PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Size: 506,96 KB
SHA-256 Hash: 248D491F89A10EC3289EC4CA448B19384464329C442BAC395F680C4F3A345C8C
SHA-1 Hash: 69B8ECF6B7CDE185DAED76D66100B6A31FD1A668
MD5 Hash: 689FF2C6F94E31ABBA1DDEBF68BE810E
Imphash: E925C3C5D8AB310DF586608885AEA0E7
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00088FC2
EntryPoint (rva): 14C0
SizeOfHeaders: 600
SizeOfImage: 87000
ImageBase: 0000000000400000
Architecture: x64
ImportTable: 38000
IAT: 38288
Characteristics: 27
TimeDateStamp: 613E2B11
Date: 12/09/2021 16:30:09
File Type: DLL
Number Of Sections: 18
ASLR: Disabled
Section Names (Optional Header): .text, .data, .rdata, .pdata, .xdata, .bss, .idata, .CRT, .tls, .rsrc, /4, /19, /31, /45, /57, /70, /81, /92
Number Of Executable Sections: 1
Subsystem: Windows GUI

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60500060 Code Initialized Data Executable Readable	600	15600	1000	15558	6.2567	697763.21
.data	0xC0500040 Initialized Data Readable Writeable	15C00	200	17000	D0	0.8333	106372
.rdata	0x40600040 Initialized Data Readable	15E00	4400	18000	43E0	4.3384	872561.03
.pdata	0x40300040 Initialized Data Readable	1A200	1C00	1D000	1BFC	5.241	281052.64
.xdata	0x40300040 Initialized Data Readable	1BE00	1800	1F000	172C	4.0161	172592.67
.bss	0xC0600080 Uninitialized Data Readable Writeable	0	0	21000	16C38	N/A	N/A
.idata	0xC0300040 Initialized Data Readable Writeable	1D600	A00	38000	9F4	4.3211	111627.2
.CRT	0xC0400040 Initialized Data Readable Writeable	1E000	200	39000	68	0.2804	123007
.tls	0xC0400040 Initialized Data Readable Writeable	1E200	200	3A000	10	0	130560
.rsrc	0xC0300040 Initialized Data Readable Writeable	1E400	400	3B000	228	3.4104	76438
/4	0x42100040 Initialized Data GP-Relative Readable	1E800	600	3C000	480	1.3876	281557.33
/19	0x42100040 Initialized Data GP-Relative Readable	1EE00	3BA00	3D000	3B9A1	6.0041	1745552.62
/31	0x42100040 Initialized Data GP-Relative Readable	5A800	2800	79000	272A	4.621	200272.9
/45	0x42100040 Initialized Data GP-Relative Readable	5D000	3200	7C000	3178	5.4183	145751.88
/57	0x42400040 Initialized Data GP-Relative Readable	60200	C00	80000	A28	3.7306	207891.5
/70	0x42100040 Initialized Data GP-Relative Readable	60E00	800	81000	73B	4.6132	30394.75
/81	0x42100040 Initialized Data GP-Relative Readable	61600	3200	82000	3070	2.1752	1881105.28
/92	0x42100040 Initialized Data GP-Relative Readable	64800	600	86000	4F0	1.3765	287080.33

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - AC0
Code -> 4883EC28488B05C5A60100C70001000000E80A390100E8A5FCFFFF90904883C428C366662E0F1F8400000000000F1F004883

Assembler

|SUB RSP, 0X28

|MOV RAX, QWORD PTR [RIP + 0X1A6C5]

|MOV DWORD PTR [RAX], 1

|CALL 0X14920

|CALL 0XCC0

|NOP

|ADD RSP, 0X28

|RET

|NOP WORD PTR CS:[RAX + RAX]

|NOP DWORD PTR [RAX]

Signatures

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Detect It Easy (die)
• PE+(64): compiler: Nim(-)[-]
• PE+(64): linker: GNU linker ld (GNU Binutils)(2.34)[-]
• Entropy: 6.0574

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	VirtualAlloc	Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryA	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
Ws2_32.DLL	socket	Create a communication endpoint for networking applications.
Ws2_32.DLL	connect	Establish a connection to a specified socket.

