PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Size: 334,50 KB
SHA-256 Hash: 0C6112DC53CCB06D5B95C9B5A0EA4C25DE0CA02B80BE148871AC2714B8CEB3B4
SHA-1 Hash: 20CCAEF14D9D9B8CC15110D240E5FBB77A61FB2E
MD5 Hash: 1DE6A48FB39292978DB1F4EEFEADEBE1
Imphash: C4E31B2E6FE550AFD03A89A37F812479
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 15C58
SizeOfHeaders: 400
SizeOfImage: 59000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 4DFB4
IAT: 36000
Characteristics: 22
TimeDateStamp: 5C8A5E26
Date: 14/03/2019 13:59:02
File Type: EXE
Number Of Sections: 8
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .gfids, .tls, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	400	35000	1000	34E8C	6.4324	1404868.51
.rdata	0x40000040 Initialized Data Readable	35400	18C00	36000	18B26	5.0655	4878309.47
.data	0xC0000040 Initialized Data Readable Writeable	4E000	1400	4F000	2F3C	3.3236	456367.8
.pdata	0x40000040 Initialized Data Readable	4F400	2E00	52000	2D3C	5.5204	321406.09
.gfids	0x40000040 Initialized Data Readable	52200	400	55000	300	3.1232	102670
.tls	0xC0000040 Initialized Data Readable Writeable	52600	200	56000	9	0.0204	130049
.rsrc	0x40000040 Initialized Data Readable	52800	400	57000	288	3.8473	54696.5
.reloc	0x42000040 Initialized Data GP-Relative Readable	52C00	E00	58000	D74	5.3821	22567.14

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 15058
Code -> 4883EC28E84F0800004883C428E976FEFFFFCCCC4883EC284D8B4138488BCA498BD1E80D000000B8010000004883C428C3CC

Assembler

|SUB RSP, 0X28

|CALL 0X1858

|ADD RSP, 0X28

|JMP 0XE88

|INT3

|SUB RSP, 0X28

|MOV R8, QWORD PTR [R9 + 0X38]

|MOV RCX, RDX

|MOV RDX, R9

|CALL 0X1034

|MOV EAX, 1

|ADD RSP, 0X28

|RET

|INT3

Signatures

Rich Signature Analyzer:
Code -> 4DAF3AAD09CE54FE09CE54FE09CE54FEBD52A5FE02CE54FEBD52A7FE91CE54FEBD52A6FE10CE54FE329057FF01CE54FE329051FF33CE54FE329050FF2CCE54FED4319FFE00CE54FE09CE55FE70CE54FE9E905DFF0CCE54FE9B90ABFE08CE54FE9E9056FF08CE54FE5269636809CE54FE
Footprint md5 Hash -> 8CD0DCEDB935E37445241E1109D8D8F5
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Compiler: Microsoft Visual Studio
Detect It Easy (die)
• PE+(64): compiler: Microsoft Visual C/C++(2015 v.14.0)[-]
• PE+(64): linker: Microsoft Linker(14.0, Visual Studio 2015 14.0*)[-]
• Entropy: 6.23588

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	GetModuleFileNameA	Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	CreateToolhelp32Snapshot	Creates a snapshot of the specified processes, heaps, threads, and modules.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.

Windows REG

SYSTEM\CurrentControlSet\Services\
Rebuilt string - SOFTWARE\Policies\Microsoft\Windows\System

File Access

explorer.exe
DLLSPY.exe
KERNEL32.dll
SHELL32.dll
ADVAPI32.dll
SHLWAPI.dll
.dll
.dat
@.dat
DLLSpy.log

