PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Size: 239,81 KB
SHA-256 Hash: D3E4083511881CDD89B6C68D384CC0CB5DAD7723A322912FD7FAB1EC269B8956
SHA-1 Hash: ED24F6A0F71459B7380FE16DAA285A87D783E9FE
MD5 Hash: 56943B380F98BB670CF8E402AC555CF9
Imphash: 270326227205B0058B12D681B94BDC8F
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00049EFF
EntryPoint (rva): 14D0
SizeOfHeaders: 600
SizeOfImage: 3E000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: D000
IAT: D1D8
Characteristics: 26
TimeDateStamp: 6A2845B2
Date: 09/06/2026 16:56:18
File Type: DLL
Number Of Sections: 19
ASLR: Disabled
Section Names (Optional Header): .text, .data, .rdata, .pdata, .xdata, .bss, .idata, .CRT, .tls, .reloc, /4, /19, /31, /45, /57, /70, /81, /97, /113
Number Of Executable Sections: 1
Subsystem: Windows Console

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000060 Code Initialized Data Executable Readable	600	6E00	1000	6CC8	6.2513	250427.31
.data	0xC0000040 Initialized Data Readable Writeable	7400	200	8000	E0	0.9478	100989
.rdata	0x40000040 Initialized Data Readable	7600	E00	9000	DD0	4.7428	120790.29
.pdata	0x40000040 Initialized Data Readable	8400	600	A000	474	3.3337	158096.67
.xdata	0x40000040 Initialized Data Readable	8A00	600	B000	430	3.4702	90077.33
.bss	0xC0000080 Uninitialized Data Readable Writeable	0	0	C000	BA0	N/A	N/A
.idata	0xC0000040 Initialized Data Readable Writeable	9000	800	D000	714	3.5937	157386.5
.CRT	0xC0000040 Initialized Data Readable Writeable	9800	200	E000	60	0.2866	122518
.tls	0xC0000040 Initialized Data Readable Writeable	9A00	200	F000	10	0	130560
.reloc	0x42000040 Initialized Data GP-Relative Readable	9C00	200	10000	84	1.5489	83238
/4	0x42000040 Initialized Data GP-Relative Readable	9E00	800	11000	650	1.4952	367634.75
/19	0x42000040 Initialized Data GP-Relative Readable	A600	11C00	12000	11BAB	5.7824	1389570.77
/31	0x42000040 Initialized Data GP-Relative Readable	1C200	3400	24000	3261	4.7843	231723.62
/45	0x42000040 Initialized Data GP-Relative Readable	1F600	6A00	28000	69D7	5.085	519968.96
/57	0x42000040 Initialized Data GP-Relative Readable	26000	2200	2F000	2158	3.5857	545375.71
/70	0x42000040 Initialized Data GP-Relative Readable	28200	400	32000	39D	4.6234	15385.5
/81	0x42000040 Initialized Data GP-Relative Readable	28600	1800	33000	1662	4.5987	75023.25
/97	0x42000040 Initialized Data GP-Relative Readable	29E00	7A00	35000	78FD	5.841	522592.59
/113	0x42000040 Initialized Data GP-Relative Readable	31800	600	3D000	51F	5.2733	38010.33

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - AD0
Code -> 4883EC28488B05B5820000C70000000000E89AFCFFFF90904883C428C30F1F004883EC28E8876600004883F80119C04883C4

Assembler

|SUB RSP, 0X28

|MOV RAX, QWORD PTR [RIP + 0X82B5]

|MOV DWORD PTR [RAX], 0

|CALL 0XCB0

|NOP

|ADD RSP, 0X28

|RET

|NOP DWORD PTR [RAX]

|SUB RSP, 0X28

|CALL 0X76B0

|CMP RAX, 1

|SBB EAX, EAX

Signatures

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Detect It Easy (die)
• PE+(64): linker: GNU linker ld (GNU Binutils)(2.40)[-]
• Entropy: 5.77337

File Access

msvcrt.dll
KERNEL32.dll
.dat

Interest's Words

exec
attrib
start
ping

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (accept)
Text	Ascii	Stealth (VirtualProtect)
Entry Point	Hex Pattern	ASProtect vx.x
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Intelligent String

