PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 5,83 MB SHA-256 Hash: 265A27242EE97F81EEAC6A556FD7DE56BAFF2222F2334386D8F948E359A649D8 SHA-1 Hash: B922F6A19A6349607753BEC54AF07207A2788A81 MD5 Hash: 6AA80C7706A9F1638FE6076C9934DB8E Imphash: 49A593F4889B8D12612597F5314DBBAA MajorOSVersion: 6 MinorOSVersion: 0 CheckSum: 005DBFEA EntryPoint (rva): 1C07D4 SizeOfHeaders: 400 SizeOfImage: 653000 ImageBase: 0000000180000000 Architecture: x64 ExportTable: 506640 ImportTable: 512F44 IAT: 2BB000 Characteristics: 2022 TimeDateStamp: 69823D6C Date: 03/02/2026 18:24:44 File Type: DLL Number Of Sections: 7 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, PyRuntim, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 2B9C00 | 1000 | 2B9BB2 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
2BA000 | 25A800 | 2BB000 | 25A7AE |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
514800 | 45000 | 516000 | C3BE8 |
|
|
| .pdata | 0x40000040 Initialized Data Readable |
559800 | 28000 | 5DA000 | 27F00 |
|
|
| PyRuntim | 0xC0000040 Initialized Data Readable Writeable |
581800 | 45000 | 602000 | 44EF8 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
5C6800 | A00 | 647000 | 9A0 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
5C7200 | AE00 | 648000 | AC5C |
|
|
| Description |
| OriginalFilename: python313.dll CompanyName: Python Software Foundation LegalCopyright: Copyright 2001-2024 Python Software Foundation. Copyright 2000 BeOpen.com. Copyright 1995-2001 CNRI. Copyright 1991-1995 SMC. ProductName: Python FileVersion: 3.13.12 FileDescription: Python Core ProductVersion: 3.13.12 Language: Unknown (ID=0x0) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) have the Entry Point Information -> EntryPoint (calculated) - 1BFBD4 Code -> 48895C24084889742410574883EC20498BF88BDA488BF183FA017505E8270400004C8BC78BD3488BCE488B5C2430488B7424 Assembler |MOV QWORD PTR [RSP + 8], RBX |MOV QWORD PTR [RSP + 0X10], RSI |PUSH RDI |SUB RSP, 0X20 |MOV RDI, R8 |MOV EBX, EDX |MOV RSI, RCX |CMP EDX, 1 |JNE 0X1021 |CALL 0X1448 |MOV R8, RDI |MOV EDX, EBX |MOV RCX, RSI |MOV RBX, QWORD PTR [RSP + 0X30] |
| Signatures |
| Rich Signature Analyzer: Code -> 39A08D777DC1E3247DC1E3247DC1E324FA48E2257FC1E324FA481E2473C1E324FA48E02579C1E324FA48E72575C1E324FA48E62570C1E32474B9702467C1E3240440E22576C1E3247DC1E224F7C0E324EB48EE2597C1E324EB48E3257CC1E324EB481C247CC1E324EB48E1257CC1E324526963687DC1E324 Footprint md5 Hash -> 6F307E96E651E35F4D647BD36D8356C9 • The Rich header apparently has not been modified Certificate - Digital Signature: • The file is signed and the signature is correct |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Compiler: Pure Basic 4.x Detect It Easy (die) • PE+(64): compiler: Microsoft Visual C/C++(-)[-] • PE+(64): linker: Microsoft Linker(14.44**)[-] • PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7] • Entropy: 6.12572 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | CreateMutexW | Create a named or unnamed mutex object for controlling access to a shared resource. |
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| KERNEL32.DLL | SleepEx | Pauses the execution of the current thread, optionally allowing the thread to be awakened by a kernel object or upon expiration of a timeout. |