File Access (UNICODE)

mscoree.dll
kernel32.dll

Interest's Words

exec
start
expand

URLs

http://schemas.microsoft.com/SMI/2005/WindowsSettings

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (connect)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Anti-Analysis VM (CreateToolhelp32Snapshot)
Text	Ascii	Reconnaissance (FindNextFileA)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Execution (CreateSemaphoreW)
Text	Ascii	Execution (CreateEventW)
Text	Ascii	Malware that monitors and collects user data (Spy)
Entry Point	Hex Pattern	CAN (Crunched ANsi) file
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\24\1\1033	57060	224	52860	EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65	...<?xml version="1.0" encoding="UTF-8" standalone

Intelligent String

• @.tls
• kernel32.dll
• mscoree.dll
• C:\Windows\System32
• C:\Windows\System
• C:\Windows
• Usage: DLLSPY.exe
• Named after the name of the computer .csv
• .csv
• DLLSpy.log
• explorer.exe
• C:\Users\erans\Documents\Visual Studio 2015\Projects\DLLSpy - Copy\x64\Release\DLLSpy.pdb
• .bss
• .tls
• <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>

Flow Anomalies

Offset	RVA	Section	Description
1918	N/A	.text	CALL QWORD PTR [RIP+0x33E22]
1E49	N/A	.text	CALL QWORD PTR [RIP+0x33669]
1E5E	N/A	.text	CALL QWORD PTR [RIP+0x338D4]
27A7	N/A	.text	CALL QWORD PTR [RIP+0x32CF3]
282D	N/A	.text	CALL QWORD PTR [RIP+0x32C55]
283A	N/A	.text	CALL QWORD PTR [RIP+0x32C68]
285A	N/A	.text	CALL QWORD PTR [RIP+0x32C40]
2877	N/A	.text	CALL QWORD PTR [RIP+0x32C1B]
2AC7	N/A	.text	CALL QWORD PTR [RIP+0x329C3]
2E3C	N/A	.text	CALL QWORD PTR [RIP+0x3264E]
30F7	N/A	.text	CALL QWORD PTR [RIP+0x323AB]
318A	N/A	.text	CALL QWORD PTR [RIP+0x32320]
3199	N/A	.text	CALL QWORD PTR [RIP+0x32311]
3C5B	N/A	.text	CALL QWORD PTR [RIP+0x31AEF]
3C77	N/A	.text	CALL QWORD PTR [RIP+0x31AD3]
3D70	N/A	.text	CALL QWORD PTR [RIP+0x319DA]
450E	N/A	.text	CALL QWORD PTR [RIP+0x30F9C]
47D8	N/A	.text	CALL QWORD PTR [RIP+0x30F72]
4809	N/A	.text	CALL QWORD PTR [RIP+0x30F41]
48D2	N/A	.text	CALL QWORD PTR [RIP+0x30E78]
7B61	N/A	.text	JMP QWORD PTR [RIP+0x458D48]
7DE1	N/A	.text	JMP QWORD PTR [RIP+0x458D48]
10C37	N/A	.text	CALL QWORD PTR [RIP+0x24863]
10C49	N/A	.text	CALL QWORD PTR [RIP+0x24861]
10C66	N/A	.text	CALL QWORD PTR [RIP+0x2481C]
10C8D	N/A	.text	CALL QWORD PTR [RIP+0x24815]
10D24	N/A	.text	CALL QWORD PTR [RIP+0x2479E]
10D3A	N/A	.text	CALL QWORD PTR [RIP+0x246E8]