File Access

@/msdcorelib.exe
@\mscordll.exe
USER32.dll
msvcrt.dll
KERNEL32.dll
@Ws2_32.dll
.dat
Temp
AppData
UserProfile

Interest's Words

PassWord
exec
attrib
start
hostname
shutdown
perfmon
ping

URLs

http://serv1.ec2-102-95-13-2-ubuntu.local

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (bind)
Text	Ascii	WinAPI Sockets (listen)
Text	Ascii	WinAPI Sockets (accept)
Text	Ascii	WinAPI Sockets (connect)
Text	Ascii	WinAPI Sockets (recv)
Text	Ascii	WinAPI Sockets (send)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (VirtualAlloc)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Execution (CreateProcessW)
Text	Ascii	Keyboard Key (RBUTTON)
Text	Ascii	Keyboard Key (Scroll)
Text	Ascii	Malware that monitors and collects user data (Spy)
Text	Ascii	Unauthorized movement of funds or data (Transfer)
Text	Ascii	Malicious rerouting of traffic to an attacker-controlled site (Redirect)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\24\1\1033	3B058	1CA	1E458	3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279	<?xml version="1.0" encoding="UTF-8" standalone="y

Intelligent String

• .bss
• .tls
• @0@.bss
• .CRT
• @Ws2_32.dll
• @\\.\pipe\stdin
• @\\.\pipe\stdout
• @\mscordll.exe
• http://serv1.ec2-102-95-13-2-ubuntu.local
• KERNEL32.dll
• msvcrt.dll
• USER32.dll
• 0.wOA
• .rva

