PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Icon: Icon
Size: 190,73 KB
SHA-256 Hash: B300196F5B3DF9BDD31383A83CCB08E390734A28925032CB0A6534FFA58BA4F2
SHA-1 Hash: 79D60F0CEDD48DFB4E329134068DA9402893C06B
MD5 Hash: 1A38EE01C089F475A3F03F67CD93F0F4
Imphash: 7E5C503E9ED7223C803B4DBDEE238C25
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 0003911A
EntryPoint (rva): 165FC
SizeOfHeaders: 400
SizeOfImage: 2E000
ImageBase: 0000000140000000
Architecture: x64
ExportTable: 21660
ImportTable: 22288
IAT: 1B000
Characteristics: 22
TimeDateStamp: 6925E4C7
Date: 25/11/2025 17:17:59
File Type: EXE
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60000020 (Code, Executable, Readable) 400 19600 1000 1943C6,1699964270,30
.rdata 40000040 (Initialized Data, Readable) 19A00 9000 1B000 8F7A5,35631085259,13
.data C0000040 (Initialized Data, Readable, Writeable) 22A00 1000 24000 17882,4082512627,25
.pdata 40000040 (Initialized Data, Readable) 23A00 1A00 26000 19B05,0493248635,31
.rsrc 40000040 (Initialized Data, Readable) 25400 5000 28000 4EE82,70191999455,93
.reloc 42000040 (Initialized Data, GP-Relative, Readable) 2A400 400 2D000 2643,935051468,50
Description
OriginalFilename: anker-studio.exe
CompanyName: Anker Research
LegalCopyright: Copyright ? 2016-2023 Anker Research, ? 2011-2018 Alessandro Ranellucci
ProductName: eufyMake Studio
FileVersion: eufyMake Studio-2.3.0.7
FileDescription: eufyMake Studio
ProductVersion: eufyMake Studio-2.3.0.7
Language: English (United States) (ID=0x409)
CodePage: Western European (Windows 1252) (0x4E4)
Binder/Joiner/Crypter
Dropper code detected (EOF) - 6,73 KB
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 159FC
Code -> 4883EC28E8DF0500004883C428E97AFEFFFFCCCCC20000CC4883611000488D053073000048894108488D052D590000488901
SUB RSP, 0X28
CALL 0X15E8
ADD RSP, 0X28
JMP 0XE8C
INT3
INT3
RET 0
INT3
AND QWORD PTR [RCX + 0X10], 0
LEA RAX, [RIP + 0X7330]
MOV QWORD PTR [RCX + 8], RAX
LEA RAX, [RIP + 0X592D]
MOV QWORD PTR [RCX], RAX
Signatures
Rich Signature Analyzer:
Code -> 6A7E75722E1F1B212E1F1B212E1F1B21276788213E1F1B217C6A1F20241F1B217C6A18202D1F1B217C6A1E200E1F1B217C6A1A20281F1B213A741F202F1F1B213A741A203A1F1B21E66A1A202D1F1B212E1F1A21FF1F1B21EC6A1E202C1F1B21EC6A1B202F1F1B21EC6AE4212F1F1B21EC6A19202F1F1B21526963682E1F1B21
Footprint md5 Hash -> 7BD927251156AAA1E1798399D0576E9E
• The Rich header apparently has not been modified
Certificate - Digital Signature:
• The file is signed and the signature is correct
Packer/Compiler
Compiler: Microsoft Visual Studio
Detect It Easy (die)
PE+(64): compiler: Microsoft Visual C/C++(-)[-]
PE+(64): linker: Microsoft Linker(14.29**)[-]
PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7]
Entropy: 6.18662
Suspicious Functions
Library Function Description
KERNEL32.DLL LoadLibraryW Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
Windows REG (UNICODE)
SOFTWARE\Microsoft\Cryptography
File Access
eufymake studio.exe
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
VCRUNTIME140_1.dll
VCRUNTIME140.dll
IPHLPAPI.DLL
WS2_32.dll
VERSION.dll
MSVCP140.dll
ADVAPI32.dll
SHELL32.dll
GDI32.dll
USER32.dll
KERNEL32.dll
sentry.dll
eufyStudio.dll
Failed loading the system opengl32.dll
.dat
@.dat
\2dmode.ini
AnkerMake StudioGcodeViewer.ini
AnkerMake Studio_23.ini
