PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 988,62 KB
SHA-256 Hash: 87D03FFF9594029B8BE06302B1929061777995B236F816C5174470492DCD9287
SHA-1 Hash: 279751E94D52B05806F05463B24B69A32E33768F
MD5 Hash: 2870AED150304B23E3C2617FBEB55C24
Imphash: 8AACFEBBD525A9C11AE6974F92E62A6B
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): A7660
SizeOfHeaders: 400
SizeOfImage: F9000
ImageBase: 0000000140000000
Architecture: x64
ExportTable: D7B30
ImportTable: D7B68
IAT: AD000
Characteristics: 22
TimeDateStamp: 69F8D03E
Date: 04/05/2026 16:58:38
File Type: EXE
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text
0x60000020
Code
Executable
Readable
 400 AB600 1000 AB438
6.6385
3680490.27
.rdata
0x40000040
Initialized Data
Readable
 ABA00 2BE00 AD000 2BCAE
6.1264
3530421.42
.data
0xC0000040
Initialized Data
Readable
Writeable
 D7800 B400 D9000 145E8
3.0938
4671490.14
.pdata
0x40000040
Initialized Data
Readable
 E2C00 7E00 EE000 7C98
5.9397
691136.25
.rsrc
0x40000040
Initialized Data
Readable
 EAA00 C00 F6000 B46
4.8671
69195.67
.reloc
0x42000040
Initialized Data
GP-Relative
Readable
 EB600 1800 F7000 16B8
5.3658
41762.25
Description
OriginalFilename: aethsync.dll
CompanyName: Aether Dynamics Corp.
LegalCopyright: Copyright (C) 2025 Aether Dynamics Corp.
ProductName: Aether Sync Agent
FileVersion: 4.1.0.0
FileDescription: aethsync
ProductVersion: 4.1.0.0+20055a666424bb6c72d73a062623aa2fea8aec2e
Comments: Aether Sync Agent
Language: Unknown (ID=0x0)
CodePage: Unicode (UTF-16 LE) (0x4B0)
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - A6A60
Code -> 4883EC28E8C30600004883C428E972FEFFFFCCCC83FA02756048895C2408574883EC208B0D235E040065488B042558000000
Assembler
|SUB RSP, 0X28
|CALL 0X16CC
|ADD RSP, 0X28
|JMP 0XE84
|INT3
|INT3
|CMP EDX, 2
|JNE 0X1079
|MOV QWORD PTR [RSP + 8], RBX
|PUSH RDI
|SUB RSP, 0X20
|MOV ECX, DWORD PTR [RIP + 0X45E23]
|MOV RAX, QWORD PTR GS:[0X58]
Signatures
Rich Signature Analyzer:
Code -> 76E7579C328639CF328639CF328639CF790C3ACE3B8639CF790C3DCE3F8639CF790C3CCE1D8639CF3BFEAACF3C8639CF4B0738CE3B8639CF328638CF978639CFA50F3ACE3A8639CFA50F3DCE378639CF328639CF338639CFA50F3CCE0F8639CFBF0D39CE338639CFBF0D3BCE338639CF52696368328639CF
Footprint md5 Hash -> 42AB65B210016BB8310D088AEB386DC0
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Detect It Easy (die)
PE+(64): compiler: Microsoft Visual C/C++(-)[-]
PE+(64): linker: Microsoft Linker(14.50**)[-]
Entropy: 6.69624
Suspicious Functions
Library Function Description
KERNEL32.DLL CreateMutexW | Possible Call API By Name Create a named or unnamed mutex object for controlling access to a shared resource.
KERNEL32.DLL CopyFileW | Possible Call API By Name Copies an existing file to a new file.
KERNEL32.DLL LoadLibraryW | Possible Call API By Name Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress | Possible Call API By Name Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
KERNEL32.DLL SleepEx Pauses the execution of the current thread, optionally allowing the thread to be awakened by a kernel object or upon expiration of a timeout.