10D56	N/A	.text	CALL QWORD PTR [RIP+0x246C4]
10D66	N/A	.text	CALL QWORD PTR [RIP+0x24744]
10D80	N/A	.text	CALL QWORD PTR [RIP+0x2472A]
10DE9	N/A	.text	CALL QWORD PTR [RIP+0x24649]
10DF7	N/A	.text	CALL QWORD PTR [RIP+0x246D3]
10E38	N/A	.text	CALL QWORD PTR [RIP+0x245FA]
10E89	N/A	.text	CALL QWORD PTR [RIP+0x24589]
10EC1	N/A	.text	CALL QWORD PTR [RIP+0x24539]
10F58	N/A	.text	CALL QWORD PTR [RIP+0x244B2]
10F66	N/A	.text	CALL QWORD PTR [RIP+0x24564]
10F7E	N/A	.text	CALL QWORD PTR [RIP+0x2455C]
10F8D	N/A	.text	CALL QWORD PTR [RIP+0x24545]
10FAE	N/A	.text	CALL QWORD PTR [RIP+0x2445C]
10FF2	N/A	.text	CALL QWORD PTR [RIP+0x24438]
11007	N/A	.text	CALL QWORD PTR [RIP+0x244D3]
11015	N/A	.text	CALL QWORD PTR [RIP+0x244A5]
11641	N/A	.text	CALL QWORD PTR [RIP+0x23EA9]
1167F	N/A	.text	CALL QWORD PTR [RIP+0x23E63]
1169C	N/A	.text	CALL QWORD PTR [RIP+0x23E0E]
11728	N/A	.text	CALL QWORD PTR [RIP+0x23D1A]
117B0	N/A	.text	CALL QWORD PTR [RIP+0x23C9A]
11800	N/A	.text	CALL QWORD PTR [RIP+0x23C3A]
11A01	N/A	.text	CALL QWORD PTR [RIP+0x23A01]
11B1E	N/A	.text	CALL QWORD PTR [RIP+0x23924]
11B51	N/A	.text	CALL QWORD PTR [RIP+0x23901]
11BF9	N/A	.text	CALL QWORD PTR [RIP+0x23809]
11CD4	N/A	.text	CALL QWORD PTR [RIP+0x2376E]
11D07	N/A	.text	CALL QWORD PTR [RIP+0x2374B]
11D39	N/A	.text	CALL QWORD PTR [RIP+0x23719]
11D72	N/A	.text	CALL QWORD PTR [RIP+0x236E0]
11EBD	N/A	.text	CALL QWORD PTR [RIP+0x23545]
12714	N/A	.text	CALL QWORD PTR [RIP+0x22DDE]
13C6D	N/A	.text	JMP QWORD PTR [RIP+0x218A5]
13C85	N/A	.text	JMP QWORD PTR [RIP+0x2187D]
13C8D	N/A	.text	JMP QWORD PTR [RIP+0x2187D]
13CAE	N/A	.text	CALL QWORD PTR [RIP+0x2186C]
13D44	N/A	.text	CALL QWORD PTR [RIP+0x217E6]
13E05	N/A	.text	CALL QWORD PTR [RIP+0x21725]
13F5C	N/A	.text	CALL QWORD PTR [RIP+0x2159E]
13FCD	N/A	.text	CALL QWORD PTR [RIP+0x215A5]
13FE0	N/A	.text	CALL QWORD PTR [RIP+0x2159A]
13FFE	N/A	.text	CALL QWORD PTR [RIP+0x2157C]
1401C	N/A	.text	CALL QWORD PTR [RIP+0x2155E]
1403A	N/A	.text	CALL QWORD PTR [RIP+0x21540]
14058	N/A	.text	CALL QWORD PTR [RIP+0x21522]
14076	N/A	.text	CALL QWORD PTR [RIP+0x21504]
14094	N/A	.text	CALL QWORD PTR [RIP+0x214E6]
140B2	N/A	.text	CALL QWORD PTR [RIP+0x214C8]
140D0	N/A	.text	CALL QWORD PTR [RIP+0x214AA]
140EE	N/A	.text	CALL QWORD PTR [RIP+0x2148C]
1410C	N/A	.text	CALL QWORD PTR [RIP+0x2146E]
1412A	N/A	.text	CALL QWORD PTR [RIP+0x21450]
14148	N/A	.text	CALL QWORD PTR [RIP+0x21432]
