PREMIUM PESCAN.IO - Analysis Report

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 2,54 MB
SHA-256 Hash: F058C591EBA924C5BD9D14E49FAF7736216E56DEF403903243AD9CE74D9ADEB4
SHA-1 Hash: 0C754A36F7624AD4A757B6FD22445E00F86147B8
MD5 Hash: 405956BBB3FF3F85698C7A83E743BAC2
Imphash: 1EE5CEAA8651BF31EBD235088B7E8B9C
MajorOSVersion: 6
MinorOSVersion: 1
CheckSum: 002920C6
EntryPoint (rva): 1350
SizeOfHeaders: 400
SizeOfImage: 2B2000
ImageBase: 000000029F980000
Architecture: x64
ExportTable: 2A8000
ImportTable: 2A9000
IAT: 2A92C4
Characteristics: 2226
TimeDateStamp: 0
Date: 01/01/1970
File Type: DLL
Number Of Sections: 11
ASLR: Disabled
Section Names (Optional Header): .text, .data, .rdata, .pdata, .xdata, .bss, .edata, .idata, .CRT, .tls, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60600060 (Code, Initialized Data, Executable, Readable) 400 CE600 1000 CE4406,24337135633,83
.data C0600040 (Initialized Data, Readable, Writeable) CEA00 A800 D0000 A6E04,37363341054,40
.rdata 40600040 (Initialized Data, Readable) D9200 17BE00 DB000 17BD106,773917364441,46
.pdata 40300040 (Initialized Data, Readable) 255000 4E00 257000 4D105,3199488098,49
.xdata 40300040 (Initialized Data, Readable) 259E00 800 25C000 6243,680489782,00
.bss C0600080 (Uninitialized Data, Readable, Writeable) 0 0 25D000 4A700N/AN/A
.edata 40300040 (Initialized Data, Readable) 25A600 400 2A8000 3D24,758518822,00
.idata C0300040 (Initialized Data, Readable, Writeable) 25AA00 E00 2A9000 C084,0613200896,14
.CRT C0400040 (Initialized Data, Readable, Writeable) 25B800 200 2AA000 580,2586123505,00
.tls C0400040 (Initialized Data, Readable, Writeable) 25BA00 200 2AB000 100,0000130560,00
.reloc 42300040 (Initialized Data, GP-Relative, Readable) 25BC00 5600 2AC000 55245,3969126935,58
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 750
Code -> 488B05C9542500C70000000000E99EFEFFFF66662E0F1F8400000000000F1F004889CA488D0D86BC2500E901DC0C0090488D
MOV RAX, QWORD PTR [RIP + 0X2554C9]
MOV DWORD PTR [RAX], 0
JMP 0XEB0
NOP WORD PTR CS:[RAX + RAX]
NOP DWORD PTR [RAX]
MOV RDX, RCX
LEA RCX, [RIP + 0X25BC86]
JMP 0XCEC30
NOP

Signatures
CheckSum Integrity Problem:
Header: 2695366
Calculated: 2697308
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Detect It Easy (die)
PE+(64): compiler: MinGW(GCC: (GNU) 10.3.0)[-]
PE+(64): linker: GNU linker ld (GNU Binutils)(2.36)[-]
Entropy: 6.72936
Suspicious Functions
Library Function Description
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryW Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
ET Functions (carving)
Original Name -> Crypt.dll
_ctl_parser
_nl_expand_alias
_nl_msg_cat_cntr
