PESCAN.IO - Analysis Report

PREMIUM PESCAN.IO - Analysis Report

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Size: 994,50 KB
SHA-256 Hash: 82E1B88EED1FB8988BCB56488B941E3478CF7BF3D5A9C3A61E115735999F8876
SHA-1 Hash: 7D583E41DAE107ADFA225097186F2A1096470564
MD5 Hash: 1514C3F22BEB9DB61CA965AFE56F9F70
Imphash: 5119AA243BA31AA561BA123AC413A1C5
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 1000
SizeOfHeaders: 400
SizeOfImage: FF000
ImageBase: 0000000010000000
Architecture: x64
ExportTable: F4DC8
ImportTable: F4E42
IAT: F5210
Characteristics: 2022
TimeDateStamp: 69E89D12
Date: 22/04/2026 10:04:02
File Type: DLL
Number Of Sections: 7
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .buildid, .data, .pdata, .tls, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	400	72000	1000	71F06	6.6474	2424758.63
.rdata	0x40000040 Initialized Data Readable	72400	84600	73000	84534	5.7816	21500668.47
.buildid	0x40000040 Initialized Data Readable	F6A00	200	F8000	47	0.9815	105789
.data	0xC0000040 Initialized Data Readable Writeable	F6C00	400	F9000	1300	0.8482	215819
.pdata	0x40000040 Initialized Data Readable	F7000	1400	FB000	126C	5.4183	151572.4
.tls	0xC0000040 Initialized Data Readable Writeable	F8400	200	FD000	10	0	130560
.reloc	0x42000040 Initialized Data GP-Relative Readable	F8600	400	FE000	2E4	4.4596	31383.5

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 400
Code -> B801000000C3662E0F1F8400000000005657534883EC404889D64889CFE85E000000A8017550488D442438488D1DCE480700

Assembler

|MOV EAX, 1

|RET

|NOP WORD PTR CS:[RAX + RAX]

|PUSH RSI

|PUSH RDI

|PUSH RBX

|SUB RSP, 0X40

|MOV RSI, RDX

|MOV RDI, RCX

|CALL 0X1080

|TEST AL, 1

|JNE 0X1076

|LEA RAX, [RSP + 0X38]

|LEA RBX, [RIP + 0X748CE]

Signatures

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Compiler: Microsoft Visual Studio
Detect It Easy (die)
• PE+(64): linker: Microsoft Linker(14.0)[-]
• Entropy: 6.41153

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	VirtualAlloc	Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.

Windows REG

SOFTWARE\Microsoft\Windows\CurrentVersion\App Pa
SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\[System.Security.Principal.WindowsIdentity]::GetCurrent().User.V--------------------------------
SOFTWARE\Microsoft\Windows NT\CuSecure Preferenc-

File Access

node.exe
cmd.exe
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
ntdll.dll
api-ms-win-crt-runtime-l1-1-0.dll
ADVAPI32.dll
KERNEL32.dll
ext_sideloader.dll
@.dat
Temp
RootDir
AppData

File Access (UNICODE)

cmd.exe
~,.EXE

Interest's Words

Virus
taskkill
Encrypt
Encryption
exec
taskkill
attrib
start

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	Unicode escape - \u00 - (Common Unicode escape sequences)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Stealth (VirtualAlloc)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Execution (CreateProcessW)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Intelligent String

• @.tls
• C:\Windows\Syste
• \u003C
• {s}\{s}\resources.pak{s}\resources.pak
• .EXE
• \\.\pipe\zig-childprocess-{d}-{d}
• cmd.exe
• NNNext_sideloader.dll
• ext_sideloader.pdb