14166	N/A	.text	CALL QWORD PTR [RIP+0x21414]
14184	N/A	.text	CALL QWORD PTR [RIP+0x213F6]
141A2	N/A	.text	CALL QWORD PTR [RIP+0x213D8]
141C0	N/A	.text	CALL QWORD PTR [RIP+0x213BA]
141DE	N/A	.text	CALL QWORD PTR [RIP+0x2139C]
141FC	N/A	.text	CALL QWORD PTR [RIP+0x2137E]
1421A	N/A	.text	CALL QWORD PTR [RIP+0x21360]
14238	N/A	.text	CALL QWORD PTR [RIP+0x21342]
14256	N/A	.text	CALL QWORD PTR [RIP+0x21324]
14274	N/A	.text	CALL QWORD PTR [RIP+0x21306]
14292	N/A	.text	CALL QWORD PTR [RIP+0x212E8]
142B0	N/A	.text	CALL QWORD PTR [RIP+0x212CA]
142CE	N/A	.text	CALL QWORD PTR [RIP+0x212AC]
142EC	N/A	.text	CALL QWORD PTR [RIP+0x2128E]
1430A	N/A	.text	CALL QWORD PTR [RIP+0x21270]
14328	N/A	.text	CALL QWORD PTR [RIP+0x21252]
14346	N/A	.text	CALL QWORD PTR [RIP+0x21234]
14364	N/A	.text	CALL QWORD PTR [RIP+0x21216]
14382	N/A	.text	CALL QWORD PTR [RIP+0x211F8]
4F400	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata
4F40C	1040	.pdata	ExceptionHook \| Pointer to 1040 - 0x440 .text + UnwindInfo: .rdata
4F418	1080	.pdata	ExceptionHook \| Pointer to 1080 - 0x480 .text + UnwindInfo: .rdata
4F424	1170	.pdata	ExceptionHook \| Pointer to 1170 - 0x570 .text + UnwindInfo: .rdata
4F430	11C8	.pdata	ExceptionHook \| Pointer to 11C8 - 0x5C8 .text + UnwindInfo: .rdata
4F43C	11E8	.pdata	ExceptionHook \| Pointer to 11E8 - 0x5E8 .text + UnwindInfo: .rdata
4F448	1218	.pdata	ExceptionHook \| Pointer to 1218 - 0x618 .text + UnwindInfo: .rdata
4F454	1274	.pdata	ExceptionHook \| Pointer to 1274 - 0x674 .text + UnwindInfo: .rdata
4F460	12B8	.pdata	ExceptionHook \| Pointer to 12B8 - 0x6B8 .text + UnwindInfo: .rdata
4F46C	12F0	.pdata	ExceptionHook \| Pointer to 12F0 - 0x6F0 .text + UnwindInfo: .rdata
4F478	1350	.pdata	ExceptionHook \| Pointer to 1350 - 0x750 .text + UnwindInfo: .rdata
4F484	13B0	.pdata	ExceptionHook \| Pointer to 13B0 - 0x7B0 .text + UnwindInfo: .rdata
4F490	1430	.pdata	ExceptionHook \| Pointer to 1430 - 0x830 .text + UnwindInfo: .rdata
4F49C	1520	.pdata	ExceptionHook \| Pointer to 1520 - 0x920 .text + UnwindInfo: .rdata
4F4A8	15D0	.pdata	ExceptionHook \| Pointer to 15D0 - 0x9D0 .text + UnwindInfo: .rdata
4F4B4	1610	.pdata	ExceptionHook \| Pointer to 1610 - 0xA10 .text + UnwindInfo: .rdata
4F4C0	1670	.pdata	ExceptionHook \| Pointer to 1670 - 0xA70 .text + UnwindInfo: .rdata
4F4CC	16C0	.pdata	ExceptionHook \| Pointer to 16C0 - 0xAC0 .text + UnwindInfo: .rdata
