PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 2,41 MB
SHA-256 Hash: AF409A35CEBCB7BD69A2CB109DD6386AC6FF2439D43057F6A9EE244C0EFA556E
SHA-1 Hash: E024EAE2F9C6A1AC1180D5E9245C96DE67A9167C
MD5 Hash: 49579272751B238C86278B23AA4A1982
Imphash: DD4805E60652DEEEBC6BCAA93DEB5752
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 188B34
SizeOfHeaders: 400
SizeOfImage: 26E000
ImageBase: 0000000180000000
Architecture: x64
ImportTable: 242EC4
IAT: 191000
Characteristics: 2022
TimeDateStamp: 69B4FF04
Date: 14/03/2026 6:24:04
File Type: DLL
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text
0x60000020
Code
Executable
Readable
 400 18F200 1000 18F072
6.7622
7342766.86
.rdata
0x40000040
Initialized Data
Readable
 18F600 B3400 191000 B3228
5.3297
26643191.86
.data
0xC0000040
Initialized Data
Readable
Writeable
 242A00 12E00 245000 13A80
1.3098
15245993.4
.pdata
0x40000040
Initialized Data
Readable
 255800 F600 259000 F408
6.0214
1278148.85
.rsrc
0x40000040
Initialized Data
Readable
 264E00 200 269000 F8
2.5313
61549
.reloc
0x42000040
Initialized Data
GP-Relative
Readable
 265000 3200 26A000 3198
6.19
59507.4
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 187F34
Code -> 48895C24084889742410574883EC20498BF88BDA488BF183FA017505E8D70300004C8BC78BD3488BCE488B5C2430488B7424
Assembler
|MOV QWORD PTR [RSP + 8], RBX
|MOV QWORD PTR [RSP + 0X10], RSI
|PUSH RDI
|SUB RSP, 0X20
|MOV RDI, R8
|MOV EBX, EDX
|MOV RSI, RCX
|CMP EDX, 1
|JNE 0X1021
|CALL 0X13F8
|MOV R8, RDI
|MOV EDX, EBX
|MOV RCX, RSI
|MOV RBX, QWORD PTR [RSP + 0X30]
Signatures
Rich Signature Analyzer:
Code -> DD38A1189959CF4B9959CF4B9959CF4B90215C4B8B59CF4BD2D3324B9859CF4BD2D3CC4A9D59CF4BD2D3CB4A9159CF4BD2D3CA4A8A59CF4BD2D3CE4A9159CF4BE0D8CE4A9659CF4B9959CE4B5659CF4B15D2CC4A9859CF4B15D2CB4AA659CF4B17D2C64A9459CF4B17D2304B9859CF4B17D2CD4A9859CF4B526963689959CF4B
Footprint md5 Hash -> 25F89B257899F4CB4CEB2333D0817D89
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual Studio
Detect It Easy (die)
PE+(64): compiler: Microsoft Visual C/C++(-)[-]
PE+(64): linker: Microsoft Linker(14.50**)[-]
Entropy: 6.45185
Suspicious Functions
Library Function Description
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
SHELL32.DLL ShellExecuteW Performs a run operation on a specific file.
File Access
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
VCRUNTIME140.dll
VCRUNTIME140_1.dll
IMM32.dll
D3DCOMPILER_47.dll
MSVCP140.dll
MSVCP140_ATOMIC_WAIT.dll
SHELL32.dll
USER32.dll
KERNEL32.dll
xinput1_1.dll
xinput1_2.dll
xinput9_1_0.dll
xinput1_3.dll
xinput1_4.dll
p.dll
.dat
@.dat
imgui_log.txt
imgui.ini
Interest's Words
exec
start
pause
shutdown
systeminfo
ping
expand
URLs
https://github.com/unicorn-engine/unicorn.