Flow Anomalies

Offset	RVA	Section	Description
25DFD	N/A	.text	JMP QWORD PTR [RIP+0xB841000D]
533F3	N/A	.text	CALL QWORD PTR [RIP+0xA1327]
53457	N/A	.text	CALL QWORD PTR [RIP+0xA12BB]
534B3	N/A	.text	CALL QWORD PTR [RIP+0xA11DF]
66224	N/A	.text	CALL QWORD PTR [RIP+0xF0777C3]
66322	N/A	.text	CALL QWORD PTR [RIP+0xF0D77C3]
7176E	N/A	.text	CALL QWORD PTR [RIP+0x82F0C]
71789	N/A	.text	CALL QWORD PTR [RIP+0x82F41]
717B7	N/A	.text	CALL QWORD PTR [RIP+0x82EC3]
71819	N/A	.text	CALL QWORD PTR [RIP+0x82EB1]
71868	N/A	.text	CALL QWORD PTR [RIP+0x82E12]
718D9	N/A	.text	CALL QWORD PTR [RIP+0x82DA1]
71937	N/A	.text	CALL QWORD PTR [RIP+0x82D83]
71950	N/A	.text	CALL QWORD PTR [RIP+0x82D7A]
7195F	N/A	.text	CALL QWORD PTR [RIP+0x82D6B]
719AD	N/A	.text	CALL QWORD PTR [RIP+0x82CC5]
71DE0	N/A	.text	JMP QWORD PTR [RIP+0x8282A]
71DF0	N/A	.text	JMP QWORD PTR [RIP+0x8283A]
71E00	N/A	.text	JMP QWORD PTR [RIP+0x82832]
71E10	N/A	.text	JMP QWORD PTR [RIP+0x8280A]
71E20	N/A	.text	JMP QWORD PTR [RIP+0x827F2]
71E30	N/A	.text	JMP QWORD PTR [RIP+0x827F2]
71E40	N/A	.text	JMP QWORD PTR [RIP+0x82802]
71E50	N/A	.text	JMP QWORD PTR [RIP+0x827FA]
71E60	N/A	.text	JMP QWORD PTR [RIP+0x827F2]
71E70	N/A	.text	JMP QWORD PTR [RIP+0x827EA]
71E80	N/A	.text	JMP QWORD PTR [RIP+0x827E2]
71E90	N/A	.text	JMP QWORD PTR [RIP+0x827DA]
71EA0	N/A	.text	JMP QWORD PTR [RIP+0x827E2]
71EB0	N/A	.text	JMP QWORD PTR [RIP+0x827DA]
71EC0	N/A	.text	JMP QWORD PTR [RIP+0x827D2]
71ED0	N/A	.text	JMP QWORD PTR [RIP+0x827CA]
71EE0	N/A	.text	JMP QWORD PTR [RIP+0x827C2]
71EF0	N/A	.text	JMP QWORD PTR [RIP+0x827BA]
71F00	N/A	.text	JMP QWORD PTR [RIP+0x827B2]
71F10	N/A	.text	JMP QWORD PTR [RIP+0x827B2]
71F20	N/A	.text	JMP QWORD PTR [RIP+0x827B2]
71F30	N/A	.text	JMP QWORD PTR [RIP+0x827AA]
71F40	N/A	.text	JMP QWORD PTR [RIP+0x827A2]
71F50	N/A	.text	JMP QWORD PTR [RIP+0x8279A]
71F60	N/A	.text	JMP QWORD PTR [RIP+0x82792]
71F70	N/A	.text	JMP QWORD PTR [RIP+0x82792]
71F80	N/A	.text	JMP QWORD PTR [RIP+0x8278A]
71F90	N/A	.text	JMP QWORD PTR [RIP+0x82792]
71FA0	N/A	.text	JMP QWORD PTR [RIP+0x8278A]
71FB0	N/A	.text	JMP QWORD PTR [RIP+0x82782]
71FC0	N/A	.text	JMP QWORD PTR [RIP+0x82782]
71FD0	N/A	.text	JMP QWORD PTR [RIP+0x8277A]
71FE0	N/A	.text	JMP QWORD PTR [RIP+0x82772]
71FF0	N/A	.text	JMP QWORD PTR [RIP+0x827AA]
72000	N/A	.text	JMP QWORD PTR [RIP+0x827B2]
72010	N/A	.text	JMP QWORD PTR [RIP+0x827B2]
72020	N/A	.text	JMP QWORD PTR [RIP+0x827AA]
72030	N/A	.text	JMP QWORD PTR [RIP+0x827AA]
72040	N/A	.text	JMP QWORD PTR [RIP+0x827AA]
72050	N/A	.text	JMP QWORD PTR [RIP+0x827A2]
72060	N/A	.text	JMP QWORD PTR [RIP+0x8279A]
72070	N/A	.text	JMP QWORD PTR [RIP+0x82792]
72080	N/A	.text	JMP QWORD PTR [RIP+0x8278A]
72090	N/A	.text	JMP QWORD PTR [RIP+0x82782]
720A0	N/A	.text	JMP QWORD PTR [RIP+0x8277A]