4F4D8	17A0	.pdata	ExceptionHook \| Pointer to 17A0 - 0xBA0 .text + UnwindInfo: .rdata
4F4E4	17C6	.pdata	ExceptionHook \| Pointer to 17C6 - 0xBC6 .text + UnwindInfo: .rdata
4F4F0	17ED	.pdata	ExceptionHook \| Pointer to 17ED - 0xBED .text + UnwindInfo: .rdata
4F4FC	1810	.pdata	ExceptionHook \| Pointer to 1810 - 0xC10 .text + UnwindInfo: .rdata
4F508	1836	.pdata	ExceptionHook \| Pointer to 1836 - 0xC36 .text + UnwindInfo: .rdata
4F514	185D	.pdata	ExceptionHook \| Pointer to 185D - 0xC5D .text + UnwindInfo: .rdata
4F520	1880	.pdata	ExceptionHook \| Pointer to 1880 - 0xC80 .text + UnwindInfo: .rdata
4F52C	18A0	.pdata	ExceptionHook \| Pointer to 18A0 - 0xCA0 .text + UnwindInfo: .rdata
4F538	18C0	.pdata	ExceptionHook \| Pointer to 18C0 - 0xCC0 .text + UnwindInfo: .rdata
4F544	1930	.pdata	ExceptionHook \| Pointer to 1930 - 0xD30 .text + UnwindInfo: .rdata
4F550	1960	.pdata	ExceptionHook \| Pointer to 1960 - 0xD60 .text + UnwindInfo: .rdata
4F55C	19A0	.pdata	ExceptionHook \| Pointer to 19A0 - 0xDA0 .text + UnwindInfo: .rdata
4F568	1A00	.pdata	ExceptionHook \| Pointer to 1A00 - 0xE00 .text + UnwindInfo: .rdata
4F574	1B20	.pdata	ExceptionHook \| Pointer to 1B20 - 0xF20 .text + UnwindInfo: .rdata
4F580	1C60	.pdata	ExceptionHook \| Pointer to 1C60 - 0x1060 .text + UnwindInfo: .rdata
4F58C	1CB0	.pdata	ExceptionHook \| Pointer to 1CB0 - 0x10B0 .text + UnwindInfo: .rdata
4F598	1DA0	.pdata	ExceptionHook \| Pointer to 1DA0 - 0x11A0 .text + UnwindInfo: .rdata
4F5A4	1E10	.pdata	ExceptionHook \| Pointer to 1E10 - 0x1210 .text + UnwindInfo: .rdata
4F5B0	1E60	.pdata	ExceptionHook \| Pointer to 1E60 - 0x1260 .text + UnwindInfo: .rdata
4F5BC	1F70	.pdata	ExceptionHook \| Pointer to 1F70 - 0x1370 .text + UnwindInfo: .rdata
4F5C8	1FA0	.pdata	ExceptionHook \| Pointer to 1FA0 - 0x13A0 .text + UnwindInfo: .rdata
4F5D4	2020	.pdata	ExceptionHook \| Pointer to 2020 - 0x1420 .text + UnwindInfo: .rdata
4F5E0	2080	.pdata	ExceptionHook \| Pointer to 2080 - 0x1480 .text + UnwindInfo: .rdata
4F5EC	20E0	.pdata	ExceptionHook \| Pointer to 20E0 - 0x14E0 .text + UnwindInfo: .rdata
4F5F8	2130	.pdata	ExceptionHook \| Pointer to 2130 - 0x1530 .text + UnwindInfo: .rdata
4F604	2180	.pdata	ExceptionHook \| Pointer to 2180 - 0x1580 .text + UnwindInfo: .rdata
4F610	22B0	.pdata	ExceptionHook \| Pointer to 22B0 - 0x16B0 .text + UnwindInfo: .rdata
4F61C	22E0	.pdata	ExceptionHook \| Pointer to 22E0 - 0x16E0 .text + UnwindInfo: .rdata