Flow Anomalies

Offset	RVA	Section	Description
858	N/A	.text	CALL QWORD PTR [RIP+0x370BA]
A63	N/A	.text	CALL QWORD PTR [RIP+0x36E57]
12B8	N/A	.text	JMP QWORD PTR [RIP+0x3672A]
195B	N/A	.text	CALL QWORD PTR [RIP+0x14D0F]
1990	N/A	.text	CALL QWORD PTR [RIP+0x35FAA]
1B7B	N/A	.text	CALL QWORD PTR [RIP+0x35DBF]
271D	N/A	.text	CALL QWORD PTR [RIP+0x35225]
42D4	N/A	.text	JMP QWORD PTR [RIP+0x337D6]
42FB	N/A	.text	JMP QWORD PTR [RIP+0x29C57]
43D6	N/A	.text	CALL QWORD PTR [RIP+0x336C4]
4578	N/A	.text	CALL QWORD PTR [RIP+0x2A59A]
499F	N/A	.text	CALL QWORD PTR [RIP+0x11CCB]
4ADA	N/A	.text	JMP QWORD PTR [RIP+0x32E08]
4BB1	N/A	.text	CALL QWORD PTR [RIP+0x32EF9]
5171	N/A	.text	CALL QWORD PTR [RIP+0x114F9]
7EBA	N/A	.text	JMP QWORD PTR [RIP+0x2FA28]
7EC1	N/A	.text	JMP QWORD PTR [RIP+0x2F9F1]
7F39	N/A	.text	CALL QWORD PTR [RIP+0x2DD01]
C452	N/A	.text	CALL QWORD PTR [RIP+0x2A268]
C50E	N/A	.text	CALL QWORD PTR [RIP+0x2A1BC]
13815	N/A	.text	CALL QWORD PTR [RIP+0x239AD]
13866	N/A	.text	CALL QWORD PTR [RIP+0x2395C]
143C1	N/A	.text	JMP QWORD PTR [RIP+0x235C1]
14425	N/A	.text	CALL QWORD PTR [RIP+0x2349D]
14430	N/A	.text	CALL QWORD PTR [RIP+0x2346A]
14438	N/A	.text	CALL QWORD PTR [RIP+0x2346A]
14440	N/A	.text	CALL QWORD PTR [RIP+0x2348A]
1444E	N/A	.text	CALL QWORD PTR [RIP+0x2349C]
144D4	N/A	.text	CALL QWORD PTR [RIP+0x23426]
144EB	N/A	.text	CALL QWORD PTR [RIP+0x23417]
1452D	N/A	.text	CALL QWORD PTR [RIP+0x233DD]
14571	N/A	.text	CALL QWORD PTR [RIP+0x233A1]
1457E	N/A	.text	CALL QWORD PTR [RIP+0x233B4]
14584	N/A	.text	CALL QWORD PTR [RIP+0x2330E]
14592	N/A	.text	CALL QWORD PTR [RIP+0x23390]
148B9	N/A	.text	CALL QWORD PTR [RIP+0x23099]
14992	N/A	.text	CALL QWORD PTR [RIP+0x22FB8]
149A0	N/A	.text	CALL QWORD PTR [RIP+0x22F0A]
1501F	N/A	.text	CALL QWORD PTR [RIP+0x228D3]
151F0	N/A	.text	CALL QWORD PTR [RIP+0x2269A]
15245	N/A	.text	JMP QWORD PTR [RIP+0x22695]
15294	N/A	.text	CALL QWORD PTR [RIP+0x225F6]
152B3	N/A	.text	CALL QWORD PTR [RIP+0x22627]
152F7	N/A	.text	CALL QWORD PTR [RIP+0x22593]
1533A	N/A	.text	CALL QWORD PTR [RIP+0x225A0]
153B7	N/A	.text	CALL QWORD PTR [RIP+0x2251B]
1541D	N/A	.text	CALL QWORD PTR [RIP+0x22465]
15860	N/A	.text	JMP QWORD PTR [RIP+0x2223A]
15868	N/A	.text	JMP QWORD PTR [RIP+0x2222A]
15870	N/A	.text	JMP QWORD PTR [RIP+0x2221A]
15878	N/A	.text	JMP QWORD PTR [RIP+0x2220A]
15880	N/A	.text	JMP QWORD PTR [RIP+0x221FA]
15888	N/A	.text	JMP QWORD PTR [RIP+0x221EA]
15890	N/A	.text	JMP QWORD PTR [RIP+0x221DA]
15898	N/A	.text	JMP QWORD PTR [RIP+0x221CA]
158A0	N/A	.text	JMP QWORD PTR [RIP+0x221BA]
158A8	N/A	.text	JMP QWORD PTR [RIP+0x221AA]
158B0	N/A	.text	JMP QWORD PTR [RIP+0x2219A]
158B8	N/A	.text	JMP QWORD PTR [RIP+0x2218A]
158C0	N/A	.text	JMP QWORD PTR [RIP+0x2217A]