| Ws2_32.DLL | socket | Create a communication endpoint for networking applications. |
| SHELL32.DLL | ShellExecuteW | Performs a run operation on a specific file. |
| ET Functions (carving) |
| PY_TIMEOUT_MAX PyAIter_Check PyArg_Parse PyArg_ParseTuple PyArg_ParseTupleAndKeywords PyArg_UnpackTuple PyArg_VaParse PyArg_VaParseTupleAndKeywords PyArg_ValidateKeywordArguments PyAsyncGen_New PyAsyncGen_Type PyBaseObject_Type PyBool_FromLong PyBool_Type PyBuffer_FillContiguousStrides PyBuffer_FillInfo PyBuffer_FromContiguous PyBuffer_GetPointer PyBuffer_IsContiguous PyBuffer_Release PyBuffer_SizeFromFormat PyBuffer_ToContiguous PyByteArrayIter_Type PyByteArray_AsString PyByteArray_Concat PyByteArray_FromObject PyByteArray_FromStringAndSize PyByteArray_Resize PyByteArray_Size PyByteArray_Type PyBytesIter_Type PyBytes_AsString PyBytes_AsStringAndSize PyBytes_Concat PyBytes_ConcatAndDel PyBytes_DecodeEscape PyBytes_FromFormat PyBytes_FromFormatV PyBytes_FromObject PyBytes_FromString PyBytes_FromStringAndSize PyBytes_Repr PyBytes_Size PyBytes_Type PyCFunction_Call PyCFunction_GetFlags PyCFunction_GetFunction PyCFunction_GetSelf PyCFunction_New PyCFunction_NewEx PyCFunction_Type PyCMethod_New PyCMethod_Type PyCallIter_New PyCallIter_Type PyCallable_Check PyCapsule_GetContext PyCapsule_GetDestructor PyCapsule_GetName PyCapsule_GetPointer PyCapsule_Import PyCapsule_IsValid PyCapsule_New PyCapsule_SetContext PyCapsule_SetDestructor PyCapsule_SetName PyCapsule_SetPointer PyCapsule_Type PyCell_Get PyCell_New PyCell_Set PyCell_Type PyClassMethodDescr_Type PyClassMethod_New PyClassMethod_Type PyCode_AddWatcher PyCode_Addr2Line PyCode_Addr2Location PyCode_ClearWatcher PyCode_GetCellvars PyCode_GetCode PyCode_GetFreevars PyCode_GetVarnames PyCode_NewEmpty PyCode_Optimize PyCode_Type PyCodec_BackslashReplaceErrors PyCodec_Decode PyCodec_Decoder PyCodec_Encode PyCodec_Encoder PyCodec_IgnoreErrors PyCodec_IncrementalDecoder PyCodec_IncrementalEncoder PyCodec_KnownEncoding PyCodec_LookupError PyCodec_NameReplaceErrors PyCodec_Register PyCodec_RegisterError PyCodec_ReplaceErrors PyCodec_StreamReader PyCodec_StreamWriter PyCodec_StrictErrors PyCodec_Unregister PyCodec_XMLCharRefReplaceErrors PyCompile_OpcodeStackEffect PyCompile_OpcodeStackEffectWithJump PyComplex_AsCComplex PyComplex_FromCComplex PyComplex_FromDoubles PyComplex_ImagAsDouble PyComplex_RealAsDouble PyComplex_Type PyConfig_Clear PyConfig_InitIsolatedConfig PyConfig_InitPythonConfig PyConfig_Read PyConfig_SetArgv PyConfig_SetBytesArgv PyConfig_SetBytesString PyConfig_SetString PyConfig_SetWideStringList PyContextToken_Type PyContextVar_Get PyContextVar_New PyContextVar_Reset PyContextVar_Set PyContextVar_Type PyContext_Copy PyContext_CopyCurrent PyContext_Enter PyContext_Exit PyContext_New PyContext_Type PyCoro_New PyCoro_Type PyCriticalSection2_Begin PyCriticalSection2_End PyCriticalSection_Begin PyCriticalSection_End PyDescr_IsData PyDescr_NewClassMethod PyDescr_NewGetSet PyDescr_NewMember PyDescr_NewMethod PyDescr_NewWrapper PyDictItems_Type PyDictIterItem_Type PyDictIterKey_Type