4F628	2420	.pdata	ExceptionHook \| Pointer to 2420 - 0x1820 .text + UnwindInfo: .rdata
4F634	2470	.pdata	ExceptionHook \| Pointer to 2470 - 0x1870 .text + UnwindInfo: .rdata
4F640	24A0	.pdata	ExceptionHook \| Pointer to 24A0 - 0x18A0 .text + UnwindInfo: .rdata
4F64C	25F0	.pdata	ExceptionHook \| Pointer to 25F0 - 0x19F0 .text + UnwindInfo: .rdata
4F658	29B0	.pdata	ExceptionHook \| Pointer to 29B0 - 0x1DB0 .text + UnwindInfo: .rdata
4F664	2DD0	.pdata	ExceptionHook \| Pointer to 2DD0 - 0x21D0 .text + UnwindInfo: .rdata
4F670	32B0	.pdata	ExceptionHook \| Pointer to 32B0 - 0x26B0 .text + UnwindInfo: .rdata
4F67C	3330	.pdata	ExceptionHook \| Pointer to 3330 - 0x2730 .text + UnwindInfo: .rdata
4F688	3360	.pdata	ExceptionHook \| Pointer to 3360 - 0x2760 .text + UnwindInfo: .rdata
4F694	3EB0	.pdata	ExceptionHook \| Pointer to 3EB0 - 0x32B0 .text + UnwindInfo: .rdata
4F6A0	44C0	.pdata	ExceptionHook \| Pointer to 44C0 - 0x38C0 .text + UnwindInfo: .rdata
4F6AC	4500	.pdata	ExceptionHook \| Pointer to 4500 - 0x3900 .text + UnwindInfo: .rdata
4F6B8	5220	.pdata	ExceptionHook \| Pointer to 5220 - 0x4620 .text + UnwindInfo: .rdata
4F6C4	59E0	.pdata	ExceptionHook \| Pointer to 59E0 - 0x4DE0 .text + UnwindInfo: .rdata
4F6D0	5B50	.pdata	ExceptionHook \| Pointer to 5B50 - 0x4F50 .text + UnwindInfo: .rdata
4F6DC	5D60	.pdata	ExceptionHook \| Pointer to 5D60 - 0x5160 .text + UnwindInfo: .rdata
4F6E8	5E80	.pdata	ExceptionHook \| Pointer to 5E80 - 0x5280 .text + UnwindInfo: .rdata
4F6F4	6370	.pdata	ExceptionHook \| Pointer to 6370 - 0x5770 .text + UnwindInfo: .rdata
4F700	6450	.pdata	ExceptionHook \| Pointer to 6450 - 0x5850 .text + UnwindInfo: .rdata
4F70C	64F0	.pdata	ExceptionHook \| Pointer to 64F0 - 0x58F0 .text + UnwindInfo: .rdata
4F718	66D0	.pdata	ExceptionHook \| Pointer to 66D0 - 0x5AD0 .text + UnwindInfo: .rdata
4F724	6760	.pdata	ExceptionHook \| Pointer to 6760 - 0x5B60 .text + UnwindInfo: .rdata
4F730	6790	.pdata	ExceptionHook \| Pointer to 6790 - 0x5B90 .text + UnwindInfo: .rdata
4F73C	67D0	.pdata	ExceptionHook \| Pointer to 67D0 - 0x5BD0 .text + UnwindInfo: .rdata
4F748	6860	.pdata	ExceptionHook \| Pointer to 6860 - 0x5C60 .text + UnwindInfo: .rdata
4F754	6920	.pdata	ExceptionHook \| Pointer to 6920 - 0x5D20 .text + UnwindInfo: .rdata
4F760	6960	.pdata	ExceptionHook \| Pointer to 6960 - 0x5D60 .text + UnwindInfo: .rdata
4F76C	6971	.pdata	ExceptionHook \| Pointer to 6971 - 0x5D71 .text + UnwindInfo: .rdata