158C8	N/A	.text	JMP QWORD PTR [RIP+0x2216A]
158D0	N/A	.text	JMP QWORD PTR [RIP+0x2215A]
158D8	N/A	.text	JMP QWORD PTR [RIP+0x2214A]
158E0	N/A	.text	JMP QWORD PTR [RIP+0x2213A]
158E8	N/A	.text	JMP QWORD PTR [RIP+0x2212A]
158F0	N/A	.text	JMP QWORD PTR [RIP+0x2211A]
158F8	N/A	.text	JMP QWORD PTR [RIP+0x2210A]
15900	N/A	.text	JMP QWORD PTR [RIP+0x220FA]
15908	N/A	.text	JMP QWORD PTR [RIP+0x220EA]
15910	N/A	.text	JMP QWORD PTR [RIP+0x220DA]
15918	N/A	.text	JMP QWORD PTR [RIP+0x220CA]
15920	N/A	.text	JMP QWORD PTR [RIP+0x220BA]
15928	N/A	.text	JMP QWORD PTR [RIP+0x220AA]
15930	N/A	.text	JMP QWORD PTR [RIP+0x2209A]
15938	N/A	.text	JMP QWORD PTR [RIP+0x2208A]
15940	N/A	.text	JMP QWORD PTR [RIP+0x22072]
15948	N/A	.text	JMP QWORD PTR [RIP+0x22062]
15950	N/A	.text	JMP QWORD PTR [RIP+0x22052]
15958	N/A	.text	JMP QWORD PTR [RIP+0x2203A]
15960	N/A	.text	JMP QWORD PTR [RIP+0x2202A]
15968	N/A	.text	JMP QWORD PTR [RIP+0x2201A]
15970	N/A	.text	JMP QWORD PTR [RIP+0x21FFA]
15978	N/A	.text	JMP QWORD PTR [RIP+0x21FEA]
159E0	N/A	.text	JMP QWORD PTR [RIP+0x21F9A]
159F0	N/A	.text	JMP QWORD PTR [RIP+0x220BA]
15A00	N/A	.text	JMP QWORD PTR [RIP+0x21F52]
15A08	N/A	.text	JMP QWORD PTR [RIP+0x21F42]
15A10	N/A	.text	JMP QWORD PTR [RIP+0x21F32]
15A18	N/A	.text	JMP QWORD PTR [RIP+0x21F22]
15A20	N/A	.text	JMP QWORD PTR [RIP+0x21F12]
15A28	N/A	.text	JMP QWORD PTR [RIP+0x21F02]
15A30	N/A	.text	JMP QWORD PTR [RIP+0x21EF2]
15A38	N/A	.text	JMP QWORD PTR [RIP+0x21EE2]
15A40	N/A	.text	JMP QWORD PTR [RIP+0x21ED2]
15A48	N/A	.text	JMP QWORD PTR [RIP+0x21EC2]
15A50	N/A	.text	JMP QWORD PTR [RIP+0x21EB2]
15A58	N/A	.text	JMP QWORD PTR [RIP+0x21EA2]
15A60	N/A	.text	JMP QWORD PTR [RIP+0x21E92]
15A68	N/A	.text	JMP QWORD PTR [RIP+0x21E82]
15A70	N/A	.text	JMP QWORD PTR [RIP+0x21E72]
1E040	14FF0	.CRT	TLS Callback \| Pointer to 414FF0 - 0x145F0 .text
1E048	14FC0	.CRT	TLS Callback \| Pointer to 414FC0 - 0x145C0 .text
1A200	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x600 .text + UnwindInfo: .xdata
1A20C	1010	.pdata	ExceptionHook \| Pointer to 1010 - 0x610 .text + UnwindInfo: .xdata
1A218	1130	.pdata	ExceptionHook \| Pointer to 1130 - 0x730 .text + UnwindInfo: .xdata
1A224	1180	.pdata	ExceptionHook \| Pointer to 1180 - 0x780 .text + UnwindInfo: .xdata
1A230	14C0	.pdata	ExceptionHook \| Pointer to 14C0 - 0xAC0 .text + UnwindInfo: .xdata
1A23C	14F0	.pdata	ExceptionHook \| Pointer to 14F0 - 0xAF0 .text + UnwindInfo: .xdata
1A248	1520	.pdata	ExceptionHook \| Pointer to 1520 - 0xB20 .text + UnwindInfo: .xdata
1A254	1540	.pdata	ExceptionHook \| Pointer to 1540 - 0xB40 .text + UnwindInfo: .xdata
1A260	1550	.pdata	ExceptionHook \| Pointer to 1550 - 0xB50 .text + UnwindInfo: .xdata
1A26C	1560	.pdata	ExceptionHook \| Pointer to 1560 - 0xB60 .text + UnwindInfo: .xdata
