PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 718,00 KB SHA-256 Hash: 690F6EFFC9D33DCD3EBBC21CDC407C0779C8D9565F37427F680ED7527D220BBA SHA-1 Hash: F5D16AD87497CFAF8B4895D268563AAED7DC8C35 MD5 Hash: 5FC128E59A93F26613D4903BBB1B9306 Imphash: 58BA06A9844C27B962C21E4940961254 MajorOSVersion: 6 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 8F1F0 SizeOfHeaders: 400 SizeOfImage: B9000 ImageBase: 0000000180000000 Architecture: x64 ImportTable: AA72C IAT: 96000 Characteristics: 2022 TimeDateStamp: 69B4258A Date: 13/03/2026 14:56:10 File Type: DLL Number Of Sections: 7 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, .msvcjmc, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 60000020 (Code, Executable, Readable) | 400 | 94600 | 1000 | 945D6 | 5,6937 | 7281321,72 |
| .rdata | 40000040 (Initialized Data, Readable) | 94A00 | 16A00 | 96000 | 16830 | 5,0919 | 3044306,73 |
| .data | C0000040 (Initialized Data, Readable, Writeable) | AB400 | 800 | AD000 | 9FC | 3,7703 | 145842,00 |
| .pdata | 40000040 (Initialized Data, Readable) | ABC00 | 7200 | AE000 | 7200 | 5,8610 | 632150,65 |
| .msvcjmc | C0000040 (Initialized Data, Readable, Writeable) | B2E00 | 400 | B6000 | 237 | 0,9917 | 131560,50 |
| .rsrc | 40000040 (Initialized Data, Readable) | B3200 | 200 | B7000 | F8 | 2,5313 | 61549,00 |
| .reloc | 42000040 (Initialized Data, GP-Relative, Readable) | B3400 | 400 | B8000 | 340 | 4,7536 | 19847,00 |
| Entry Point |
| The section number (1) have the Entry Point Information -> EntryPoint (calculated) - 8E5F0 Code -> 4C894424188954241048894C24084883EC28837C2438017506E812160000904C8B4424408B542438488B4C2430E8FEFDFFFF • MOV QWORD PTR [RSP + 0X18], R8 • MOV DWORD PTR [RSP + 0X10], EDX • MOV QWORD PTR [RSP + 8], RCX • SUB RSP, 0X28 • CMP DWORD PTR [RSP + 0X38], 1 • JNE 0X101F • CALL 0X2630 • NOP • MOV R8, QWORD PTR [RSP + 0X40] • MOV EDX, DWORD PTR [RSP + 0X38] • MOV RCX, QWORD PTR [RSP + 0X30] • CALL 0XE30 |
| Signatures |
| Rich Signature Analyzer: Code -> D1AFFF0595CE915695CE915695CE9156DE44925796CE9156DE4495579CCE9156DE4494578ECE9156DE44905793CE9156EC4F90579CCE915695CE90565CCE91561845995791CE9156184594579CCE915618456E5694CE91561845935794CE91565269636895CE9156 Footprint md5 Hash -> E0D9FC67970AF977484263AC0AC76980 • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Detect It Easy (die) • PE+(64): linker: Microsoft Linker(14.50**)[-] • Entropy: 5.81696 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | CreateToolhelp32Snapshot | Creates a snapshot of the specified processes, heaps, threads, and modules. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| ADVAPI32.DLL | RegSetValueExA | Sets the data and type of a specified value under a registry key. |
| Windows REG (UNICODE) |
| SOFTWARE\Wow6432Node\Microsoft\VisualStudio\14.0\Setup\VC |
| File Access |
| ucrtbased.dll VCRUNTIME140_1D.dll VCRUNTIME140D.dll MSVCP140D.dll ADVAPI32.dll USER32.dll KERNEL32.dll gdi32.dll ws2_32.dll comctl32.dll ntdll.dll .dat @.dat Temp |
