002000570069006E006400	........................>.....A.b.o.u.t. .W.i.n.d.
\STRING\7\1033	1019E0	58	1019E0	00000000000000000000000000000E00570069006E0064006F0077007300500072006F006A00650063007400000000000000000000000E00570049004E0044004F0057005300500052004F004A0045004300540000000000	................W.i.n.d.o.w.s.P.r.o.j.e.c.t.............W.I.N.D.O.W.S.P.R.O.J.E.C.T.....
\ACCELERATOR\109\1033	101500	10	101500	10003F006800000090002F0068000000	..?.h...../.h...
\RCDATA\RESOURCE\1033	CB8B0	35C00	CB8B0	D7E943077386A7335A7859BAB3657084BE2376E4ADAFF00381F33BAD9D68C4F28937966553CBA0E68F96AE46D35E24BC481B	..C.s..3ZxY..ep..v.......;..h...7.eS......F.$.H.
\GROUP_ICON\107\1033	CB1B8	14	CB1B8	0000010001003060000001000800A80E00000100	......0............
\GROUP_ICON\108\1033	CB898	14	CB898	0000010001001830000001000800C80600000200	.......0............
\VERSION\1\1033	101660	37C	101660	7C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000	\|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\2\1033	101A38	91	101A38	3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779	<?xml version='1.0' encoding='UTF-8' standalone='y

Intelligent String

• AcroRd32.exe
• 11.0.19.15
• D:\projects\enigma\cpp\LoaderCryptoPP.v2\CryptoPP\rijndael_simd.cpp
• D:\projects\enigma\cpp\LoaderCryptoPP.v2\CryptoPP\sha_simd.cpp
• D:\projects\enigma\cpp\LoaderCryptoPP.v2\CryptoPP\sse_simd.cpp
• D:\projects\enigma\cpp\LoaderCryptoPP.v2\CryptoPP\gf2n_simd.cppHY
• kernel32.dll
• mscoree.dll
• ntdll.dll
• shared_log.txt
• .tls
• .bss
• KERNEL32.dll
• ADVAPI32.dll

Flow Anomalies

Offset	RVA	Section	Description
6510	N/A	.text	CALL QWORD PTR [RIP+0x79B9A]
6520	N/A	.text	CALL QWORD PTR [RIP+0x79B7A]
6530	N/A	.text	CALL QWORD PTR [RIP+0x79B22]
65BF	N/A	.text	CALL QWORD PTR [RIP+0x79ADB]
11702	N/A	.text	CALL QWORD PTR [RIP+0x6E990]
30071	N/A	.text	CALL QWORD PTR [RIP+0x8EDC9]
30101	N/A	.text	CALL QWORD PTR [RIP+0x8ED39]
3983C	N/A	.text	CALL QWORD PTR [RIP+0x467BE]
39846	N/A	.text	CALL QWORD PTR [RIP+0x46814]
39869	N/A	.text	CALL QWORD PTR [RIP+0x46791]
3988E	N/A	.text	CALL QWORD PTR [RIP+0x4676C]
398BE	N/A	.text	CALL QWORD PTR [RIP+0x4689C]
399A5	N/A	.text	CALL QWORD PTR [RIP+0x466B5]
39D26	N/A	.text	JMP QWORD PTR [RIP+0x462E4]
39D54	N/A	.text	CALL QWORD PTR [RIP+0x462B6]
39DF0	N/A	.text	CALL QWORD PTR [RIP+0x46212]
39E24	N/A	.text	CALL QWORD PTR [RIP+0x46336]
39F98	N/A	.text	CALL QWORD PTR [RIP+0x4606A]
39FB3	N/A	.text	CALL QWORD PTR [RIP+0x46057]
4B1E5	N/A	.text	CALL QWORD PTR [RIP+0x34F7D]
4B20C	N/A	.text	CALL QWORD PTR [RIP+0x34E4E]