PyDictIterValue_Type PyDictKeys_Type PyDictProxy_New PyDictProxy_Type PyDictRevIterItem_Type PyDictRevIterKey_Type PyDictRevIterValue_Type PyDictValues_Type PyDict_AddWatcher PyDict_Clear PyDict_ClearWatcher PyDict_Contains PyDict_ContainsString PyDict_Copy PyDict_DelItem PyDict_DelItemString PyDict_GetItem PyDict_GetItemRef PyDict_GetItemString PyDict_GetItemStringRef PyDict_GetItemWithError PyDict_Items PyDict_Keys PyDict_Merge PyDict_MergeFromSeq2 PyDict_New PyDict_Next PyDict_Pop PyDict_PopString PyDict_SetDefault PyDict_SetDefaultRef PyDict_SetItem PyDict_SetItemString PyDict_Size PyDict_Type PyDict_Unwatch PyDict_Update PyDict_Values PyDict_Watch PyEllipsis_Type PyEnum_Type PyErr_BadArgument PyErr_BadInternalCall PyErr_CheckSignals PyErr_Clear PyErr_Display PyErr_DisplayException PyErr_ExceptionMatches PyErr_Fetch PyErr_Format PyErr_FormatUnraisable PyErr_FormatV PyErr_GetExcInfo PyErr_GetHandledException PyErr_GetRaisedException PyErr_GivenExceptionMatches PyErr_NewException PyErr_NewExceptionWithDoc PyErr_NoMemory PyErr_NormalizeException PyErr_Occurred PyErr_Print PyErr_PrintEx PyErr_ProgramText PyErr_ProgramTextObject PyErr_RangedSyntaxLocationObject PyErr_ResourceWarning PyErr_Restore PyErr_SetExcFromWindowsErr PyErr_SetExcFromWindowsErrWithFilename PyErr_SetExcFromWindowsErrWithFilenameObject PyErr_SetExcFromWindowsErrWithFilenameObjects PyErr_SetExcInfo PyErr_SetFromErrno PyErr_SetFromErrnoWithFilename PyErr_SetFromErrnoWithFilenameObject PyErr_SetFromErrnoWithFilenameObjects PyErr_SetFromWindowsErr PyErr_SetFromWindowsErrWithFilename PyErr_SetHandledException PyErr_SetImportError PyErr_SetImportErrorSubclass PyErr_SetInterrupt PyErr_SetInterruptEx PyErr_SetNone PyErr_SetObject PyErr_SetRaisedException PyErr_SetString PyErr_SyntaxLocation PyErr_SyntaxLocationEx PyErr_SyntaxLocationObject PyErr_WarnEx PyErr_WarnExplicit PyErr_WarnExplicitFormat PyErr_WarnExplicitObject PyErr_WarnFormat PyErr_WriteUnraisable PyEval_AcquireLock PyEval_AcquireThread PyEval_CallFunction PyEval_CallMethod PyEval_CallObjectWithKeywords PyEval_EvalCode PyEval_EvalCodeEx PyEval_EvalFrame PyEval_EvalFrameEx PyEval_GetBuiltins PyEval_GetFrame PyEval_GetFrameBuiltins PyEval_GetFrameGlobals PyEval_GetFrameLocals PyEval_GetFuncDesc PyEval_GetFuncName PyEval_GetGlobals PyEval_GetLocals PyEval_InitThreads PyEval_MergeCompilerFlags PyEval_ReleaseLock PyEval_ReleaseThread PyEval_RestoreThread PyEval_SaveThread PyEval_SetProfile PyEval_SetProfileAllThreads PyEval_SetTrace PyEval_SetTraceAllThreads PyEval_ThreadsInitialized PyEvent_Wait PyEvent_WaitTimed PyExc_ArithmeticError PyExc_AssertionError PyExc_AttributeError PyExc_BaseException PyExc_BaseExceptionGroup PyExc_BlockingIOError PyExc_BrokenPipeError PyExc_BufferError PyExc_BytesWarning PyExc_ChildProcessError PyExc_ConnectionAbortedError PyExc_ConnectionError PyExc_ConnectionRefusedError PyExc_ConnectionResetError PyExc_DeprecationWarning PyExc_EOFError PyExc_EncodingWarning PyExc_EnvironmentError PyExc_Exception PyExc_FileExistsError PyExc_FileNotFoundError PyExc_FloatingPointError PyExc_FutureWarning PyExc_GeneratorExit PyExc_IOError PyExc_ImportError PyExc_ImportWarning