File Access
aethsync.exe
NSystem.Private.Reflection.Exe
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
ole32.dll
KERNEL32.dll
bcrypt.dll
ADVAPI32.dll
.dll
amsi.dll
aethsync.dll
System.Private.TypeLoader.dll
NSystem.Private.Reflection.Execution.dll
4System.Private.CoreLib.dll
$Moonshine.Core.dll
.dat
System.Data.Dat
System.Dat
Char.Dat
@.dat
Temp
File Access (UNICODE)
ntdll.dll
aethsync.dll
explorer.exe
\Windows\explorer.exe
ole32.dll
kernel32.dll
advapi32.dll
PROCESSOR_COUNTkernel32.dll
Temp
AppData
Interest's Words
RunPE
<main
exec
attrib
start
shutdown
systeminfo
ping
replace
setx
Interest's Words (UNICODE)
exec
tasklist
start
ping
expand
replace
URLs
http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://schemas.microsoft.com/SMI/2016/WindowsSettings
http://schemas.microsoft.com/SMI/2019/WindowsSettings
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Unicode WinAPI Sockets (connect)
Text Unicode File (CopyFile)
Text Unicode File (CreateFile)
Text Ascii File (WriteFile)
Text Unicode File (ReadFile)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Text Ascii Anti-Analysis VM (GetSystemInfo)
Text Ascii Anti-Analysis VM (GlobalMemoryStatusEx)
Text Ascii Stealth (GetThreadContext)
Text Unicode Stealth (GetThreadContext)
Text Ascii Stealth (SetThreadContext)
Text Ascii Stealth (CloseHandle)
Text Unicode Stealth (CloseHandle)
Text Unicode Stealth (UnmapViewOfFile)
Text Unicode Stealth (MapViewOfFile)
Text Unicode Stealth (CreateFileMappingW)
Text Ascii Stealth (VirtualAlloc)
Text Unicode Stealth (NtWriteVirtualMemory)
Text Unicode Stealth (NtUnmapViewOfSection)
Text Ascii Stealth (QueueUserAPC)
Text Unicode Execution (CreateProcessW)
Text Ascii Execution (ResumeThread)
Text Unicode Execution (ResumeThread)
Text Ascii Execution (CreateEventW)
Text Unicode Privileges (SeLockMemoryPrivilege)
Text Ascii Technique to insert malicious code into a vulnerable application (Injection)
Text Ascii Technique used to insert malicious code into legitimate processes (Inject)
Text Ascii Malicious rerouting of traffic to an attacker-controlled site (Redirect)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Entry Point Hex Pattern PE-Exe Executable Image
Resources
Path DataRVA Size FileOffset CodeText
\VERSION\1\0 F60A0 3CC EAAA0 CC0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000100..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\0 F646C 6DA EAE6C 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279<?xml version="1.0" encoding="UTF-8" standalone="y
Intelligent String
• aethsync.dll
• 4.1.0.0
• ntdll.dll
• .tls
• .bss
• aethsync.exe
• api-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-math-l1-1-0.dll
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-runtime-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll
• C:\Windows\explorer.exe
• advapi32.dll
• explorer.exe
• kernel32.dll
• ole32.dll
• <dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true/pm</dpiAware>
