PESCAN.IO — Analysis Report

PREMIUM PESCAN.IO - Analysis Report

File Structure

PE Chart Code

Executable header (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 12,02 MB
SHA-256 Hash: D0A305EC034E12C2EE98A42F58BAD1BCACEEEAD4A96D29EAD7CA41968DECF667
SHA-1 Hash: C3327C754D670B250DE789DA347C27CBA58706CF
MD5 Hash: 315EE6C23E0F1D405E79234373EB484F
Imphash: C5E49DE42B1165B00BD79240B8CD617D
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00C0C7BB
EntryPoint (rva): 13E0
SizeOfHeaders: 400
SizeOfImage: 32000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 29000
IAT: 295F0
Characteristics: 22E
TimeDateStamp: 69B1AE48
Date: 11/03/2026 18:02:48
File Type: EXE
Number Of Sections: 10
ASLR: Disabled
Section Names (Optional Header): .text, .data, .rdata, .pdata, .xdata, .bss, .idata, .tls, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	60000020 (Code, Executable, Readable)	400	18E00	1000	18C10	6,2471	903825,93
.data	C0000040 (Initialized Data, Readable, Writeable)	19200	200	1A000	150	1,3511	85136,00
.rdata	40000040 (Initialized Data, Readable)	19400	7E00	1B000	7C18	6,4517	338873,52
.pdata	40000040 (Initialized Data, Readable)	21200	E00	23000	C24	4,5507	193357,71
.xdata	40000040 (Initialized Data, Readable)	22000	E00	24000	C54	4,1446	106716,57
.bss	C0000080 (Uninitialized Data, Readable, Writeable)	0	0	25000	3C20	N/A	N/A
.idata	40000040 (Initialized Data, Readable)	22E00	1A00	29000	1860	4,4188	303821,54
.tls	C0000040 (Initialized Data, Readable, Writeable)	24800	200	2B000	10	0,0000	130560,00
.rsrc	40000040 (Initialized Data, Readable)	24A00	4400	2C000	42F0	7,8809	5468,26
.reloc	42000040 (Initialized Data, GP-Relative, Readable)	28E00	200	31000	BC	2,1687	66083,00

Binder/Joiner/Crypter

Dropper code detected (EOF) - 11,83 MB

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 7E0
Code -> 4883EC28488B0565070200C70001000000E81AFCFFFF90904883C428C30F1F004883EC28488B0545070200C70000000000E8
• SUB RSP, 0X28
• MOV RAX, QWORD PTR [RIP + 0X20765]
• MOV DWORD PTR [RAX], 1
• CALL 0XC30
• NOP
• NOP
• ADD RSP, 0X28
• RET
• NOP DWORD PTR [RAX]
• SUB RSP, 0X28
• MOV RAX, QWORD PTR [RIP + 0X20745]
• MOV DWORD PTR [RAX], 0

Signatures

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Detect It Easy (die)
• PE+(64): overlay: zlib archive(-)[-]
• Entropy: 7.99328

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	GetProcAddress \| Possible Call API By Name	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).

File Access

bdata_pack\ugate.exe
%s%c%s.exe
9python313.dll
bpython313.dll
bpython3.dll
blibffi-8.dll
blibcrypto-3.dll
bVCRUNTIME140_1.dll
bVCRUNTIME140.dll
USER32.dll
msvcrt.dll
KERNEL32.dll
GDI32.dll
COMCTL32.dll
ADVAPI32.dll
.dat
bdata_pack\words.txt
bdata_pack\jpack.js
bdata_pack\jpack-orig.js
bdata_pack\jobfs_n.js
bdata_pack\jobfs_d.js
bdata_pack\jobfs_b.js
bbase_library.zip
Failed to construct path to base_library.zip
%s\base_library.zip
%s\base_library.zip
Temp

File Access (UNICODE)

VCRUNTIME140_1.dll
VCRUNTIME140.dll
Path of ucrtbase.dll
%ls\ucrtbase.dll
Temp

Interest's Words

PADDINGX
exec
start
shutdown
ping
expand
replace

Interest's Words (UNICODE)