• .bss
• .tls
• @.bss
• .CRT
• KERNEL32.dll
• msvcrt.dll

Flow Anomalies

Offset	RVA	Section	Description
858	N/A	.text	CALL QWORD PTR [RIP+0xBFBA]
A53	N/A	.text	CALL QWORD PTR [RIP+0xBD97]
F8B	N/A	.text	CALL QWORD PTR [RIP+0xB8A7]
FEE	N/A	.text	CALL QWORD PTR [RIP+0xB83C]
FF8	N/A	.text	CALL QWORD PTR [RIP+0xB7EA]
15B4	N/A	.text	CALL QWORD PTR [RIP+0xB226]
160A	N/A	.text	JMP QWORD PTR [RIP+0xB1F8]
1657	N/A	.text	CALL QWORD PTR [RIP+0xB183]
1672	N/A	.text	CALL QWORD PTR [RIP+0xB190]
16AA	N/A	.text	CALL QWORD PTR [RIP+0xB130]
16E6	N/A	.text	CALL QWORD PTR [RIP+0xB11C]
17C5	N/A	.text	CALL QWORD PTR [RIP+0xB00D]
17F7	N/A	.text	CALL QWORD PTR [RIP+0xAFFB]
5EA9	N/A	.text	JMP QWORD PTR [RIP+0x6931]
5F73	N/A	.text	CALL QWORD PTR [RIP+0x688F]
607D	N/A	.text	JMP QWORD PTR [RIP+0x6785]
61EC	N/A	.text	CALL QWORD PTR [RIP+0x6616]
6412	N/A	.text	CALL QWORD PTR [RIP+0x63F0]
649A	N/A	.text	CALL QWORD PTR [RIP+0x6368]
6B2D	N/A	.text	JMP QWORD PTR [RIP+0x5CAD]
6B9D	N/A	.text	JMP QWORD PTR [RIP+0x5C65]
6C72	N/A	.text	CALL QWORD PTR [RIP+0x5BC8]
6E3A	N/A	.text	CALL QWORD PTR [RIP+0x59C0]
6E7A	N/A	.text	CALL QWORD PTR [RIP+0x5990]
6F12	N/A	.text	CALL QWORD PTR [RIP+0x58F8]
7120	N/A	.text	JMP QWORD PTR [RIP+0x572A]
7128	N/A	.text	JMP QWORD PTR [RIP+0x572A]
7130	N/A	.text	JMP QWORD PTR [RIP+0x572A]
7138	N/A	.text	JMP QWORD PTR [RIP+0x572A]
7140	N/A	.text	JMP QWORD PTR [RIP+0x5732]
7148	N/A	.text	JMP QWORD PTR [RIP+0x5732]
7150	N/A	.text	JMP QWORD PTR [RIP+0x5732]
7158	N/A	.text	JMP QWORD PTR [RIP+0x573A]
7160	N/A	.text	JMP QWORD PTR [RIP+0x573A]
7168	N/A	.text	JMP QWORD PTR [RIP+0x5742]
7170	N/A	.text	JMP QWORD PTR [RIP+0x574A]
7178	N/A	.text	JMP QWORD PTR [RIP+0x574A]
7180	N/A	.text	JMP QWORD PTR [RIP+0x574A]
7188	N/A	.text	JMP QWORD PTR [RIP+0x574A]
7190	N/A	.text	JMP QWORD PTR [RIP+0x574A]
7198	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71A0	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71A8	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71B0	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71B8	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71C0	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71C8	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71D0	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71D8	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71E0	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71E8	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71F0	N/A	.text	JMP QWORD PTR [RIP+0x574A]
71F8	N/A	.text	JMP QWORD PTR [RIP+0x574A]
7200	N/A	.text	JMP QWORD PTR [RIP+0x574A]
7208	N/A	.text	JMP QWORD PTR [RIP+0x574A]
7210	N/A	.text	JMP QWORD PTR [RIP+0x574A]
7220	N/A	.text	JMP QWORD PTR [RIP+0x561A]
7228	N/A	.text	JMP QWORD PTR [RIP+0x560A]
7230	N/A	.text	JMP QWORD PTR [RIP+0x55FA]
7238	N/A	.text	JMP QWORD PTR [RIP+0x55EA]
7240	N/A	.text	JMP QWORD PTR [RIP+0x55DA]
7248	N/A	.text	JMP QWORD PTR [RIP+0x55CA]
7250	N/A	.text	JMP QWORD PTR [RIP+0x55BA]
7258	N/A	.text	JMP QWORD PTR [RIP+0x55AA]