CommonConfig.ini
Temp
File Access (UNICODE)
anker-studio.exe
anker - gcodeviewer.exe
eufymake studio-console.exe
eufymake studio.exe
crashpad_handler.exe
AnkerPlugin.dll
eufyStudio.dll
mesa\opengl32.dll
opengl32.dll
Interest's Words
exec
start
pause
shutdown
ping
URLs
http://schemas.microsoft.com/SMI/2017/WindowsSettings
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://schemas.microsoft.com/SMI/2016/WindowsSettings
http://ocsp.digicert.com
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
http://crl3.digicert.com/DigiCertTrustedRootG4.crl
http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt
http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl
http://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
https://d7p3a6aivdrwg.cloudfront.net/anker_general/public/agreement/2024/12/13/terms_of_use_jp.html
https://d7p3a6aivdrwg.cloudfront.net/anker_general/public/agreement/2024/12/13/terms_of_use_en.html
https://d7p3a6aivdrwg.cloudfront.net/anker_general/public/agreement/2024/12/13/privacy_notice_en.html
https://d7p3a6aivdrwg.cloudfront.net/anker_general/public/agreement/2024/12/13/privacy_notice_jp.html
https://public-make-moat-us.s3.us-east-2.amazonaws.com/eufymake/static-page/jetclean-page/index.html
https://www.ankermake.com/
https://support.ankermake.com/s/
https://support.ankermake.com/
https://support.ankermake.com/s/article/How-to-Fix-WiFi-Connection-Issue
https://support.ankermake.com/s/article/Ankermake-Studio-Guide-for-printercontent6
https://make-app.ankermake.com/v1/slicer/get_net
https://make-app-eu.ankermake.com/v1/slicer/get_net
https://make-app-us-qa.eufylife.com/v1/slicer/get_net
https://community.ankermake.com/
https://makeitreal-beta.eufymake.com/
https://mulpass.ankermake.com/?app=ankermake&tab=register
https://playground-qa-ex.mkitreal.com/
https://makeitreal-beta2.eufymake.com/
https://playground-ci-beta.mkitreal.com/
https://makeitreal.ankermake.com/
https://playground-3d-qa.mkitreal.com
https://playground-3d-ci.mkitreal.com
https://passport.ankermake.com/privacy-request?app=ankermake-us
https://github.com/ankermake/AnkerMake-PrusaSlicer-Release/releases
https://d7p3a6aivdrwg.cloudfront.net/anker_general/public/agreement/2024/12/13/
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Registry (RegOpenKeyEx)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Resources
Path DataRVA Size FileOffset CodeText
\ICON\1\1033 284B8 4228 258B8 2800000040000000800000000100200000000000000000000000000000000000000000000000000000000000000000000000(...@......... ...................................
\GROUP_ICON\2\1033 2C6E0 14 29AE0 0000010001004040000001002000284200000100......@@.... .(B....
\VERSION\1\1033 28130 388 25530 880334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000300..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\1033 2C6F8 7EA 29AF8 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279<?xml version="1.0" encoding="UTF-8" standalone="y
Intelligent String
• :060U00Uq]dL.g?O0U0E1-Q!m0U0y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0EU>0<0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0U
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-runtime-l1-1-0.dll
• dump
• opengl32.dll
• crashpad_handler.exe
• mesa\opengl32.dll
• eufyStudio.dll
