PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 834,28 KBSHA-256 Hash: DBE8A4AA5A2A694ECA6926FC60995B2ED47DA2255466E0E9E7912BECBB6C54D0 SHA-1 Hash: 5ED97FFBDAFDB87259DA87D2A06940601A98142C MD5 Hash: 319EC50BD17C61D898768C96FA0A2AB8 Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744 MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 000D2A24 EntryPoint (rva): 7A94E SizeOfHeaders: 200 SizeOfImage: D4000 ImageBase: 400000 Architecture: x86 ImportTable: 7A8FC IAT: 2000 Characteristics: 122 TimeDateStamp: 68DB972F Date: 30/09/2025 8:39:11 File Type: EXE Number Of Sections: 3 ASLR: Disabled Section Names: .text, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 60000020 (Code, Executable, Readable) | 200 | 78A00 | 2000 | 78954 | 6,5704 | 6804516,10 |
| .rsrc | 40000040 (Initialized Data, Readable) | 78C00 | 54E00 | 7C000 | 54D98 | 5,8236 | 8964490,59 |
| .reloc | 42000040 (Initialized Data, GP-Relative, Readable) | CDA00 | 200 | D2000 | C | 0,1019 | 128015,00 |
| Description |
| OriginalFilename: SeriousBit.NetBalancer.UI.exe CompanyName: SeriousBit LegalCopyright: Copyright SeriousBit ProductName: SeriousBit.NetBalancer.UI FileVersion: 12.6.1 FileDescription: SeriousBit.NetBalancer.UI ProductVersion: 12.6.1 Language: Unknown (ID=0x0) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
| The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 78B4E Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 • JMP DWORD PTR [0X402000] • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EAX], AL |
| Signatures |
| Certificate - Digital Signature: • The file is signed and the signature is correct |
| Packer/Compiler |
| Compiler: Microsoft Visual .NET - (You can use a decompiler for this...) • AnyCPU: True • Version: v4.0 Detect It Easy (die) • PE: library: .NET(v4.0.30319)[-] • PE: linker: Microsoft Linker(48.0)[-] • PE: Sign tool: Windows Authenticode(2.0)[PKCS 7] • Entropy: 6.31534 |
| Windows REG (UNICODE) |
| Software\SeriousBit\NetBalancer\ |
| File Access |
| SeriousBit.NetBalancer.UI.exe mscoree.dll user32.dll kernel32.dll |
| File Access (UNICODE) |
| UI.exe UserProfile |
| Interest's Words |
| exec attrib start ping |
| Interest's Words (UNICODE) |
| exec start |
| URLs |
| http://crl.comodoca.com/AAACertificateServices.crl http://ocsp.comodoca.com http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0 http://ocsp.sectigo.com http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt http://ocsp.digicert.com http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl http://cacerts.digicert.com/DigiCertTrustedRootG4.crt http://crl3.digicert.com/DigiCertTrustedRootG4.crl http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl https://sectigo.com/CPS0 |
| IP Addresses |
| 14.0.0.0 12.6.1.0 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Unicode | WinAPI Sockets (connect) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Antivirus Software (comodo) |
| Entry Point | Hex Pattern | Microsoft Visual C / Basic .NET |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 |
| Entry Point | Hex Pattern | Microsoft Visual C v7.0 / Basic .NET |
| Entry Point | Hex Pattern | Microsoft Visual Studio .NET |
| Entry Point | Hex Pattern | .NET executable |
| Entry Point | Hex Pattern | TrueVision Targa Graphics format |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \ICON\1\0 | 7C2B0 | CF58 | 78EB0 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000000774494D4507DD011D0A0125A2EF | .PNG........IHDR.............\r.f....tIME......%.. |
| \ICON\2\0 | 89208 | 25228 | 85E08 | 28000000C0000000800100000100200000000000005202000000000000000000000000000000000000000000000000000000 | (............. ......R............................ |
| \ICON\3\0 | AE430 | 10828 | AB030 | 2800000080000000000100000100200000000000000801000000000000000000000000000000000000000000000000000000 | (............. ................................... |
| \ICON\4\0 | BEC58 | 94A8 | BB858 | 2800000060000000C00000000100200000000000809400000000000000000000000000000000000000000000000000000000 | (............ ................................... |
| \ICON\5\0 | C8100 | 4228 | C4D00 | 2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000 | (...@......... ......B............................ |
| \ICON\6\0 | CC328 | 25A8 | C8F28 | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\7\0 | CE8D0 | 10A8 | CB4D0 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\8\0 | CF978 | 988 | CC578 | 2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000 | (.......0..... .................................. |
| \ICON\9\0 | D0300 | 468 | CCF00 | 28000000100000002000000001002000000000004004000000000000000000000000000000000000000000000000000064B9 | (....... ..... .....@...........................d. |
| \GROUP_ICON\32512\0 | D0768 | 84 | CD368 | 000001000900000000000100200058CF00000100C0C000000100200028520200020080800000010020002808010003006060 | ............ .X........... .(R.......... .(..... |
| \VERSION\1\0 | D07EC | 3BE | CD3EC | BE0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000600 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\0 | D0BAC | 1EA | CD7AC | EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65 | ...<?xml version="1.0" encoding="UTF-8" standalone |
| Intelligent String |
| • SeriousBit.NetBalancer.UI.exe • .txt • C:\wrk\seriousbit\netb\deskapp\src\SeriousBit.NetBalancer.UI\Program.cs • runas • ]SeriousBit.NetBalancer.UI.splash_screen_bg.png • ..\key.snk • _CorExeMainmscoree.dll • 12.6.1.0 • :060U00Uq]dL.g?O0U0E1-Q!m0U0y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0EU>0<0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0U |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 8D43 | D0BAC | .text | CALL [static] | Indirect call to absolute memory address |
| DB43 | D0BAC | .text | CALL [static] | Indirect call to absolute memory address |
| 138C6 | D0BAC | .text | CALL [static] | Indirect call to absolute memory address |
| 18766 | 3D064AB2 | .text | CALL [static] | Indirect call to absolute memory address |
| 1DF98 | 47F70006 | .text | CALL [static] | Indirect call to absolute memory address |
| 23883 | 47F70006 | .text | JMP [static] | Indirect jump to absolute memory address |
| 24BAD | 47F70006 | .text | CALL [static] | Indirect call to absolute memory address |
| 2C9C8 | 40A3EBF6 | .text | CALL [static] | Indirect call to absolute memory address |