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Hex Hex Pattern SYSCALL (SYSCALL - 4C8BD1B8)
Text Ascii WinAPI Sockets (send)
Text Ascii Anti-Analysis VM (GetSystemInfo)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Execution (ShellExecute)
Text Ascii Keyboard Key (Alt+)
Text Ascii Keyboard Key (Scroll)
Text Ascii Keyboard Key (DownArrow)
Text Ascii Keyboard Key (RightArrow)
Text Ascii Keyboard Key (UpArrow)
Text Ascii Keyboard Key (LeftArrow)
Text Ascii Keyboard Key (PageDown)
Text Ascii Keyboard Key (PageUp)
Text Ascii Keyboard Key (CapsLock)
Text Ascii Keyboard Key (Backspace)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Resources
Path DataRVA Size FileOffset CodeText
\24\2\1033 269060 91 264E60 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779<?xml version='1.0' encoding='UTF-8' standalone='y
Intelligent String
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-convert-l1-1-0.dll
• api-ms-win-crt-utility-l1-1-0.dll
• api-ms-win-crt-runtime-l1-1-0.dll
• api-ms-win-crt-stdio-l1-1-0.dll
• xinput1_2.dll
• xinput9_1_0.dll
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\unicorn\glib_compat\garray.c
• WARNING: Your register accessing on id %u is deprecated and will get UC_ERR_ARG in the future release (2.2.0) because the accessing is either no-op or not defined. If you believe the register should be implemented or there is a bug, please submit an issue to https://github.com/unicorn-engine/unicorn. Set UC_IGNORE_REG_BREAK=1 to ignore this warning.
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\unicorn\qemu\accel\tcg\translate-all.c
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\unicorn\qemu\softmmu\memory.c
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\unicorn\qemu\include\hw/i386/topology.h
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\unicorn\qemu\util\qht.c
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\unicorn\qemu\tcg\i386\tcg-target.inc.c
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\unicorn\qemu\tcg\tcg.c
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\unicorn\qemu\accel\tcg\cputlb.c
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\unicorn\qemu\fpu\softfloat.c
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\unicorn\qemu\include\hw/core/cpu.h
• xinput1_4.dll
• xinput1_3.dll
• xinput1_1.dll
• imgui.ini
• imgui_log.txt
• rex.wxb
• rex.rxb
• rex.wrx
• rex.wrb
• ProggyClean.ttfProggyForever.ttf
• C:\Users\Catalpa\Documents\Exclusions\sleepy internal\x64\Public\sleepy internal.pdb
• .tls
• .bss
• KERNEL32.dll
• MSVCP140.dll
• D3DCOMPILER_47.dll
• VCRUNTIME140_1.dll
• VCRUNTIME140.dll
• 6_initterm7_initterm_eapi-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-environment-l1-1-0.dll