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_fprintf
libintl_fwprintf
libintl_gettext
libintl_ngettext
libintl_printf
libintl_set_relocation_prefix
libintl_sprintf
libintl_swprintf
libintl_textdomain
libintl_version
libintl_vfprintf
libintl_vfwprintf
libintl_vprintf
libintl_vsprintf
libintl_vswprintf
libintl_vwprintf
libintl_wprintf
ngettext
textdomain
File Access
msvcrt.dll
KERNEL32.dll
Crypt.dll
bcryptprimitives.dll
created by 30517578125kernel32.dll
itab.sys
.dat
internal/abi.Name.Dat
main.ini
reflect.ini
unicode.ini
math.ini
errors.ini
iter.ini
sync.ini
internal/syscall/windows/sysdll.ini
internal/runtime/gc/scan.ini
internal/bytealg.ini
internal/cpu.Ini
Temp
WinDir
SysDir
UserProfile
File Access (UNICODE)
bcryptprimitives.dll
powrprof.dll
winmm.dll
ntdll.dll
Interest's Words
zombie
exec
attrib
start
pause
shutdown
systeminfo
ping
expand
regini
replace
route
Known IP/Domains
Google DNS - 8.8.8.8
Cloudflare DNS - 1.1.1.1
Quad9 - 9.9.9.9
Quad9 - 9.9.9.9
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii WinAPI Sockets (WSACleanup)
Text Ascii WinAPI Sockets (bind)
Text Ascii WinAPI Sockets (listen)
Text Ascii WinAPI Sockets (accept)
Text Ascii WinAPI Sockets (connect)
Text Ascii WinAPI Sockets (recv)
Text Ascii WinAPI Sockets (send)
Text Ascii Registry (RegOpenKeyEx)
Text Ascii File (GetTempPath)
Text Ascii File (CreateFile)
Text Ascii File (WriteFile)
Text Ascii File (ReadFile)
Text Ascii Encryption API (CryptAcquireContext)
Text Ascii Encryption API (CryptReleaseContext)
Text Ascii Anti-Analysis VM (GetSystemInfo)
Text Ascii Anti-Analysis VM (GetVersion)
Text Ascii Anti-Analysis VM (CreateToolhelp32Snapshot)
Text Ascii Reconnaissance (FindFirstFileW)
Text Ascii Reconnaissance (FindNextFileW)
Text Ascii Reconnaissance (FindClose)
Text Ascii Stealth (GetThreadContext)
Text Ascii Stealth (SetThreadContext)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (UnmapViewOfFile)
Text Ascii Stealth (MapViewOfFile)
Text Ascii Stealth (CreateFileMappingW)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Execution (CreateProcessA)
Text Ascii Execution (CreateProcessW)
Text Ascii Execution (ResumeThread)
Text Ascii Execution (CreateEventA)
Text Ascii Malicious code executed after exploiting a vulnerability (Payload)
Text Ascii Technique used to circumvent security measures (Bypass)
Text Ascii Abuse of power for personal gain or unethical purposes (Corruption)
Intelligent String
• .bss
• .tls
• @0@.bss
• .CRT
• !Hwww.examHHmple.comHHH$p
• HHJHwww.examHHmple.comHHH$@
• Hwww.examHHmple.comHHH$
• ntdll.dll
• winmm.dll
• powrprof.dll
• bcryptprimitives.dll
• *KERNEL32.dll
• *msvcrt.dll
Flow Anomalies
Offset RVA Section Description