720B0	N/A	.text	JMP QWORD PTR [RIP+0x82772]
720C0	N/A	.text	JMP QWORD PTR [RIP+0x8276A]
720D0	N/A	.text	JMP QWORD PTR [RIP+0x82762]
720E0	N/A	.text	JMP QWORD PTR [RIP+0x8275A]
720F0	N/A	.text	JMP QWORD PTR [RIP+0x82752]
72100	N/A	.text	JMP QWORD PTR [RIP+0x8274A]
72110	N/A	.text	JMP QWORD PTR [RIP+0x82602]
72120	N/A	.text	JMP QWORD PTR [RIP+0x825FA]
72130	N/A	.text	JMP QWORD PTR [RIP+0x8272A]
72140	N/A	.text	JMP QWORD PTR [RIP+0x82732]
72150	N/A	.text	JMP QWORD PTR [RIP+0x82682]
72160	N/A	.text	JMP QWORD PTR [RIP+0x8264A]
72170	N/A	.text	JMP QWORD PTR [RIP+0x8260A]
72180	N/A	.text	JMP QWORD PTR [RIP+0x825E2]
72190	N/A	.text	JMP QWORD PTR [RIP+0x825DA]
721A0	N/A	.text	JMP QWORD PTR [RIP+0x826E2]
721B0	N/A	.text	JMP QWORD PTR [RIP+0x826EA]
721C0	N/A	.text	JMP QWORD PTR [RIP+0x825FA]
721D0	N/A	.text	JMP QWORD PTR [RIP+0x825B2]
721E0	N/A	.text	JMP QWORD PTR [RIP+0x82592]
721F0	N/A	.text	JMP QWORD PTR [RIP+0x8269A]
72200	N/A	.text	JMP QWORD PTR [RIP+0x82592]
72210	N/A	.text	JMP QWORD PTR [RIP+0x8257A]
72220	N/A	.text	JMP QWORD PTR [RIP+0x82582]
72230	N/A	.text	JMP QWORD PTR [RIP+0x8269A]
72240	N/A	.text	JMP QWORD PTR [RIP+0x82682]
72250	N/A	.text	JMP QWORD PTR [RIP+0x8266A]
72260	N/A	.text	JMP QWORD PTR [RIP+0x8260A]
72270	N/A	.text	JMP QWORD PTR [RIP+0x82632]
72280	N/A	.text	JMP QWORD PTR [RIP+0x823FA]
72290	N/A	.text	JMP QWORD PTR [RIP+0x8243A]
722A0	N/A	.text	JMP QWORD PTR [RIP+0x8260A]
722B0	N/A	.text	JMP QWORD PTR [RIP+0x8244A]
722C0	N/A	.text	JMP QWORD PTR [RIP+0x823FA]
722D0	N/A	.text	JMP QWORD PTR [RIP+0x823A2]
722E0	N/A	.text	JMP QWORD PTR [RIP+0x82602]
722F0	N/A	.text	JMP QWORD PTR [RIP+0x825FA]
72300	N/A	.text	JMP QWORD PTR [RIP+0x82562]
735D7	N/A	.rdata	JMP QWORD PTR [RIP+0x64FFFC3E]
72306-723FF	N/A	.text	Unusual BP Cave, count: 250
F4190	53B90	.rdata	TLS Callback \| Pointer to 10053B90 - 0x52F90 .text
F4198	53C10	.rdata	TLS Callback \| Pointer to 10053C10 - 0x53010 .text
F7000	1010	.pdata	ExceptionHook \| Pointer to 1010 - 0x410 .text + UnwindInfo: .rdata
F700C	1080	.pdata	ExceptionHook \| Pointer to 1080 - 0x480 .text + UnwindInfo: .rdata
F7018	11C0	.pdata	ExceptionHook \| Pointer to 11C0 - 0x5C0 .text + UnwindInfo: .rdata
F7024	11D0	.pdata	ExceptionHook \| Pointer to 11D0 - 0x5D0 .text + UnwindInfo: .rdata
F7030	53B0	.pdata	ExceptionHook \| Pointer to 53B0 - 0x47B0 .text + UnwindInfo: .rdata
F703C	56D0	.pdata	ExceptionHook \| Pointer to 56D0 - 0x4AD0 .text + UnwindInfo: .rdata
F7048	5750	.pdata	ExceptionHook \| Pointer to 5750 - 0x4B50 .text + UnwindInfo: .rdata
F7054	59F0	.pdata	ExceptionHook \| Pointer to 59F0 - 0x4DF0 .text + UnwindInfo: .rdata
F7060	5B40	.pdata	ExceptionHook \| Pointer to 5B40 - 0x4F40 .text + UnwindInfo: .rdata
