PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Size: 2,84 MB
SHA-256 Hash: 9D01204068CD80277AFDF37DF5F050F42040211AC9DDEE2A9364662736CC2EC0
SHA-1 Hash: BE1E449BCCB00C4BBC0AD3DB46A46B9B961C0D46
MD5 Hash: 46C97C526F693FB9F8F8F715C82CD7A0
Imphash: 0398B1D6201DD70C7872CC54F1AB2C34
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 002DF5F5
EntryPoint (rva): 1400
SizeOfHeaders: 600
SizeOfImage: 14D000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 107000
IAT: 107620
Characteristics: 26
TimeDateStamp: 69EBB4D7
Date: 24/04/2026 18:22:15
File Type: DLL
Number Of Sections: 19
ASLR: Disabled
Section Names (Optional Header): .text, .data, .rdata, .pdata, .xdata, .bss, .idata, .tls, .rsrc, .reloc, /4, /19, /31, /45, /57, /70, /81, /97, /113
Number Of Executable Sections: 1
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	600	D3E00	1000	D3D30	6.1671	7237267.67
.data	0xC0000040 Initialized Data Readable Writeable	D4400	2200	D5000	2100	0.5342	1989403.88
.rdata	0x40000040 Initialized Data Readable	D6600	11600	D8000	114D0	4.9894	2543651.25
.pdata	0x40000040 Initialized Data Readable	E7C00	B600	EA000	B49C	5.9672	923807.47
.xdata	0x40000040 Initialized Data Readable	F3200	F400	F6000	F358	4.8833	1516015.32
.bss	0xC0000080 Uninitialized Data Readable Writeable	0	0	106000	C90	N/A	N/A
.idata	0x40000040 Initialized Data Readable	102600	1800	107000	17E0	4.4915	258406.17
.tls	0xC0000040 Initialized Data Readable Writeable	103E00	200	109000	10	0	130560
.rsrc	0x40000040 Initialized Data Readable	104000	600	10A000	4E8	4.7849	29195.67
.reloc	0x42000040 Initialized Data GP-Relative Readable	104600	1600	10B000	1600	5.4518	30676.27
/4	0x42000040 Initialized Data GP-Relative Readable	105C00	A00	10D000	950	1.8226	411457.4
/19	0x42000040 Initialized Data GP-Relative Readable	106600	18400	10E000	18210	5.8065	1767913.73
/31	0x42000040 Initialized Data GP-Relative Readable	11EA00	4C00	127000	4A48	4.78	332994.32
/45	0x42000040 Initialized Data GP-Relative Readable	123600	B200	12C000	B0A3	5.0265	871027.76
/57	0x42000040 Initialized Data GP-Relative Readable	12E800	1C00	138000	1B28	4.5348	255765.07
/70	0x42000040 Initialized Data GP-Relative Readable	130400	400	13A000	3CC	4.6976	13354.5
/81	0x42000040 Initialized Data GP-Relative Readable	130800	3000	13B000	2EE0	4.9014	115386.25
/97	0x42000040 Initialized Data GP-Relative Readable	133800	D800	13E000	D7C0	5.9948	821421
/113	0x42000040 Initialized Data GP-Relative Readable	141000	800	14C000	665	5.2595	60375.75

Binder/Joiner/Crypter

Dropper code detected (EOF) - 1,54 MB

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - A00
Code -> 4883EC28488B0555D10D00C70000000000E8FAFBFFFF90904883C428C30F1F00E9AB9601009090909090909090909090488D

Assembler

|SUB RSP, 0X28

|MOV RAX, QWORD PTR [RIP + 0XDD155]

|MOV DWORD PTR [RAX], 0

|CALL 0XC10

|NOP

|ADD RSP, 0X28

|RET

|NOP DWORD PTR [RAX]

|JMP 0X1A6D0

|NOP

Signatures

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Detect It Easy (die)
• Entropy: 5.92805

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	GetModuleHandleA	Retrieves a handle to the specified module.
KERNEL32.DLL	LoadLibraryA	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.
USER32.DLL	GetAsyncKeyState	Retrieves the status of a virtual key asynchronously.