• api-ms-win-crt-math-l1-1-0.dll
• api-ms-win-crt-time-l1-1-0.dll
Flow Anomalies
Offset RVA Section Description
1CE7 N/A .text CALL QWORD PTR [RIP+0x18EC4B]
1D24 N/A .text CALL QWORD PTR [RIP+0x18EBC6]
1D45 N/A .text CALL QWORD PTR [RIP+0x18EBED]
1DA3 N/A .text CALL QWORD PTR [RIP+0x18EB87]
1DCD N/A .text CALL QWORD PTR [RIP+0x18E825]
1DD6 N/A .text CALL QWORD PTR [RIP+0x18E80C]
1EC6 N/A .text CALL QWORD PTR [RIP+0x18E834]
1EF2 N/A .text CALL QWORD PTR [RIP+0x18E810]
1F3D N/A .text CALL QWORD PTR [RIP+0x18E7C5]
1F92 N/A .text CALL QWORD PTR [RIP+0x18E770]
1FD7 N/A .text CALL QWORD PTR [RIP+0x18E72B]
2052 N/A .text CALL QWORD PTR [RIP+0x18E6B0]
2097 N/A .text CALL QWORD PTR [RIP+0x18E66B]
20FA N/A .text CALL QWORD PTR [RIP+0x18E600]
214A N/A .text CALL QWORD PTR [RIP+0x18E5B0]
217B N/A .text CALL QWORD PTR [RIP+0x18E447]
225A N/A .text CALL QWORD PTR [RIP+0x18E618]
22C4 N/A .text CALL QWORD PTR [RIP+0x18E326]
2335 N/A .text CALL QWORD PTR [RIP+0x18E2ED]
236B N/A .text CALL QWORD PTR [RIP+0x18E2AF]
2395 N/A .text CALL QWORD PTR [RIP+0x18E285]
23B7 N/A .text CALL QWORD PTR [RIP+0x18E263]
23C8 N/A .text CALL QWORD PTR [RIP+0x18E232]
23D2 N/A .text CALL QWORD PTR [RIP+0x18E218]
23E1 N/A .text CALL QWORD PTR [RIP+0x18E219]
23FA N/A .text CALL QWORD PTR [RIP+0x18E1E0]
2409 N/A .text CALL QWORD PTR [RIP+0x18E1F1]
2453 N/A .text CALL QWORD PTR [RIP+0x18E41F]
24B2 N/A .text CALL QWORD PTR [RIP+0x18E0B0]
24BE N/A .text CALL QWORD PTR [RIP+0x18E0C4]
24C8 N/A .text CALL QWORD PTR [RIP+0x18E0B2]
24D6 N/A .text CALL QWORD PTR [RIP+0x18DFE4]
24F7 N/A .text CALL QWORD PTR [RIP+0x18E05B]
250F N/A .text CALL QWORD PTR [RIP+0x18E04B]
2520 N/A .text CALL QWORD PTR [RIP+0x18E06A]
2531 N/A .text CALL QWORD PTR [RIP+0x18E029]
253F N/A .text CALL QWORD PTR [RIP+0x18E053]
30CE N/A .text CALL QWORD PTR [RIP+0x18D3FC]
E3E6 N/A .text CALL QWORD PTR [RIP+0xFAD3150]
37533 N/A .text CALL QWORD PTR [RIP+0x158EC7]
376CD N/A .text CALL QWORD PTR [RIP+0x158D2D]
378AB N/A .text CALL QWORD PTR [RIP+0x158DF7]
378E1 N/A .text CALL QWORD PTR [RIP+0x158BD9]
3791A N/A .text CALL QWORD PTR [RIP+0x158D70]
37952 N/A .text CALL QWORD PTR [RIP+0x158D28]
37964 N/A .text CALL QWORD PTR [RIP+0x158D4E]
3797D N/A .text CALL QWORD PTR [RIP+0x158D2D]
3798E N/A .text CALL QWORD PTR [RIP+0x158CDC]
379D0 N/A .text CALL QWORD PTR [RIP+0x158CEA]
37A18 N/A .text CALL QWORD PTR [RIP+0x158CA2]
37A60 N/A .text CALL QWORD PTR [RIP+0x158C5A]
37AA8 N/A .text CALL QWORD PTR [RIP+0x158C12]
39B6D N/A .text CALL QWORD PTR [RIP+0x1569F5]
39B7A N/A .text CALL QWORD PTR [RIP+0x156A08]
39B84 N/A .text CALL QWORD PTR [RIP+0x1569F6]
39B91 N/A .text CALL QWORD PTR [RIP+0x156929]
39BB5 N/A .text CALL QWORD PTR [RIP+0x15699D]