11FAE N/A .text JMP QWORD PTR [RIP+0xCF840F]
C7CD1 N/A .text CALL QWORD PTR [RIP+0x1E0A05]
C7CEF N/A .text JMP QWORD PTR [RIP+0x1E0A8F]
C7CFA N/A .text CALL QWORD PTR [RIP+0x11DC0]
C7DAD N/A .text CALL QWORD PTR [RIP+0x1E0959]
C7DC1 N/A .text CALL QWORD PTR [RIP+0x1E09CD]
C7E89 N/A .text CALL QWORD PTR [RIP+0x11C31]
C7EC0 N/A .text CALL QWORD PTR [RIP+0x1E0846]
C7ED7 N/A .text CALL QWORD PTR [RIP+0x1E08B7]
C7EE4 N/A .text CALL QWORD PTR [RIP+0x1E08FA]
C7EF8 N/A .text CALL QWORD PTR [RIP+0x11BC2]
C7F2F N/A .text CALL QWORD PTR [RIP+0x1E07D7]
C7F62 N/A .text JMP QWORD PTR [RIP+0x1E082C]
C7F7D N/A .text CALL QWORD PTR [RIP+0x1E0789]
C7F91 N/A .text CALL QWORD PTR [RIP+0x1E07FD]
C7FC1 N/A .text CALL QWORD PTR [RIP+0x1E0745]
C7FD5 N/A .text CALL QWORD PTR [RIP+0x1E07B9]
C800D N/A .text CALL QWORD PTR [RIP+0x1E06F9]
C8021 N/A .text CALL QWORD PTR [RIP+0x1E076D]
C804D N/A .text CALL QWORD PTR [RIP+0x1E06B9]
C8061 N/A .text CALL QWORD PTR [RIP+0x1E072D]
C8091 N/A .text CALL QWORD PTR [RIP+0x1E0675]
C80A5 N/A .text CALL QWORD PTR [RIP+0x1E06E9]
C8126 N/A .text CALL QWORD PTR [RIP+0x11994]
C8153 N/A .text JMP QWORD PTR [RIP+0x1E057B]
C8167 N/A .text CALL QWORD PTR [RIP+0x1E0697]
C8208 N/A .text CALL QWORD PTR [RIP+0x118B2]
C8C95 N/A .text JMP QWORD PTR [RIP+0x600]
CC457 N/A .text JMP QWORD PTR [RIP+0x1DC2AF]
CC56F N/A .text CALL QWORD PTR [RIP+0x1DC21F]
CC63E N/A .text JMP QWORD PTR [RIP+0x1DC150]
CC79F N/A .text CALL QWORD PTR [RIP+0x1DBFEF]
CCAD2 N/A .text CALL QWORD PTR [RIP+0x1DBCBC]
CD3C9 N/A .text CALL QWORD PTR [RIP+0x1DB475]
CD42E N/A .text CALL QWORD PTR [RIP+0x1DB408]
CD438 N/A .text CALL QWORD PTR [RIP+0x1DB306]
CD720 N/A .text CALL QWORD PTR [RIP+0x1DAFE6]
CD775 N/A .text JMP QWORD PTR [RIP+0x1DB019]
CD7C4 N/A .text CALL QWORD PTR [RIP+0x1DAF42]
CD7E3 N/A .text CALL QWORD PTR [RIP+0x1DAFAB]
CD827 N/A .text CALL QWORD PTR [RIP+0x1DAEDF]
CD86A N/A .text CALL QWORD PTR [RIP+0x1DAF24]
CD945 N/A .text CALL QWORD PTR [RIP+0x1DADB1]
CD967 N/A .text CALL QWORD PTR [RIP+0x1DAE17]
CDD70 N/A .text JMP QWORD PTR [RIP+0x1DAB06]
CDD78 N/A .text JMP QWORD PTR [RIP+0x1DAAF6]
CDD80 N/A .text JMP QWORD PTR [RIP+0x1DAADE]
CDD88 N/A .text JMP QWORD PTR [RIP+0x1DAACE]
CDD90 N/A .text JMP QWORD PTR [RIP+0x1DAABE]
CDD98 N/A .text JMP QWORD PTR [RIP+0x1DAAAE]
CDDA0 N/A .text JMP QWORD PTR [RIP+0x1DAA9E]
CDDA8 N/A .text JMP QWORD PTR [RIP+0x1DAA8E]
CDDB0 N/A .text JMP QWORD PTR [RIP+0x1DAA7E]
CDDB8 N/A .text JMP QWORD PTR [RIP+0x1DAA6E]
CDDC0 N/A .text JMP QWORD PTR [RIP+0x1DAA5E]
CDDC8 N/A .text JMP QWORD PTR [RIP+0x1DAA4E]
CDDD0 N/A .text JMP QWORD PTR [RIP+0x1DAA3E]
CDDD8 N/A .text JMP QWORD PTR [RIP+0x1DAA2E]