<form
exec
expand

URLs

http://schemas.microsoft.com/SMI/2016/WindowsSettings

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	File (GetTempPath)
Text	Ascii	File (CreateFile)
Text	Ascii	Anti-Analysis VM (GetVersion)
Text	Ascii	Reconnaissance (FindFirstFileW)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Execution (CreateProcessW)
Text	Unicode	Execution (CreateProcessW)
Entry Point	Hex Pattern	Win.Trojan.Peed-422
Entry Point	Hex Pattern	Win.Trojan.Peed-423
Entry Point	Hex Pattern	Win.Trojan.Peed-426
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\ICON\1\0	2C1A8	31D	24BA8	89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF61000002E449444154789C6D535D4F535914	.PNG........IHDR................a....IDATx.mS]OSY.
\ICON\2\0	2C4C8	59B	24EC8	89504E470D0A1A0A0000000D4948445200000018000000180806000000E0773DF80000056249444154789C95565B6F1BC715	.PNG........IHDR..............w=....bIDATx..V[o...
\ICON\3\0	2CA64	8C3	25464	89504E470D0A1A0A0000000D4948445200000020000000200806000000737A7AF40000088A49444154789C9557F9731BB715	.PNG........IHDR... ... .....szz.....IDATx..W.s...
\ICON\4\0	2D328	108F	25D28	89504E470D0A1A0A0000000D49484452000000300000003008060000005702F9870000105649444154789CAD5A078FEBC891	.PNG........IHDR...0...0.....W......VIDATx..Z.....
\ICON\5\0	2E3B8	19DB	26DB8	89504E470D0A1A0A0000000D4948445200000040000000400806000000AA6971DE000019A249444154789CCD7B097323C791	.PNG........IHDR...@...@......iq.....IDATx..{.s..
\GROUP_ICON\1\0	2FD94	4C	28794	00000100050010100000000020001D030000010018180000000020009B05000002002020000000002000C3080000030030300000000020008F10000004004040000000002000DB1900000500	............ ............. ....... .... .......00.... .......@@.... .......
\24\1\0	2FDE0	50D	287E0	3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279	<?xml version="1.0" encoding="UTF-8" standalone="y

Intelligent String

• @.bss
• @.tls
• %ls\ucrtbase.dll
• VCRUNTIME140.dll
• VCRUNTIME140_1.dll
• %s\base_library.zip
• ADVAPI32.dll
• COMCTL32.dll
• GDI32.dll
• KERNEL32.dll
• msvcrt.dll
• USER32.dll
• <longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware>
• NFM.rcU
• b_bz2.pyd
• b_ctypes.pyd
• b_decimal.pyd
• b_hashlib.pyd
• b_lzma.pyd
• b_socket.pyd
• b_uuid.pyd
• b_wmi.pyd
• bbase_library.zip
• bdata_pack\task.xml
• bdata_pack\ugate.exe
• bdata_pack\words.txt
• blibcrypto-3.dll
• blibffi-8.dll
• bpsutil\_psutil_windows.pyd
• bpython3.dll
• bpython313.dll
• bselect.pyd
• bunicodedata.pyd
• zPYZ.pyz
• 9python313.dll