| File Access (UNICODE) |
| advapi32.dll api-ms-win-core-registry-l1-1-0.dll VCRUNTIME140D.dll Stack around _alloca corruptedbin\amd64\MSPDB140.DLL |
| Interest's Words |
| exec attrib start systeminfo expand |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (recv) |
| Text | Ascii | WinAPI Sockets (send) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Anti-Analysis VM (CreateToolhelp32Snapshot) |
| Text | Ascii | Stealth (GetThreadContext) |
| Text | Ascii | Stealth (SetThreadContext) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Stealth (CreateRemoteThread) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Malware that monitors and collects user data (Spy) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 (DLL) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \24\2\1033 | B7060 | 91 | B3260 | 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779 | <?xml version='1.0' encoding='UTF-8' standalone='y |
| Intelligent String |
| • C:\Program Files\Microsoft Visual Studio\18\Community\VC\Tools\MSVC\14.50.35717\include\xmemorystring too longInvalid memory order • C:\Program Files\Microsoft Visual Studio\18\Community\VC\Tools\MSVC\14.50.35717\include\atomic • C:\Program Files\Microsoft Visual Studio\18\Community\VC\Tools\MSVC\14.50.35717\include\xutility • C:\Program Files\Microsoft Visual Studio\18\Community\VC\Tools\MSVC\14.50.35717\include\xstringnull pointer cannot point to a block of non-zero size • API : TaskDialogIndirect • C:\Program Files\Microsoft Visual Studio\18\Community\VC\Tools\MSVC\14.50.35717\include\deque • ntdll.dll • comctl32.dll • TaskDialogIndirect • ws2_32.dll • C:\Program Files\Microsoft Visual Studio\18\Community\VC\Tools\MSVC\14.50.35717\include\vector • C:\Program Files\Microsoft Visual Studio\18\Community\VC\Tools\MSVC\14.50.35717\include\algorithm • C:\Program Files\Microsoft Visual Studio\18\Community\VC\Tools\MSVC\14.50.35717\include\xlocnum:AM:am:PM:pm • bin\amd64\MSPDB140.DLL • VCRUNTIME140D.dll • api-ms-win-core-registry-l1-1-0.dll • advapi32.dll • C:\Amash\Programs\C++ projects\ProcSpy++\x64\Debug\SpyDll.pdb • .tls • .bss • KERNEL32.dll • ADVAPI32.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 101D | N/A | .text | CALL QWORD PTR [RIP+0x94455] |
| 1054 | N/A | .text | CALL QWORD PTR [RIP+0x94426] |
| 111C | N/A | .text | CALL QWORD PTR [RIP+0x9435E] |
| 11F8 | N/A | .text | CALL QWORD PTR [RIP+0x94382] |
| 1295 | N/A | .text | CALL QWORD PTR [RIP+0x942FD] |
| 12FC | N/A | .text | CALL QWORD PTR [RIP+0x94266] |
| 131F | N/A | .text | CALL QWORD PTR [RIP+0x94223] |
| 1338 | N/A | .text | CALL QWORD PTR [RIP+0x941C2] |
| 1348 | N/A | .text | CALL QWORD PTR [RIP+0x94202] |
| 1370 | N/A | .text | CALL QWORD PTR [RIP+0x94102] |
| 13AE | N/A | .text | CALL QWORD PTR [RIP+0x940CC] |
| 13DE | N/A | .text | CALL QWORD PTR [RIP+0x9415C] |