• <dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2</dpiAwareness>
• <activeCodePage xmlns="http://schemas.microsoft.com/SMI/2019/WindowsSettings">UTF-8</activeCodePage>
• <longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
Flow Anomalies
Offset RVA Section Description
469F1 N/A .text JMP QWORD PTR [RIP+0x65EC9]
46BCE N/A .text CALL QWORD PTR [RIP+0x65CEC]
46C90 N/A .text CALL QWORD PTR [RIP+0x65C2A]
46D5D N/A .text CALL QWORD PTR [RIP+0x65B5D]
46E65 N/A .text CALL QWORD PTR [RIP+0x65A55]
46E7C N/A .text CALL QWORD PTR [RIP+0x65A3E]
46FD1 N/A .text JMP QWORD PTR [RIP+0x658E9]
46FF2 N/A .text JMP QWORD PTR [RIP+0x658C8]
470E6 N/A .text CALL QWORD PTR [RIP+0x657D4]
47142 N/A .text CALL QWORD PTR [RIP+0x65778]
47197 N/A .text CALL QWORD PTR [RIP+0x65723]
471D0 N/A .text JMP QWORD PTR [RIP+0x656EA]
47201 N/A .text CALL QWORD PTR [RIP+0x656B9]
47273 N/A .text CALL QWORD PTR [RIP+0x65647]
472B2 N/A .text JMP QWORD PTR [RIP+0x65608]
47396 N/A .text CALL QWORD PTR [RIP+0x65524]
47439 N/A .text CALL QWORD PTR [RIP+0x65481]
47729 N/A .text CALL QWORD PTR [RIP+0x64D41]
47732 N/A .text CALL QWORD PTR [RIP+0x64D48]
4775A N/A .text CALL QWORD PTR [RIP+0x64CF8]
47781 N/A .text CALL QWORD PTR [RIP+0x64D79]
477C6 N/A .text CALL QWORD PTR [RIP+0x64C7C]
47832 N/A .text CALL QWORD PTR [RIP+0x65088]
47D19 N/A .text CALL QWORD PTR [RIP+0x64BA1]
47ECC N/A .text CALL QWORD PTR [RIP+0x649EE]
480D9 N/A .text CALL QWORD PTR [RIP+0x64391]
480E2 N/A .text CALL QWORD PTR [RIP+0x64398]
4810A N/A .text CALL QWORD PTR [RIP+0x64348]
4813B N/A .text CALL QWORD PTR [RIP+0x643BF]
481BA N/A .text CALL QWORD PTR [RIP+0x642D0]
481E3 N/A .text CALL QWORD PTR [RIP+0x646D7]
4820E N/A .text JMP QWORD PTR [RIP+0x642FC]
483B3 N/A .text CALL QWORD PTR [RIP+0x64507]
483D3 N/A .text CALL QWORD PTR [RIP+0x64127]
4840F N/A .text CALL QWORD PTR [RIP+0x640EB]
484E0 N/A .text JMP QWORD PTR [RIP+0x643DA]
48706 N/A .text CALL QWORD PTR [RIP+0x641B4]
4871F N/A .text CALL QWORD PTR [RIP+0x6419B]
488D5 N/A .text CALL QWORD PTR [RIP+0x63C25]
489A7 N/A .text CALL QWORD PTR [RIP+0x63B53]
48AA3 N/A .text CALL QWORD PTR [RIP+0x63A57]
48AE1 N/A .text CALL QWORD PTR [RIP+0x63A19]
48C17 N/A .text CALL QWORD PTR [RIP+0x63CA3]
48C58 N/A .text CALL QWORD PTR [RIP+0x63C62]
48C7B N/A .text JMP QWORD PTR [RIP+0x6387F]
48CAA N/A .text CALL QWORD PTR [RIP+0x63898]
48D72 N/A .text CALL QWORD PTR [RIP+0x63788]
48DA2 N/A .text JMP QWORD PTR [RIP+0x63B18]
48E08 N/A .text JMP QWORD PTR [RIP+0x63AB2]
48E2D N/A .text CALL QWORD PTR [RIP+0x63A8D]
48E4E N/A .text JMP QWORD PTR [RIP+0x63A6C]
48E7E N/A .text CALL QWORD PTR [RIP+0x63A3C]
48E9F N/A .text JMP QWORD PTR [RIP+0x63A1B]
49F92 N/A .text CALL QWORD PTR [RIP+0x62928]
49FC5 N/A .text CALL QWORD PTR [RIP+0x628F5]
4A0D6 N/A .text CALL QWORD PTR [RIP+0x627E4]
4A0FA N/A .text CALL QWORD PTR [RIP+0x627C0]
4AB0D N/A .text CALL QWORD PTR [RIP+0x61DAD]
4AB59 N/A .text CALL QWORD PTR [RIP+0x619A1]