Flow Anomalies

Offset	RVA	Section	Description
523	N/A	.text	CALL QWORD PTR [RIP+0x28677]
855	N/A	.text	CALL QWORD PTR [RIP+0x18CB5]
869	N/A	.text	CALL QWORD PTR [RIP+0x18C91]
C02	N/A	.text	CALL QWORD PTR [RIP+0x28048]
C29	N/A	.text	CALL QWORD PTR [RIP+0x28021]
D15	N/A	.text	CALL QWORD PTR [RIP+0x27F35]
D78	N/A	.text	CALL QWORD PTR [RIP+0x27ED2]
DB6	N/A	.text	CALL QWORD PTR [RIP+0x27E94]
ECB	N/A	.text	CALL QWORD PTR [RIP+0x27D7F]
FB0	N/A	.text	CALL QWORD PTR [RIP+0x27C9A]
FD8	N/A	.text	CALL QWORD PTR [RIP+0x27C72]
1008	N/A	.text	CALL QWORD PTR [RIP+0x27C42]
1031	N/A	.text	CALL QWORD PTR [RIP+0x27C19]
12B0	N/A	.text	CALL QWORD PTR [RIP+0x2799A]
12E8	N/A	.text	CALL QWORD PTR [RIP+0x27962]
1310	N/A	.text	CALL QWORD PTR [RIP+0x2793A]
1341	N/A	.text	CALL QWORD PTR [RIP+0x27909]
1361	N/A	.text	CALL QWORD PTR [RIP+0x278E9]
14C5	N/A	.text	CALL QWORD PTR [RIP+0x2781D]
150D	N/A	.text	CALL QWORD PTR [RIP+0x2763D]
1560	N/A	.text	CALL QWORD PTR [RIP+0x275EA]
159F	N/A	.text	CALL QWORD PTR [RIP+0x27553]
161C	N/A	.text	CALL QWORD PTR [RIP+0x2749E]
1AED	N/A	.text	CALL QWORD PTR [RIP+0x27005]
1BE0	N/A	.text	CALL QWORD PTR [RIP+0x26F12]
1C07	N/A	.text	CALL QWORD PTR [RIP+0x26EEB]
1C2E	N/A	.text	CALL QWORD PTR [RIP+0x26EC4]
1C55	N/A	.text	CALL QWORD PTR [RIP+0x26E9D]
1C7C	N/A	.text	CALL QWORD PTR [RIP+0x26E76]
1CA3	N/A	.text	CALL QWORD PTR [RIP+0x26E4F]
1CCA	N/A	.text	CALL QWORD PTR [RIP+0x26E28]
1CF1	N/A	.text	CALL QWORD PTR [RIP+0x26E01]
1D18	N/A	.text	CALL QWORD PTR [RIP+0x26DDA]
1D3F	N/A	.text	CALL QWORD PTR [RIP+0x26DB3]
1D66	N/A	.text	CALL QWORD PTR [RIP+0x26D8C]
1D8D	N/A	.text	CALL QWORD PTR [RIP+0x26D65]
1DB4	N/A	.text	CALL QWORD PTR [RIP+0x26D3E]
1DDB	N/A	.text	CALL QWORD PTR [RIP+0x26D17]
1E02	N/A	.text	CALL QWORD PTR [RIP+0x26CF0]
1E29	N/A	.text	CALL QWORD PTR [RIP+0x26CC9]
1E50	N/A	.text	CALL QWORD PTR [RIP+0x26CA2]
1E77	N/A	.text	CALL QWORD PTR [RIP+0x26C7B]
1E9E	N/A	.text	CALL QWORD PTR [RIP+0x26C54]
1EC5	N/A	.text	CALL QWORD PTR [RIP+0x26C2D]
1EEC	N/A	.text	CALL QWORD PTR [RIP+0x26C06]
1F13	N/A	.text	CALL QWORD PTR [RIP+0x26BDF]
1F3A	N/A	.text	CALL QWORD PTR [RIP+0x26BB8]
1F61	N/A	.text	CALL QWORD PTR [RIP+0x26B91]
1F88	N/A	.text	CALL QWORD PTR [RIP+0x26B6A]
1FAF	N/A	.text	CALL QWORD PTR [RIP+0x26B43]
1FD6	N/A	.text	CALL QWORD PTR [RIP+0x26B1C]
1FFD	N/A	.text	CALL QWORD PTR [RIP+0x26AF5]
2024	N/A	.text	CALL QWORD PTR [RIP+0x26ACE]
204B	N/A	.text	CALL QWORD PTR [RIP+0x26AA7]
2072	N/A	.text	CALL QWORD PTR [RIP+0x26A80]
2099	N/A	.text	CALL QWORD PTR [RIP+0x26A59]
20C0	N/A	.text	CALL QWORD PTR [RIP+0x26A32]
20E7	N/A	.text	CALL QWORD PTR [RIP+0x26A0B]
210E	N/A	.text	CALL QWORD PTR [RIP+0x269E4]
2135	N/A	.text	CALL QWORD PTR [RIP+0x269BD]
215C	N/A	.text	CALL QWORD PTR [RIP+0x26996]
2183	N/A	.text	CALL QWORD PTR [RIP+0x2696F]
21AA	N/A	.text	CALL QWORD PTR [RIP+0x26948]
21D1	N/A	.text	CALL QWORD PTR [RIP+0x26921]