File Access

WINMM.dll
USER32.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-private-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
KERNEL32.dll
kernelbase.dll
!] interception.dll
interception.dll
.dat
Temp

Interest's Words

exec
start
pause
ping
expand
replace

URLs

https://gcc.gnu.org/bugs/):

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (accept)
Text	Ascii	WinAPI Sockets (send)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Stealth (GetThreadContext)
Text	Ascii	Stealth (SetThreadContext)
Text	Ascii	Stealth (ReleaseSemaphore)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Execution (ResumeThread)
Text	Ascii	Execution (CreateSemaphoreA)
Text	Ascii	Execution (CreateEventA)
Text	Ascii	Technique used to capture communications between systems (Intercept)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\24\1\0	10A058	48F	104058	3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279	<?xml version="1.0" encoding="UTF-8" standalone="y

Intelligent String

• .bss
• @.bss
• @.tls
• ppppapi-ms-win-crt-convert-l1-1-0.dll
• (p(papi-ms-win-crt-environment-l1-1-0.dll
• <p<papi-ms-win-crt-filesystem-l1-1-0.dll
• dpdpdpdpapi-ms-win-crt-locale-l1-1-0.dll
• xpapi-ms-win-crt-math-l1-1-0.dll
• ppppppppapi-ms-win-crt-private-l1-1-0.dll
• papi-ms-win-crt-runtime-l1-1-0.dll
• papi-ms-win-crt-string-l1-1-0.dll
• papi-ms-win-crt-time-l1-1-0.dll
• papi-ms-win-crt-utility-l1-1-0.dll
• AutoClash.cpp
• .tls