| 13EC | N/A | .text | CALL QWORD PTR [RIP+0x9417E] |
| 140E | N/A | .text | CALL QWORD PTR [RIP+0x94074] |
| 141E | N/A | .text | CALL QWORD PTR [RIP+0x940C4] |
| 1490 | N/A | .text | CALL QWORD PTR [RIP+0x940D2] |
| 14B7 | N/A | .text | CALL QWORD PTR [RIP+0x9408B] |
| 14D0 | N/A | .text | CALL QWORD PTR [RIP+0x9402A] |
| 14DC | N/A | .text | CALL QWORD PTR [RIP+0x9406E] |
| 1504 | N/A | .text | CALL QWORD PTR [RIP+0x93F6E] |
| 1537 | N/A | .text | CALL QWORD PTR [RIP+0x93F43] |
| 1562 | N/A | .text | CALL QWORD PTR [RIP+0x93FD8] |
| 1570 | N/A | .text | CALL QWORD PTR [RIP+0x93FFA] |
| 1590 | N/A | .text | CALL QWORD PTR [RIP+0x93EF2] |
| 159C | N/A | .text | CALL QWORD PTR [RIP+0x93F46] |
| 15DB | N/A | .text | CALL QWORD PTR [RIP+0x93FBF] |
| 15F3 | N/A | .text | CALL QWORD PTR [RIP+0x93F5F] |
| 1617 | N/A | .text | CALL QWORD PTR [RIP+0x93F63] |
| 16CD | N/A | .text | CALL QWORD PTR [RIP+0x93EC5] |
| 16EF | N/A | .text | CALL QWORD PTR [RIP+0x93DF3] |
| 17CC | N/A | .text | CALL QWORD PTR [RIP+0x93DCE] |
| 17DD | N/A | .text | CALL QWORD PTR [RIP+0x93D7D] |
| 17E6 | N/A | .text | CALL QWORD PTR [RIP+0x93CFC] |
| 17FF | N/A | .text | CALL QWORD PTR [RIP+0x93C83] |
| 186C | N/A | .text | CALL QWORD PTR [RIP+0x93CC6] |
| 18DC | N/A | .text | CALL QWORD PTR [RIP+0x93C56] |
| 18E2 | N/A | .text | CALL QWORD PTR [RIP+0x93C20] |
| 18F1 | N/A | .text | CALL QWORD PTR [RIP+0x93C99] |
| 1A0D | N/A | .text | CALL QWORD PTR [RIP+0x93A7D] |
| 1A56 | N/A | .text | CALL QWORD PTR [RIP+0x93AD4] |
| 1AD0 | N/A | .text | CALL QWORD PTR [RIP+0x939DA] |
| 1AEE | N/A | .text | CALL QWORD PTR [RIP+0x93994] |
| 1AFB | N/A | .text | CALL QWORD PTR [RIP+0x93A77] |
| 1BC3 | N/A | .text | CALL QWORD PTR [RIP+0x939DF] |
| 1C4D | N/A | .text | CALL QWORD PTR [RIP+0x9395D] |
| 1C8D | N/A | .text | CALL QWORD PTR [RIP+0x93815] |
| 1CEA | N/A | .text | CALL QWORD PTR [RIP+0x938C0] |
| 1D39 | N/A | .text | CALL QWORD PTR [RIP+0x93769] |
| 1DEB | N/A | .text | CALL QWORD PTR [RIP+0x545C766] |
| 1DFF | N/A | .text | JMP QWORD PTR [RIP+0xE145C7] |
| 1E16 | N/A | .text | JMP QWORD PTR [RIP+0xF745C748] |
| 2114 | N/A | .text | CALL QWORD PTR [RIP+0x9335E] |
| 2160 | N/A | .text | CALL QWORD PTR [RIP+0x9331A] |
| 235A | N/A | .text | CALL QWORD PTR [RIP+0x93120] |
| 2628 | N/A | .text | CALL QWORD PTR [RIP+0x92F5A] |
| 2640 | N/A | .text | CALL QWORD PTR [RIP+0x92DEA] |
| 2688 | N/A | .text | CALL QWORD PTR [RIP+0x92EFA] |
| 26A0 | N/A | .text | CALL QWORD PTR [RIP+0x92D8A] |
| 2801 | N/A | .text | CALL QWORD PTR [RIP+0xEF458948] |
| 2839 | N/A | .text | JMP QWORD PTR [RIP+0xD745C748] |
| 2841 | N/A | .text | JMP QWORD PTR [RIP+0x8A4103EB] |
| 2B48 | N/A | .text | CALL QWORD PTR [RIP+0x92962] |
| 2B8F | N/A | .text | CALL QWORD PTR [RIP+0x92A1B] |
| 2C03 | N/A | .text | CALL QWORD PTR [RIP+0x929A7] |
| 2C5B | N/A | .text | CALL QWORD PTR [RIP+0x92947] |