21F8	N/A	.text	CALL QWORD PTR [RIP+0x268FA]
221F	N/A	.text	CALL QWORD PTR [RIP+0x268D3]
2246	N/A	.text	CALL QWORD PTR [RIP+0x268AC]
226D	N/A	.text	CALL QWORD PTR [RIP+0x26885]
2294	N/A	.text	CALL QWORD PTR [RIP+0x2685E]
22BB	N/A	.text	CALL QWORD PTR [RIP+0x26837]
22E2	N/A	.text	CALL QWORD PTR [RIP+0x26810]
2309	N/A	.text	CALL QWORD PTR [RIP+0x267E9]
2330	N/A	.text	CALL QWORD PTR [RIP+0x267C2]
2357	N/A	.text	CALL QWORD PTR [RIP+0x268F3]
23A0	N/A	.text	CALL QWORD PTR [RIP+0x2671A]
247C	N/A	.text	CALL QWORD PTR [RIP+0x26676]
249E	N/A	.text	CALL QWORD PTR [RIP+0x26654]
2503	N/A	.text	CALL QWORD PTR [RIP+0x265B7]
2511	N/A	.text	CALL QWORD PTR [RIP+0x265A9]
2931	N/A	.text	CALL QWORD PTR [RIP+0x261C1]
296F	N/A	.text	CALL QWORD PTR [RIP+0x26183]
29CE	N/A	.text	CALL QWORD PTR [RIP+0x26124]
2A42	N/A	.text	CALL QWORD PTR [RIP+0x260B0]
2A69	N/A	.text	CALL QWORD PTR [RIP+0x26089]
2A90	N/A	.text	CALL QWORD PTR [RIP+0x26062]
2AB7	N/A	.text	CALL QWORD PTR [RIP+0x2603B]
2ADE	N/A	.text	CALL QWORD PTR [RIP+0x26014]
2B05	N/A	.text	CALL QWORD PTR [RIP+0x25FED]
2B2C	N/A	.text	CALL QWORD PTR [RIP+0x25FC6]
2B53	N/A	.text	CALL QWORD PTR [RIP+0x25F9F]
2B7A	N/A	.text	CALL QWORD PTR [RIP+0x25F78]
2BA1	N/A	.text	CALL QWORD PTR [RIP+0x25F51]
2BC8	N/A	.text	CALL QWORD PTR [RIP+0x25F2A]
2BEF	N/A	.text	CALL QWORD PTR [RIP+0x25F03]
2C16	N/A	.text	CALL QWORD PTR [RIP+0x25EDC]
2C3D	N/A	.text	CALL QWORD PTR [RIP+0x25EB5]
2C64	N/A	.text	CALL QWORD PTR [RIP+0x25E8E]
2C8B	N/A	.text	CALL QWORD PTR [RIP+0x25E67]
2CB2	N/A	.text	CALL QWORD PTR [RIP+0x25E40]
2CD9	N/A	.text	CALL QWORD PTR [RIP+0x25E19]
752D6C-752D82	N/A	padding	Potential obfuscated jump sequence detected, count: 7
9748BA-9748EE	N/A	padding	Potential obfuscated jump sequence detected, count: 25
975985-9759AE	N/A	padding	Potential obfuscated jump sequence detected, count: 21
982289-982298	N/A	padding	Potential obfuscated jump sequence detected, count: 8
9BB76F-9BB780	N/A	padding	Potential obfuscated jump sequence detected, count: 9
9C039F-9C03AE	N/A	padding	Potential obfuscated jump sequence detected, count: 8
E6DA-E6FF	N/A	.text	Unusual NOPS Space, count: 38
1594E-1597F	N/A	.text	Unusual NOPS Space, count: 50
178A2-178BF	N/A	.text	Unusual NOPS Space, count: 30
20FF0	F7E0	.rdata	TLS Callback \| Pointer to 14000F7E0 - 0xEBE0 .text
20FF8	F7C0	.rdata	TLS Callback \| Pointer to 14000F7C0 - 0xEBC0 .text
21200	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x400 .text + UnwindInfo: .xdata
2120C	1010	.pdata	ExceptionHook \| Pointer to 1010 - 0x410 .text + UnwindInfo: .xdata
21218	13E0	.pdata	ExceptionHook \| Pointer to 13E0 - 0x7E0 .text + UnwindInfo: .xdata
21224	1400	.pdata	ExceptionHook \| Pointer to 1400 - 0x800 .text + UnwindInfo: .xdata
21230	1420	.pdata	ExceptionHook \| Pointer to 1420 - 0x820 .text + UnwindInfo: .xdata