PyExc_IndentationError PyExc_IndexError PyExc_InterpreterError PyExc_InterpreterNotFoundError PyExc_InterruptedError PyExc_IsADirectoryError PyExc_KeyError PyExc_KeyboardInterrupt PyExc_LookupError PyExc_MemoryError PyExc_ModuleNotFoundError PyExc_NameError PyExc_NotADirectoryError PyExc_NotImplementedError PyExc_OSError PyExc_OverflowError PyExc_PendingDeprecationWarning PyExc_PermissionError PyExc_ProcessLookupError PyExc_PythonFinalizationError PyExc_RecursionError PyExc_ReferenceError PyExc_ResourceWarning PyExc_RuntimeError PyExc_RuntimeWarning PyExc_StopAsyncIteration PyExc_StopIteration PyExc_SyntaxError PyExc_SyntaxWarning PyExc_SystemError PyExc_SystemExit PyExc_TabError PyExc_TimeoutError PyExc_TypeError PyExc_UnboundLocalError PyExc_UnicodeDecodeError PyExc_UnicodeEncodeError PyExc_UnicodeError PyExc_UnicodeTranslateError PyExc_UnicodeWarning PyExc_UserWarning PyExc_ValueError PyExc_Warning PyExc_WindowsError PyExc_ZeroDivisionError PyExceptionClass_Name PyException_GetArgs PyException_GetCause PyException_GetContext PyException_GetTraceback PyException_SetArgs PyException_SetCause PyException_SetContext PyException_SetTraceback PyFile_FromFd PyFile_GetLine PyFile_NewStdPrinter PyFile_OpenCode PyFile_OpenCodeObject PyFile_SetOpenCodeHook PyFile_WriteObject PyFile_WriteString PyFilter_Type PyFloat_AsDouble PyFloat_FromDouble PyFloat_FromString PyFloat_GetInfo PyFloat_GetMax PyFloat_GetMin PyFloat_Pack2 PyFloat_Pack4 PyFloat_Pack8 PyFloat_Type PyFloat_Unpack2 PyFloat_Unpack4 PyFloat_Unpack8 PyFrameLocalsProxy_Type PyFrame_FastToLocals PyFrame_FastToLocalsWithError PyFrame_GetBack PyFrame_GetBuiltins PyFrame_GetCode PyFrame_GetGenerator PyFrame_GetGlobals PyFrame_GetLasti PyFrame_GetLineNumber PyFrame_GetLocals PyFrame_GetVar PyFrame_GetVarString PyFrame_LocalsToFast PyFrame_New PyFrame_Type PyFrozenSet_New PyFrozenSet_Type PyFunction_AddWatcher PyFunction_ClearWatcher PyFunction_GetAnnotations • EXPORT FUNCTIONS > 400 |
| Windows REG |
| SOFTWARE\Python\PythonCore\z\PythonPath;\)testc Software\Python\PythonCore\{sys_version}\Modules\{fullname}zASoftware\Python\PythonCore\{sys_version}\Modules\{fullname}\Debugz_d.pydc Software\Python\PythonCore\{sys_version}\Modules\{fullname}\Debugz_d.pydc |
| File Access |
| _interpreters.exe os.exe For example, suppose sys.prefix and sys.exe sys.prefix and sys.exe exists one directory above sys.exe sys.exe NamespaceLoader.exe ExtensionFileLoader.exe _LoaderBasics.exe LazyLoader.exe FrozenImporter.exe BuiltinImporter.exe 7.exe This method is deprecated. Use loader.exe (See _interpreters.exe api-ms-win-crt-filesystem-l1-1-0.dll api-ms-win-crt-conio-l1-1-0.dll api-ms-win-crt-process-l1-1-0.dll api-ms-win-crt-time-l1-1-0.dll api-ms-win-crt-math-l1-1-0.dll api-ms-win-crt-convert-l1-1-0.dll api-ms-win-crt-locale-l1-1-0.dll api-ms-win-crt-runtime-l1-1-0.dll api-ms-win-crt-heap-l1-1-0.dll api-ms-win-crt-string-l1-1-0.dll api-ms-win-crt-environment-l1-1-0.dll api-ms-win-crt-stdio-l1-1-0.dll VCRUNTIME140.dll KERNEL32.dll ADVAPI32.dll bcrypt.dll api-ms-win-core-path-l1-1-0.dll WS2_32.dll VERSION.dll abcdefghijklmnopqrstuvwpython313.dll psapi.dll kernelbase.dll ntdll.dll python3.dll python%d%d.dll os.sys itertools.bat .dat datetime.dat @.dat zLICENSE.txt spam.txt darwinzpybuilddir.txt t import zipimport.zip itertools.zip zrzipimport.zip /tmp/myimport.zip .zip Temp AppData UserProfile |