CDDE0 N/A .text JMP QWORD PTR [RIP+0x1DAA1E]
CDDE8 N/A .text JMP QWORD PTR [RIP+0x1DAA0E]
CDDF0 N/A .text JMP QWORD PTR [RIP+0x1DA9FE]
CDDF8 N/A .text JMP QWORD PTR [RIP+0x1DA9EE]
CDE00 N/A .text JMP QWORD PTR [RIP+0x1DA9DE]
CDE08 N/A .text JMP QWORD PTR [RIP+0x1DA9CE]
CDE10 N/A .text JMP QWORD PTR [RIP+0x1DA9BE]
CDE18 N/A .text JMP QWORD PTR [RIP+0x1DA9AE]
CDE20 N/A .text JMP QWORD PTR [RIP+0x1DA99E]
CDE28 N/A .text JMP QWORD PTR [RIP+0x1DA98E]
CDE30 N/A .text JMP QWORD PTR [RIP+0x1DA97E]
CDE38 N/A .text JMP QWORD PTR [RIP+0x1DA96E]
CDE40 N/A .text JMP QWORD PTR [RIP+0x1DA956]
CDE48 N/A .text JMP QWORD PTR [RIP+0x1DA946]
CDE50 N/A .text JMP QWORD PTR [RIP+0x1DA92E]
CDE58 N/A .text JMP QWORD PTR [RIP+0x1DA91E]
CDE60 N/A .text JMP QWORD PTR [RIP+0x1DA90E]
CDE68 N/A .text JMP QWORD PTR [RIP+0x1DA8FE]
CDE70 N/A .text JMP QWORD PTR [RIP+0x1DA8EE]
CDE78 N/A .text JMP QWORD PTR [RIP+0x1DA8DE]
CDE80 N/A .text JMP QWORD PTR [RIP+0x1DA8CE]
CDE88 N/A .text JMP QWORD PTR [RIP+0x1DA8BE]
CDE90 N/A .text JMP QWORD PTR [RIP+0x1DA8AE]
CDE98 N/A .text JMP QWORD PTR [RIP+0x1DA89E]
CDEA0 N/A .text JMP QWORD PTR [RIP+0x1DA88E]
CDEA8 N/A .text JMP QWORD PTR [RIP+0x1DA87E]
CDEB0 N/A .text JMP QWORD PTR [RIP+0x1DA86E]
CDEB8 N/A .text JMP QWORD PTR [RIP+0x1DA85E]
CDEC0 N/A .text JMP QWORD PTR [RIP+0x1DA84E]
CDEC8 N/A .text JMP QWORD PTR [RIP+0x1DA83E]
CDED0 N/A .text JMP QWORD PTR [RIP+0x1DA82E]
CDED8 N/A .text JMP QWORD PTR [RIP+0x1DA81E]
CDEE0 N/A .text JMP QWORD PTR [RIP+0x1DA80E]
CDEE8 N/A .text JMP QWORD PTR [RIP+0x1DA7FE]
CDEF0 N/A .text JMP QWORD PTR [RIP+0x1DA7EE]
CDEF8 N/A .text JMP QWORD PTR [RIP+0x1DA7DE]
CDF00 N/A .text JMP QWORD PTR [RIP+0x1DA7CE]
CDF08 N/A .text JMP QWORD PTR [RIP+0x1DA7BE]
CDF10 N/A .text JMP QWORD PTR [RIP+0x1DA7AE]
CDF60 N/A .text JMP QWORD PTR [RIP+0x1DA9D6]
CDF68 N/A .text JMP QWORD PTR [RIP+0x1DA9C6]
CDF70 N/A .text JMP QWORD PTR [RIP+0x1DA9B6]
78F22-79020 N/A .text Potential obfuscated jump sequence detected, count: 51
901-91F N/A .text Unusual BP Cave, count: 31
21C2-21DF N/A .text Unusual BP Cave, count: 30
14522-1453F N/A .text Unusual BP Cave, count: 30
15A42-15A5F N/A .text Unusual BP Cave, count: 30
18B42-18B5F N/A .text Unusual BP Cave, count: 30
19261-1927F N/A .text Unusual BP Cave, count: 31
1AE62-1AE7F N/A .text Unusual BP Cave, count: 30
1F982-1F99F N/A .text Unusual BP Cave, count: 30
1FF82-1FF9F N/A .text Unusual BP Cave, count: 30
213A2-213BF N/A .text Unusual BP Cave, count: 30
24862-2487F N/A .text Unusual BP Cave, count: 30
28C41-28C5F N/A .text Unusual BP Cave, count: 31
2B722-2B73F N/A .text Unusual BP Cave, count: 30
39E02-39E1F N/A .text Unusual BP Cave, count: 30
3ABE2-3ABFF N/A .text Unusual BP Cave, count: 30