| 2CF4 | N/A | .text | CALL QWORD PTR [RIP+0x927AE] |
| 2D38 | N/A | .text | CALL QWORD PTR [RIP+0x9276A] |
| 2E19 | N/A | .text | CALL QWORD PTR [RIP+0x92691] |
| 2E33 | N/A | .text | CALL QWORD PTR [RIP+0x92777] |
| 38B4 | N/A | .text | CALL QWORD PTR [RIP+0x91DD6] |
| 38DD | N/A | .text | CALL QWORD PTR [RIP+0x91DAD] |
| 3907 | N/A | .text | CALL QWORD PTR [RIP+0x91D83] |
| 397D | N/A | .text | CALL QWORD PTR [RIP+0x91CFD] |
| 39C7 | N/A | .text | CALL QWORD PTR [RIP+0x91D63] |
| 39F2 | N/A | .text | CALL QWORD PTR [RIP+0x91D40] |
| 3A0C | N/A | .text | CALL QWORD PTR [RIP+0x91C9E] |
| 3A7B | N/A | .text | CALL QWORD PTR [RIP+0x91CAF] |
| 3A9A | N/A | .text | CALL QWORD PTR [RIP+0x91C18] |
| 3AFD | N/A | .text | CALL QWORD PTR [RIP+0x91C2D] |
| 3B28 | N/A | .text | CALL QWORD PTR [RIP+0x91C0A] |
| 3B42 | N/A | .text | CALL QWORD PTR [RIP+0x91B68] |
| 3BB8 | N/A | .text | CALL QWORD PTR [RIP+0x91ADA] |
| 3BF0 | N/A | .text | CALL QWORD PTR [RIP+0x91B2A] |
| 3EB8 | N/A | .text | CALL QWORD PTR [RIP+0x91B8A] |
| 41A3 | N/A | .text | CALL QWORD PTR [RIP+0x9189F] |
| 5089 | N/A | .text | CALL QWORD PTR [RIP+0x90601] |
| 50B2 | N/A | .text | CALL QWORD PTR [RIP+0x905D8] |
| 50E9 | N/A | .text | CALL QWORD PTR [RIP+0x905A1] |
| 5147 | N/A | .text | CALL QWORD PTR [RIP+0x90533] |
| 5191 | N/A | .text | CALL QWORD PTR [RIP+0x90599] |
| 51BC | N/A | .text | CALL QWORD PTR [RIP+0x90576] |
| 51D6 | N/A | .text | CALL QWORD PTR [RIP+0x904D4] |
| 5245 | N/A | .text | CALL QWORD PTR [RIP+0x904E5] |
| 5267 | N/A | .text | CALL QWORD PTR [RIP+0x9044B] |
| 52C8 | N/A | .text | CALL QWORD PTR [RIP+0x90462] |
| 52F3 | N/A | .text | CALL QWORD PTR [RIP+0x9043F] |
| 530D | N/A | .text | CALL QWORD PTR [RIP+0x9039D] |
| 5383 | N/A | .text | CALL QWORD PTR [RIP+0x9030F] |
| 53BB | N/A | .text | CALL QWORD PTR [RIP+0x9035F] |
| 6B38 | N/A | .text | CALL QWORD PTR [RIP+0x8ED32] |
| ABC00 | 1000 | .pdata | ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata |
| ABC0C | 1060 | .pdata | ExceptionHook | Pointer to 1060 - 0x460 .text + UnwindInfo: .rdata |
| ABC18 | 10C0 | .pdata | ExceptionHook | Pointer to 10C0 - 0x4C0 .text + UnwindInfo: .rdata |
| ABC24 | 13E0 | .pdata | ExceptionHook | Pointer to 13E0 - 0x7E0 .text + UnwindInfo: .rdata |
| ABC30 | 1440 | .pdata | ExceptionHook | Pointer to 1440 - 0x840 .text + UnwindInfo: .rdata |
| ABC3C | 1760 | .pdata | ExceptionHook | Pointer to 1760 - 0xB60 .text + UnwindInfo: .rdata |
| ABC48 | 1A80 | .pdata | ExceptionHook | Pointer to 1A80 - 0xE80 .text + UnwindInfo: .rdata |
| ABC54 | 1AE0 | .pdata | ExceptionHook | Pointer to 1AE0 - 0xEE0 .text + UnwindInfo: .rdata |
| ABC60 | 1B40 | .pdata | ExceptionHook | Pointer to 1B40 - 0xF40 .text + UnwindInfo: .rdata |
| ABC6C | 1BA0 | .pdata | ExceptionHook | Pointer to 1BA0 - 0xFA0 .text + UnwindInfo: .rdata |
| ABC78 | 1BF4 | .pdata | ExceptionHook | Pointer to 1BF4 - 0xFF4 .text + UnwindInfo: .rdata |