| File Access (UNICODE) |
| python313.dll RegDisableReflectionKeyadvapi32.dll ntdll.dll _cached_windows_versionkernel32.dll |
| SQL Queries |
| insert into codec error registry |
| Interest's Words |
| Spam smtp Encrypt Decrypt PassWord <meta exec unescape attrib start pause hostname shutdown netstat systeminfo ping expand replace setx |
| Interest's Words (UNICODE) |
| start replace |
| URLs |
| http://schemas.microsoft.com/SMI/2016/WindowsSettings http://www.microsoft.com/pkiops/crl/Microsoft%20ID%20Verified%20CS%20EOC%20CA%2002.crl http://www.microsoft.com/pkiops/certs/Microsoft%20ID%20Verified%20CS%20EOC%20CA%2002.crt http://oneocsp.microsoft.com/ocsp0f http://www.microsoft.com/pkiops/Docs/Repository.htm http://www.microsoft.com/pkiops/crl/Microsoft%20ID%20Verified%20Code%20Signing%20PCA%202021.crl http://www.microsoft.com/pkiops/certs/Microsoft%20ID%20Verified%20Code%20Signing%20PCA%202021.crt http://oneocsp.microsoft.com/ocsp0 http://www.microsoft.com/pkiops/crl/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crl http://www.microsoft.com/pkiops/certs/Microsoft%20Identity%20Verification%20Root%20Certificate%20Authority%202020.crt http://www.microsoft.com/pkiops/crl/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crl http://www.microsoft.com/pkiops/certs/Microsoft%20Public%20RSA%20Timestamping%20CA%202020.crt https://www.python.org/psf/license/)r https://peps.python.org/pep-0263/ |
| Known IP/Domains |
| gmail.com |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | Unicode escape - \u00 - (Common Unicode escape sequences) |
| Text | Ascii | WinAPI Sockets (bind) |
| Text | Ascii | WinAPI Sockets (accept) |
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Ascii | WinAPI Sockets (recv) |
| Text | Ascii | WinAPI Sockets (send) |
| Text | Ascii | Registry (RegCreateKeyEx) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | Registry (RegDeleteKeyEx) |
| Text | Ascii | File (CopyFile) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (ReleaseSemaphore) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (UnmapViewOfFile) |
| Text | Ascii | Stealth (MapViewOfFile) |
| Text | Ascii | Stealth (CreateFileMappingW) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Execution (CreateSemaphoreA) |
| Text | Ascii | Execution (OpenEventW) |
| Text | Ascii | Execution (CreateEventA) |
| Text | Ascii | Execution (CreateEventW) |
| Text | Ascii | Antivirus Software (rising) |
| Text | Ascii | Privileges (SeBackupPrivilege) |
| Text | Ascii | Privileges (SeLockMemoryPrivilege) |
| Text | Ascii | Privileges (SeRestorePrivilege) |