3ACA1-3ACBF N/A .text Unusual BP Cave, count: 31
41282-4129F N/A .text Unusual BP Cave, count: 30
43662-4367F N/A .text Unusual BP Cave, count: 30
43FA1-43FBF N/A .text Unusual BP Cave, count: 31
43FE1-43FFF N/A .text Unusual BP Cave, count: 31
4D282-4D29F N/A .text Unusual BP Cave, count: 30
51A42-51A5F N/A .text Unusual BP Cave, count: 30
52BC2-52BDF N/A .text Unusual BP Cave, count: 30
53682-5369F N/A .text Unusual BP Cave, count: 30
56281-5629F N/A .text Unusual BP Cave, count: 31
5B4E1-5B4FF N/A .text Unusual BP Cave, count: 31
5CE42-5CE5F N/A .text Unusual BP Cave, count: 30
5D5C2-5D5DF N/A .text Unusual BP Cave, count: 30
60822-6083F N/A .text Unusual BP Cave, count: 30
60EC2-60EDF N/A .text Unusual BP Cave, count: 30
67021-6703F N/A .text Unusual BP Cave, count: 31
67382-6739F N/A .text Unusual BP Cave, count: 30
69122-6913F N/A .text Unusual BP Cave, count: 30
6A7C2-6A7DF N/A .text Unusual BP Cave, count: 30
6EA01-6EA1F N/A .text Unusual BP Cave, count: 31
6F6C2-6F6DF N/A .text Unusual BP Cave, count: 30
6FE22-6FE3F N/A .text Unusual BP Cave, count: 30
73621-7363F N/A .text Unusual BP Cave, count: 31
74481-7449F N/A .text Unusual BP Cave, count: 31
746A2-746BF N/A .text Unusual BP Cave, count: 30
75DE1-75DFF N/A .text Unusual BP Cave, count: 31
76042-7605F N/A .text Unusual BP Cave, count: 30
7B0A1-7B0BF N/A .text Unusual BP Cave, count: 31
81162-8117F N/A .text Unusual BP Cave, count: 30
811E2-811FF N/A .text Unusual BP Cave, count: 30
C732F-C7370 N/A .text Unusual BP Cave, count: 66
25B830 CDE10 .CRT TLS Callback | Pointer to 29FA4DE10 - 0xCD210 .text
25B838 CDDE0 .CRT TLS Callback | Pointer to 29FA4DDE0 - 0xCD1E0 .text
255000 1000 .pdata ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .xdata
25500C 1010 .pdata ExceptionHook | Pointer to 1010 - 0x410 .text + UnwindInfo: .xdata
255018 1200 .pdata ExceptionHook | Pointer to 1200 - 0x600 .text + UnwindInfo: .xdata
255024 1350 .pdata ExceptionHook | Pointer to 1350 - 0x750 .text + UnwindInfo: .xdata
255030 1370 .pdata ExceptionHook | Pointer to 1370 - 0x770 .text + UnwindInfo: .xdata
25503C 1380 .pdata ExceptionHook | Pointer to 1380 - 0x780 .text + UnwindInfo: .xdata
255048 1390 .pdata ExceptionHook | Pointer to 1390 - 0x790 .text + UnwindInfo: .xdata
255054 1420 .pdata ExceptionHook | Pointer to 1420 - 0x820 .text + UnwindInfo: .xdata
255060 1520 .pdata ExceptionHook | Pointer to 1520 - 0x920 .text + UnwindInfo: .xdata
25506C 1580 .pdata ExceptionHook | Pointer to 1580 - 0x980 .text + UnwindInfo: .xdata
255078 1600 .pdata ExceptionHook | Pointer to 1600 - 0xA00 .text + UnwindInfo: .xdata