2123C	1430	.pdata	ExceptionHook \| Pointer to 1430 - 0x830 .text + UnwindInfo: .xdata
21248	1440	.pdata	ExceptionHook \| Pointer to 1440 - 0x840 .text + UnwindInfo: .xdata
21254	1450	.pdata	ExceptionHook \| Pointer to 1450 - 0x850 .text + UnwindInfo: .xdata
21260	1490	.pdata	ExceptionHook \| Pointer to 1490 - 0x890 .text + UnwindInfo: .xdata
2126C	1860	.pdata	ExceptionHook \| Pointer to 1860 - 0xC60 .text + UnwindInfo: .xdata
21278	1870	.pdata	ExceptionHook \| Pointer to 1870 - 0xC70 .text + UnwindInfo: .xdata
21284	19E0	.pdata	ExceptionHook \| Pointer to 19E0 - 0xDE0 .text + UnwindInfo: .xdata
21290	1C60	.pdata	ExceptionHook \| Pointer to 1C60 - 0x1060 .text + UnwindInfo: .xdata
2129C	1F90	.pdata	ExceptionHook \| Pointer to 1F90 - 0x1390 .text + UnwindInfo: .xdata
212A8	1FD0	.pdata	ExceptionHook \| Pointer to 1FD0 - 0x13D0 .text + UnwindInfo: .xdata
212B4	2060	.pdata	ExceptionHook \| Pointer to 2060 - 0x1460 .text + UnwindInfo: .xdata
212C0	21D0	.pdata	ExceptionHook \| Pointer to 21D0 - 0x15D0 .text + UnwindInfo: .xdata
212CC	2F80	.pdata	ExceptionHook \| Pointer to 2F80 - 0x2380 .text + UnwindInfo: .xdata
212D8	2FD0	.pdata	ExceptionHook \| Pointer to 2FD0 - 0x23D0 .text + UnwindInfo: .xdata
212E4	30C0	.pdata	ExceptionHook \| Pointer to 30C0 - 0x24C0 .text + UnwindInfo: .xdata
212F0	3B70	.pdata	ExceptionHook \| Pointer to 3B70 - 0x2F70 .text + UnwindInfo: .xdata
212FC	3BC0	.pdata	ExceptionHook \| Pointer to 3BC0 - 0x2FC0 .text + UnwindInfo: .xdata
21308	3DB0	.pdata	ExceptionHook \| Pointer to 3DB0 - 0x31B0 .text + UnwindInfo: .xdata
21314	4170	.pdata	ExceptionHook \| Pointer to 4170 - 0x3570 .text + UnwindInfo: .xdata
21320	4240	.pdata	ExceptionHook \| Pointer to 4240 - 0x3640 .text + UnwindInfo: .xdata
2132C	4370	.pdata	ExceptionHook \| Pointer to 4370 - 0x3770 .text + UnwindInfo: .xdata
21338	4410	.pdata	ExceptionHook \| Pointer to 4410 - 0x3810 .text + UnwindInfo: .xdata
21344	44A0	.pdata	ExceptionHook \| Pointer to 44A0 - 0x38A0 .text + UnwindInfo: .xdata
21350	45A0	.pdata	ExceptionHook \| Pointer to 45A0 - 0x39A0 .text + UnwindInfo: .xdata
2135C	46A0	.pdata	ExceptionHook \| Pointer to 46A0 - 0x3AA0 .text + UnwindInfo: .xdata
21368	47D0	.pdata	ExceptionHook \| Pointer to 47D0 - 0x3BD0 .text + UnwindInfo: .xdata
21374	4840	.pdata	ExceptionHook \| Pointer to 4840 - 0x3C40 .text + UnwindInfo: .xdata
21380	48B0	.pdata	ExceptionHook \| Pointer to 48B0 - 0x3CB0 .text + UnwindInfo: .xdata
2138C	49D0	.pdata	ExceptionHook \| Pointer to 49D0 - 0x3DD0 .text + UnwindInfo: .xdata
21398	4B40	.pdata	ExceptionHook \| Pointer to 4B40 - 0x3F40 .text + UnwindInfo: .xdata
213A4	4F00	.pdata	ExceptionHook \| Pointer to 4F00 - 0x4300 .text + UnwindInfo: .xdata
213B0	5190	.pdata	ExceptionHook \| Pointer to 5190 - 0x4590 .text + UnwindInfo: .xdata
213BC	51A0	.pdata	ExceptionHook \| Pointer to 51A0 - 0x45A0 .text + UnwindInfo: .xdata