Flow Anomalies

Offset	RVA	Section	Description
723	N/A	.text	CALL QWORD PTR [RIP+0x10666F]
BD6	N/A	.text	CALL QWORD PTR [RIP+0x1061B4]
BE6	N/A	.text	CALL QWORD PTR [RIP+0x106194]
BFC	N/A	.text	CALL QWORD PTR [RIP+0x106036]
D09	N/A	.text	CALL QWORD PTR [RIP+0x104959]
D27	N/A	.text	CALL QWORD PTR [RIP+0x10493B]
D98	N/A	.text	CALL QWORD PTR [RIP+0x105E82]
E0D	N/A	.text	CALL QWORD PTR [RIP+0x105F95]
EB0	N/A	.text	CALL QWORD PTR [RIP+0x105F42]
EF1	N/A	.text	JMP QWORD PTR [RIP+0x105D41]
F0C	N/A	.text	CALL QWORD PTR [RIP+0x105DDE]
1049	N/A	.text	CALL QWORD PTR [RIP+0x104629]
1062	N/A	.text	CALL QWORD PTR [RIP+0x104608]
1083	N/A	.text	CALL QWORD PTR [RIP+0x1045D7]
109D	N/A	.text	CALL QWORD PTR [RIP+0x1045C5]
10BA	N/A	.text	CALL QWORD PTR [RIP+0x1045B8]
10E0	N/A	.text	JMP QWORD PTR [RIP+0x10600A]
10E8	N/A	.text	JMP QWORD PTR [RIP+0x105FFA]
E57B	N/A	.text	CALL QWORD PTR [RIP+0xF8867]
E5DE	N/A	.text	CALL QWORD PTR [RIP+0xF87FC]
E5E8	N/A	.text	CALL QWORD PTR [RIP+0xF86A2]
EBEF	N/A	.text	CALL QWORD PTR [RIP+0xF805B]
EC44	N/A	.text	JMP QWORD PTR [RIP+0xF809E]
ECAB	N/A	.text	CALL QWORD PTR [RIP+0xF7F9F]
ECCF	N/A	.text	CALL QWORD PTR [RIP+0xF8013]
ED03	N/A	.text	CALL QWORD PTR [RIP+0xF7F47]
ED4A	N/A	.text	CALL QWORD PTR [RIP+0xF7F98]
EE27	N/A	.text	CALL QWORD PTR [RIP+0xF7E13]
EE67	N/A	.text	CALL QWORD PTR [RIP+0xF7E63]
F2DB	N/A	.text	CALL QWORD PTR [RIP+0xF7A3F]
F3BC	N/A	.text	CALL QWORD PTR [RIP+0xF7986]
F4E5	N/A	.text	CALL QWORD PTR [RIP+0xF7835]
F65B	N/A	.text	CALL QWORD PTR [RIP+0xF76EF]
F686	N/A	.text	CALL QWORD PTR [RIP+0xF76C4]
F6CB	N/A	.text	CALL QWORD PTR [RIP+0xF764F]
F76C	N/A	.text	CALL QWORD PTR [RIP+0xF75CE]
F7A9	N/A	.text	CALL QWORD PTR [RIP+0xF75A1]
F7F2	N/A	.text	CALL QWORD PTR [RIP+0xF7528]
F8DC	N/A	.text	CALL QWORD PTR [RIP+0xF745E]
10059	N/A	.text	CALL QWORD PTR [RIP+0xF6C09]
10067	N/A	.text	CALL QWORD PTR [RIP+0xF6D4B]
100A9	N/A	.text	CALL QWORD PTR [RIP+0xF6BB9]
100B7	N/A	.text	CALL QWORD PTR [RIP+0xF6CFB]
18D34	N/A	.text	JMP QWORD PTR [RIP+0xEDF16]
18E03	N/A	.text	CALL QWORD PTR [RIP+0xEDEDF]
18F34	N/A	.text	JMP QWORD PTR [RIP+0xEDDAE]
190CC	N/A	.text	CALL QWORD PTR [RIP+0xEDC16]
1935E	N/A	.text	CALL QWORD PTR [RIP+0xED984]
193FC	N/A	.text	CALL QWORD PTR [RIP+0xED8E6]
19FC0	N/A	.text	JMP QWORD PTR [RIP+0xED102]
19FD0	N/A	.text	JMP QWORD PTR [RIP+0xED0DA]
19FD8	N/A	.text	JMP QWORD PTR [RIP+0xED0DA]
19FE0	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
19FE8	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
19FF0	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
19FF8	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A000	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A008	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A010	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A018	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A020	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A028	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A030	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A038	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A040	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A048	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A050	N/A	.text	JMP QWORD PTR [RIP+0xED04A]