255084 16A0 .pdata ExceptionHook | Pointer to 16A0 - 0xAA0 .text + UnwindInfo: .xdata
255090 17A0 .pdata ExceptionHook | Pointer to 17A0 - 0xBA0 .text + UnwindInfo: .xdata
25509C 1840 .pdata ExceptionHook | Pointer to 1840 - 0xC40 .text + UnwindInfo: .xdata
2550A8 18C0 .pdata ExceptionHook | Pointer to 18C0 - 0xCC0 .text + UnwindInfo: .xdata
2550B4 1920 .pdata ExceptionHook | Pointer to 1920 - 0xD20 .text + UnwindInfo: .xdata
2550C0 1E20 .pdata ExceptionHook | Pointer to 1E20 - 0x1220 .text + UnwindInfo: .xdata
2550CC 29A0 .pdata ExceptionHook | Pointer to 29A0 - 0x1DA0 .text + UnwindInfo: .xdata
2550D8 2A20 .pdata ExceptionHook | Pointer to 2A20 - 0x1E20 .text + UnwindInfo: .xdata
2550E4 30E0 .pdata ExceptionHook | Pointer to 30E0 - 0x24E0 .text + UnwindInfo: .xdata
2550F0 3320 .pdata ExceptionHook | Pointer to 3320 - 0x2720 .text + UnwindInfo: .xdata
2550FC 35A0 .pdata ExceptionHook | Pointer to 35A0 - 0x29A0 .text + UnwindInfo: .xdata
255108 36C0 .pdata ExceptionHook | Pointer to 36C0 - 0x2AC0 .text + UnwindInfo: .xdata
255114 3820 .pdata ExceptionHook | Pointer to 3820 - 0x2C20 .text + UnwindInfo: .xdata
255120 3B00 .pdata ExceptionHook | Pointer to 3B00 - 0x2F00 .text + UnwindInfo: .xdata
25512C 3B80 .pdata ExceptionHook | Pointer to 3B80 - 0x2F80 .text + UnwindInfo: .xdata
255138 3D20 .pdata ExceptionHook | Pointer to 3D20 - 0x3120 .text + UnwindInfo: .xdata
255144 3EC0 .pdata ExceptionHook | Pointer to 3EC0 - 0x32C0 .text + UnwindInfo: .xdata
255150 40A0 .pdata ExceptionHook | Pointer to 40A0 - 0x34A0 .text + UnwindInfo: .xdata
25515C 42A0 .pdata ExceptionHook | Pointer to 42A0 - 0x36A0 .text + UnwindInfo: .xdata
255168 4300 .pdata ExceptionHook | Pointer to 4300 - 0x3700 .text + UnwindInfo: .xdata
255174 4460 .pdata ExceptionHook | Pointer to 4460 - 0x3860 .text + UnwindInfo: .xdata
255180 4680 .pdata ExceptionHook | Pointer to 4680 - 0x3A80 .text + UnwindInfo: .xdata
25518C 48C0 .pdata ExceptionHook | Pointer to 48C0 - 0x3CC0 .text + UnwindInfo: .xdata
255198 49C0 .pdata ExceptionHook | Pointer to 49C0 - 0x3DC0 .text + UnwindInfo: .xdata
2551A4 4AE0 .pdata ExceptionHook | Pointer to 4AE0 - 0x3EE0 .text + UnwindInfo: .xdata
2551B0 4CC0 .pdata ExceptionHook | Pointer to 4CC0 - 0x40C0 .text + UnwindInfo: .xdata
2551BC 4EA0 .pdata ExceptionHook | Pointer to 4EA0 - 0x42A0 .text + UnwindInfo: .xdata
2551C8 51A0 .pdata ExceptionHook | Pointer to 51A0 - 0x45A0 .text + UnwindInfo: .xdata
2551D4 5520 .pdata ExceptionHook | Pointer to 5520 - 0x4920 .text + UnwindInfo: .xdata
2551E0 5660 .pdata ExceptionHook | Pointer to 5660 - 0x4A60 .text + UnwindInfo: .xdata
2551EC 5760 .pdata ExceptionHook | Pointer to 5760 - 0x4B60 .text + UnwindInfo: .xdata