7260	N/A	.text	JMP QWORD PTR [RIP+0x559A]
7268	N/A	.text	JMP QWORD PTR [RIP+0x558A]
7270	N/A	.text	JMP QWORD PTR [RIP+0x557A]
7278	N/A	.text	JMP QWORD PTR [RIP+0x556A]
7280	N/A	.text	JMP QWORD PTR [RIP+0x555A]
7288	N/A	.text	JMP QWORD PTR [RIP+0x554A]
799B	N/A	.rdata	CALL QWORD PTR [RIP+0x88FFFFB6]
2BEDA	N/A	/97	JMP QWORD PTR [RIP+0x55012685]
9838	16C0	.CRT	TLS Callback \| Pointer to 1400016C0 - 0xCC0 .text
9840	1690	.CRT	TLS Callback \| Pointer to 140001690 - 0xC90 .text
8400	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x600 .text + UnwindInfo: .xdata
840C	1010	.pdata	ExceptionHook \| Pointer to 1010 - 0x610 .text + UnwindInfo: .xdata
8418	1130	.pdata	ExceptionHook \| Pointer to 1130 - 0x730 .text + UnwindInfo: .xdata
8424	1180	.pdata	ExceptionHook \| Pointer to 1180 - 0x780 .text + UnwindInfo: .xdata
8430	14B0	.pdata	ExceptionHook \| Pointer to 14B0 - 0xAB0 .text + UnwindInfo: .xdata
843C	14D0	.pdata	ExceptionHook \| Pointer to 14D0 - 0xAD0 .text + UnwindInfo: .xdata
8448	14F0	.pdata	ExceptionHook \| Pointer to 14F0 - 0xAF0 .text + UnwindInfo: .xdata
8454	1510	.pdata	ExceptionHook \| Pointer to 1510 - 0xB10 .text + UnwindInfo: .xdata
8460	1520	.pdata	ExceptionHook \| Pointer to 1520 - 0xB20 .text + UnwindInfo: .xdata
846C	1530	.pdata	ExceptionHook \| Pointer to 1530 - 0xB30 .text + UnwindInfo: .xdata
8478	1584	.pdata	ExceptionHook \| Pointer to 1584 - 0xB84 .text + UnwindInfo: .xdata
8484	15B0	.pdata	ExceptionHook \| Pointer to 15B0 - 0xBB0 .text + UnwindInfo: .xdata
8490	15F0	.pdata	ExceptionHook \| Pointer to 15F0 - 0xBF0 .text + UnwindInfo: .xdata
849C	1660	.pdata	ExceptionHook \| Pointer to 1660 - 0xC60 .text + UnwindInfo: .xdata
84A8	1680	.pdata	ExceptionHook \| Pointer to 1680 - 0xC80 .text + UnwindInfo: .xdata
84B4	1690	.pdata	ExceptionHook \| Pointer to 1690 - 0xC90 .text + UnwindInfo: .xdata
84C0	16C0	.pdata	ExceptionHook \| Pointer to 16C0 - 0xCC0 .text + UnwindInfo: .xdata
84CC	1750	.pdata	ExceptionHook \| Pointer to 1750 - 0xD50 .text + UnwindInfo: .xdata
84D8	1760	.pdata	ExceptionHook \| Pointer to 1760 - 0xD60 .text + UnwindInfo: .xdata
84E4	1860	.pdata	ExceptionHook \| Pointer to 1860 - 0xE60 .text + UnwindInfo: .xdata
84F0	1870	.pdata	ExceptionHook \| Pointer to 1870 - 0xE70 .text + UnwindInfo: .xdata
84FC	18E0	.pdata	ExceptionHook \| Pointer to 18E0 - 0xEE0 .text + UnwindInfo: .xdata
8508	1A50	.pdata	ExceptionHook \| Pointer to 1A50 - 0x1050 .text + UnwindInfo: .xdata
8514	1DB0	.pdata	ExceptionHook \| Pointer to 1DB0 - 0x13B0 .text + UnwindInfo: .xdata
8520	1DF0	.pdata	ExceptionHook \| Pointer to 1DF0 - 0x13F0 .text + UnwindInfo: .xdata
852C	1E00	.pdata	ExceptionHook \| Pointer to 1E00 - 0x1400 .text + UnwindInfo: .xdata
8538	1FA0	.pdata	ExceptionHook \| Pointer to 1FA0 - 0x15A0 .text + UnwindInfo: .xdata
8544	2010	.pdata	ExceptionHook \| Pointer to 2010 - 0x1610 .text + UnwindInfo: .xdata
8550	2080	.pdata	ExceptionHook \| Pointer to 2080 - 0x1680 .text + UnwindInfo: .xdata