213C8	5220	.pdata	ExceptionHook \| Pointer to 5220 - 0x4620 .text + UnwindInfo: .xdata
213D4	5240	.pdata	ExceptionHook \| Pointer to 5240 - 0x4640 .text + UnwindInfo: .xdata
213E0	52D0	.pdata	ExceptionHook \| Pointer to 52D0 - 0x46D0 .text + UnwindInfo: .xdata
213EC	5D00	.pdata	ExceptionHook \| Pointer to 5D00 - 0x5100 .text + UnwindInfo: .xdata
213F8	5D50	.pdata	ExceptionHook \| Pointer to 5D50 - 0x5150 .text + UnwindInfo: .xdata
21404	5DC0	.pdata	ExceptionHook \| Pointer to 5DC0 - 0x51C0 .text + UnwindInfo: .xdata
21410	6070	.pdata	ExceptionHook \| Pointer to 6070 - 0x5470 .text + UnwindInfo: .xdata
2141C	60E0	.pdata	ExceptionHook \| Pointer to 60E0 - 0x54E0 .text + UnwindInfo: .xdata
21428	6110	.pdata	ExceptionHook \| Pointer to 6110 - 0x5510 .text + UnwindInfo: .xdata
21434	61C0	.pdata	ExceptionHook \| Pointer to 61C0 - 0x55C0 .text + UnwindInfo: .xdata
21440	6200	.pdata	ExceptionHook \| Pointer to 6200 - 0x5600 .text + UnwindInfo: .xdata
2144C	6260	.pdata	ExceptionHook \| Pointer to 6260 - 0x5660 .text + UnwindInfo: .xdata
21458	62A0	.pdata	ExceptionHook \| Pointer to 62A0 - 0x56A0 .text + UnwindInfo: .xdata
21464	6360	.pdata	ExceptionHook \| Pointer to 6360 - 0x5760 .text + UnwindInfo: .xdata
21470	63D0	.pdata	ExceptionHook \| Pointer to 63D0 - 0x57D0 .text + UnwindInfo: .xdata
2147C	6420	.pdata	ExceptionHook \| Pointer to 6420 - 0x5820 .text + UnwindInfo: .xdata
21488	6540	.pdata	ExceptionHook \| Pointer to 6540 - 0x5940 .text + UnwindInfo: .xdata
21494	6990	.pdata	ExceptionHook \| Pointer to 6990 - 0x5D90 .text + UnwindInfo: .xdata
214A0	6A00	.pdata	ExceptionHook \| Pointer to 6A00 - 0x5E00 .text + UnwindInfo: .xdata
214AC	6A80	.pdata	ExceptionHook \| Pointer to 6A80 - 0x5E80 .text + UnwindInfo: .xdata
214B8	6B10	.pdata	ExceptionHook \| Pointer to 6B10 - 0x5F10 .text + UnwindInfo: .xdata
214C4	6B50	.pdata	ExceptionHook \| Pointer to 6B50 - 0x5F50 .text + UnwindInfo: .xdata
214D0	6C00	.pdata	ExceptionHook \| Pointer to 6C00 - 0x6000 .text + UnwindInfo: .xdata
214DC	6CB0	.pdata	ExceptionHook \| Pointer to 6CB0 - 0x60B0 .text + UnwindInfo: .xdata
214E8	7060	.pdata	ExceptionHook \| Pointer to 7060 - 0x6460 .text + UnwindInfo: .xdata
214F4	71A0	.pdata	ExceptionHook \| Pointer to 71A0 - 0x65A0 .text + UnwindInfo: .xdata
21500	77B0	.pdata	ExceptionHook \| Pointer to 77B0 - 0x6BB0 .text + UnwindInfo: .xdata
2150C	7810	.pdata	ExceptionHook \| Pointer to 7810 - 0x6C10 .text + UnwindInfo: .xdata
21518	7870	.pdata	ExceptionHook \| Pointer to 7870 - 0x6C70 .text + UnwindInfo: .xdata
21524	79E0	.pdata	ExceptionHook \| Pointer to 79E0 - 0x6DE0 .text + UnwindInfo: .xdata
21530	7B30	.pdata	ExceptionHook \| Pointer to 7B30 - 0x6F30 .text + UnwindInfo: .xdata
2153C	7E70	.pdata	ExceptionHook \| Pointer to 7E70 - 0x7270 .text + UnwindInfo: .xdata
21548	8200	.pdata	ExceptionHook \| Pointer to 8200 - 0x7600 .text + UnwindInfo: .xdata