| ABC84 | 1C98 | .pdata | ExceptionHook | Pointer to 1C98 - 0x1098 .text + UnwindInfo: .rdata |
| ABC90 | 1DBC | .pdata | ExceptionHook | Pointer to 1DBC - 0x11BC .text + UnwindInfo: .rdata |
| ABC9C | 1ED4 | .pdata | ExceptionHook | Pointer to 1ED4 - 0x12D4 .text + UnwindInfo: .rdata |
| ABCA8 | 2048 | .pdata | ExceptionHook | Pointer to 2048 - 0x1448 .text + UnwindInfo: .rdata |
| ABCB4 | 239C | .pdata | ExceptionHook | Pointer to 239C - 0x179C .text + UnwindInfo: .rdata |
| ABCC0 | 2418 | .pdata | ExceptionHook | Pointer to 2418 - 0x1818 .text + UnwindInfo: .rdata |
| ABCCC | 2528 | .pdata | ExceptionHook | Pointer to 2528 - 0x1928 .text + UnwindInfo: .rdata |
| ABCD8 | 25F0 | .pdata | ExceptionHook | Pointer to 25F0 - 0x19F0 .text + UnwindInfo: .rdata |
| ABCE4 | 263C | .pdata | ExceptionHook | Pointer to 263C - 0x1A3C .text + UnwindInfo: .rdata |
| ABCF0 | 2684 | .pdata | ExceptionHook | Pointer to 2684 - 0x1A84 .text + UnwindInfo: .rdata |
| ABCFC | 2740 | .pdata | ExceptionHook | Pointer to 2740 - 0x1B40 .text + UnwindInfo: .rdata |
| ABD08 | 2E54 | .pdata | ExceptionHook | Pointer to 2E54 - 0x2254 .text + UnwindInfo: .rdata |
| ABD14 | 2F9C | .pdata | ExceptionHook | Pointer to 2F9C - 0x239C .text + UnwindInfo: .rdata |
| ABD20 | 306C | .pdata | ExceptionHook | Pointer to 306C - 0x246C .text + UnwindInfo: .rdata |
| ABD2C | 312C | .pdata | ExceptionHook | Pointer to 312C - 0x252C .text + UnwindInfo: .rdata |
| ABD38 | 3210 | .pdata | ExceptionHook | Pointer to 3210 - 0x2610 .text + UnwindInfo: .rdata |
| ABD44 | 3270 | .pdata | ExceptionHook | Pointer to 3270 - 0x2670 .text + UnwindInfo: .rdata |
| ABD50 | 33D4 | .pdata | ExceptionHook | Pointer to 33D4 - 0x27D4 .text + UnwindInfo: .rdata |
| ABD5C | 3720 | .pdata | ExceptionHook | Pointer to 3720 - 0x2B20 .text + UnwindInfo: .rdata |
| ABD68 | 375C | .pdata | ExceptionHook | Pointer to 375C - 0x2B5C .text + UnwindInfo: .rdata |
| ABD74 | 37D0 | .pdata | ExceptionHook | Pointer to 37D0 - 0x2BD0 .text + UnwindInfo: .rdata |
| ABD80 | 3848 | .pdata | ExceptionHook | Pointer to 3848 - 0x2C48 .text + UnwindInfo: .rdata |
| ABD8C | 3998 | .pdata | ExceptionHook | Pointer to 3998 - 0x2D98 .text + UnwindInfo: .rdata |
| ABD98 | 39BC | .pdata | ExceptionHook | Pointer to 39BC - 0x2DBC .text + UnwindInfo: .rdata |
| ABDA4 | 3A24 | .pdata | ExceptionHook | Pointer to 3A24 - 0x2E24 .text + UnwindInfo: .rdata |
| ABDB0 | 3A58 | .pdata | ExceptionHook | Pointer to 3A58 - 0x2E58 .text + UnwindInfo: .rdata |
| ABDBC | 40C0 | .pdata | ExceptionHook | Pointer to 40C0 - 0x34C0 .text + UnwindInfo: .rdata |
| ABDC8 | 4120 | .pdata | ExceptionHook | Pointer to 4120 - 0x3520 .text + UnwindInfo: .rdata |
| ABDD4 | 4180 | .pdata | ExceptionHook | Pointer to 4180 - 0x3580 .text + UnwindInfo: .rdata |
| ABDE0 | 41D0 | .pdata | ExceptionHook | Pointer to 41D0 - 0x35D0 .text + UnwindInfo: .rdata |