4B2F6	N/A	.text	CALL QWORD PTR [RIP+0x34E74]
4B300	N/A	.text	CALL QWORD PTR [RIP+0x34D5A]
4B7CE	N/A	.text	CALL QWORD PTR [RIP+0x34BCC]
4B9FF	N/A	.text	CALL QWORD PTR [RIP+0x3499B]
4BA18	N/A	.text	CALL QWORD PTR [RIP+0x34982]
4BA9B	N/A	.text	CALL QWORD PTR [RIP+0x348FF]
4BACD	N/A	.text	CALL QWORD PTR [RIP+0x348CD]
4BDEA	N/A	.text	CALL QWORD PTR [RIP+0x345B0]
4C08F	N/A	.text	CALL QWORD PTR [RIP+0x3430B]
4C406	N/A	.text	CALL QWORD PTR [RIP+0x33F94]
4C57E	N/A	.text	CALL QWORD PTR [RIP+0x33E1C]
4C689	N/A	.text	CALL QWORD PTR [RIP+0x33D11]
4C6A4	N/A	.text	CALL QWORD PTR [RIP+0x33CF6]
4C9A5	N/A	.text	CALL QWORD PTR [RIP+0x339F5]
4C9C9	N/A	.text	CALL QWORD PTR [RIP+0x339D1]
4CA1E	N/A	.text	CALL QWORD PTR [RIP+0x3397C]
4CA3A	N/A	.text	CALL QWORD PTR [RIP+0x33960]
4CBA3	N/A	.text	CALL QWORD PTR [RIP+0x337F7]
4CBBF	N/A	.text	CALL QWORD PTR [RIP+0x337DB]
4D1E5	N/A	.text	CALL QWORD PTR [RIP+0x32FA5]
4D21D	N/A	.text	CALL QWORD PTR [RIP+0x32F85]
4D23C	N/A	.text	CALL QWORD PTR [RIP+0x32F56]
4D25E	N/A	.text	CALL QWORD PTR [RIP+0x32F34]
4D29F	N/A	.text	CALL QWORD PTR [RIP+0x32EFB]
4D2B7	N/A	.text	CALL QWORD PTR [RIP+0x32EE3]
4D376	N/A	.text	CALL QWORD PTR [RIP+0x32E3C]
4D3AF	N/A	.text	CALL QWORD PTR [RIP+0x32DC3]
4D401	N/A	.text	JMP QWORD PTR [RIP+0x32DA9]
4D41A	N/A	.text	CALL QWORD PTR [RIP+0x32DB8]
4D44C	N/A	.text	CALL QWORD PTR [RIP+0x32C56]
4D45A	N/A	.text	CALL QWORD PTR [RIP+0x32C00]
4D4D9	N/A	.text	CALL QWORD PTR [RIP+0x32CA9]
4D52C	N/A	.text	CALL QWORD PTR [RIP+0x32C56]
4D53A	N/A	.text	CALL QWORD PTR [RIP+0x32B20]
4D574	N/A	.text	CALL QWORD PTR [RIP+0x32C0E]
4D582	N/A	.text	CALL QWORD PTR [RIP+0x32AD8]
4D66B	N/A	.text	CALL QWORD PTR [RIP+0x32D2F]
4D684	N/A	.text	CALL QWORD PTR [RIP+0x32D16]
4D6C0	N/A	.text	CALL QWORD PTR [RIP+0x32CDA]
4D903	N/A	.text	CALL QWORD PTR [RIP+0x32A97]
4D99D	N/A	.text	JMP QWORD PTR [RIP+0x32855]
4D9AD	N/A	.text	JMP QWORD PTR [RIP+0x3283D]
4D9B5	N/A	.text	JMP QWORD PTR [RIP+0x32825]
4D9BD	N/A	.text	JMP QWORD PTR [RIP+0x32825]
4D9D2	N/A	.text	CALL QWORD PTR [RIP+0x32828]
4DA76	N/A	.text	CALL QWORD PTR [RIP+0x3262C]
4DB11	N/A	.text	CALL QWORD PTR [RIP+0x32591]
4DB7A	N/A	.text	CALL QWORD PTR [RIP+0x32690]
4DBCD	N/A	.text	CALL QWORD PTR [RIP+0x3263D]
4DC7E	N/A	.text	CALL QWORD PTR [RIP+0x3258C]
4DCD8	N/A	.text	CALL QWORD PTR [RIP+0x324AA]
4DD85	N/A	.text	CALL QWORD PTR [RIP+0x3230D]
4DD98	N/A	.text	CALL QWORD PTR [RIP+0x322BA]
4DDAF	N/A	.text	CALL QWORD PTR [RIP+0x322A3]
4DDD4	N/A	.text	CALL QWORD PTR [RIP+0x325C6]
4DDE5	N/A	.text	JMP QWORD PTR [RIP+0x3242D]