| 2CCC8 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2CCCC | 3DA3EBF6 | .text | CALL [static] | Indirect call to absolute memory address |
| 2CFC8 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2CFCC | 15FEFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D2C0 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D2C4 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D2C8 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D2CC | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D2D0 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D2D4 | 5991E8F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 2D5BC | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D5C0 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D5C4 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D5C8 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D5CC | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D5D0 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D5D4 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D5D8 | 7488E5F3 | .text | CALL [static] | Indirect call to absolute memory address |
| 2D8C4 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D8C8 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D8CC | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D8D0 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D8D4 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2D8D8 | 1DD6F6FB | .text | CALL [static] | Indirect call to absolute memory address |
| 2DBC4 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DBC8 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DBCC | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DBD0 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DBD4 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DBD8 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DBDC | 2EADEEF7 | .text | CALL [static] | Indirect call to absolute memory address |
| 2DECC | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DED0 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DED4 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DED8 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DEDC | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2DEE0 | 618AE6F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 2E1D4 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2E1D8 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2E1DC | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2E1E0 | 1BDCF7FB | .text | CALL [static] | Indirect call to absolute memory address |
| 2E4D8 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2E4DC | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2E4E0 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2E4E4 | 3F99E9F5 | .text | CALL [static] | Indirect call to absolute memory address |
| 2E7E0 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 2E7E4 | 16F7FDFE | .text | CALL [static] | Indirect call to absolute memory address |
| 2EAE8 | 2DACEDF7 | .text | CALL [static] | Indirect call to absolute memory address |
| 2EDEC | 2DACEDF7 | .text | CALL [static] | Indirect call to absolute memory address |
| 41154 | 2DACEDF7 | .text | CALL [static] | Indirect call to absolute memory address |
| 41454 | 2DACEDF7 | .text | CALL [static] | Indirect call to absolute memory address |
| 41750 | 18FEFEFD | .text | CALL [static] | Indirect call to absolute memory address |
| 41A50 | 1BFDFEFC | .text | CALL [static] | Indirect call to absolute memory address |
| 41D4C | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 41D50 | 1FFAFDFA | .text | CALL [static] | Indirect call to absolute memory address |
| 4204C | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42050 | 24F9FCF9 | .text | CALL [static] | Indirect call to absolute memory address |
| 42348 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 4234C | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42350 | 2BF8FDF8 | .text | CALL [static] | Indirect call to absolute memory address |
| 42648 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 4264C | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42650 | 42F7FBF7 | .text | CALL [static] | Indirect call to absolute memory address |
| 42944 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42948 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 4294C | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42950 | 60F6FCF6 | .text | CALL [static] | Indirect call to absolute memory address |
| 42C44 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42C48 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42C4C | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42C50 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42F40 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42F44 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42F48 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 42F4C | 16FEFFFE | .text | CALL [static] | Indirect call to absolute memory address |
| 43240 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 43244 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 43248 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 4324C | 2AFAFDFA | .text | CALL [static] | Indirect call to absolute memory address |
| 4353C | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 43540 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 43544 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 43548 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 4354C | 52F8FDF8 | .text | CALL [static] | Indirect call to absolute memory address |
| 43838 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 4383C | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 43840 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 43844 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 43848 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 4384C | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 43B38 | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| 43B3C | 15FFFFFF | .text | CALL [static] | Indirect call to absolute memory address |
| CDC00 | N/A | *Overlay* | 202D00000002020030822D1006092A864886F70D | -......0.-...*.H... |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 385649 | 45,1419% |
| Null Byte Code | 209301 | 24,4996% |
© 2026 All rights reserved.