1A060	N/A	.text	JMP QWORD PTR [RIP+0xECF52]
1A068	N/A	.text	JMP QWORD PTR [RIP+0xECF52]
1A070	N/A	.text	JMP QWORD PTR [RIP+0xECF52]
1A078	N/A	.text	JMP QWORD PTR [RIP+0xECF52]
1A080	N/A	.text	JMP QWORD PTR [RIP+0xECF62]
1A088	N/A	.text	JMP QWORD PTR [RIP+0xECF6A]
1A090	N/A	.text	JMP QWORD PTR [RIP+0xECF6A]
1A098	N/A	.text	JMP QWORD PTR [RIP+0xECF6A]
1A0A0	N/A	.text	JMP QWORD PTR [RIP+0xECF6A]
1A0A8	N/A	.text	JMP QWORD PTR [RIP+0xECF6A]
1A0B0	N/A	.text	JMP QWORD PTR [RIP+0xECE5A]
1A0B8	N/A	.text	JMP QWORD PTR [RIP+0xECE5A]
1A0C0	N/A	.text	JMP QWORD PTR [RIP+0xECE6A]
1A0C8	N/A	.text	JMP QWORD PTR [RIP+0xECE6A]
1A0D0	N/A	.text	JMP QWORD PTR [RIP+0xECE6A]
1A0D8	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A0E0	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A0E8	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A0F0	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A0F8	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A100	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A108	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A110	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A118	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A120	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A128	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A130	N/A	.text	JMP QWORD PTR [RIP+0xECE72]
1A140	N/A	.text	JMP QWORD PTR [RIP+0xECD82]
1A148	N/A	.text	JMP QWORD PTR [RIP+0xECD92]
1A150	N/A	.text	JMP QWORD PTR [RIP+0xECD92]
1A158	N/A	.text	JMP QWORD PTR [RIP+0xECD92]
1A160	N/A	.text	JMP QWORD PTR [RIP+0xECD92]
1A168	N/A	.text	JMP QWORD PTR [RIP+0xECD92]
E197-E1BF	N/A	.text	Unusual NOPS Space, count: 41
12EC1-12EFF	N/A	.text	Unusual NOPS Space, count: 63
187E2-187FF	N/A	.text	Unusual NOPS Space, count: 30
18C50-18C7F	N/A	.text	Unusual NOPS Space, count: 48
19E48-19E7F	N/A	.text	Unusual NOPS Space, count: 56
2C7CF-2C7FF	N/A	.text	Unusual NOPS Space, count: 49
2C8CF-2C8FF	N/A	.text	Unusual NOPS Space, count: 49
3DB40-3DB7F	N/A	.text	Unusual NOPS Space, count: 64
6EC41-6EC5F	N/A	.text	Unusual NOPS Space, count: 31
AB294-AB2BF	N/A	.text	Unusual NOPS Space, count: 44
CBE19-CBE3F	N/A	.text	Unusual NOPS Space, count: 39
CBF1B-CBF3F	N/A	.text	Unusual NOPS Space, count: 37
CC05D-CC07F	N/A	.text	Unusual NOPS Space, count: 35
CC19F-CC1BF	N/A	.text	Unusual NOPS Space, count: 33
CD7CE-CD7FF	N/A	.text	Unusual NOPS Space, count: 50
E7AA0	ECE0	.rdata	TLS Callback \| Pointer to 14000ECE0 - 0xE2E0 .text
E7AA8	ECC0	.rdata	TLS Callback \| Pointer to 14000ECC0 - 0xE2C0 .text
E7AB0	1DDC0	.rdata	TLS Callback \| Pointer to 14001DDC0 - 0x1D3C0 .text
E7C00	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x600 .text + UnwindInfo: .xdata