4F778	6985	.pdata	ExceptionHook \| Pointer to 6985 - 0x5D85 .text + UnwindInfo: .rdata
4F784	69B5	.pdata	ExceptionHook \| Pointer to 69B5 - 0x5DB5 .text + UnwindInfo: .rdata
4F790	69D3	.pdata	ExceptionHook \| Pointer to 69D3 - 0x5DD3 .text + UnwindInfo: .rdata
4F79C	6A10	.pdata	ExceptionHook \| Pointer to 6A10 - 0x5E10 .text + UnwindInfo: .rdata
4F7A8	6A90	.pdata	ExceptionHook \| Pointer to 6A90 - 0x5E90 .text + UnwindInfo: .rdata
4F7B4	6B70	.pdata	ExceptionHook \| Pointer to 6B70 - 0x5F70 .text + UnwindInfo: .rdata
4F7C0	6BA0	.pdata	ExceptionHook \| Pointer to 6BA0 - 0x5FA0 .text + UnwindInfo: .rdata
4F7CC	6BF0	.pdata	ExceptionHook \| Pointer to 6BF0 - 0x5FF0 .text + UnwindInfo: .rdata
4F7D8	6C50	.pdata	ExceptionHook \| Pointer to 6C50 - 0x6050 .text + UnwindInfo: .rdata
4F7E4	6D40	.pdata	ExceptionHook \| Pointer to 6D40 - 0x6140 .text + UnwindInfo: .rdata
4F7F0	6E50	.pdata	ExceptionHook \| Pointer to 6E50 - 0x6250 .text + UnwindInfo: .rdata
4F7FC	7110	.pdata	ExceptionHook \| Pointer to 7110 - 0x6510 .text + UnwindInfo: .rdata
4F808	7143	.pdata	ExceptionHook \| Pointer to 7143 - 0x6543 .text + UnwindInfo: .rdata
4F814	715F	.pdata	ExceptionHook \| Pointer to 715F - 0x655F .text + UnwindInfo: .rdata
4F820	7180	.pdata	ExceptionHook \| Pointer to 7180 - 0x6580 .text + UnwindInfo: .rdata
4F82C	7230	.pdata	ExceptionHook \| Pointer to 7230 - 0x6630 .text + UnwindInfo: .rdata
4F838	7510	.pdata	ExceptionHook \| Pointer to 7510 - 0x6910 .text + UnwindInfo: .rdata
4F844	75D0	.pdata	ExceptionHook \| Pointer to 75D0 - 0x69D0 .text + UnwindInfo: .rdata
4F850	7650	.pdata	ExceptionHook \| Pointer to 7650 - 0x6A50 .text + UnwindInfo: .rdata
4F85C	7760	.pdata	ExceptionHook \| Pointer to 7760 - 0x6B60 .text + UnwindInfo: .rdata
4F868	79A0	.pdata	ExceptionHook \| Pointer to 79A0 - 0x6DA0 .text + UnwindInfo: .rdata
4F874	7A36	.pdata	ExceptionHook \| Pointer to 7A36 - 0x6E36 .text + UnwindInfo: .rdata
4F880	7A96	.pdata	ExceptionHook \| Pointer to 7A96 - 0x6E96 .text + UnwindInfo: .rdata
4F88C	7BC1	.pdata	ExceptionHook \| Pointer to 7BC1 - 0x6FC1 .text + UnwindInfo: .rdata
4F898	7C10	.pdata	ExceptionHook \| Pointer to 7C10 - 0x7010 .text + UnwindInfo: .rdata
4F8A4	7C90	.pdata	ExceptionHook \| Pointer to 7C90 - 0x7090 .text + UnwindInfo: .rdata

Extra Analysis

Metric	Value	Percentage
Ascii Code	193646	56,5344%
Null Byte Code	75371	22,0043%

PESCAN.IO - Analysis Report Basic