F706C	5E10	.pdata	ExceptionHook \| Pointer to 5E10 - 0x5210 .text + UnwindInfo: .rdata
F7078	5FC0	.pdata	ExceptionHook \| Pointer to 5FC0 - 0x53C0 .text + UnwindInfo: .rdata
F7084	6010	.pdata	ExceptionHook \| Pointer to 6010 - 0x5410 .text + UnwindInfo: .rdata
F7090	6140	.pdata	ExceptionHook \| Pointer to 6140 - 0x5540 .text + UnwindInfo: .rdata
F709C	61E0	.pdata	ExceptionHook \| Pointer to 61E0 - 0x55E0 .text + UnwindInfo: .rdata
F70A8	6290	.pdata	ExceptionHook \| Pointer to 6290 - 0x5690 .text + UnwindInfo: .rdata
F70B4	AC90	.pdata	ExceptionHook \| Pointer to AC90 - 0xA090 .text + UnwindInfo: .rdata
F70C0	AFD0	.pdata	ExceptionHook \| Pointer to AFD0 - 0xA3D0 .text + UnwindInfo: .rdata
F70CC	B3A0	.pdata	ExceptionHook \| Pointer to B3A0 - 0xA7A0 .text + UnwindInfo: .rdata
F70D8	B850	.pdata	ExceptionHook \| Pointer to B850 - 0xAC50 .text + UnwindInfo: .rdata
F70E4	BA50	.pdata	ExceptionHook \| Pointer to BA50 - 0xAE50 .text + UnwindInfo: .rdata
F70F0	BB80	.pdata	ExceptionHook \| Pointer to BB80 - 0xAF80 .text + UnwindInfo: .rdata
F70FC	BE90	.pdata	ExceptionHook \| Pointer to BE90 - 0xB290 .text + UnwindInfo: .rdata
F7108	C3A0	.pdata	ExceptionHook \| Pointer to C3A0 - 0xB7A0 .text + UnwindInfo: .rdata
F7114	C630	.pdata	ExceptionHook \| Pointer to C630 - 0xBA30 .text + UnwindInfo: .rdata
F7120	C7E0	.pdata	ExceptionHook \| Pointer to C7E0 - 0xBBE0 .text + UnwindInfo: .rdata
F712C	CB10	.pdata	ExceptionHook \| Pointer to CB10 - 0xBF10 .text + UnwindInfo: .rdata
F7138	CE30	.pdata	ExceptionHook \| Pointer to CE30 - 0xC230 .text + UnwindInfo: .rdata
F7144	CF90	.pdata	ExceptionHook \| Pointer to CF90 - 0xC390 .text + UnwindInfo: .rdata
F7150	D070	.pdata	ExceptionHook \| Pointer to D070 - 0xC470 .text + UnwindInfo: .rdata
F715C	D0A0	.pdata	ExceptionHook \| Pointer to D0A0 - 0xC4A0 .text + UnwindInfo: .rdata
F7168	D420	.pdata	ExceptionHook \| Pointer to D420 - 0xC820 .text + UnwindInfo: .rdata
F7174	E9A0	.pdata	ExceptionHook \| Pointer to E9A0 - 0xDDA0 .text + UnwindInfo: .rdata
F7180	FB70	.pdata	ExceptionHook \| Pointer to FB70 - 0xEF70 .text + UnwindInfo: .rdata
F718C	10330	.pdata	ExceptionHook \| Pointer to 10330 - 0xF730 .text + UnwindInfo: .rdata
F7198	10460	.pdata	ExceptionHook \| Pointer to 10460 - 0xF860 .text + UnwindInfo: .rdata
F71A4	105E0	.pdata	ExceptionHook \| Pointer to 105E0 - 0xF9E0 .text + UnwindInfo: .rdata
F71B0	10A10	.pdata	ExceptionHook \| Pointer to 10A10 - 0xFE10 .text + UnwindInfo: .rdata
F71BC	10BB0	.pdata	ExceptionHook \| Pointer to 10BB0 - 0xFFB0 .text + UnwindInfo: .rdata
F71C8	10D30	.pdata	ExceptionHook \| Pointer to 10D30 - 0x10130 .text + UnwindInfo: .rdata
F71D4	10EE0	.pdata	ExceptionHook \| Pointer to 10EE0 - 0x102E0 .text + UnwindInfo: .rdata
F71E0	11040	.pdata	ExceptionHook \| Pointer to 11040 - 0x10440 .text + UnwindInfo: .rdata