1A278	15FB	.pdata	ExceptionHook \| Pointer to 15FB - 0xBFB .text + UnwindInfo: .xdata
1A284	1610	.pdata	ExceptionHook \| Pointer to 1610 - 0xC10 .text + UnwindInfo: .xdata
1A290	1611	.pdata	ExceptionHook \| Pointer to 1611 - 0xC11 .text + UnwindInfo: .xdata
1A29C	1634	.pdata	ExceptionHook \| Pointer to 1634 - 0xC34 .text + UnwindInfo: .xdata
1A2A8	1659	.pdata	ExceptionHook \| Pointer to 1659 - 0xC59 .text + UnwindInfo: .xdata
1A2B4	1679	.pdata	ExceptionHook \| Pointer to 1679 - 0xC79 .text + UnwindInfo: .xdata
1A2C0	167D	.pdata	ExceptionHook \| Pointer to 167D - 0xC7D .text + UnwindInfo: .xdata
1A2CC	1896	.pdata	ExceptionHook \| Pointer to 1896 - 0xE96 .text + UnwindInfo: .xdata
1A2D8	18A6	.pdata	ExceptionHook \| Pointer to 18A6 - 0xEA6 .text + UnwindInfo: .xdata
1A2E4	1B88	.pdata	ExceptionHook \| Pointer to 1B88 - 0x1188 .text + UnwindInfo: .xdata
1A2F0	1BB0	.pdata	ExceptionHook \| Pointer to 1BB0 - 0x11B0 .text + UnwindInfo: .xdata
1A2FC	1BD2	.pdata	ExceptionHook \| Pointer to 1BD2 - 0x11D2 .text + UnwindInfo: .xdata
1A308	1C30	.pdata	ExceptionHook \| Pointer to 1C30 - 0x1230 .text + UnwindInfo: .xdata
1A314	1C47	.pdata	ExceptionHook \| Pointer to 1C47 - 0x1247 .text + UnwindInfo: .xdata
1A320	1C6B	.pdata	ExceptionHook \| Pointer to 1C6B - 0x126B .text + UnwindInfo: .xdata
1A32C	1C8E	.pdata	ExceptionHook \| Pointer to 1C8E - 0x128E .text + UnwindInfo: .xdata
1A338	1CBE	.pdata	ExceptionHook \| Pointer to 1CBE - 0x12BE .text + UnwindInfo: .xdata
1A344	1D47	.pdata	ExceptionHook \| Pointer to 1D47 - 0x1347 .text + UnwindInfo: .xdata
1A350	1DE1	.pdata	ExceptionHook \| Pointer to 1DE1 - 0x13E1 .text + UnwindInfo: .xdata
1A35C	1EDB	.pdata	ExceptionHook \| Pointer to 1EDB - 0x14DB .text + UnwindInfo: .xdata
1A368	1EE6	.pdata	ExceptionHook \| Pointer to 1EE6 - 0x14E6 .text + UnwindInfo: .xdata
1A374	1EF1	.pdata	ExceptionHook \| Pointer to 1EF1 - 0x14F1 .text + UnwindInfo: .xdata
1A380	20B9	.pdata	ExceptionHook \| Pointer to 20B9 - 0x16B9 .text + UnwindInfo: .xdata
1A38C	2152	.pdata	ExceptionHook \| Pointer to 2152 - 0x1752 .text + UnwindInfo: .xdata
1A398	21B5	.pdata	ExceptionHook \| Pointer to 21B5 - 0x17B5 .text + UnwindInfo: .xdata
1A3A4	21E0	.pdata	ExceptionHook \| Pointer to 21E0 - 0x17E0 .text + UnwindInfo: .xdata
1A3B0	221E	.pdata	ExceptionHook \| Pointer to 221E - 0x181E .text + UnwindInfo: .xdata
1A3BC	221F	.pdata	ExceptionHook \| Pointer to 221F - 0x181F .text + UnwindInfo: .xdata
1A3C8	2240	.pdata	ExceptionHook \| Pointer to 2240 - 0x1840 .text + UnwindInfo: .xdata
1A3D4	2257	.pdata	ExceptionHook \| Pointer to 2257 - 0x1857 .text + UnwindInfo: .xdata
1A3E0	229D	.pdata	ExceptionHook \| Pointer to 229D - 0x189D .text + UnwindInfo: .xdata
