PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
The executable header is displayed in light blue.
The executable sections are pink.
Non-executable sections are black.
Code added to executables externally to a compiler appears in red.
If the File Structure content appears in red, it means the PE header is malformed or corrupted.
Chart Code For Other Files
Printable characters are blue.
Non-printable characters (Null Bytes) are black.
Information
Icon: Icon
Size: 43,50 KB
SHA-256 Hash: 1DFE14E63635E47D87E96A475A04379853C1FD8F7A519F142FA6C1703900F696
SHA-1 Hash: E11918605DEC504EE67CC64C4F09092D09E37F04
MD5 Hash: 517993B1BADE0FC481154B6E260DBC54
Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744
MajorOSVersion: 4
CheckSum: 00000000
EntryPoint (rva): B85E
SizeOfHeaders: 400
SizeOfImage: 12000
ImageBase: 400000
Architecture: x86
ImportTable: B810
Characteristics: 102
TimeDateStamp: 55660E43
Date: 27/05/2015 18:34:43
File Type: EXE
Number Of Sections: 4
ASLR: Enabled
Section Names: .text, .sdata, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker
[Incomplete Binary or Compressor Packer - 28,50 KB Missing]
Sections Info
Section Name Flags ROffset RSize VOffset VSize
.text 60000020 (Executable) 400 9A00 2000 9864
.sdata C0000040 (Writeable) 9E00 200 C000 AD
.rsrc 40000040 A000 C00 E000 A80
.reloc 42000040 AC00 200 10000 C
Description
InternalName: Autoclick TyToos v2.exe
OriginalFilename: Autoclick TyToos v2.exe
LegalCopyright: Copyright 2015
ProductName: Autoclick Esperra
FileVersion: 1.0.0.0
Entry Point
The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 9C5E
Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
JMP DWORD PTR [0X402000]
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
Signatures
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
AnyCPU: True
Version: v2.0
Compiler: Microsoft Visual Studio
Detect It Easy (die)
PE: library: .NET(v2.0.50727)[-]
PE: compiler: VB.NET(-)[-]
PE: linker: Microsoft Linker(8.0)[EXE32]
Entropy: 6.89722
Suspicious Functions
Library Function Description
USER32.DLL GetAsyncKeyState Retrieves the status of a virtual key asynchronously.
File Access
Autoclick TyToos v2.exe
mscoree.dll
Temp
File Access (UNICODE)
Autoclick TyToos v2.exe
Interest's Words
exec
attrib
start
shutdown
Strings/Hex Code Found With The File Rules
Rule Text (Ascii): WinAPI Sockets (send)
EP Rules: Microsoft Visual C / Basic .NET
EP Rules: Microsoft Visual C++ 8
EP Rules: Microsoft Visual C++ 8.0
EP Rules: Microsoft Visual C v7.0 / Basic .NET
EP Rules: Microsoft Visual Studio .NET
EP Rules: .NET executable
Resources
Path DataRVA Size FileOffset CodeText
\ICON\2\0 E458 2E8 A458 2800000020000000400000000100040000000000800200000000000000000000000000000000000000000000000080000080(... ...@.........................................
\ICON\3\0 E740 128 A740 2800000010000000200000000100040000000000C00000000000000000000000000000000000000000000000000080000080(....... .........................................
\GROUP_ICON\32512\0 E868 22 A868 0000010002002020100001000400E802000002001010100001000400280100000300000000000000EFBBBF3C3F786D6C2076...... ....................(..............<?xml v
\VERSION\1\0 E160 2F8 A160 F80234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\0 E890 1EA A890 EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65...<?xml version="1.0" encoding="UTF-8" standalone
Intelligent String
• 1.0.0.0
• Autoclick TyToos v2.exe
• _CorExeMainmscoree.dll
• n\Desktop\Autoclicks Creados\Autoclick TyToos v2\Autoclick TyToos v2\obj\Debug\Autoclick TyToos v2.pdb
Extra Analysis
Metric Value Percentage
Ascii Code 26776 60,1114%
Null Byte Code 8428 18,9206%
© 2025 All rights reserved.