39BD1 N/A .text CALL QWORD PTR [RIP+0x156989]
39BE2 N/A .text CALL QWORD PTR [RIP+0x1569A8]
39BF3 N/A .text CALL QWORD PTR [RIP+0x156967]
39C01 N/A .text CALL QWORD PTR [RIP+0x156991]
39DBD N/A .text CALL QWORD PTR [RIP+0x1567A5]
39DC9 N/A .text CALL QWORD PTR [RIP+0x1567B9]
39DD3 N/A .text CALL QWORD PTR [RIP+0x1567A7]
39DE0 N/A .text CALL QWORD PTR [RIP+0x1566DA]
39E04 N/A .text CALL QWORD PTR [RIP+0x15674E]
39E20 N/A .text CALL QWORD PTR [RIP+0x15673A]
39E31 N/A .text CALL QWORD PTR [RIP+0x156759]
39E45 N/A .text CALL QWORD PTR [RIP+0x156715]
39E53 N/A .text CALL QWORD PTR [RIP+0x15673F]
3A493 N/A .text CALL QWORD PTR [RIP+0x1562DF]
3A7FC N/A .text CALL QWORD PTR [RIP+0x155E06]
3A80B N/A .text CALL QWORD PTR [RIP+0x155DEF]
3A82C N/A .text CALL QWORD PTR [RIP+0x155DCE]
3A84F N/A .text CALL QWORD PTR [RIP+0x155D83]
3A945 N/A .text CALL QWORD PTR [RIP+0x155CBD]
3A954 N/A .text CALL QWORD PTR [RIP+0x155CA6]
3A975 N/A .text CALL QWORD PTR [RIP+0x155C85]
3A998 N/A .text CALL QWORD PTR [RIP+0x155C3A]
3ABF7 N/A .text CALL QWORD PTR [RIP+0x155A0B]
3AC7C N/A .text CALL QWORD PTR [RIP+0x155956]
3AC91 N/A .text CALL QWORD PTR [RIP+0x155971]
3ACB3 N/A .text CALL QWORD PTR [RIP+0x155947]
3ACF2 N/A .text CALL QWORD PTR [RIP+0x155910]
3AD01 N/A .text CALL QWORD PTR [RIP+0x1558F9]
3AD1C N/A .text CALL QWORD PTR [RIP+0x1558DE]
3AD35 N/A .text CALL QWORD PTR [RIP+0x15589D]
3ADAA N/A .text CALL QWORD PTR [RIP+0x155828]
3AE45 N/A .text CALL QWORD PTR [RIP+0x1557BD]
3AE54 N/A .text CALL QWORD PTR [RIP+0x1557A6]
3AE6F N/A .text CALL QWORD PTR [RIP+0x15578B]
3AE88 N/A .text CALL QWORD PTR [RIP+0x15574A]
3AFEA N/A .text CALL QWORD PTR [RIP+0x155618]
3B068 N/A .text CALL QWORD PTR [RIP+0x15556A]
3B07D N/A .text CALL QWORD PTR [RIP+0x155585]
3B09F N/A .text CALL QWORD PTR [RIP+0x15555B]
3B0DE N/A .text CALL QWORD PTR [RIP+0x155524]
3B0ED N/A .text CALL QWORD PTR [RIP+0x15550D]
3B108 N/A .text CALL QWORD PTR [RIP+0x1554F2]
3B121 N/A .text CALL QWORD PTR [RIP+0x1554B1]
22395F-223980 N/A .rdata Potential obfuscated jump sequence detected, count: 17
255800 1000 .pdata ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata
25580C 1040 .pdata ExceptionHook | Pointer to 1040 - 0x440 .text + UnwindInfo: .rdata
255818 1080 .pdata ExceptionHook | Pointer to 1080 - 0x480 .text + UnwindInfo: .rdata
255824 10A0 .pdata ExceptionHook | Pointer to 10A0 - 0x4A0 .text + UnwindInfo: .rdata
255830 11F0 .pdata ExceptionHook | Pointer to 11F0 - 0x5F0 .text + UnwindInfo: .rdata
25583C 1280 .pdata ExceptionHook | Pointer to 1280 - 0x680 .text + UnwindInfo: .rdata
255848 1320 .pdata ExceptionHook | Pointer to 1320 - 0x720 .text + UnwindInfo: .rdata
