PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 16,50 KB
SHA-256 Hash: 57CFB8B9FE7F2557B43ABF6FB322DF0A6F0B3A3B1E10403EBA493FEC76790A83
SHA-1 Hash: ADEB55410EF37C44F3F0D63571BA813F2E705906
MD5 Hash: 31C51A964A83115B00E0CC6E32C7D14E
Imphash: 6648B6235C1E30EDF76284678B724E6E
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 1A10
SizeOfHeaders: 400
SizeOfImage: 9000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 4044
IAT: 3000
Characteristics: 22
TimeDateStamp: 6A05A12F
Date: 14/05/2026 10:17:19
File Type: EXE
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text
0x60000020
Code
Executable
Readable
 400 1800 1000 1639
5.8133
99746.08
.rdata
0x40000040
Initialized Data
Readable
 1C00 1E00 3000 1C74
4.3628
427672.47
.data
0xC0000040
Initialized Data
Readable
Writeable
 3A00 200 5000 1B0
2.0736
72465
.pdata
0x40000040
Initialized Data
Readable
 3C00 200 6000 1F8
3.8217
34683
.rsrc
0x40000040
Initialized Data
Readable
 3E00 200 7000 1E0
4.7015
9406
.reloc
0x42000040
Initialized Data
GP-Relative
Readable
 4000 200 8000 54
1.1638
97343
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - E10
Code -> 4883EC28E8970200004883C428E972FEFFFFCCCCB902000000CD29C3E9120A0000CCCCCC40534883EC20488BD9EB0F488BCB
Assembler
|SUB RSP, 0X28
|CALL 0X12A0
|ADD RSP, 0X28
|JMP 0XE84
|INT3
|INT3
|MOV ECX, 2
|INT 0X29
|RET
|JMP 0X1A33
|INT3
|INT3
|INT3
|PUSH RBX
|SUB RSP, 0X20
|MOV RBX, RCX
|JMP 0X103E
|MOV RCX, RBX
Signatures
Rich Signature Analyzer:
Code -> 4317A9CB0776C7980776C7980776C7980E0E54980B76C7984CFCC4990476C7984CFCC3990D76C7984CFCC2991C76C7984CFCC6990176C7987EF7C6990276C7980776C6985776C7988AFDCE990676C7988AFD38980676C7988AFDC5990676C798526963680776C798
Footprint md5 Hash -> 16D5B9CE96CD04D49BF0088D1D2A569A
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual Studio
Detect It Easy (die)
PE+(64): compiler: Microsoft Visual C/C++(-)[-]
PE+(64): linker: Microsoft Linker(14.50**)[-]
Entropy: 5.08743
Suspicious Functions
Library Function Description
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL CreateFileA Creates or opens a file or I/O device.
File Access
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
VCRUNTIME140.dll
VCRUNTIME140_1.dll
MSVCP140.dll
ADVAPI32.dll
KERNEL32.dll
.dat
@.dat
Interest's Words
exec
ping
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii File (CreateFile)
Text Ascii File (WriteFile)
Text Ascii Stealth (CloseHandle)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Entry Point Hex Pattern PE-Exe Executable Image
Resources
Path DataRVA Size FileOffset CodeText
\24\1\1033 7060 17D 3E60 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779<?xml version='1.0' encoding='UTF-8' standalone='y
Intelligent String
• api-ms-win-crt-math-l1-1-0.dll
• <_register_onexit_function_crt_atexitgterminateapi-ms-win-crt-runtime-l1-1-0.dll
• D:\source\repos\msexplorer32\x64\Release\msexplorer32.pdb
• .bss
• KERNEL32.dll
• ADVAPI32.dll
• MSVCP140.dll
• VCRUNTIME140_1.dll
• VCRUNTIME140.dll
• api-ms-win-crt-stdio-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll
• api-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-string-l1-1-0.dll
Flow Anomalies
Offset RVA Section Description
43F N/A .text CALL QWORD PTR [RIP+0x20A3]
4A3 N/A .text CALL QWORD PTR [RIP+0x203F]
4B4 N/A .text CALL QWORD PTR [RIP+0x2006]
4D7 N/A .text CALL QWORD PTR [RIP+0x200B]
4E8 N/A .text CALL QWORD PTR [RIP+0x1FD2]
50B N/A .text CALL QWORD PTR [RIP+0x1FD7]
51C N/A .text CALL QWORD PTR [RIP+0x1F9E]
58B N/A .text CALL QWORD PTR [RIP+0x1E7F]
59F N/A .text CALL QWORD PTR [RIP+0x1E63]
5A9 N/A .text CALL QWORD PTR [RIP+0x1E51]