F71EC	117C0	.pdata	ExceptionHook \| Pointer to 117C0 - 0x10BC0 .text + UnwindInfo: .rdata
F71F8	138C0	.pdata	ExceptionHook \| Pointer to 138C0 - 0x12CC0 .text + UnwindInfo: .rdata
F7204	13D10	.pdata	ExceptionHook \| Pointer to 13D10 - 0x13110 .text + UnwindInfo: .rdata
F7210	13FD0	.pdata	ExceptionHook \| Pointer to 13FD0 - 0x133D0 .text + UnwindInfo: .rdata
F721C	14280	.pdata	ExceptionHook \| Pointer to 14280 - 0x13680 .text + UnwindInfo: .rdata
F7228	14450	.pdata	ExceptionHook \| Pointer to 14450 - 0x13850 .text + UnwindInfo: .rdata
F7234	145D0	.pdata	ExceptionHook \| Pointer to 145D0 - 0x139D0 .text + UnwindInfo: .rdata
F7240	14650	.pdata	ExceptionHook \| Pointer to 14650 - 0x13A50 .text + UnwindInfo: .rdata
F724C	14B00	.pdata	ExceptionHook \| Pointer to 14B00 - 0x13F00 .text + UnwindInfo: .rdata
F7258	16E80	.pdata	ExceptionHook \| Pointer to 16E80 - 0x16280 .text + UnwindInfo: .rdata
F7264	186B0	.pdata	ExceptionHook \| Pointer to 186B0 - 0x17AB0 .text + UnwindInfo: .rdata
F7270	187A0	.pdata	ExceptionHook \| Pointer to 187A0 - 0x17BA0 .text + UnwindInfo: .rdata
F727C	18820	.pdata	ExceptionHook \| Pointer to 18820 - 0x17C20 .text + UnwindInfo: .rdata
F7288	18980	.pdata	ExceptionHook \| Pointer to 18980 - 0x17D80 .text + UnwindInfo: .rdata
F7294	18D00	.pdata	ExceptionHook \| Pointer to 18D00 - 0x18100 .text + UnwindInfo: .rdata
F72A0	19080	.pdata	ExceptionHook \| Pointer to 19080 - 0x18480 .text + UnwindInfo: .rdata
F72AC	19E50	.pdata	ExceptionHook \| Pointer to 19E50 - 0x19250 .text + UnwindInfo: .rdata
F72B8	1A110	.pdata	ExceptionHook \| Pointer to 1A110 - 0x19510 .text + UnwindInfo: .rdata
F72C4	1A2E0	.pdata	ExceptionHook \| Pointer to 1A2E0 - 0x196E0 .text + UnwindInfo: .rdata
F72D0	1A570	.pdata	ExceptionHook \| Pointer to 1A570 - 0x19970 .text + UnwindInfo: .rdata
F72DC	1B860	.pdata	ExceptionHook \| Pointer to 1B860 - 0x1AC60 .text + UnwindInfo: .rdata
F72E8	1C020	.pdata	ExceptionHook \| Pointer to 1C020 - 0x1B420 .text + UnwindInfo: .rdata
F72F4	1C0D0	.pdata	ExceptionHook \| Pointer to 1C0D0 - 0x1B4D0 .text + UnwindInfo: .rdata
F7300	1CB60	.pdata	ExceptionHook \| Pointer to 1CB60 - 0x1BF60 .text + UnwindInfo: .rdata
F730C	1CC90	.pdata	ExceptionHook \| Pointer to 1CC90 - 0x1C090 .text + UnwindInfo: .rdata
F7318	1CE90	.pdata	ExceptionHook \| Pointer to 1CE90 - 0x1C290 .text + UnwindInfo: .rdata
F7324	1CED0	.pdata	ExceptionHook \| Pointer to 1CED0 - 0x1C2D0 .text + UnwindInfo: .rdata
F7330	1D350	.pdata	ExceptionHook \| Pointer to 1D350 - 0x1C750 .text + UnwindInfo: .rdata
F733C	1E070	.pdata	ExceptionHook \| Pointer to 1E070 - 0x1D470 .text + UnwindInfo: .rdata
F7348	1E510	.pdata	ExceptionHook \| Pointer to 1E510 - 0x1D910 .text + UnwindInfo: .rdata