4AB79 N/A .text CALL QWORD PTR [RIP+0x61D41]
4AB8D N/A .text CALL QWORD PTR [RIP+0x6196D]
4ABBC N/A .text CALL QWORD PTR [RIP+0x61CFE]
4AF00 N/A .text CALL QWORD PTR [RIP+0x615FA]
4AF4F N/A .text CALL QWORD PTR [RIP+0x6196B]
4B0F6 N/A .text JMP QWORD PTR [RIP+0x61404]
4B436 N/A .text CALL QWORD PTR [RIP+0x610C4]
4B576 N/A .text CALL QWORD PTR [RIP+0x61344]
4B58A N/A .text CALL QWORD PTR [RIP+0x60F70]
4B5B1 N/A .text CALL QWORD PTR [RIP+0x61309]
4B6E3 N/A .text CALL QWORD PTR [RIP+0x60E17]
4B7EB N/A .text CALL QWORD PTR [RIP+0x60D0F]
4B804 N/A .text CALL QWORD PTR [RIP+0x60CF6]
4B885 N/A .text CALL QWORD PTR [RIP+0x60C75]
4B901 N/A .text CALL QWORD PTR [RIP+0x60FB9]
4B988 N/A .text CALL QWORD PTR [RIP+0x60F32]
4BCAF N/A .text CALL QWORD PTR [RIP+0x6084B]
4BCC8 N/A .text CALL QWORD PTR [RIP+0x60832]
4BD36 N/A .text CALL QWORD PTR [RIP+0x607C4]
4C067 N/A .text CALL QWORD PTR [RIP+0x60493]
4C11E N/A .text CALL QWORD PTR [RIP+0x603DC]
4C2E5 N/A .text CALL QWORD PTR [RIP+0x605D5]
4C483 N/A .text CALL QWORD PTR [RIP+0x60437]
4C507 N/A .text CALL QWORD PTR [RIP+0x603B3]
4C67B N/A .text CALL QWORD PTR [RIP+0x6023F]
4C6C1 N/A .text CALL QWORD PTR [RIP+0x5FDD9]
4C6D1 N/A .text CALL QWORD PTR [RIP+0x5FDD1]
4C760 N/A .text CALL QWORD PTR [RIP+0x5FDEA]
4C84D N/A .text CALL QWORD PTR [RIP+0x5FCAD]
4E2F2 N/A .text CALL QWORD PTR [RIP+0x5E5C8]
4F372 N/A .text CALL QWORD PTR [RIP+0x5D548]
4F832 N/A .text CALL QWORD PTR [RIP+0x5D088]
4F89B N/A .text CALL QWORD PTR [RIP+0x5CCB7]
4F9FE N/A .text CALL QWORD PTR [RIP+0x5CB54]
4FFB4 N/A .text CALL QWORD PTR [RIP+0x5C906]
50960 N/A .text CALL QWORD PTR [RIP+0x5BF5A]
50A3A N/A .text CALL QWORD PTR [RIP+0x5BE80]
50D0A N/A .text CALL QWORD PTR [RIP+0x5B848]
50F6C N/A .text CALL QWORD PTR [RIP+0x5B6CE]
50FB3 N/A .text CALL QWORD PTR [RIP+0x5B4E7]
50FC8 N/A .text CALL QWORD PTR [RIP+0x5B4DA]
2101-211F N/A .text Unusual NOPS Space, count: 31
2842-285F N/A .text Unusual NOPS Space, count: 30
53C1-53DF N/A .text Unusual NOPS Space, count: 31
6582-659F N/A .text Unusual NOPS Space, count: 30
C982-C99F N/A .text Unusual NOPS Space, count: 30
10442-1045F N/A .text Unusual NOPS Space, count: 30
13AC2-13ADF N/A .text Unusual NOPS Space, count: 30
270C1-270DF N/A .text Unusual NOPS Space, count: 31
27A21-27A3F N/A .text Unusual NOPS Space, count: 31
2A422-2A43F N/A .text Unusual NOPS Space, count: 30
2B9E1-2B9FF N/A .text Unusual NOPS Space, count: 31
2F3C2-2F3DF N/A .text Unusual NOPS Space, count: 30
35362-3537F N/A .text Unusual NOPS Space, count: 30
357E1-357FF N/A .text Unusual NOPS Space, count: 31
3FCE1-3FCFF N/A .text Unusual NOPS Space, count: 31
40641-4065F N/A .text Unusual NOPS Space, count: 31
418C1-418DF N/A .text Unusual NOPS Space, count: 31
454A2-454BF N/A .text Unusual NOPS Space, count: 30
45822-4583F N/A .text Unusual NOPS Space, count: 30
ABF78 A7674 .rdata TLS Callback | Pointer to 1400A7674 - 0xA6A74 .text