| ABDEC | 4210 | .pdata | ExceptionHook | Pointer to 4210 - 0x3610 .text + UnwindInfo: .rdata |
| ABDF8 | 42F0 | .pdata | ExceptionHook | Pointer to 42F0 - 0x36F0 .text + UnwindInfo: .rdata |
| ABE04 | 4340 | .pdata | ExceptionHook | Pointer to 4340 - 0x3740 .text + UnwindInfo: .rdata |
| ABE10 | 4380 | .pdata | ExceptionHook | Pointer to 4380 - 0x3780 .text + UnwindInfo: .rdata |
| ABE1C | 43C0 | .pdata | ExceptionHook | Pointer to 43C0 - 0x37C0 .text + UnwindInfo: .rdata |
| ABE28 | 4430 | .pdata | ExceptionHook | Pointer to 4430 - 0x3830 .text + UnwindInfo: .rdata |
| ABE34 | 4850 | .pdata | ExceptionHook | Pointer to 4850 - 0x3C50 .text + UnwindInfo: .rdata |
| ABE40 | 48D0 | .pdata | ExceptionHook | Pointer to 48D0 - 0x3CD0 .text + UnwindInfo: .rdata |
| ABE4C | 4950 | .pdata | ExceptionHook | Pointer to 4950 - 0x3D50 .text + UnwindInfo: .rdata |
| ABE58 | 4A50 | .pdata | ExceptionHook | Pointer to 4A50 - 0x3E50 .text + UnwindInfo: .rdata |
| ABE64 | 4AE0 | .pdata | ExceptionHook | Pointer to 4AE0 - 0x3EE0 .text + UnwindInfo: .rdata |
| ABE70 | 4B70 | .pdata | ExceptionHook | Pointer to 4B70 - 0x3F70 .text + UnwindInfo: .rdata |
| ABE7C | 4BF0 | .pdata | ExceptionHook | Pointer to 4BF0 - 0x3FF0 .text + UnwindInfo: .rdata |
| ABE88 | 4C40 | .pdata | ExceptionHook | Pointer to 4C40 - 0x4040 .text + UnwindInfo: .rdata |
| ABE94 | 4D20 | .pdata | ExceptionHook | Pointer to 4D20 - 0x4120 .text + UnwindInfo: .rdata |
| ABEA0 | 4E10 | .pdata | ExceptionHook | Pointer to 4E10 - 0x4210 .text + UnwindInfo: .rdata |
| ABEAC | 4F30 | .pdata | ExceptionHook | Pointer to 4F30 - 0x4330 .text + UnwindInfo: .rdata |
| ABEB8 | 5010 | .pdata | ExceptionHook | Pointer to 5010 - 0x4410 .text + UnwindInfo: .rdata |
| ABEC4 | 5050 | .pdata | ExceptionHook | Pointer to 5050 - 0x4450 .text + UnwindInfo: .rdata |
| ABED0 | 5280 | .pdata | ExceptionHook | Pointer to 5280 - 0x4680 .text + UnwindInfo: .rdata |
| ABEDC | 54B0 | .pdata | ExceptionHook | Pointer to 54B0 - 0x48B0 .text + UnwindInfo: .rdata |
| ABEE8 | 5540 | .pdata | ExceptionHook | Pointer to 5540 - 0x4940 .text + UnwindInfo: .rdata |
| ABEF4 | 55D0 | .pdata | ExceptionHook | Pointer to 55D0 - 0x49D0 .text + UnwindInfo: .rdata |
| ABF00 | 5660 | .pdata | ExceptionHook | Pointer to 5660 - 0x4A60 .text + UnwindInfo: .rdata |
| ABF0C | 56A0 | .pdata | ExceptionHook | Pointer to 56A0 - 0x4AA0 .text + UnwindInfo: .rdata |
| ABF18 | 5720 | .pdata | ExceptionHook | Pointer to 5720 - 0x4B20 .text + UnwindInfo: .rdata |
| ABF24 | 5770 | .pdata | ExceptionHook | Pointer to 5770 - 0x4B70 .text + UnwindInfo: .rdata |
| ABF30 | 57C0 | .pdata | ExceptionHook | Pointer to 57C0 - 0x4BC0 .text + UnwindInfo: .rdata |
| ABF3C | 57F0 | .pdata | ExceptionHook | Pointer to 57F0 - 0x4BF0 .text + UnwindInfo: .rdata |
| ABF48 | 5820 | .pdata | ExceptionHook | Pointer to 5820 - 0x4C20 .text + UnwindInfo: .rdata |