255854 1340 .pdata ExceptionHook | Pointer to 1340 - 0x740 .text + UnwindInfo: .rdata
255860 1360 .pdata ExceptionHook | Pointer to 1360 - 0x760 .text + UnwindInfo: .rdata
25586C 1380 .pdata ExceptionHook | Pointer to 1380 - 0x780 .text + UnwindInfo: .rdata
255878 13A0 .pdata ExceptionHook | Pointer to 13A0 - 0x7A0 .text + UnwindInfo: .rdata
255884 13C0 .pdata ExceptionHook | Pointer to 13C0 - 0x7C0 .text + UnwindInfo: .rdata
255890 13E0 .pdata ExceptionHook | Pointer to 13E0 - 0x7E0 .text + UnwindInfo: .rdata
25589C 1400 .pdata ExceptionHook | Pointer to 1400 - 0x800 .text + UnwindInfo: .rdata
2558A8 1420 .pdata ExceptionHook | Pointer to 1420 - 0x820 .text + UnwindInfo: .rdata
2558B4 1440 .pdata ExceptionHook | Pointer to 1440 - 0x840 .text + UnwindInfo: .rdata
2558C0 1460 .pdata ExceptionHook | Pointer to 1460 - 0x860 .text + UnwindInfo: .rdata
2558CC 1480 .pdata ExceptionHook | Pointer to 1480 - 0x880 .text + UnwindInfo: .rdata
2558D8 14A0 .pdata ExceptionHook | Pointer to 14A0 - 0x8A0 .text + UnwindInfo: .rdata
2558E4 14C0 .pdata ExceptionHook | Pointer to 14C0 - 0x8C0 .text + UnwindInfo: .rdata
2558F0 14E0 .pdata ExceptionHook | Pointer to 14E0 - 0x8E0 .text + UnwindInfo: .rdata
2558FC 1500 .pdata ExceptionHook | Pointer to 1500 - 0x900 .text + UnwindInfo: .rdata
255908 1520 .pdata ExceptionHook | Pointer to 1520 - 0x920 .text + UnwindInfo: .rdata
255914 1540 .pdata ExceptionHook | Pointer to 1540 - 0x940 .text + UnwindInfo: .rdata
255920 1560 .pdata ExceptionHook | Pointer to 1560 - 0x960 .text + UnwindInfo: .rdata
25592C 1580 .pdata ExceptionHook | Pointer to 1580 - 0x980 .text + UnwindInfo: .rdata
255938 15A0 .pdata ExceptionHook | Pointer to 15A0 - 0x9A0 .text + UnwindInfo: .rdata
255944 15C0 .pdata ExceptionHook | Pointer to 15C0 - 0x9C0 .text + UnwindInfo: .rdata
255950 15E0 .pdata ExceptionHook | Pointer to 15E0 - 0x9E0 .text + UnwindInfo: .rdata
25595C 1600 .pdata ExceptionHook | Pointer to 1600 - 0xA00 .text + UnwindInfo: .rdata
255968 1620 .pdata ExceptionHook | Pointer to 1620 - 0xA20 .text + UnwindInfo: .rdata
255974 1640 .pdata ExceptionHook | Pointer to 1640 - 0xA40 .text + UnwindInfo: .rdata
255980 1660 .pdata ExceptionHook | Pointer to 1660 - 0xA60 .text + UnwindInfo: .rdata
25598C 1680 .pdata ExceptionHook | Pointer to 1680 - 0xA80 .text + UnwindInfo: .rdata
255998 16A0 .pdata ExceptionHook | Pointer to 16A0 - 0xAA0 .text + UnwindInfo: .rdata
2559A4 16C0 .pdata ExceptionHook | Pointer to 16C0 - 0xAC0 .text + UnwindInfo: .rdata
2559B0 16E0 .pdata ExceptionHook | Pointer to 16E0 - 0xAE0 .text + UnwindInfo: .rdata
2559BC 1700 .pdata ExceptionHook | Pointer to 1700 - 0xB00 .text + UnwindInfo: .rdata
2559C8 1720 .pdata ExceptionHook | Pointer to 1720 - 0xB20 .text + UnwindInfo: .rdata