E7C0C	1010	.pdata	ExceptionHook \| Pointer to 1010 - 0x610 .text + UnwindInfo: .xdata
E7C18	13E0	.pdata	ExceptionHook \| Pointer to 13E0 - 0x9E0 .text + UnwindInfo: .xdata
E7C24	1400	.pdata	ExceptionHook \| Pointer to 1400 - 0xA00 .text + UnwindInfo: .xdata
E7C30	1420	.pdata	ExceptionHook \| Pointer to 1420 - 0xA20 .text + UnwindInfo: .xdata
E7C3C	1430	.pdata	ExceptionHook \| Pointer to 1430 - 0xA30 .text + UnwindInfo: .xdata
E7C48	1440	.pdata	ExceptionHook \| Pointer to 1440 - 0xA40 .text + UnwindInfo: .xdata
E7C54	1450	.pdata	ExceptionHook \| Pointer to 1450 - 0xA50 .text + UnwindInfo: .xdata
E7C60	15B0	.pdata	ExceptionHook \| Pointer to 15B0 - 0xBB0 .text + UnwindInfo: .xdata
E7C6C	18E0	.pdata	ExceptionHook \| Pointer to 18E0 - 0xEE0 .text + UnwindInfo: .xdata
E7C78	1900	.pdata	ExceptionHook \| Pointer to 1900 - 0xF00 .text + UnwindInfo: .xdata
E7C84	1A30	.pdata	ExceptionHook \| Pointer to 1A30 - 0x1030 .text + UnwindInfo: .xdata
E7C90	1B00	.pdata	ExceptionHook \| Pointer to 1B00 - 0x1100 .text + UnwindInfo: .xdata
E7C9C	1C00	.pdata	ExceptionHook \| Pointer to 1C00 - 0x1200 .text + UnwindInfo: .xdata
E7CA8	1C60	.pdata	ExceptionHook \| Pointer to 1C60 - 0x1260 .text + UnwindInfo: .xdata
E7CB4	1D40	.pdata	ExceptionHook \| Pointer to 1D40 - 0x1340 .text + UnwindInfo: .xdata
E7CC0	1DC0	.pdata	ExceptionHook \| Pointer to 1DC0 - 0x13C0 .text + UnwindInfo: .xdata
E7CCC	1E20	.pdata	ExceptionHook \| Pointer to 1E20 - 0x1420 .text + UnwindInfo: .xdata
E7CD8	1E90	.pdata	ExceptionHook \| Pointer to 1E90 - 0x1490 .text + UnwindInfo: .xdata
E7CE4	1FF0	.pdata	ExceptionHook \| Pointer to 1FF0 - 0x15F0 .text + UnwindInfo: .xdata
E7CF0	2020	.pdata	ExceptionHook \| Pointer to 2020 - 0x1620 .text + UnwindInfo: .xdata
E7CFC	2060	.pdata	ExceptionHook \| Pointer to 2060 - 0x1660 .text + UnwindInfo: .xdata
E7D08	2140	.pdata	ExceptionHook \| Pointer to 2140 - 0x1740 .text + UnwindInfo: .xdata
E7D14	21A0	.pdata	ExceptionHook \| Pointer to 21A0 - 0x17A0 .text + UnwindInfo: .xdata
E7D20	2220	.pdata	ExceptionHook \| Pointer to 2220 - 0x1820 .text + UnwindInfo: .xdata
E7D2C	2280	.pdata	ExceptionHook \| Pointer to 2280 - 0x1880 .text + UnwindInfo: .xdata
E7D38	2350	.pdata	ExceptionHook \| Pointer to 2350 - 0x1950 .text + UnwindInfo: .xdata
E7D44	2450	.pdata	ExceptionHook \| Pointer to 2450 - 0x1A50 .text + UnwindInfo: .xdata
E7D50	24E0	.pdata	ExceptionHook \| Pointer to 24E0 - 0x1AE0 .text + UnwindInfo: .xdata
E7D5C	2630	.pdata	ExceptionHook \| Pointer to 2630 - 0x1C30 .text + UnwindInfo: .xdata
E7D68	28A0	.pdata	ExceptionHook \| Pointer to 28A0 - 0x1EA0 .text + UnwindInfo: .xdata
E7D74	29B0	.pdata	ExceptionHook \| Pointer to 29B0 - 0x1FB0 .text + UnwindInfo: .xdata
E7D80	2C30	.pdata	ExceptionHook \| Pointer to 2C30 - 0x2230 .text + UnwindInfo: .xdata
E7D8C	2CD0	.pdata	ExceptionHook \| Pointer to 2CD0 - 0x22D0 .text + UnwindInfo: .xdata
E7D98	3880	.pdata	ExceptionHook \| Pointer to 3880 - 0x2E80 .text + UnwindInfo: .xdata