• https://d7p3a6aivdrwg.cloudfront.net/anker_general/public/agreement/2024/12/13/terms_of_use_jp.html
• https://d7p3a6aivdrwg.cloudfront.net/anker_general/public/agreement/2024/12/13/terms_of_use_en.html
• https://d7p3a6aivdrwg.cloudfront.net/anker_general/public/agreement/2024/12/13/privacy_notice_en.html
• https://d7p3a6aivdrwg.cloudfront.net/anker_general/public/agreement/2024/12/13/privacy_notice_jp.html
• https://public-make-moat-us.s3.us-east-2.amazonaws.com/eufymake/static-page/jetclean-page/index.html
• eufymake studio.exe
• eufymake studio-console.exe
• anker - gcodeviewer.exe
• CommonConfig.ini
• eufystudio://open
• https://support.ankermake.com/s/article/How-to-Fix-WiFi-Connection-Issue
• https://support.ankermake.com/s/article/Ankermake-Studio-Guide-for-printercontent6
• https://make-app.ankermake.com/v1/slicer/get_net
• https://make-app-eu.ankermake.com/v1/slicer/get_net
• https://make-app-us-qa.eufylife.com/v1/slicer/get_net
• https://mulpass.ankermake.com/?app=ankermake&tab=register
• https://playground-3d-qa.mkitreal.com
• https://playground-3d-ci.mkitreal.com
• https://passport.ankermake.com/privacy-request?app=ankermake-ushttps://github.com/ankermake/AnkerMake-PrusaSlicer-Release/releases
• AnkerPlugin.dll
• \2dmode.ini
• D:\_build\eufyMakeScript\build_windows_20251126005552\AnkerSlicer_P\AnkerStudio\build_temp\src\eufymake studio.pdb
• .bss
• sentry.dll
• KERNEL32.dll
• ADVAPI32.dll
• MSVCP140.dll
• VCRUNTIME140.dll
• VCRUNTIME140_1.dll
• api-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-filesystem-l1-1-0.dll
• api-ms-win-crt-convert-l1-1-0.dll
• api-ms-win-crt-stdio-l1-1-0.dll
• api-ms-win-crt-math-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll
• anker-studio.exe
• <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2017/WindowsSettings">
• <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true/pm</dpiAware> <!-- legacy -->
• <dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">permonitorv2,permonitor</dpiAwareness>
Flow Anomalies
Offset RVA Section Description
1B71 N/A .text CALL QWORD PTR [RIP+0x18C61]
51A1 N/A .text CALL QWORD PTR [RIP+0x15631]
55BB N/A .text CALL QWORD PTR [RIP+0x15077]
5616 N/A .text CALL QWORD PTR [RIP+0x14FDC]
5638 N/A .text CALL QWORD PTR [RIP+0x14FC2]
5659 N/A .text CALL QWORD PTR [RIP+0x14F99]
56A1 N/A .text CALL QWORD PTR [RIP+0x14F61]
56B4 N/A .text CALL QWORD PTR [RIP+0x14F5E]
5A93 N/A .text CALL QWORD PTR [RIP+0x14E0F]
5C0E N/A .text CALL QWORD PTR [RIP+0x14C94]
5C9E N/A .text CALL QWORD PTR [RIP+0x14C04]
611E N/A .text CALL QWORD PTR [RIP+0x14784]
6272 N/A .text CALL QWORD PTR [RIP+0x14630]
67C6 N/A .text CALL QWORD PTR [RIP+0x140DC]
695D N/A .text CALL QWORD PTR [RIP+0x13F45]
6AE4 N/A .text CALL QWORD PTR [RIP+0x13DBE]
6C75 N/A .text CALL QWORD PTR [RIP+0x13C2D]
6E1C N/A .text CALL QWORD PTR [RIP+0x13A86]
7593 N/A .text CALL QWORD PTR [RIP+0x1330F]
75B5 N/A .text CALL QWORD PTR [RIP+0x13055]
75C1 N/A .text CALL QWORD PTR [RIP+0x13069]
75CA N/A .text CALL QWORD PTR [RIP+0x13068]
79B0 N/A .text CALL QWORD PTR [RIP+0x12EF2]
7E40 N/A .text CALL QWORD PTR [RIP+0x12A62]
8154 N/A .text CALL QWORD PTR [RIP+0x1274E]
9707 N/A .text CALL QWORD PTR [RIP+0x1119B]
98E8 N/A .text CALL QWORD PTR [RIP+0x10FBA]
9A33 N/A .text CALL QWORD PTR [RIP+0x10E6F]
9A9A N/A .text CALL QWORD PTR [RIP+0x10E08]
