PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 27,50 KB
SHA-256 Hash: 5F00FFD51224927EB0E91A6AA159A40036A5876EFDF8494303A07519D873064B
SHA-1 Hash: BE4F79176BF2800D49968B059A65C1720C50C84C
MD5 Hash: 57BFF71A6E5D2268D67A7D141371CBCA
Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 83DA
SizeOfHeaders: 200
SizeOfImage: E000
ImageBase: 400000
Architecture: x86
ImportTable: 8385
IAT: 2000
Characteristics: 22
TimeDateStamp: FA4DD504
Date: 28/01/2103 5:20:04
File Type: EXE
Number Of Sections: 3
ASLR: Disabled
Section Names: .text, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60000020 (Code, Executable, Readable) 200 6400 2000 63E05,5634609127,24
.rsrc 40000040 (Initialized Data, Readable) 6600 600 A000 5DC4,116574479,67
.reloc 42000040 (Initialized Data, GP-Relative, Readable) 6C00 200 C000 C0,0815128522,00
Description
OriginalFilename: Camera Renamer.exe
LegalCopyright: Copyright 2026
ProductName: Camera Renamer
FileVersion: 1.0.0.0
FileDescription: Camera Renamer
ProductVersion: 1.0.0.0
Language: Unknown (ID=0x0)
CodePage: Unicode (UTF-16 LE) (0x4B0)
Entry Point
The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 65DA
Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
JMP DWORD PTR [0X402000]
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
Signatures
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
AnyCPU: False
Version: v4.0
Detect It Easy (die)
PE: library: .NET(v4.0.30319)[-]
PE: linker: Microsoft Linker(48.0)[-]
Entropy: 5.40977
Windows REG (UNICODE)
SYSTEM\CurrentControlSet\Enum\
SYSTEM\CurrentControlSet\Control\DeviceClasses\
File Access
Camera Renamer.exe
mscoree.dll
File Access (UNICODE)
Camera Renamer.exe
explorer.exe
reg.exe
SQL Queries
SELECT * FROM Win32_PnPEntity WHERE PNPClass='Camera' OR PNPClass='Image'Name
Interest's Words
exec
attrib
start
replace
Interest's Words (UNICODE)
start
IP Addresses
11.0.0.0
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Unicode WinAPI Sockets (connect)
Text Ascii WinAPI Sockets (send)
Text Ascii Execution (ShellExecute)
Text Ascii Malicious rerouting of traffic to an attacker-controlled site (Redirect)
Entry Point Hex Pattern Microsoft Visual Studio .NET
Entry Point Hex Pattern .NET executable
Resources
Path DataRVA Size FileOffset CodeText
\VERSION\1\0 A090 34C 6690 4C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\0 A3EC 1EA 69EC EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65...<?xml version="1.0" encoding="UTF-8" standalone
Intelligent String
• 1.0.0.0
• Camera Renamer.exe
• 5\GLOBAL\Device Parameters
• reg.exe
• !backup_path1.reg
• !backup_path2.reg
• 3backup_device_manager.reg
• explorer.exe
• _CorExeMainmscoree.dll
Flow Anomalies
Offset RVA Section Description
65DA 402000 .text JMP [static] | Indirect jump to absolute memory address
Extra Analysis
Metric Value Percentage
Ascii Code 15455 54,8828%
Null Byte Code 9149 32,4893%
© 2026 All rights reserved.