2551F8 5DE0 .pdata ExceptionHook | Pointer to 5DE0 - 0x51E0 .text + UnwindInfo: .xdata
255204 5E40 .pdata ExceptionHook | Pointer to 5E40 - 0x5240 .text + UnwindInfo: .xdata
255210 6060 .pdata ExceptionHook | Pointer to 6060 - 0x5460 .text + UnwindInfo: .xdata
25521C 6240 .pdata ExceptionHook | Pointer to 6240 - 0x5640 .text + UnwindInfo: .xdata
255228 6540 .pdata ExceptionHook | Pointer to 6540 - 0x5940 .text + UnwindInfo: .xdata
255234 6B00 .pdata ExceptionHook | Pointer to 6B00 - 0x5F00 .text + UnwindInfo: .xdata
255240 6D20 .pdata ExceptionHook | Pointer to 6D20 - 0x6120 .text + UnwindInfo: .xdata
25524C 6F40 .pdata ExceptionHook | Pointer to 6F40 - 0x6340 .text + UnwindInfo: .xdata
255258 72E0 .pdata ExceptionHook | Pointer to 72E0 - 0x66E0 .text + UnwindInfo: .xdata
255264 7340 .pdata ExceptionHook | Pointer to 7340 - 0x6740 .text + UnwindInfo: .xdata
255270 7600 .pdata ExceptionHook | Pointer to 7600 - 0x6A00 .text + UnwindInfo: .xdata
25527C 78C0 .pdata ExceptionHook | Pointer to 78C0 - 0x6CC0 .text + UnwindInfo: .xdata
255288 7E60 .pdata ExceptionHook | Pointer to 7E60 - 0x7260 .text + UnwindInfo: .xdata
255294 7EE0 .pdata ExceptionHook | Pointer to 7EE0 - 0x72E0 .text + UnwindInfo: .xdata
2552A0 7F40 .pdata ExceptionHook | Pointer to 7F40 - 0x7340 .text + UnwindInfo: .xdata
2552AC 8040 .pdata ExceptionHook | Pointer to 8040 - 0x7440 .text + UnwindInfo: .xdata
2552B8 91A0 .pdata ExceptionHook | Pointer to 91A0 - 0x85A0 .text + UnwindInfo: .xdata
2552C4 9320 .pdata ExceptionHook | Pointer to 9320 - 0x8720 .text + UnwindInfo: .xdata
2552D0 9620 .pdata ExceptionHook | Pointer to 9620 - 0x8A20 .text + UnwindInfo: .xdata
2552DC 97E0 .pdata ExceptionHook | Pointer to 97E0 - 0x8BE0 .text + UnwindInfo: .xdata
2552E8 99E0 .pdata ExceptionHook | Pointer to 99E0 - 0x8DE0 .text + UnwindInfo: .xdata
2552F4 9C40 .pdata ExceptionHook | Pointer to 9C40 - 0x9040 .text + UnwindInfo: .xdata
255300 9D60 .pdata ExceptionHook | Pointer to 9D60 - 0x9160 .text + UnwindInfo: .xdata
25530C 9F40 .pdata ExceptionHook | Pointer to 9F40 - 0x9340 .text + UnwindInfo: .xdata
255318 A140 .pdata ExceptionHook | Pointer to A140 - 0x9540 .text + UnwindInfo: .xdata
255324 A200 .pdata ExceptionHook | Pointer to A200 - 0x9600 .text + UnwindInfo: .xdata
255330 A320 .pdata ExceptionHook | Pointer to A320 - 0x9720 .text + UnwindInfo: .xdata
25533C A940 .pdata ExceptionHook | Pointer to A940 - 0x9D40 .text + UnwindInfo: .xdata
255348 AD60 .pdata ExceptionHook | Pointer to AD60 - 0xA160 .text + UnwindInfo: .xdata
255354 AFA0 .pdata ExceptionHook | Pointer to AFA0 - 0xA3A0 .text + UnwindInfo: .xdata
255360 B480 .pdata ExceptionHook | Pointer to B480 - 0xA880 .text + UnwindInfo: .xdata