E7DA4	39A0	.pdata	ExceptionHook \| Pointer to 39A0 - 0x2FA0 .text + UnwindInfo: .xdata
E7DB0	3A20	.pdata	ExceptionHook \| Pointer to 3A20 - 0x3020 .text + UnwindInfo: .xdata
E7DBC	3AE0	.pdata	ExceptionHook \| Pointer to 3AE0 - 0x30E0 .text + UnwindInfo: .xdata
E7DC8	3C10	.pdata	ExceptionHook \| Pointer to 3C10 - 0x3210 .text + UnwindInfo: .xdata
E7DD4	3CC0	.pdata	ExceptionHook \| Pointer to 3CC0 - 0x32C0 .text + UnwindInfo: .xdata
E7DE0	3E90	.pdata	ExceptionHook \| Pointer to 3E90 - 0x3490 .text + UnwindInfo: .xdata
E7DEC	4510	.pdata	ExceptionHook \| Pointer to 4510 - 0x3B10 .text + UnwindInfo: .xdata
E7DF8	4700	.pdata	ExceptionHook \| Pointer to 4700 - 0x3D00 .text + UnwindInfo: .xdata
E7E04	47B0	.pdata	ExceptionHook \| Pointer to 47B0 - 0x3DB0 .text + UnwindInfo: .xdata
E7E10	4900	.pdata	ExceptionHook \| Pointer to 4900 - 0x3F00 .text + UnwindInfo: .xdata
E7E1C	4A80	.pdata	ExceptionHook \| Pointer to 4A80 - 0x4080 .text + UnwindInfo: .xdata
E7E28	53A0	.pdata	ExceptionHook \| Pointer to 53A0 - 0x49A0 .text + UnwindInfo: .xdata
E7E34	55D0	.pdata	ExceptionHook \| Pointer to 55D0 - 0x4BD0 .text + UnwindInfo: .xdata
E7E40	56B0	.pdata	ExceptionHook \| Pointer to 56B0 - 0x4CB0 .text + UnwindInfo: .xdata
E7E4C	5F90	.pdata	ExceptionHook \| Pointer to 5F90 - 0x5590 .text + UnwindInfo: .xdata
E7E58	64A0	.pdata	ExceptionHook \| Pointer to 64A0 - 0x5AA0 .text + UnwindInfo: .xdata
E7E64	66B0	.pdata	ExceptionHook \| Pointer to 66B0 - 0x5CB0 .text + UnwindInfo: .xdata
E7E70	BE70	.pdata	ExceptionHook \| Pointer to BE70 - 0xB470 .text + UnwindInfo: .xdata
E7E7C	BF30	.pdata	ExceptionHook \| Pointer to BF30 - 0xB530 .text + UnwindInfo: .xdata
E7E88	CC10	.pdata	ExceptionHook \| Pointer to CC10 - 0xC210 .text + UnwindInfo: .xdata
E7E94	D030	.pdata	ExceptionHook \| Pointer to D030 - 0xC630 .text + UnwindInfo: .xdata
E7EA0	D4B0	.pdata	ExceptionHook \| Pointer to D4B0 - 0xCAB0 .text + UnwindInfo: .xdata
E7EAC	D7F0	.pdata	ExceptionHook \| Pointer to D7F0 - 0xCDF0 .text + UnwindInfo: .xdata
E7EB8	D900	.pdata	ExceptionHook \| Pointer to D900 - 0xCF00 .text + UnwindInfo: .xdata
E7EC4	DF20	.pdata	ExceptionHook \| Pointer to DF20 - 0xD520 .text + UnwindInfo: .xdata
E7ED0	E180	.pdata	ExceptionHook \| Pointer to E180 - 0xD780 .text + UnwindInfo: .xdata
E7EDC	E680	.pdata	ExceptionHook \| Pointer to E680 - 0xDC80 .text + UnwindInfo: .xdata
E7EE8	E9E0	.pdata	ExceptionHook \| Pointer to E9E0 - 0xDFE0 .text + UnwindInfo: .xdata
E7EF4	EB70	.pdata	ExceptionHook \| Pointer to EB70 - 0xE170 .text + UnwindInfo: .xdata
E7F00	EBC0	.pdata	ExceptionHook \| Pointer to EBC0 - 0xE1C0 .text + UnwindInfo: .xdata
E7F0C	EC10	.pdata	ExceptionHook \| Pointer to EC10 - 0xE210 .text + UnwindInfo: .xdata
E7F18	EC90	.pdata	ExceptionHook \| Pointer to EC90 - 0xE290 .text + UnwindInfo: .xdata
E7F24	ECB0	.pdata	ExceptionHook \| Pointer to ECB0 - 0xE2B0 .text + UnwindInfo: .xdata
E7F30	ECC0	.pdata	ExceptionHook \| Pointer to ECC0 - 0xE2C0 .text + UnwindInfo: .xdata