2559D4 1740 .pdata ExceptionHook | Pointer to 1740 - 0xB40 .text + UnwindInfo: .rdata
2559E0 1760 .pdata ExceptionHook | Pointer to 1760 - 0xB60 .text + UnwindInfo: .rdata
2559EC 1780 .pdata ExceptionHook | Pointer to 1780 - 0xB80 .text + UnwindInfo: .rdata
2559F8 17A0 .pdata ExceptionHook | Pointer to 17A0 - 0xBA0 .text + UnwindInfo: .rdata
255A04 17C0 .pdata ExceptionHook | Pointer to 17C0 - 0xBC0 .text + UnwindInfo: .rdata
255A10 17E0 .pdata ExceptionHook | Pointer to 17E0 - 0xBE0 .text + UnwindInfo: .rdata
255A1C 1800 .pdata ExceptionHook | Pointer to 1800 - 0xC00 .text + UnwindInfo: .rdata
255A28 1820 .pdata ExceptionHook | Pointer to 1820 - 0xC20 .text + UnwindInfo: .rdata
255A34 1840 .pdata ExceptionHook | Pointer to 1840 - 0xC40 .text + UnwindInfo: .rdata
255A40 1860 .pdata ExceptionHook | Pointer to 1860 - 0xC60 .text + UnwindInfo: .rdata
255A4C 1880 .pdata ExceptionHook | Pointer to 1880 - 0xC80 .text + UnwindInfo: .rdata
255A58 18A0 .pdata ExceptionHook | Pointer to 18A0 - 0xCA0 .text + UnwindInfo: .rdata
255A64 18C0 .pdata ExceptionHook | Pointer to 18C0 - 0xCC0 .text + UnwindInfo: .rdata
255A70 18E0 .pdata ExceptionHook | Pointer to 18E0 - 0xCE0 .text + UnwindInfo: .rdata
255A7C 1900 .pdata ExceptionHook | Pointer to 1900 - 0xD00 .text + UnwindInfo: .rdata
255A88 1920 .pdata ExceptionHook | Pointer to 1920 - 0xD20 .text + UnwindInfo: .rdata
255A94 1940 .pdata ExceptionHook | Pointer to 1940 - 0xD40 .text + UnwindInfo: .rdata
255AA0 1960 .pdata ExceptionHook | Pointer to 1960 - 0xD60 .text + UnwindInfo: .rdata
255AAC 1980 .pdata ExceptionHook | Pointer to 1980 - 0xD80 .text + UnwindInfo: .rdata
255AB8 19A0 .pdata ExceptionHook | Pointer to 19A0 - 0xDA0 .text + UnwindInfo: .rdata
255AC4 19C0 .pdata ExceptionHook | Pointer to 19C0 - 0xDC0 .text + UnwindInfo: .rdata
255AD0 19E0 .pdata ExceptionHook | Pointer to 19E0 - 0xDE0 .text + UnwindInfo: .rdata
255ADC 1A00 .pdata ExceptionHook | Pointer to 1A00 - 0xE00 .text + UnwindInfo: .rdata
255AE8 1A20 .pdata ExceptionHook | Pointer to 1A20 - 0xE20 .text + UnwindInfo: .rdata
255AF4 1A40 .pdata ExceptionHook | Pointer to 1A40 - 0xE40 .text + UnwindInfo: .rdata
255B00 1A60 .pdata ExceptionHook | Pointer to 1A60 - 0xE60 .text + UnwindInfo: .rdata
255B0C 1A80 .pdata ExceptionHook | Pointer to 1A80 - 0xE80 .text + UnwindInfo: .rdata
255B18 1AA0 .pdata ExceptionHook | Pointer to 1AA0 - 0xEA0 .text + UnwindInfo: .rdata
255B24 1AC0 .pdata ExceptionHook | Pointer to 1AC0 - 0xEC0 .text + UnwindInfo: .rdata
255B30 1AE0 .pdata ExceptionHook | Pointer to 1AE0 - 0xEE0 .text + UnwindInfo: .rdata
255B3C 1B00 .pdata ExceptionHook | Pointer to 1B00 - 0xF00 .text + UnwindInfo: .rdata