F7354	1E9D0	.pdata	ExceptionHook \| Pointer to 1E9D0 - 0x1DDD0 .text + UnwindInfo: .rdata
F7360	21220	.pdata	ExceptionHook \| Pointer to 21220 - 0x20620 .text + UnwindInfo: .rdata
F736C	21370	.pdata	ExceptionHook \| Pointer to 21370 - 0x20770 .text + UnwindInfo: .rdata
F7378	21B10	.pdata	ExceptionHook \| Pointer to 21B10 - 0x20F10 .text + UnwindInfo: .rdata
F7384	21D10	.pdata	ExceptionHook \| Pointer to 21D10 - 0x21110 .text + UnwindInfo: .rdata
F7390	21D90	.pdata	ExceptionHook \| Pointer to 21D90 - 0x21190 .text + UnwindInfo: .rdata
F739C	222E0	.pdata	ExceptionHook \| Pointer to 222E0 - 0x216E0 .text + UnwindInfo: .rdata
F73A8	29940	.pdata	ExceptionHook \| Pointer to 29940 - 0x28D40 .text + UnwindInfo: .rdata
F73B4	29F30	.pdata	ExceptionHook \| Pointer to 29F30 - 0x29330 .text + UnwindInfo: .rdata
F73C0	2A090	.pdata	ExceptionHook \| Pointer to 2A090 - 0x29490 .text + UnwindInfo: .rdata
F73CC	2A370	.pdata	ExceptionHook \| Pointer to 2A370 - 0x29770 .text + UnwindInfo: .rdata
F73D8	2A3B0	.pdata	ExceptionHook \| Pointer to 2A3B0 - 0x297B0 .text + UnwindInfo: .rdata
F73E4	2A430	.pdata	ExceptionHook \| Pointer to 2A430 - 0x29830 .text + UnwindInfo: .rdata
F73F0	2A570	.pdata	ExceptionHook \| Pointer to 2A570 - 0x29970 .text + UnwindInfo: .rdata
F73FC	2A740	.pdata	ExceptionHook \| Pointer to 2A740 - 0x29B40 .text + UnwindInfo: .rdata
F7408	2AD90	.pdata	ExceptionHook \| Pointer to 2AD90 - 0x2A190 .text + UnwindInfo: .rdata
F7414	2B000	.pdata	ExceptionHook \| Pointer to 2B000 - 0x2A400 .text + UnwindInfo: .rdata
F7420	2B260	.pdata	ExceptionHook \| Pointer to 2B260 - 0x2A660 .text + UnwindInfo: .rdata
F742C	2B340	.pdata	ExceptionHook \| Pointer to 2B340 - 0x2A740 .text + UnwindInfo: .rdata
F7438	2B420	.pdata	ExceptionHook \| Pointer to 2B420 - 0x2A820 .text + UnwindInfo: .rdata
F7444	2B700	.pdata	ExceptionHook \| Pointer to 2B700 - 0x2AB00 .text + UnwindInfo: .rdata
F7450	2B7F0	.pdata	ExceptionHook \| Pointer to 2B7F0 - 0x2ABF0 .text + UnwindInfo: .rdata
F745C	2BA40	.pdata	ExceptionHook \| Pointer to 2BA40 - 0x2AE40 .text + UnwindInfo: .rdata
F7468	2BC30	.pdata	ExceptionHook \| Pointer to 2BC30 - 0x2B030 .text + UnwindInfo: .rdata
F7474	2C490	.pdata	ExceptionHook \| Pointer to 2C490 - 0x2B890 .text + UnwindInfo: .rdata
F7480	2C700	.pdata	ExceptionHook \| Pointer to 2C700 - 0x2BB00 .text + UnwindInfo: .rdata
F748C	2C7B0	.pdata	ExceptionHook \| Pointer to 2C7B0 - 0x2BBB0 .text + UnwindInfo: .rdata
F7498	2C8C0	.pdata	ExceptionHook \| Pointer to 2C8C0 - 0x2BCC0 .text + UnwindInfo: .rdata
F74A4	2CA60	.pdata	ExceptionHook \| Pointer to 2CA60 - 0x2BE60 .text + UnwindInfo: .rdata

Extra Analysis

Metric	Value	Percentage
Ascii Code	534490	52,485%
Null Byte Code	272935	26,8012%

PREMIUM PESCAN.IO - Analysis Report