9B8F N/A .text CALL QWORD PTR [RIP+0x10D13]
9F2E N/A .text CALL QWORD PTR [RIP+0x10974]
A0DC N/A .text CALL QWORD PTR [RIP+0x107C6]
A22C N/A .text CALL QWORD PTR [RIP+0x10676]
A335 N/A .text CALL QWORD PTR [RIP+0x1056D]
A393 N/A .text CALL QWORD PTR [RIP+0x1050F]
A494 N/A .text CALL QWORD PTR [RIP+0x1040E]
A524 N/A .text JMP QWORD PTR [RIP+0xFFC6]
A545 N/A .text CALL QWORD PTR [RIP+0x100CD]
A5F5 N/A .text CALL QWORD PTR [RIP+0x102AD]
B2B9 N/A .text CALL QWORD PTR [RIP+0xF5E9]
B4C8 N/A .text CALL QWORD PTR [RIP+0xF032]
B549 N/A .text CALL QWORD PTR [RIP+0xEFB1]
B5F4 N/A .text CALL QWORD PTR [RIP+0xF2AE]
B66D N/A .text CALL QWORD PTR [RIP+0xF235]
BA61 N/A .text JMP QWORD PTR [RIP+0xEA29]
BAAD N/A .text CALL QWORD PTR [RIP+0xEDF5]
BB71 N/A .text CALL QWORD PTR [RIP+0xED31]
BC12 N/A .text CALL QWORD PTR [RIP+0xEC90]
BFE4 N/A .text CALL QWORD PTR [RIP+0xE8BE]
C04B N/A .text CALL QWORD PTR [RIP+0xE857]
C0D4 N/A .text CALL QWORD PTR [RIP+0xE7CE]
C14E N/A .text CALL QWORD PTR [RIP+0xE754]
C1C2 N/A .text CALL QWORD PTR [RIP+0xE6E0]
C237 N/A .text CALL QWORD PTR [RIP+0xE66B]
C2AA N/A .text CALL QWORD PTR [RIP+0xE5F8]
C489 N/A .text CALL QWORD PTR [RIP+0xE419]
C6EA N/A .text CALL QWORD PTR [RIP+0xE1B8]
C851 N/A .text CALL QWORD PTR [RIP+0xE051]
C987 N/A .text CALL QWORD PTR [RIP+0xDF1B]
CAB2 N/A .text CALL QWORD PTR [RIP+0xDDF0]
CB0C N/A .text CALL QWORD PTR [RIP+0xD9D6]
CB50 N/A .text CALL QWORD PTR [RIP+0xD98A]
CB67 N/A .text CALL QWORD PTR [RIP+0xD973]
CB7E N/A .text CALL QWORD PTR [RIP+0xD95C]
CB95 N/A .text CALL QWORD PTR [RIP+0xD945]
CBFE N/A .text CALL QWORD PTR [RIP+0xDADC]
CC0E N/A .text CALL QWORD PTR [RIP+0xD80C]
CC1D N/A .text CALL QWORD PTR [RIP+0xD805]
CCE6 N/A .text CALL QWORD PTR [RIP+0xD9EC]
CE97 N/A .text CALL QWORD PTR [RIP+0xDA0B]
CEDC N/A .text CALL QWORD PTR [RIP+0xD9C6]
CF2B N/A .text CALL QWORD PTR [RIP+0xD977]
D19D N/A .text CALL QWORD PTR [RIP+0xD32D]
D391 N/A .text CALL QWORD PTR [RIP+0xD511]
D3D1 N/A .text CALL QWORD PTR [RIP+0xD4D1]
D41D N/A .text CALL QWORD PTR [RIP+0xD485]
D45C N/A .text CALL QWORD PTR [RIP+0xD446]
D4A6 N/A .text CALL QWORD PTR [RIP+0xD3FC]
D4F0 N/A .text CALL QWORD PTR [RIP+0xD3B2]
D51C N/A .text CALL QWORD PTR [RIP+0xCF66]
D527 N/A .text CALL QWORD PTR [RIP+0xD0FB]
D537 N/A .text CALL QWORD PTR [RIP+0xD0E3]
D658 N/A .text CALL QWORD PTR [RIP+0xD392]
D697 N/A .text CALL QWORD PTR [RIP+0xD34B]
D6AC N/A .text CALL QWORD PTR [RIP+0xCE1E]
D917 N/A .text CALL QWORD PTR [RIP+0xD09B]
DA55 N/A .text CALL QWORD PTR [RIP+0xCE4D]
DA7E N/A .text CALL QWORD PTR [RIP+0xCF2C]
DBAF N/A .text CALL QWORD PTR [RIP+0xCCF3]
DBE4 N/A .text CALL QWORD PTR [RIP+0xCDF6]
DBEF N/A .text CALL QWORD PTR [RIP+0xCDDB]
DBFF N/A .text CALL QWORD PTR [RIP+0xCDD3]
DC0A N/A .text CALL QWORD PTR [RIP+0xCDB8]
DC18 N/A .text CALL QWORD PTR [RIP+0xCDA2]
DC2B N/A .text CALL QWORD PTR [RIP+0xCD5F]
DC34 N/A .text CALL QWORD PTR [RIP+0xCD6E]
DC3A N/A .text CALL QWORD PTR [RIP+0xCD40]
DC40 N/A .text CALL QWORD PTR [RIP+0xC862]
DCD2 N/A .text CALL QWORD PTR [RIP+0xCCC0]
DD0B N/A .text CALL QWORD PTR [RIP+0xCB97]
2A800 N/A *Overlay* E852000000020200308252DC06092A864886F70D | .R......0.R...*.H...
Extra Analysis
Metric Value Percentage
Ascii Code 109981 56,3127%
Null Byte Code 45252 23,17%
© 2026 All rights reserved.