255B48 1B20 .pdata ExceptionHook | Pointer to 1B20 - 0xF20 .text + UnwindInfo: .rdata
255B54 1B40 .pdata ExceptionHook | Pointer to 1B40 - 0xF40 .text + UnwindInfo: .rdata
255B60 1B60 .pdata ExceptionHook | Pointer to 1B60 - 0xF60 .text + UnwindInfo: .rdata
255B6C 1B80 .pdata ExceptionHook | Pointer to 1B80 - 0xF80 .text + UnwindInfo: .rdata
255B78 1BA0 .pdata ExceptionHook | Pointer to 1BA0 - 0xFA0 .text + UnwindInfo: .rdata
255B84 1BC0 .pdata ExceptionHook | Pointer to 1BC0 - 0xFC0 .text + UnwindInfo: .rdata
255B90 1BE0 .pdata ExceptionHook | Pointer to 1BE0 - 0xFE0 .text + UnwindInfo: .rdata
255B9C 1C00 .pdata ExceptionHook | Pointer to 1C00 - 0x1000 .text + UnwindInfo: .rdata
255BA8 1C20 .pdata ExceptionHook | Pointer to 1C20 - 0x1020 .text + UnwindInfo: .rdata
255BB4 1C40 .pdata ExceptionHook | Pointer to 1C40 - 0x1040 .text + UnwindInfo: .rdata
255BC0 1C60 .pdata ExceptionHook | Pointer to 1C60 - 0x1060 .text + UnwindInfo: .rdata
255BCC 1C80 .pdata ExceptionHook | Pointer to 1C80 - 0x1080 .text + UnwindInfo: .rdata
255BD8 1CA0 .pdata ExceptionHook | Pointer to 1CA0 - 0x10A0 .text + UnwindInfo: .rdata
255BE4 1CC0 .pdata ExceptionHook | Pointer to 1CC0 - 0x10C0 .text + UnwindInfo: .rdata
255BF0 1CE0 .pdata ExceptionHook | Pointer to 1CE0 - 0x10E0 .text + UnwindInfo: .rdata
255BFC 1D00 .pdata ExceptionHook | Pointer to 1D00 - 0x1100 .text + UnwindInfo: .rdata
255C08 1D20 .pdata ExceptionHook | Pointer to 1D20 - 0x1120 .text + UnwindInfo: .rdata
255C14 1D40 .pdata ExceptionHook | Pointer to 1D40 - 0x1140 .text + UnwindInfo: .rdata
255C20 1D60 .pdata ExceptionHook | Pointer to 1D60 - 0x1160 .text + UnwindInfo: .rdata
255C2C 1D80 .pdata ExceptionHook | Pointer to 1D80 - 0x1180 .text + UnwindInfo: .rdata
255C38 1DA0 .pdata ExceptionHook | Pointer to 1DA0 - 0x11A0 .text + UnwindInfo: .rdata
255C44 1DC0 .pdata ExceptionHook | Pointer to 1DC0 - 0x11C0 .text + UnwindInfo: .rdata
255C50 1DE0 .pdata ExceptionHook | Pointer to 1DE0 - 0x11E0 .text + UnwindInfo: .rdata
255C5C 1E00 .pdata ExceptionHook | Pointer to 1E00 - 0x1200 .text + UnwindInfo: .rdata
255C68 1E20 .pdata ExceptionHook | Pointer to 1E20 - 0x1220 .text + UnwindInfo: .rdata
255C74 1E40 .pdata ExceptionHook | Pointer to 1E40 - 0x1240 .text + UnwindInfo: .rdata
255C80 1E60 .pdata ExceptionHook | Pointer to 1E60 - 0x1260 .text + UnwindInfo: .rdata
255C8C 1E80 .pdata ExceptionHook | Pointer to 1E80 - 0x1280 .text + UnwindInfo: .rdata
255C98 1EA0 .pdata ExceptionHook | Pointer to 1EA0 - 0x12A0 .text + UnwindInfo: .rdata
255CA4 1EC0 .pdata ExceptionHook | Pointer to 1EC0 - 0x12C0 .text + UnwindInfo: .rdata
Extra Analysis
Metric Value Percentage
Ascii Code 1432320 56,7559%
Null Byte Code 527490 20,9019%
© 2026 All rights reserved.