1A3EC	22AA	.pdata	ExceptionHook \| Pointer to 22AA - 0x18AA .text + UnwindInfo: .xdata
1A3F8	22F4	.pdata	ExceptionHook \| Pointer to 22F4 - 0x18F4 .text + UnwindInfo: .xdata
1A404	231A	.pdata	ExceptionHook \| Pointer to 231A - 0x191A .text + UnwindInfo: .xdata
1A410	2322	.pdata	ExceptionHook \| Pointer to 2322 - 0x1922 .text + UnwindInfo: .xdata
1A41C	2323	.pdata	ExceptionHook \| Pointer to 2323 - 0x1923 .text + UnwindInfo: .xdata
1A428	2324	.pdata	ExceptionHook \| Pointer to 2324 - 0x1924 .text + UnwindInfo: .xdata
1A434	2344	.pdata	ExceptionHook \| Pointer to 2344 - 0x1944 .text + UnwindInfo: .xdata
1A440	237B	.pdata	ExceptionHook \| Pointer to 237B - 0x197B .text + UnwindInfo: .xdata
1A44C	23A5	.pdata	ExceptionHook \| Pointer to 23A5 - 0x19A5 .text + UnwindInfo: .xdata
1A458	2423	.pdata	ExceptionHook \| Pointer to 2423 - 0x1A23 .text + UnwindInfo: .xdata
1A464	24A2	.pdata	ExceptionHook \| Pointer to 24A2 - 0x1AA2 .text + UnwindInfo: .xdata
1A470	24BA	.pdata	ExceptionHook \| Pointer to 24BA - 0x1ABA .text + UnwindInfo: .xdata
1A47C	24F4	.pdata	ExceptionHook \| Pointer to 24F4 - 0x1AF4 .text + UnwindInfo: .xdata
1A488	2664	.pdata	ExceptionHook \| Pointer to 2664 - 0x1C64 .text + UnwindInfo: .xdata
1A494	26AB	.pdata	ExceptionHook \| Pointer to 26AB - 0x1CAB .text + UnwindInfo: .xdata
1A4A0	26E2	.pdata	ExceptionHook \| Pointer to 26E2 - 0x1CE2 .text + UnwindInfo: .xdata
1A4AC	276C	.pdata	ExceptionHook \| Pointer to 276C - 0x1D6C .text + UnwindInfo: .xdata
1A4B8	27E9	.pdata	ExceptionHook \| Pointer to 27E9 - 0x1DE9 .text + UnwindInfo: .xdata
1A4C4	2808	.pdata	ExceptionHook \| Pointer to 2808 - 0x1E08 .text + UnwindInfo: .xdata
1A4D0	287B	.pdata	ExceptionHook \| Pointer to 287B - 0x1E7B .text + UnwindInfo: .xdata
1A4DC	29D1	.pdata	ExceptionHook \| Pointer to 29D1 - 0x1FD1 .text + UnwindInfo: .xdata
1A4E8	29DB	.pdata	ExceptionHook \| Pointer to 29DB - 0x1FDB .text + UnwindInfo: .xdata
1A4F4	2A3A	.pdata	ExceptionHook \| Pointer to 2A3A - 0x203A .text + UnwindInfo: .xdata
1A500	2A5A	.pdata	ExceptionHook \| Pointer to 2A5A - 0x205A .text + UnwindInfo: .xdata
1A50C	2ABB	.pdata	ExceptionHook \| Pointer to 2ABB - 0x20BB .text + UnwindInfo: .xdata
1A518	2ADD	.pdata	ExceptionHook \| Pointer to 2ADD - 0x20DD .text + UnwindInfo: .xdata
1A524	2B0A	.pdata	ExceptionHook \| Pointer to 2B0A - 0x210A .text + UnwindInfo: .xdata
1A530	2B5C	.pdata	ExceptionHook \| Pointer to 2B5C - 0x215C .text + UnwindInfo: .xdata
1A53C	2CC4	.pdata	ExceptionHook \| Pointer to 2CC4 - 0x22C4 .text + UnwindInfo: .xdata
1A548	2CE2	.pdata	ExceptionHook \| Pointer to 2CE2 - 0x22E2 .text + UnwindInfo: .xdata
1A554	2D0C	.pdata	ExceptionHook \| Pointer to 2D0C - 0x230C .text + UnwindInfo: .xdata