5D2 N/A .text CALL QWORD PTR [RIP+0x1F10]
609 N/A .text CALL QWORD PTR [RIP+0x1E49]
636 N/A .text CALL QWORD PTR [RIP+0x1E14]
65B N/A .text CALL QWORD PTR [RIP+0x1DBF]
666 N/A .text CALL QWORD PTR [RIP+0x1E5C]
69E N/A .text CALL QWORD PTR [RIP+0x1D94]
6C5 N/A .text CALL QWORD PTR [RIP+0x1E1D]
6CE N/A .text CALL QWORD PTR [RIP+0x1D74]
735 N/A .text CALL QWORD PTR [RIP+0x1D05]
743 N/A .text CALL QWORD PTR [RIP+0x1CD7]
771 N/A .text CALL QWORD PTR [RIP+0x1D71]
788 N/A .text CALL QWORD PTR [RIP+0x1C9A]
7A8 N/A .text CALL QWORD PTR [RIP+0x1C72]
7B3 N/A .text CALL QWORD PTR [RIP+0x1D0F]
80E N/A .text CALL QWORD PTR [RIP+0x1CBC]
82D N/A .text CALL QWORD PTR [RIP+0x1CB5]
860 N/A .text CALL QWORD PTR [RIP+0x1C82]
869 N/A .text CALL QWORD PTR [RIP+0x1BD9]
891 N/A .text CALL QWORD PTR [RIP+0x1C39]
8AB N/A .text CALL QWORD PTR [RIP+0x1C17]
92D N/A .text CALL QWORD PTR [RIP+0x1BA5]
953 N/A .text CALL QWORD PTR [RIP+0x1B5F]
963 N/A .text CALL QWORD PTR [RIP+0x1B6F]
9B6 N/A .text CALL QWORD PTR [RIP+0x1AE4]
9D8 N/A .text CALL QWORD PTR [RIP+0x1ACA]
9F9 N/A .text CALL QWORD PTR [RIP+0x1AA1]
A41 N/A .text CALL QWORD PTR [RIP+0x1A99]
A48 N/A .text CALL QWORD PTR [RIP+0x1AA2]
A55 N/A .text CALL QWORD PTR [RIP+0x1AAD]
AA5 N/A .text CALL QWORD PTR [RIP+0x19ED]
AB1 N/A .text CALL QWORD PTR [RIP+0x19F9]
ABA N/A .text CALL QWORD PTR [RIP+0x19F8]
AD9 N/A .text CALL QWORD PTR [RIP+0x19D9]
B09 N/A .text CALL QWORD PTR [RIP+0x19E1]
B16 N/A .text CALL QWORD PTR [RIP+0x19EC]
D56 N/A .text CALL QWORD PTR [RIP+0x1934]
10DF N/A .text CALL QWORD PTR [RIP+0x1383]
10ED N/A .text CALL QWORD PTR [RIP+0x136D]
10F9 N/A .text CALL QWORD PTR [RIP+0x1331]
1109 N/A .text CALL QWORD PTR [RIP+0x1379]
117C N/A .text JMP QWORD PTR [RIP+0x12EE]
11EA N/A .text CALL QWORD PTR [RIP+0x1290]
1240 N/A .text JMP QWORD PTR [RIP+0x1232]
12C6 N/A .text CALL QWORD PTR [RIP+0x13C4]
1302 N/A .text CALL QWORD PTR [RIP+0x1388]
179B N/A .text JMP QWORD PTR [RIP+0xDC7]
17A1 N/A .text JMP QWORD PTR [RIP+0xDB1]
17A7 N/A .text JMP QWORD PTR [RIP+0xD9B]
17AD N/A .text JMP QWORD PTR [RIP+0xD8D]
17B3 N/A .text JMP QWORD PTR [RIP+0xD7F]
17B9 N/A .text JMP QWORD PTR [RIP+0xD69]
17BF N/A .text JMP QWORD PTR [RIP+0xD8B]
17C5 N/A .text JMP QWORD PTR [RIP+0xD4D]
17CB N/A .text JMP QWORD PTR [RIP+0xD4F]
17D1 N/A .text JMP QWORD PTR [RIP+0xE31]
17D7 N/A .text JMP QWORD PTR [RIP+0xE3B]
17DD N/A .text JMP QWORD PTR [RIP+0xDCD]
17E3 N/A .text JMP QWORD PTR [RIP+0xE57]
17E9 N/A .text JMP QWORD PTR [RIP+0xE49]
17EF N/A .text JMP QWORD PTR [RIP+0xE3B]
17F5 N/A .text JMP QWORD PTR [RIP+0xE4D]
17FB N/A .text JMP QWORD PTR [RIP+0xE27]
1801 N/A .text JMP QWORD PTR [RIP+0xE19]
1807 N/A .text JMP QWORD PTR [RIP+0xDD3]
180D N/A .text JMP QWORD PTR [RIP+0xE45]
1813 N/A .text JMP QWORD PTR [RIP+0xDBF]
1819 N/A .text JMP QWORD PTR [RIP+0xDB1]
181F N/A .text JMP QWORD PTR [RIP+0xDA3]
1825 N/A .text JMP QWORD PTR [RIP+0xD95]
182B N/A .text JMP QWORD PTR [RIP+0xDDF]
1831 N/A .text JMP QWORD PTR [RIP+0xD69]
1837 N/A .text JMP QWORD PTR [RIP+0xD43]
183D N/A .text JMP QWORD PTR [RIP+0xE1D]
1843 N/A .text JMP QWORD PTR [RIP+0xD2F]
1849 N/A .text JMP QWORD PTR [RIP+0xD41]
184F N/A .text JMP QWORD PTR [RIP+0xD33]
1855 N/A .text JMP QWORD PTR [RIP+0xD8D]
185B N/A .text JMP QWORD PTR [RIP+0xD8F]
1861 N/A .text JMP QWORD PTR [RIP+0xD91]
1867 N/A .text JMP QWORD PTR [RIP+0xD93]
1953 N/A .text JMP QWORD PTR [RIP+0xD17]
1959 N/A .text JMP QWORD PTR [RIP+0xBD1]
1990 N/A .text JMP QWORD PTR [RIP+0xCFA]
19EB N/A .text CALL QWORD PTR [RIP+0xAEF]
Extra Analysis
Metric Value Percentage
Ascii Code 8112 48,0114%
Null Byte Code 6889 40,773%
© 2026 All rights reserved.