E2C00 1020 .pdata ExceptionHook | Pointer to 1020 - 0x420 .text + UnwindInfo: .rdata
E2C0C 1080 .pdata ExceptionHook | Pointer to 1080 - 0x480 .text + UnwindInfo: .rdata
E2C18 1090 .pdata ExceptionHook | Pointer to 1090 - 0x490 .text + UnwindInfo: .rdata
E2C24 10D0 .pdata ExceptionHook | Pointer to 10D0 - 0x4D0 .text + UnwindInfo: .rdata
E2C30 1140 .pdata ExceptionHook | Pointer to 1140 - 0x540 .text + UnwindInfo: .rdata
E2C3C 11A0 .pdata ExceptionHook | Pointer to 11A0 - 0x5A0 .text + UnwindInfo: .rdata
E2C48 1220 .pdata ExceptionHook | Pointer to 1220 - 0x620 .text + UnwindInfo: .rdata
E2C54 1260 .pdata ExceptionHook | Pointer to 1260 - 0x660 .text + UnwindInfo: .rdata
E2C60 12C0 .pdata ExceptionHook | Pointer to 12C0 - 0x6C0 .text + UnwindInfo: .rdata
E2C6C 1320 .pdata ExceptionHook | Pointer to 1320 - 0x720 .text + UnwindInfo: .rdata
E2C78 1500 .pdata ExceptionHook | Pointer to 1500 - 0x900 .text + UnwindInfo: .rdata
E2C84 1660 .pdata ExceptionHook | Pointer to 1660 - 0xA60 .text + UnwindInfo: .rdata
E2C90 1760 .pdata ExceptionHook | Pointer to 1760 - 0xB60 .text + UnwindInfo: .rdata
E2C9C 18E0 .pdata ExceptionHook | Pointer to 18E0 - 0xCE0 .text + UnwindInfo: .rdata
E2CA8 1940 .pdata ExceptionHook | Pointer to 1940 - 0xD40 .text + UnwindInfo: .rdata
E2CB4 19A0 .pdata ExceptionHook | Pointer to 19A0 - 0xDA0 .text + UnwindInfo: .rdata
E2CC0 1A00 .pdata ExceptionHook | Pointer to 1A00 - 0xE00 .text + UnwindInfo: .rdata
E2CCC 1A60 .pdata ExceptionHook | Pointer to 1A60 - 0xE60 .text + UnwindInfo: .rdata
E2CD8 1AC0 .pdata ExceptionHook | Pointer to 1AC0 - 0xEC0 .text + UnwindInfo: .rdata
E2CE4 1B20 .pdata ExceptionHook | Pointer to 1B20 - 0xF20 .text + UnwindInfo: .rdata
E2CF0 1B80 .pdata ExceptionHook | Pointer to 1B80 - 0xF80 .text + UnwindInfo: .rdata
E2CFC 1BE0 .pdata ExceptionHook | Pointer to 1BE0 - 0xFE0 .text + UnwindInfo: .rdata
E2D08 1C40 .pdata ExceptionHook | Pointer to 1C40 - 0x1040 .text + UnwindInfo: .rdata
E2D14 1CA0 .pdata ExceptionHook | Pointer to 1CA0 - 0x10A0 .text + UnwindInfo: .rdata
E2D20 1D00 .pdata ExceptionHook | Pointer to 1D00 - 0x1100 .text + UnwindInfo: .rdata
E2D2C 1D60 .pdata ExceptionHook | Pointer to 1D60 - 0x1160 .text + UnwindInfo: .rdata
E2D38 1DC0 .pdata ExceptionHook | Pointer to 1DC0 - 0x11C0 .text + UnwindInfo: .rdata
E2D44 1E20 .pdata ExceptionHook | Pointer to 1E20 - 0x1220 .text + UnwindInfo: .rdata
E2D50 1E80 .pdata ExceptionHook | Pointer to 1E80 - 0x1280 .text + UnwindInfo: .rdata
E2D5C 1EE0 .pdata ExceptionHook | Pointer to 1EE0 - 0x12E0 .text + UnwindInfo: .rdata
E2D68 1F40 .pdata ExceptionHook | Pointer to 1F40 - 0x1340 .text + UnwindInfo: .rdata
E2D74 1FA0 .pdata ExceptionHook | Pointer to 1FA0 - 0x13A0 .text + UnwindInfo: .rdata
E2D80 2000 .pdata ExceptionHook | Pointer to 2000 - 0x1400 .text + UnwindInfo: .rdata
E2D8C 2060 .pdata ExceptionHook | Pointer to 2060 - 0x1460 .text + UnwindInfo: .rdata
E2D98 20C0 .pdata ExceptionHook | Pointer to 20C0 - 0x14C0 .text + UnwindInfo: .rdata