4DF09	N/A	.text	CALL QWORD PTR [RIP+0x32491]
4E02C	N/A	.text	CALL QWORD PTR [RIP+0x3236E]
4E2D0	N/A	.text	JMP QWORD PTR [RIP+0x31F52]
4E51E	N/A	.text	CALL QWORD PTR [RIP+0x31E7C]
4E595	N/A	.text	CALL QWORD PTR [RIP+0x31E05]
4E5D4	N/A	.text	CALL QWORD PTR [RIP+0x31DC6]
4E748	N/A	.text	CALL QWORD PTR [RIP+0x31A4A]
4E75B	N/A	.text	CALL QWORD PTR [RIP+0x31A2F]
4E76E	N/A	.text	JMP QWORD PTR [RIP+0x31ABC]
4E784	N/A	.text	CALL QWORD PTR [RIP+0x31A0E]
4E7C4	N/A	.text	CALL QWORD PTR [RIP+0x319C6]
4E7D7	N/A	.text	JMP QWORD PTR [RIP+0x31A53]
4E7F0	N/A	.text	CALL QWORD PTR [RIP+0x319A2]
4E818	N/A	.text	CALL QWORD PTR [RIP+0x31A1A]
4E855	N/A	.text	JMP QWORD PTR [RIP+0x31935]
4EBDB	N/A	.text	CALL QWORD PTR [RIP+0x31667]
4EBE4	N/A	.text	CALL QWORD PTR [RIP+0x31656]
4EBEA	N/A	.text	CALL QWORD PTR [RIP+0x314C0]
4EBFE	N/A	.text	JMP QWORD PTR [RIP+0x3164C]
4EC12	N/A	.text	CALL QWORD PTR [RIP+0x31640]
4ECF9	N/A	.text	CALL QWORD PTR [RIP+0x31559]
4ED99	N/A	.text	CALL QWORD PTR [RIP+0x315D1]
4EDB1	N/A	.text	CALL QWORD PTR [RIP+0x315C1]
87899-87B9E	N/A	.rdata	Potential obfuscated jump sequence detected, count: 387
C2000	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x1000 .text + UnwindInfo: .rdata
C200C	49B0	.pdata	ExceptionHook \| Pointer to 49B0 - 0x49B0 .text + UnwindInfo: .rdata
C2018	49F0	.pdata	ExceptionHook \| Pointer to 49F0 - 0x49F0 .text + UnwindInfo: .rdata
C2024	4A20	.pdata	ExceptionHook \| Pointer to 4A20 - 0x4A20 .text + UnwindInfo: .rdata
C2030	4A50	.pdata	ExceptionHook \| Pointer to 4A50 - 0x4A50 .text + UnwindInfo: .rdata
C203C	4A80	.pdata	ExceptionHook \| Pointer to 4A80 - 0x4A80 .text + UnwindInfo: .rdata
C2048	4AB0	.pdata	ExceptionHook \| Pointer to 4AB0 - 0x4AB0 .text + UnwindInfo: .rdata
C2054	4AE0	.pdata	ExceptionHook \| Pointer to 4AE0 - 0x4AE0 .text + UnwindInfo: .rdata
C2060	4B10	.pdata	ExceptionHook \| Pointer to 4B10 - 0x4B10 .text + UnwindInfo: .rdata
C206C	4B40	.pdata	ExceptionHook \| Pointer to 4B40 - 0x4B40 .text + UnwindInfo: .rdata
C2078	4B70	.pdata	ExceptionHook \| Pointer to 4B70 - 0x4B70 .text + UnwindInfo: .rdata
C2084	4BD7	.pdata	ExceptionHook \| Pointer to 4BD7 - 0x4BD7 .text + UnwindInfo: .rdata
C2090	4CF9	.pdata	ExceptionHook \| Pointer to 4CF9 - 0x4CF9 .text + UnwindInfo: .rdata
C209C	4DD0	.pdata	ExceptionHook \| Pointer to 4DD0 - 0x4DD0 .text + UnwindInfo: .rdata
C20A8	4E50	.pdata	ExceptionHook \| Pointer to 4E50 - 0x4E50 .text + UnwindInfo: .rdata
C20B4	4ED0	.pdata	ExceptionHook \| Pointer to 4ED0 - 0x4ED0 .text + UnwindInfo: .rdata