21554	8370	.pdata	ExceptionHook \| Pointer to 8370 - 0x7770 .text + UnwindInfo: .xdata
21560	84A0	.pdata	ExceptionHook \| Pointer to 84A0 - 0x78A0 .text + UnwindInfo: .xdata
2156C	84E0	.pdata	ExceptionHook \| Pointer to 84E0 - 0x78E0 .text + UnwindInfo: .xdata
21578	8550	.pdata	ExceptionHook \| Pointer to 8550 - 0x7950 .text + UnwindInfo: .xdata
21584	8590	.pdata	ExceptionHook \| Pointer to 8590 - 0x7990 .text + UnwindInfo: .xdata
21590	85A0	.pdata	ExceptionHook \| Pointer to 85A0 - 0x79A0 .text + UnwindInfo: .xdata
2159C	8670	.pdata	ExceptionHook \| Pointer to 8670 - 0x7A70 .text + UnwindInfo: .xdata
215A8	8910	.pdata	ExceptionHook \| Pointer to 8910 - 0x7D10 .text + UnwindInfo: .xdata
215B4	8B40	.pdata	ExceptionHook \| Pointer to 8B40 - 0x7F40 .text + UnwindInfo: .xdata
215C0	8BF0	.pdata	ExceptionHook \| Pointer to 8BF0 - 0x7FF0 .text + UnwindInfo: .xdata
215CC	8E10	.pdata	ExceptionHook \| Pointer to 8E10 - 0x8210 .text + UnwindInfo: .xdata
215D8	8FB0	.pdata	ExceptionHook \| Pointer to 8FB0 - 0x83B0 .text + UnwindInfo: .xdata
215E4	9030	.pdata	ExceptionHook \| Pointer to 9030 - 0x8430 .text + UnwindInfo: .xdata
215F0	9080	.pdata	ExceptionHook \| Pointer to 9080 - 0x8480 .text + UnwindInfo: .xdata
215FC	90D0	.pdata	ExceptionHook \| Pointer to 90D0 - 0x84D0 .text + UnwindInfo: .xdata
21608	9120	.pdata	ExceptionHook \| Pointer to 9120 - 0x8520 .text + UnwindInfo: .xdata
21614	9230	.pdata	ExceptionHook \| Pointer to 9230 - 0x8630 .text + UnwindInfo: .xdata
21620	9310	.pdata	ExceptionHook \| Pointer to 9310 - 0x8710 .text + UnwindInfo: .xdata
2162C	93E0	.pdata	ExceptionHook \| Pointer to 93E0 - 0x87E0 .text + UnwindInfo: .xdata
21638	9400	.pdata	ExceptionHook \| Pointer to 9400 - 0x8800 .text + UnwindInfo: .xdata
21644	9540	.pdata	ExceptionHook \| Pointer to 9540 - 0x8940 .text + UnwindInfo: .xdata
21650	9640	.pdata	ExceptionHook \| Pointer to 9640 - 0x8A40 .text + UnwindInfo: .xdata
2165C	9760	.pdata	ExceptionHook \| Pointer to 9760 - 0x8B60 .text + UnwindInfo: .xdata
21668	98F0	.pdata	ExceptionHook \| Pointer to 98F0 - 0x8CF0 .text + UnwindInfo: .xdata
21674	9A00	.pdata	ExceptionHook \| Pointer to 9A00 - 0x8E00 .text + UnwindInfo: .xdata
21680	9B20	.pdata	ExceptionHook \| Pointer to 9B20 - 0x8F20 .text + UnwindInfo: .xdata
2168C	9CF0	.pdata	ExceptionHook \| Pointer to 9CF0 - 0x90F0 .text + UnwindInfo: .xdata
21698	9D20	.pdata	ExceptionHook \| Pointer to 9D20 - 0x9120 .text + UnwindInfo: .xdata
216A4	9DB0	.pdata	ExceptionHook \| Pointer to 9DB0 - 0x91B0 .text + UnwindInfo: .xdata
29000	N/A	Overlay	78DA4D8EB14EC3301086EF9C344D090C08895662 \| x.M..N.0....4M....Vb

Extra Analysis

Metric	Value	Percentage
Ascii Code	8589286	68,141%
Null Byte Code	70668	0,5606%
NOP Cave Found	0x9090909090	Block Count: 102 \| Total: 0,002%

PREMIUM PESCAN.IO - Analysis Report