E2DA4 2120 .pdata ExceptionHook | Pointer to 2120 - 0x1520 .text + UnwindInfo: .rdata
E2DB0 2180 .pdata ExceptionHook | Pointer to 2180 - 0x1580 .text + UnwindInfo: .rdata
E2DBC 21E0 .pdata ExceptionHook | Pointer to 21E0 - 0x15E0 .text + UnwindInfo: .rdata
E2DC8 2700 .pdata ExceptionHook | Pointer to 2700 - 0x1B00 .text + UnwindInfo: .rdata
E2DD4 28C0 .pdata ExceptionHook | Pointer to 28C0 - 0x1CC0 .text + UnwindInfo: .rdata
E2DE0 2C80 .pdata ExceptionHook | Pointer to 2C80 - 0x2080 .text + UnwindInfo: .rdata
E2DEC 2D20 .pdata ExceptionHook | Pointer to 2D20 - 0x2120 .text + UnwindInfo: .rdata
E2DF8 2FB9 .pdata ExceptionHook | Pointer to 2FB9 - 0x23B9 .text + UnwindInfo: .rdata
E2E04 3000 .pdata ExceptionHook | Pointer to 3000 - 0x2400 .text + UnwindInfo: .rdata
E2E10 3130 .pdata ExceptionHook | Pointer to 3130 - 0x2530 .text + UnwindInfo: .rdata
E2E1C 3160 .pdata ExceptionHook | Pointer to 3160 - 0x2560 .text + UnwindInfo: .rdata
E2E28 3190 .pdata ExceptionHook | Pointer to 3190 - 0x2590 .text + UnwindInfo: .rdata
E2E34 3280 .pdata ExceptionHook | Pointer to 3280 - 0x2680 .text + UnwindInfo: .rdata
E2E40 3300 .pdata ExceptionHook | Pointer to 3300 - 0x2700 .text + UnwindInfo: .rdata
E2E4C 3310 .pdata ExceptionHook | Pointer to 3310 - 0x2710 .text + UnwindInfo: .rdata
E2E58 3350 .pdata ExceptionHook | Pointer to 3350 - 0x2750 .text + UnwindInfo: .rdata
E2E64 3460 .pdata ExceptionHook | Pointer to 3460 - 0x2860 .text + UnwindInfo: .rdata
E2E70 3520 .pdata ExceptionHook | Pointer to 3520 - 0x2920 .text + UnwindInfo: .rdata
E2E7C 3580 .pdata ExceptionHook | Pointer to 3580 - 0x2980 .text + UnwindInfo: .rdata
E2E88 37C6 .pdata ExceptionHook | Pointer to 37C6 - 0x2BC6 .text + UnwindInfo: .rdata
E2E94 3845 .pdata ExceptionHook | Pointer to 3845 - 0x2C45 .text + UnwindInfo: .rdata
E2EA0 3870 .pdata ExceptionHook | Pointer to 3870 - 0x2C70 .text + UnwindInfo: .rdata
E2EAC 3AB6 .pdata ExceptionHook | Pointer to 3AB6 - 0x2EB6 .text + UnwindInfo: .rdata
E2EB8 3B35 .pdata ExceptionHook | Pointer to 3B35 - 0x2F35 .text + UnwindInfo: .rdata
E2EC4 3B60 .pdata ExceptionHook | Pointer to 3B60 - 0x2F60 .text + UnwindInfo: .rdata
E2ED0 3DB2 .pdata ExceptionHook | Pointer to 3DB2 - 0x31B2 .text + UnwindInfo: .rdata
E2EDC 3E31 .pdata ExceptionHook | Pointer to 3E31 - 0x3231 .text + UnwindInfo: .rdata
E2EE8 3E50 .pdata ExceptionHook | Pointer to 3E50 - 0x3250 .text + UnwindInfo: .rdata
E2EF4 4096 .pdata ExceptionHook | Pointer to 4096 - 0x3496 .text + UnwindInfo: .rdata
E2F00 4115 .pdata ExceptionHook | Pointer to 4115 - 0x3515 .text + UnwindInfo: .rdata
E2F0C 4140 .pdata ExceptionHook | Pointer to 4140 - 0x3540 .text + UnwindInfo: .rdata
E2F18 4338 .pdata ExceptionHook | Pointer to 4338 - 0x3738 .text + UnwindInfo: .rdata
E2F24 43B1 .pdata ExceptionHook | Pointer to 43B1 - 0x37B1 .text + UnwindInfo: .rdata
E2F30 43D0 .pdata ExceptionHook | Pointer to 43D0 - 0x37D0 .text + UnwindInfo: .rdata