C20C0	4F70	.pdata	ExceptionHook \| Pointer to 4F70 - 0x4F70 .text + UnwindInfo: .rdata
C20CC	4FE0	.pdata	ExceptionHook \| Pointer to 4FE0 - 0x4FE0 .text + UnwindInfo: .rdata
C20D8	5010	.pdata	ExceptionHook \| Pointer to 5010 - 0x5010 .text + UnwindInfo: .rdata
C20E4	5050	.pdata	ExceptionHook \| Pointer to 5050 - 0x5050 .text + UnwindInfo: .rdata
C20F0	5084	.pdata	ExceptionHook \| Pointer to 5084 - 0x5084 .text + UnwindInfo: .rdata
C20FC	50A4	.pdata	ExceptionHook \| Pointer to 50A4 - 0x50A4 .text + UnwindInfo: .rdata
C2108	50D4	.pdata	ExceptionHook \| Pointer to 50D4 - 0x50D4 .text + UnwindInfo: .rdata
C2114	516C	.pdata	ExceptionHook \| Pointer to 516C - 0x516C .text + UnwindInfo: .rdata
C2120	51B0	.pdata	ExceptionHook \| Pointer to 51B0 - 0x51B0 .text + UnwindInfo: .rdata
C212C	51E0	.pdata	ExceptionHook \| Pointer to 51E0 - 0x51E0 .text + UnwindInfo: .rdata
C2138	5240	.pdata	ExceptionHook \| Pointer to 5240 - 0x5240 .text + UnwindInfo: .rdata
C2144	53F0	.pdata	ExceptionHook \| Pointer to 53F0 - 0x53F0 .text + UnwindInfo: .rdata
C2150	5470	.pdata	ExceptionHook \| Pointer to 5470 - 0x5470 .text + UnwindInfo: .rdata
C215C	54F0	.pdata	ExceptionHook \| Pointer to 54F0 - 0x54F0 .text + UnwindInfo: .rdata
C2168	5510	.pdata	ExceptionHook \| Pointer to 5510 - 0x5510 .text + UnwindInfo: .rdata
C2174	5550	.pdata	ExceptionHook \| Pointer to 5550 - 0x5550 .text + UnwindInfo: .rdata
C2180	5590	.pdata	ExceptionHook \| Pointer to 5590 - 0x5590 .text + UnwindInfo: .rdata
C218C	55B0	.pdata	ExceptionHook \| Pointer to 55B0 - 0x55B0 .text + UnwindInfo: .rdata
C2198	5600	.pdata	ExceptionHook \| Pointer to 5600 - 0x5600 .text + UnwindInfo: .rdata
C21A4	5680	.pdata	ExceptionHook \| Pointer to 5680 - 0x5680 .text + UnwindInfo: .rdata
C21B0	5800	.pdata	ExceptionHook \| Pointer to 5800 - 0x5800 .text + UnwindInfo: .rdata
C21BC	5850	.pdata	ExceptionHook \| Pointer to 5850 - 0x5850 .text + UnwindInfo: .rdata
C21C8	58B0	.pdata	ExceptionHook \| Pointer to 58B0 - 0x58B0 .text + UnwindInfo: .rdata
C21D4	5910	.pdata	ExceptionHook \| Pointer to 5910 - 0x5910 .text + UnwindInfo: .rdata
C21E0	5990	.pdata	ExceptionHook \| Pointer to 5990 - 0x5990 .text + UnwindInfo: .rdata
C21EC	59F0	.pdata	ExceptionHook \| Pointer to 59F0 - 0x59F0 .text + UnwindInfo: .rdata
C21F8	5A10	.pdata	ExceptionHook \| Pointer to 5A10 - 0x5A10 .text + UnwindInfo: .rdata
C2204	5A50	.pdata	ExceptionHook \| Pointer to 5A50 - 0x5A50 .text + UnwindInfo: .rdata
C2210	5A80	.pdata	ExceptionHook \| Pointer to 5A80 - 0x5A80 .text + UnwindInfo: .rdata