25536C B960 .pdata ExceptionHook | Pointer to B960 - 0xAD60 .text + UnwindInfo: .xdata
255378 BCA0 .pdata ExceptionHook | Pointer to BCA0 - 0xB0A0 .text + UnwindInfo: .xdata
255384 BDE0 .pdata ExceptionHook | Pointer to BDE0 - 0xB1E0 .text + UnwindInfo: .xdata
255390 C4E0 .pdata ExceptionHook | Pointer to C4E0 - 0xB8E0 .text + UnwindInfo: .xdata
25539C C560 .pdata ExceptionHook | Pointer to C560 - 0xB960 .text + UnwindInfo: .xdata
2553A8 CAC0 .pdata ExceptionHook | Pointer to CAC0 - 0xBEC0 .text + UnwindInfo: .xdata
2553B4 CFA0 .pdata ExceptionHook | Pointer to CFA0 - 0xC3A0 .text + UnwindInfo: .xdata
2553C0 D0E0 .pdata ExceptionHook | Pointer to D0E0 - 0xC4E0 .text + UnwindInfo: .xdata
2553CC D160 .pdata ExceptionHook | Pointer to D160 - 0xC560 .text + UnwindInfo: .xdata
2553D8 D540 .pdata ExceptionHook | Pointer to D540 - 0xC940 .text + UnwindInfo: .xdata
2553E4 D680 .pdata ExceptionHook | Pointer to D680 - 0xCA80 .text + UnwindInfo: .xdata
2553F0 D740 .pdata ExceptionHook | Pointer to D740 - 0xCB40 .text + UnwindInfo: .xdata
2553FC D960 .pdata ExceptionHook | Pointer to D960 - 0xCD60 .text + UnwindInfo: .xdata
255408 DCC0 .pdata ExceptionHook | Pointer to DCC0 - 0xD0C0 .text + UnwindInfo: .xdata
255414 DF80 .pdata ExceptionHook | Pointer to DF80 - 0xD380 .text + UnwindInfo: .xdata
255420 E040 .pdata ExceptionHook | Pointer to E040 - 0xD440 .text + UnwindInfo: .xdata
25542C E100 .pdata ExceptionHook | Pointer to E100 - 0xD500 .text + UnwindInfo: .xdata
255438 E2E0 .pdata ExceptionHook | Pointer to E2E0 - 0xD6E0 .text + UnwindInfo: .xdata
255444 E320 .pdata ExceptionHook | Pointer to E320 - 0xD720 .text + UnwindInfo: .xdata
255450 E3C0 .pdata ExceptionHook | Pointer to E3C0 - 0xD7C0 .text + UnwindInfo: .xdata
25545C E4A0 .pdata ExceptionHook | Pointer to E4A0 - 0xD8A0 .text + UnwindInfo: .xdata
255468 E5A0 .pdata ExceptionHook | Pointer to E5A0 - 0xD9A0 .text + UnwindInfo: .xdata
255474 EB60 .pdata ExceptionHook | Pointer to EB60 - 0xDF60 .text + UnwindInfo: .xdata
255480 EBA0 .pdata ExceptionHook | Pointer to EBA0 - 0xDFA0 .text + UnwindInfo: .xdata
25548C ED00 .pdata ExceptionHook | Pointer to ED00 - 0xE100 .text + UnwindInfo: .xdata
255498 ED40 .pdata ExceptionHook | Pointer to ED40 - 0xE140 .text + UnwindInfo: .xdata
2554A4 ED80 .pdata ExceptionHook | Pointer to ED80 - 0xE180 .text + UnwindInfo: .xdata
261200 N/A *Overlay* 0000000004000000000000000100200003010000 | .............. .....
Extra Analysis
Metric Value Percentage
Ascii Code 1533579 57,6518%
Null Byte Code 523180 19,6679%
NOP Cave Found 0x9090909090 Block Count: 45 | Total: 0,0042%
© 2026 All rights reserved.