E2F3C 45C8 .pdata ExceptionHook | Pointer to 45C8 - 0x39C8 .text + UnwindInfo: .rdata
E2F48 4641 .pdata ExceptionHook | Pointer to 4641 - 0x3A41 .text + UnwindInfo: .rdata
E2F54 4660 .pdata ExceptionHook | Pointer to 4660 - 0x3A60 .text + UnwindInfo: .rdata
E2F60 46B0 .pdata ExceptionHook | Pointer to 46B0 - 0x3AB0 .text + UnwindInfo: .rdata
E2F6C 46D0 .pdata ExceptionHook | Pointer to 46D0 - 0x3AD0 .text + UnwindInfo: .rdata
E2F78 46F0 .pdata ExceptionHook | Pointer to 46F0 - 0x3AF0 .text + UnwindInfo: .rdata
E2F84 4710 .pdata ExceptionHook | Pointer to 4710 - 0x3B10 .text + UnwindInfo: .rdata
E2F90 4730 .pdata ExceptionHook | Pointer to 4730 - 0x3B30 .text + UnwindInfo: .rdata
E2F9C 4750 .pdata ExceptionHook | Pointer to 4750 - 0x3B50 .text + UnwindInfo: .rdata
E2FA8 4770 .pdata ExceptionHook | Pointer to 4770 - 0x3B70 .text + UnwindInfo: .rdata
E2FB4 4790 .pdata ExceptionHook | Pointer to 4790 - 0x3B90 .text + UnwindInfo: .rdata
E2FC0 47B0 .pdata ExceptionHook | Pointer to 47B0 - 0x3BB0 .text + UnwindInfo: .rdata
E2FCC 47D0 .pdata ExceptionHook | Pointer to 47D0 - 0x3BD0 .text + UnwindInfo: .rdata
E2FD8 47F0 .pdata ExceptionHook | Pointer to 47F0 - 0x3BF0 .text + UnwindInfo: .rdata
E2FE4 4810 .pdata ExceptionHook | Pointer to 4810 - 0x3C10 .text + UnwindInfo: .rdata
E2FF0 4830 .pdata ExceptionHook | Pointer to 4830 - 0x3C30 .text + UnwindInfo: .rdata
E2FFC 49A0 .pdata ExceptionHook | Pointer to 49A0 - 0x3DA0 .text + UnwindInfo: .rdata
E3008 5080 .pdata ExceptionHook | Pointer to 5080 - 0x4480 .text + UnwindInfo: .rdata
E3014 5120 .pdata ExceptionHook | Pointer to 5120 - 0x4520 .text + UnwindInfo: .rdata
E3020 51F0 .pdata ExceptionHook | Pointer to 51F0 - 0x45F0 .text + UnwindInfo: .rdata
E302C 52A0 .pdata ExceptionHook | Pointer to 52A0 - 0x46A0 .text + UnwindInfo: .rdata
E3038 53A0 .pdata ExceptionHook | Pointer to 53A0 - 0x47A0 .text + UnwindInfo: .rdata
E3044 5420 .pdata ExceptionHook | Pointer to 5420 - 0x4820 .text + UnwindInfo: .rdata
E3050 5560 .pdata ExceptionHook | Pointer to 5560 - 0x4960 .text + UnwindInfo: .rdata
E305C 56C0 .pdata ExceptionHook | Pointer to 56C0 - 0x4AC0 .text + UnwindInfo: .rdata
E3068 5790 .pdata ExceptionHook | Pointer to 5790 - 0x4B90 .text + UnwindInfo: .rdata
E3074 5870 .pdata ExceptionHook | Pointer to 5870 - 0x4C70 .text + UnwindInfo: .rdata
E3080 59C0 .pdata ExceptionHook | Pointer to 59C0 - 0x4DC0 .text + UnwindInfo: .rdata
E308C 5A50 .pdata ExceptionHook | Pointer to 5A50 - 0x4E50 .text + UnwindInfo: .rdata
E3098 5AC0 .pdata ExceptionHook | Pointer to 5AC0 - 0x4EC0 .text + UnwindInfo: .rdata
E30A4 5FE0 .pdata ExceptionHook | Pointer to 5FE0 - 0x53E0 .text + UnwindInfo: .rdata
ECE00 N/A *Overlay* 42EEFFC06FA40000D9AC605330C84D78E08B7FEE | B...o.....S0.Mx....
Extra Analysis
Metric Value Percentage
Ascii Code 604730 59,7357%
Null Byte Code 158197 15,6268%
NOP Cave Found 0x9090909090 Block Count: 1950 | Total: 0,4816%
© 2026 All rights reserved.