855C	2110	.pdata	ExceptionHook \| Pointer to 2110 - 0x1710 .text + UnwindInfo: .xdata
8568	2210	.pdata	ExceptionHook \| Pointer to 2210 - 0x1810 .text + UnwindInfo: .xdata
8574	2240	.pdata	ExceptionHook \| Pointer to 2240 - 0x1840 .text + UnwindInfo: .xdata
8580	2290	.pdata	ExceptionHook \| Pointer to 2290 - 0x1890 .text + UnwindInfo: .xdata
858C	2330	.pdata	ExceptionHook \| Pointer to 2330 - 0x1930 .text + UnwindInfo: .xdata
8598	23B0	.pdata	ExceptionHook \| Pointer to 23B0 - 0x19B0 .text + UnwindInfo: .xdata
85A4	23F0	.pdata	ExceptionHook \| Pointer to 23F0 - 0x19F0 .text + UnwindInfo: .xdata
85B0	2470	.pdata	ExceptionHook \| Pointer to 2470 - 0x1A70 .text + UnwindInfo: .xdata
85BC	24B0	.pdata	ExceptionHook \| Pointer to 24B0 - 0x1AB0 .text + UnwindInfo: .xdata
85C8	2540	.pdata	ExceptionHook \| Pointer to 2540 - 0x1B40 .text + UnwindInfo: .xdata
85D4	2650	.pdata	ExceptionHook \| Pointer to 2650 - 0x1C50 .text + UnwindInfo: .xdata
85E0	26A0	.pdata	ExceptionHook \| Pointer to 26A0 - 0x1CA0 .text + UnwindInfo: .xdata
85EC	2790	.pdata	ExceptionHook \| Pointer to 2790 - 0x1D90 .text + UnwindInfo: .xdata
85F8	27F0	.pdata	ExceptionHook \| Pointer to 27F0 - 0x1DF0 .text + UnwindInfo: .xdata
8604	2980	.pdata	ExceptionHook \| Pointer to 2980 - 0x1F80 .text + UnwindInfo: .xdata
8610	2AD0	.pdata	ExceptionHook \| Pointer to 2AD0 - 0x20D0 .text + UnwindInfo: .xdata
861C	2B20	.pdata	ExceptionHook \| Pointer to 2B20 - 0x2120 .text + UnwindInfo: .xdata
8628	2BC0	.pdata	ExceptionHook \| Pointer to 2BC0 - 0x21C0 .text + UnwindInfo: .xdata
8634	3070	.pdata	ExceptionHook \| Pointer to 3070 - 0x2670 .text + UnwindInfo: .xdata
8640	3400	.pdata	ExceptionHook \| Pointer to 3400 - 0x2A00 .text + UnwindInfo: .xdata
864C	3550	.pdata	ExceptionHook \| Pointer to 3550 - 0x2B50 .text + UnwindInfo: .xdata
8658	3930	.pdata	ExceptionHook \| Pointer to 3930 - 0x2F30 .text + UnwindInfo: .xdata
8664	3A00	.pdata	ExceptionHook \| Pointer to 3A00 - 0x3000 .text + UnwindInfo: .xdata
8670	3AA0	.pdata	ExceptionHook \| Pointer to 3AA0 - 0x30A0 .text + UnwindInfo: .xdata
867C	3B80	.pdata	ExceptionHook \| Pointer to 3B80 - 0x3180 .text + UnwindInfo: .xdata
8688	3D00	.pdata	ExceptionHook \| Pointer to 3D00 - 0x3300 .text + UnwindInfo: .xdata
8694	41A0	.pdata	ExceptionHook \| Pointer to 41A0 - 0x37A0 .text + UnwindInfo: .xdata
86A0	4C70	.pdata	ExceptionHook \| Pointer to 4C70 - 0x4270 .text + UnwindInfo: .xdata
86AC	4CB0	.pdata	ExceptionHook \| Pointer to 4CB0 - 0x42B0 .text + UnwindInfo: .xdata
86B8	4D30	.pdata	ExceptionHook \| Pointer to 4D30 - 0x4330 .text + UnwindInfo: .xdata
86C4	4D60	.pdata	ExceptionHook \| Pointer to 4D60 - 0x4360 .text + UnwindInfo: .xdata
86D0	4EE0	.pdata	ExceptionHook \| Pointer to 4EE0 - 0x44E0 .text + UnwindInfo: .xdata
86DC	66C0	.pdata	ExceptionHook \| Pointer to 66C0 - 0x5CC0 .text + UnwindInfo: .xdata
86E8	67C0	.pdata	ExceptionHook \| Pointer to 67C0 - 0x5DC0 .text + UnwindInfo: .xdata
86F4	6800	.pdata	ExceptionHook \| Pointer to 6800 - 0x5E00 .text + UnwindInfo: .xdata