E7F3C	ECE0	.pdata	ExceptionHook \| Pointer to ECE0 - 0xE2E0 .text + UnwindInfo: .xdata
E7F48	ED60	.pdata	ExceptionHook \| Pointer to ED60 - 0xE360 .text + UnwindInfo: .xdata
E7F54	ED70	.pdata	ExceptionHook \| Pointer to ED70 - 0xE370 .text + UnwindInfo: .xdata
E7F60	EE70	.pdata	ExceptionHook \| Pointer to EE70 - 0xE470 .text + UnwindInfo: .xdata
E7F6C	EED0	.pdata	ExceptionHook \| Pointer to EED0 - 0xE4D0 .text + UnwindInfo: .xdata
E7F78	F040	.pdata	ExceptionHook \| Pointer to F040 - 0xE640 .text + UnwindInfo: .xdata
E7F84	F3D0	.pdata	ExceptionHook \| Pointer to F3D0 - 0xE9D0 .text + UnwindInfo: .xdata
E7F90	F410	.pdata	ExceptionHook \| Pointer to F410 - 0xEA10 .text + UnwindInfo: .xdata
E7F9C	F420	.pdata	ExceptionHook \| Pointer to F420 - 0xEA20 .text + UnwindInfo: .xdata
E7FA8	F5E0	.pdata	ExceptionHook \| Pointer to F5E0 - 0xEBE0 .text + UnwindInfo: .xdata
E7FB4	F650	.pdata	ExceptionHook \| Pointer to F650 - 0xEC50 .text + UnwindInfo: .xdata
E7FC0	F6E0	.pdata	ExceptionHook \| Pointer to F6E0 - 0xECE0 .text + UnwindInfo: .xdata
E7FCC	F770	.pdata	ExceptionHook \| Pointer to F770 - 0xED70 .text + UnwindInfo: .xdata
E7FD8	F880	.pdata	ExceptionHook \| Pointer to F880 - 0xEE80 .text + UnwindInfo: .xdata
E7FE4	F890	.pdata	ExceptionHook \| Pointer to F890 - 0xEE90 .text + UnwindInfo: .xdata
E7FF0	F8C0	.pdata	ExceptionHook \| Pointer to F8C0 - 0xEEC0 .text + UnwindInfo: .xdata
E7FFC	F910	.pdata	ExceptionHook \| Pointer to F910 - 0xEF10 .text + UnwindInfo: .xdata
E8008	F9B0	.pdata	ExceptionHook \| Pointer to F9B0 - 0xEFB0 .text + UnwindInfo: .xdata
E8014	FA30	.pdata	ExceptionHook \| Pointer to FA30 - 0xF030 .text + UnwindInfo: .xdata
E8020	FA70	.pdata	ExceptionHook \| Pointer to FA70 - 0xF070 .text + UnwindInfo: .xdata
E802C	FAF0	.pdata	ExceptionHook \| Pointer to FAF0 - 0xF0F0 .text + UnwindInfo: .xdata
E8038	FB30	.pdata	ExceptionHook \| Pointer to FB30 - 0xF130 .text + UnwindInfo: .xdata
E8044	FBC0	.pdata	ExceptionHook \| Pointer to FBC0 - 0xF1C0 .text + UnwindInfo: .xdata
E8050	FCC0	.pdata	ExceptionHook \| Pointer to FCC0 - 0xF2C0 .text + UnwindInfo: .xdata
E805C	FD10	.pdata	ExceptionHook \| Pointer to FD10 - 0xF310 .text + UnwindInfo: .xdata
E8068	FD30	.pdata	ExceptionHook \| Pointer to FD30 - 0xF330 .text + UnwindInfo: .xdata
E8074	FD50	.pdata	ExceptionHook \| Pointer to FD50 - 0xF350 .text + UnwindInfo: .xdata
E8080	FD60	.pdata	ExceptionHook \| Pointer to FD60 - 0xF360 .text + UnwindInfo: .xdata
E808C	FD70	.pdata	ExceptionHook \| Pointer to FD70 - 0xF370 .text + UnwindInfo: .xdata
E8098	FD80	.pdata	ExceptionHook \| Pointer to FD80 - 0xF380 .text + UnwindInfo: .xdata
E80A4	FD90	.pdata	ExceptionHook \| Pointer to FD90 - 0xF390 .text + UnwindInfo: .xdata
141800	N/A	Overlay	2E66696C650000005D000000FEFF000067016372 \| .file...].......g.cr

Extra Analysis

Metric	Value	Percentage
Ascii Code	1849539	62,099%
Null Byte Code	700683	23,5257%
NOP Cave Found	0x9090909090	Block Count: 4686 \| Total: 0,3933%

PESCAN.IO - Analysis Report Basic