| ABF54 | 5880 | .pdata | ExceptionHook | Pointer to 5880 - 0x4C80 .text + UnwindInfo: .rdata |
| ABF60 | 58D0 | .pdata | ExceptionHook | Pointer to 58D0 - 0x4CD0 .text + UnwindInfo: .rdata |
| ABF6C | 5910 | .pdata | ExceptionHook | Pointer to 5910 - 0x4D10 .text + UnwindInfo: .rdata |
| ABF78 | 5970 | .pdata | ExceptionHook | Pointer to 5970 - 0x4D70 .text + UnwindInfo: .rdata |
| ABF84 | 59B0 | .pdata | ExceptionHook | Pointer to 59B0 - 0x4DB0 .text + UnwindInfo: .rdata |
| ABF90 | 5C10 | .pdata | ExceptionHook | Pointer to 5C10 - 0x5010 .text + UnwindInfo: .rdata |
| ABF9C | 6010 | .pdata | ExceptionHook | Pointer to 6010 - 0x5410 .text + UnwindInfo: .rdata |
| ABFA8 | 6130 | .pdata | ExceptionHook | Pointer to 6130 - 0x5530 .text + UnwindInfo: .rdata |
| ABFB4 | 6220 | .pdata | ExceptionHook | Pointer to 6220 - 0x5620 .text + UnwindInfo: .rdata |
| ABFC0 | 6340 | .pdata | ExceptionHook | Pointer to 6340 - 0x5740 .text + UnwindInfo: .rdata |
| ABFCC | 6380 | .pdata | ExceptionHook | Pointer to 6380 - 0x5780 .text + UnwindInfo: .rdata |
| ABFD8 | 63B0 | .pdata | ExceptionHook | Pointer to 63B0 - 0x57B0 .text + UnwindInfo: .rdata |
| ABFE4 | 6540 | .pdata | ExceptionHook | Pointer to 6540 - 0x5940 .text + UnwindInfo: .rdata |
| ABFF0 | 6760 | .pdata | ExceptionHook | Pointer to 6760 - 0x5B60 .text + UnwindInfo: .rdata |
| ABFFC | 69A0 | .pdata | ExceptionHook | Pointer to 69A0 - 0x5DA0 .text + UnwindInfo: .rdata |
| AC008 | 69F0 | .pdata | ExceptionHook | Pointer to 69F0 - 0x5DF0 .text + UnwindInfo: .rdata |
| AC014 | 6A40 | .pdata | ExceptionHook | Pointer to 6A40 - 0x5E40 .text + UnwindInfo: .rdata |
| AC020 | 6BF0 | .pdata | ExceptionHook | Pointer to 6BF0 - 0x5FF0 .text + UnwindInfo: .rdata |
| AC02C | 6C70 | .pdata | ExceptionHook | Pointer to 6C70 - 0x6070 .text + UnwindInfo: .rdata |
| AC038 | 6CF0 | .pdata | ExceptionHook | Pointer to 6CF0 - 0x60F0 .text + UnwindInfo: .rdata |
| AC044 | 6D30 | .pdata | ExceptionHook | Pointer to 6D30 - 0x6130 .text + UnwindInfo: .rdata |
| AC050 | 6D70 | .pdata | ExceptionHook | Pointer to 6D70 - 0x6170 .text + UnwindInfo: .rdata |
| AC05C | 6DB0 | .pdata | ExceptionHook | Pointer to 6DB0 - 0x61B0 .text + UnwindInfo: .rdata |
| AC068 | 6DF0 | .pdata | ExceptionHook | Pointer to 6DF0 - 0x61F0 .text + UnwindInfo: .rdata |
| AC074 | 6E30 | .pdata | ExceptionHook | Pointer to 6E30 - 0x6230 .text + UnwindInfo: .rdata |
| AC080 | 6E70 | .pdata | ExceptionHook | Pointer to 6E70 - 0x6270 .text + UnwindInfo: .rdata |
| AC08C | 6EB0 | .pdata | ExceptionHook | Pointer to 6EB0 - 0x62B0 .text + UnwindInfo: .rdata |
| AC098 | 6EF0 | .pdata | ExceptionHook | Pointer to 6EF0 - 0x62F0 .text + UnwindInfo: .rdata |
| AC0A4 | 6F30 | .pdata | ExceptionHook | Pointer to 6F30 - 0x6330 .text + UnwindInfo: .rdata |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 400515 | 54,4746% |
| Null Byte Code | 149175 | 20,2895% |
© 2026 All rights reserved.