8700	68E0	.pdata	ExceptionHook \| Pointer to 68E0 - 0x5EE0 .text + UnwindInfo: .xdata
870C	6930	.pdata	ExceptionHook \| Pointer to 6930 - 0x5F30 .text + UnwindInfo: .xdata
8718	6A20	.pdata	ExceptionHook \| Pointer to 6A20 - 0x6020 .text + UnwindInfo: .xdata
8724	6A90	.pdata	ExceptionHook \| Pointer to 6A90 - 0x6090 .text + UnwindInfo: .xdata
8730	6B50	.pdata	ExceptionHook \| Pointer to 6B50 - 0x6150 .text + UnwindInfo: .xdata
873C	6C10	.pdata	ExceptionHook \| Pointer to 6C10 - 0x6210 .text + UnwindInfo: .xdata
8748	6D70	.pdata	ExceptionHook \| Pointer to 6D70 - 0x6370 .text + UnwindInfo: .xdata
8754	6EF0	.pdata	ExceptionHook \| Pointer to 6EF0 - 0x64F0 .text + UnwindInfo: .xdata
8760	7000	.pdata	ExceptionHook \| Pointer to 7000 - 0x6600 .text + UnwindInfo: .xdata
876C	7050	.pdata	ExceptionHook \| Pointer to 7050 - 0x6650 .text + UnwindInfo: .xdata
8778	7230	.pdata	ExceptionHook \| Pointer to 7230 - 0x6830 .text + UnwindInfo: .xdata
8784	7340	.pdata	ExceptionHook \| Pointer to 7340 - 0x6940 .text + UnwindInfo: .xdata
8790	7440	.pdata	ExceptionHook \| Pointer to 7440 - 0x6A40 .text + UnwindInfo: .xdata
879C	7470	.pdata	ExceptionHook \| Pointer to 7470 - 0x6A70 .text + UnwindInfo: .xdata
87A8	74A0	.pdata	ExceptionHook \| Pointer to 74A0 - 0x6AA0 .text + UnwindInfo: .xdata
87B4	74D0	.pdata	ExceptionHook \| Pointer to 74D0 - 0x6AD0 .text + UnwindInfo: .xdata
87C0	74E0	.pdata	ExceptionHook \| Pointer to 74E0 - 0x6AE0 .text + UnwindInfo: .xdata
87CC	74F0	.pdata	ExceptionHook \| Pointer to 74F0 - 0x6AF0 .text + UnwindInfo: .xdata
87D8	7500	.pdata	ExceptionHook \| Pointer to 7500 - 0x6B00 .text + UnwindInfo: .xdata
87E4	7570	.pdata	ExceptionHook \| Pointer to 7570 - 0x6B70 .text + UnwindInfo: .xdata
87F0	75D0	.pdata	ExceptionHook \| Pointer to 75D0 - 0x6BD0 .text + UnwindInfo: .xdata
87FC	75E0	.pdata	ExceptionHook \| Pointer to 75E0 - 0x6BE0 .text + UnwindInfo: .xdata
8808	75F0	.pdata	ExceptionHook \| Pointer to 75F0 - 0x6BF0 .text + UnwindInfo: .xdata
8814	7610	.pdata	ExceptionHook \| Pointer to 7610 - 0x6C10 .text + UnwindInfo: .xdata
8820	76A0	.pdata	ExceptionHook \| Pointer to 76A0 - 0x6CA0 .text + UnwindInfo: .xdata
882C	76E0	.pdata	ExceptionHook \| Pointer to 76E0 - 0x6CE0 .text + UnwindInfo: .xdata
8838	77E0	.pdata	ExceptionHook \| Pointer to 77E0 - 0x6DE0 .text + UnwindInfo: .xdata
8844	7940	.pdata	ExceptionHook \| Pointer to 7940 - 0x6F40 .text + UnwindInfo: .xdata
8850	79B0	.pdata	ExceptionHook \| Pointer to 79B0 - 0x6FB0 .text + UnwindInfo: .xdata
885C	7AC0	.pdata	ExceptionHook \| Pointer to 7AC0 - 0x70C0 .text + UnwindInfo: .xdata
8868	7C90	.pdata	ExceptionHook \| Pointer to 7C90 - 0x7290 .text + UnwindInfo: .xdata
31E00	N/A	Overlay	2E66696C6500000061000000FEFF000067016372 \| .file...a.......g.cr

Extra Analysis

Metric	Value	Percentage
Ascii Code	121285	49,3892%
Null Byte Code	71662	29,1819%
NOP Cave Found	0x9090909090	Block Count: 41 \| Total: 0,0417%

PESCAN.IO - Analysis Report Basic