C221C	5B00	.pdata	ExceptionHook \| Pointer to 5B00 - 0x5B00 .text + UnwindInfo: .rdata
C2228	5BD0	.pdata	ExceptionHook \| Pointer to 5BD0 - 0x5BD0 .text + UnwindInfo: .rdata
C2234	5C10	.pdata	ExceptionHook \| Pointer to 5C10 - 0x5C10 .text + UnwindInfo: .rdata
C2240	5DB0	.pdata	ExceptionHook \| Pointer to 5DB0 - 0x5DB0 .text + UnwindInfo: .rdata
C224C	5DC5	.pdata	ExceptionHook \| Pointer to 5DC5 - 0x5DC5 .text + UnwindInfo: .rdata
C2258	5DEA	.pdata	ExceptionHook \| Pointer to 5DEA - 0x5DEA .text + UnwindInfo: .rdata
C2264	5E10	.pdata	ExceptionHook \| Pointer to 5E10 - 0x5E10 .text + UnwindInfo: .rdata
C2270	5E25	.pdata	ExceptionHook \| Pointer to 5E25 - 0x5E25 .text + UnwindInfo: .rdata
C227C	5E4A	.pdata	ExceptionHook \| Pointer to 5E4A - 0x5E4A .text + UnwindInfo: .rdata
C2288	5E70	.pdata	ExceptionHook \| Pointer to 5E70 - 0x5E70 .text + UnwindInfo: .rdata
C2294	5E90	.pdata	ExceptionHook \| Pointer to 5E90 - 0x5E90 .text + UnwindInfo: .rdata
C22A0	5EB0	.pdata	ExceptionHook \| Pointer to 5EB0 - 0x5EB0 .text + UnwindInfo: .rdata
C22AC	5F20	.pdata	ExceptionHook \| Pointer to 5F20 - 0x5F20 .text + UnwindInfo: .rdata
C22B8	60C0	.pdata	ExceptionHook \| Pointer to 60C0 - 0x60C0 .text + UnwindInfo: .rdata
C22C4	6120	.pdata	ExceptionHook \| Pointer to 6120 - 0x6120 .text + UnwindInfo: .rdata
C22D0	6160	.pdata	ExceptionHook \| Pointer to 6160 - 0x6160 .text + UnwindInfo: .rdata
C22DC	6180	.pdata	ExceptionHook \| Pointer to 6180 - 0x6180 .text + UnwindInfo: .rdata
C22E8	6200	.pdata	ExceptionHook \| Pointer to 6200 - 0x6200 .text + UnwindInfo: .rdata
C22F4	64E0	.pdata	ExceptionHook \| Pointer to 64E0 - 0x64E0 .text + UnwindInfo: .rdata
C2300	6740	.pdata	ExceptionHook \| Pointer to 6740 - 0x6740 .text + UnwindInfo: .rdata
C230C	6880	.pdata	ExceptionHook \| Pointer to 6880 - 0x6880 .text + UnwindInfo: .rdata
C2318	68B0	.pdata	ExceptionHook \| Pointer to 68B0 - 0x68B0 .text + UnwindInfo: .rdata
C2324	68F0	.pdata	ExceptionHook \| Pointer to 68F0 - 0x68F0 .text + UnwindInfo: .rdata
C2330	690A	.pdata	ExceptionHook \| Pointer to 690A - 0x690A .text + UnwindInfo: .rdata
C233C	6946	.pdata	ExceptionHook \| Pointer to 6946 - 0x6946 .text + UnwindInfo: .rdata
C2348	6960	.pdata	ExceptionHook \| Pointer to 6960 - 0x6960 .text + UnwindInfo: .rdata
C2354	697B	.pdata	ExceptionHook \| Pointer to 697B - 0x697B .text + UnwindInfo: .rdata
C2360	69D4	.pdata	ExceptionHook \| Pointer to 69D4 - 0x69D4 .text + UnwindInfo: .rdata
C236C	69F0	.pdata	ExceptionHook \| Pointer to 69F0 - 0x69F0 .text + UnwindInfo: .rdata