1A560	2D18	.pdata	ExceptionHook \| Pointer to 2D18 - 0x2318 .text + UnwindInfo: .xdata
1A56C	2D42	.pdata	ExceptionHook \| Pointer to 2D42 - 0x2342 .text + UnwindInfo: .xdata
1A578	2D75	.pdata	ExceptionHook \| Pointer to 2D75 - 0x2375 .text + UnwindInfo: .xdata
1A584	2D84	.pdata	ExceptionHook \| Pointer to 2D84 - 0x2384 .text + UnwindInfo: .xdata
1A590	2E2F	.pdata	ExceptionHook \| Pointer to 2E2F - 0x242F .text + UnwindInfo: .xdata
1A59C	2E69	.pdata	ExceptionHook \| Pointer to 2E69 - 0x2469 .text + UnwindInfo: .xdata
1A5A8	2FB6	.pdata	ExceptionHook \| Pointer to 2FB6 - 0x25B6 .text + UnwindInfo: .xdata
1A5B4	30CA	.pdata	ExceptionHook \| Pointer to 30CA - 0x26CA .text + UnwindInfo: .xdata
1A5C0	3143	.pdata	ExceptionHook \| Pointer to 3143 - 0x2743 .text + UnwindInfo: .xdata
1A5CC	327F	.pdata	ExceptionHook \| Pointer to 327F - 0x287F .text + UnwindInfo: .xdata
1A5D8	3288	.pdata	ExceptionHook \| Pointer to 3288 - 0x2888 .text + UnwindInfo: .xdata
1A5E4	3294	.pdata	ExceptionHook \| Pointer to 3294 - 0x2894 .text + UnwindInfo: .xdata
1A5F0	330D	.pdata	ExceptionHook \| Pointer to 330D - 0x290D .text + UnwindInfo: .xdata
1A5FC	3321	.pdata	ExceptionHook \| Pointer to 3321 - 0x2921 .text + UnwindInfo: .xdata
1A608	333E	.pdata	ExceptionHook \| Pointer to 333E - 0x293E .text + UnwindInfo: .xdata
1A614	336F	.pdata	ExceptionHook \| Pointer to 336F - 0x296F .text + UnwindInfo: .xdata
1A620	3375	.pdata	ExceptionHook \| Pointer to 3375 - 0x2975 .text + UnwindInfo: .xdata
1A62C	339A	.pdata	ExceptionHook \| Pointer to 339A - 0x299A .text + UnwindInfo: .xdata
1A638	33F9	.pdata	ExceptionHook \| Pointer to 33F9 - 0x29F9 .text + UnwindInfo: .xdata
1A644	34AA	.pdata	ExceptionHook \| Pointer to 34AA - 0x2AAA .text + UnwindInfo: .xdata
1A650	34E5	.pdata	ExceptionHook \| Pointer to 34E5 - 0x2AE5 .text + UnwindInfo: .xdata
1A65C	3532	.pdata	ExceptionHook \| Pointer to 3532 - 0x2B32 .text + UnwindInfo: .xdata
1A668	355A	.pdata	ExceptionHook \| Pointer to 355A - 0x2B5A .text + UnwindInfo: .xdata
1A674	3587	.pdata	ExceptionHook \| Pointer to 3587 - 0x2B87 .text + UnwindInfo: .xdata
1A680	35EE	.pdata	ExceptionHook \| Pointer to 35EE - 0x2BEE .text + UnwindInfo: .xdata
1A68C	362A	.pdata	ExceptionHook \| Pointer to 362A - 0x2C2A .text + UnwindInfo: .xdata
1A698	36D9	.pdata	ExceptionHook \| Pointer to 36D9 - 0x2CD9 .text + UnwindInfo: .xdata
1A6A4	37BD	.pdata	ExceptionHook \| Pointer to 37BD - 0x2DBD .text + UnwindInfo: .xdata
64E00	N/A	Overlay	2E66696C650000005F000000FEFF000067016372 \| .file..._.......g.cr

Extra Analysis

Metric	Value	Percentage
Ascii Code	340222	65,5368%
Null Byte Code	116012	22,3473%
NOP Cave Found	0x9090909090	Block Count: 71 \| Total: 0,0342%

PESCAN.IO - Analysis Report Basic