C2378	6B70	.pdata	ExceptionHook \| Pointer to 6B70 - 0x6B70 .text + UnwindInfo: .rdata
C2384	6CC0	.pdata	ExceptionHook \| Pointer to 6CC0 - 0x6CC0 .text + UnwindInfo: .rdata
C2390	6CF0	.pdata	ExceptionHook \| Pointer to 6CF0 - 0x6CF0 .text + UnwindInfo: .rdata
C239C	6D24	.pdata	ExceptionHook \| Pointer to 6D24 - 0x6D24 .text + UnwindInfo: .rdata
C23A8	6D70	.pdata	ExceptionHook \| Pointer to 6D70 - 0x6D70 .text + UnwindInfo: .rdata
C23B4	6D80	.pdata	ExceptionHook \| Pointer to 6D80 - 0x6D80 .text + UnwindInfo: .rdata
C23C0	6DC0	.pdata	ExceptionHook \| Pointer to 6DC0 - 0x6DC0 .text + UnwindInfo: .rdata
C23CC	6EB0	.pdata	ExceptionHook \| Pointer to 6EB0 - 0x6EB0 .text + UnwindInfo: .rdata
C23D8	6ECC	.pdata	ExceptionHook \| Pointer to 6ECC - 0x6ECC .text + UnwindInfo: .rdata
C23E4	6EDE	.pdata	ExceptionHook \| Pointer to 6EDE - 0x6EDE .text + UnwindInfo: .rdata
C23F0	700C	.pdata	ExceptionHook \| Pointer to 700C - 0x700C .text + UnwindInfo: .rdata
C23FC	7011	.pdata	ExceptionHook \| Pointer to 7011 - 0x7011 .text + UnwindInfo: .rdata
C2408	701A	.pdata	ExceptionHook \| Pointer to 701A - 0x701A .text + UnwindInfo: .rdata
C2414	7040	.pdata	ExceptionHook \| Pointer to 7040 - 0x7040 .text + UnwindInfo: .rdata
C2420	7084	.pdata	ExceptionHook \| Pointer to 7084 - 0x7084 .text + UnwindInfo: .rdata
C242C	70A8	.pdata	ExceptionHook \| Pointer to 70A8 - 0x70A8 .text + UnwindInfo: .rdata
C2438	7101	.pdata	ExceptionHook \| Pointer to 7101 - 0x7101 .text + UnwindInfo: .rdata
C2444	716D	.pdata	ExceptionHook \| Pointer to 716D - 0x716D .text + UnwindInfo: .rdata
C2450	7186	.pdata	ExceptionHook \| Pointer to 7186 - 0x7186 .text + UnwindInfo: .rdata
C245C	71C0	.pdata	ExceptionHook \| Pointer to 71C0 - 0x71C0 .text + UnwindInfo: .rdata
C2468	7228	.pdata	ExceptionHook \| Pointer to 7228 - 0x7228 .text + UnwindInfo: .rdata
C2474	7280	.pdata	ExceptionHook \| Pointer to 7280 - 0x7280 .text + UnwindInfo: .rdata
C2480	7290	.pdata	ExceptionHook \| Pointer to 7290 - 0x7290 .text + UnwindInfo: .rdata
C248C	72D0	.pdata	ExceptionHook \| Pointer to 72D0 - 0x72D0 .text + UnwindInfo: .rdata
C2498	7390	.pdata	ExceptionHook \| Pointer to 7390 - 0x7390 .text + UnwindInfo: .rdata
C24A4	76E0	.pdata	ExceptionHook \| Pointer to 76E0 - 0x76E0 .text + UnwindInfo: .rdata
112000	N/A	Overlay	781C00000002020030821C6606092A864886F70D \| x.......0..f..*.H...

Extra Analysis

Metric	Value	Percentage
Ascii Code	665217	58,89%
Null Byte Code	204744	18,1255%
NOP Cave Found	0x9090909090	Block Count: 1 \| Total: 0,0002%

PREMIUM PESCAN.IO - Analysis Report