| Text | Ascii | Related to a particular nation or its government (National) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \VERSION\1\1033 | 6475E8 | 3B4 | 5C6DE8 | B40334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000D00 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\2\1033 | 6470A0 | 545 | 5C68A0 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • api-ms-win-crt-math-l1-1-0.dll • api-ms-win-crt-convert-l1-1-0.dll • api-ms-win-crt-locale-l1-1-0.dll • api-ms-win-crt-runtime-l1-1-0.dll • api-ms-win-crt-string-l1-1-0.dll • api-ms-win-crt-environment-l1-1-0.dll • api-ms-win-crt-stdio-l1-1-0.dll • ntdll.dll • PYTHONDUMPREFSFILE • PYTHONDUMPREFS • replacemaxminbuiltins.idO • python%d%d.dll • multibytecodec.map • %s.utc • .com • .cmd • .bat • .exe • marshal.dumps • .pyc • kernel32.dll • kernelbase.dll • _cached_windows_versionkernel32.dll • Py_GIL_DISABLEDcp313-win_amd64.cp313-win_amd64.pyd • UF_NODUMP • Lib/os.pyz • z/bin/pythonFT=z Failed to find real location of c • PYTHONFAULTHANDLER: dump the Python traceback on fatal errors (-X faulthandler) • D:\a\1\s\Objects\abstract.c • D:\a\1\s\Objects\classobject.c • D:\a\1\s\Objects\dictobject.c • D:\a\1\s\Objects\listobject.c • D:\a\1\s\Objects\longobject.c • D:\a\1\s\Objects\object.c • D:\a\1\s\Objects\setobject.c • D:\a\1\s\Objects\tupleobject.c • D:\a\1\s\Objects\unicodeobject.c • D:\a\1\s\Objects\weakrefobject.c • D:\a\1\s\Python\gc.c • D:\a\1\s\Python\traceback.c • _get_dump • _get_dump($module, self, /) • instead use ABC._dump_registry() for a nice repr. • dump($self, obj, /) • This is equivalent to Pickler(file, protocol).dump(obj), but may • UF_NODUMP: do not dump file • getlogin($module, /) • Return the actual login name. • C:\\'. • This function 'dumps core' or otherwise fails in the hardest way possible • Nz&invalid cmd type (%s, expected string))rwzinvalid mode %rr • multiple character to \u001a. • S:\I5 • Copied from :mod:typing since collections.abc • _reset_cachesc • ABCMeta._dump_registry} • dumps($module, value, version=version, /, *, allow_code=True) • Return the bytes object that would be written to a file by dump(value, file). • Indicates the data format that dumps should use. • dump($module, value, file, version=version, /, *, allow_code=True) • Indicates the data format that dump should use. • dump() -- write value to a file • dumps() -- marshal value as a bytes object • dump(), load() will substitute None for the unmarshallable type. • dump • dumps • dump_traceback • dump_traceback($module, /, file=sys.stderr, all_threads=True) • Dump the traceback of the current thread, or of all threads if all_threads is True, into file. • dump_traceback_later • dump_traceback_later($module, /, timeout, repeat=False, file=sys.stderr, exit=False) • cancel_dump_traceback_later • cancel_dump_traceback_later($module, /) • Cancel the previous call to dump_traceback_later()._read_null • getppidgetlogin • .pyd • __phello__.ham • dump_refs • dump_refs_file • -c cmd : program passed in as string (terminates option list) • usage: %ls [option] ... [-c cmd | -m mod | file | -] [arg] ... • D:\a\1\s\Modules\_hacl\Hacl_Hash_SHA3.cKaRaMeL incomplete match at %s:%d • D:\a\1\s\Modules\arraymodule.c • |Op:dump_traceback • O|iOi:dump_traceback_later • e: %lluD:\a\1\s\Modules\sha3module.c • D:\a\1\s\Objects\bytearrayobject.c • D:\a\1\s\Objects\bytesobject.c • D:\a\1\s\Objects\cellobject.c • D:\a\1\s\Objects\codeobject.c • D:\a\1\s\Objects\fileobject.c • D:\a\1\s\Objects\frameobject.c • D:\a\1\s\Objects\funcobject.c • D:\a\1\s\Objects\iterobject.c • D:\a\1\s\Objects\moduleobject.cnameless modulemodule filename missingclear[1] %s • psapi.dll • bcrypt.dll • D:\a\1\s\Objects\structseq.c • D:\a\1\s\Objects\typeobject.c • Non-UTF-8 code starting with '\x%.2x' in file %U on line %i, but no encoding declared; see https://peps.python.org/pep-0263/ for details • D:\a\1\s\Parser\string_parser.cstring to parse is too long • D:\a\1\s\Python\getargs.c • D:\a\1\s\Python\ceval_gil.c • D:\a\1\s\Python\import.c • D:\a\1\s\Python\pystrtod.c • D:\a\1\b\bin\amd64\python313.pdb • .tls • .bss • VCRUNTIME140.dll • api-ms-win-crt-heap-l1-1-0.dll • api-ms-win-crt-time-l1-1-0.dll • api-ms-win-crt-process-l1-1-0.dll • api-ms-win-crt-conio-l1-1-0.dll • api-ms-win-crt-filesystem-l1-1-0.dll • <longPathAware xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">true</longPathAware> • python313.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| B0C | N/A | .text | CALL QWORD PTR [RIP+0x600BF6] |
| 15E4 | N/A | .text | CALL QWORD PTR [RIP+0x2B947E] |
| 1B1C | N/A | .text | CALL QWORD PTR [RIP+0x5FFBE6] |
| 1FB4 | N/A | .text | CALL QWORD PTR [RIP+0x5FF726] |
| 203C | N/A | .text | JMP QWORD PTR [RIP+0x5FF69E] |
| 2050 | N/A | .text | CALL QWORD PTR [RIP+0x5FF68A] |
| 21A8 | N/A | .text | CALL QWORD PTR [RIP+0x5FF55A] |
| 2D68 | N/A | .text | CALL QWORD PTR [RIP+0x2B7A22] |
| 2D78 | N/A | .text | CALL QWORD PTR [RIP+0x2B77CA] |
| 3095 | N/A | .text | CALL QWORD PTR [RIP+0x2B799D] |
| 30A3 | N/A | .text | CALL QWORD PTR [RIP+0x2B796F] |
| 30DB | N/A | .text | JMP QWORD PTR [RIP+0x5FE5FF] |
| 31BC | N/A | .text | JMP QWORD PTR [RIP+0x5FE51E] |
| 327D | N/A | .text | CALL QWORD PTR [RIP+0x2B779D] |
| 354E | N/A | .text | CALL QWORD PTR [RIP+0x2B74E4] |
| 355D | N/A | .text | CALL QWORD PTR [RIP+0x2B74CD] |
| 35C0 | N/A | .text | CALL QWORD PTR [RIP+0x2B77FA] |
| 39C2 | N/A | .text | CALL QWORD PTR [RIP+0x5FDD18] |
| 3D71 | N/A | .text | CALL QWORD PTR [RIP+0x5FDA69] |
| 3F8C | N/A | .text | CALL QWORD PTR [RIP+0x5FD846] |
| 40F0 | N/A | .text | CALL QWORD PTR [RIP+0x2B6AAA] |
| 414E | N/A | .text | CALL QWORD PTR [RIP+0x5FD684] |
| 41E5 | N/A | .text | JMP QWORD PTR [RIP+0x2B673D] |
| 439B | N/A | .text | CALL QWORD PTR [RIP+0x2B6577] |
| 463E | N/A | .text | CALL QWORD PTR [RIP+0x5FD19C] |
| 476F | N/A | .text | JMP QWORD PTR [RIP+0x5FCF5B] |
| 4C68 | N/A | .text | CALL QWORD PTR [RIP+0x5FCA9A] |
| 4DB2 | N/A | .text | CALL QWORD PTR [RIP+0x5FC950] |
| 50B9 | N/A | .text | CALL QWORD PTR [RIP+0x5FC621] |
| 55AF | N/A | .text | CALL QWORD PTR [RIP+0x5FC153] |
| 56ED | N/A | .text | CALL QWORD PTR [RIP+0x5FC015] |
| 56FD | N/A | .text | CALL QWORD PTR [RIP+0x5FC005] |
| 5CAC | N/A | .text | CALL QWORD PTR [RIP+0x5FBA56] |
| 66AC | N/A | .text | CALL QWORD PTR [RIP+0x5FB056] |
| 6948 | N/A | .text | CALL QWORD PTR [RIP+0x5FADA2] |
| 6A09 | N/A | .text | CALL QWORD PTR [RIP+0x5FACF9] |
| 6AFE | N/A | .text | CALL QWORD PTR [RIP+0x5FAC04] |
| 6C89 | N/A | .text | CALL QWORD PTR [RIP+0x5FAA79] |
| 6F56 | N/A | .text | CALL QWORD PTR [RIP+0x5FA7AC] |
| 70DA | N/A | .text | CALL QWORD PTR [RIP+0x5FA610] |
| 7111 | N/A | .text | CALL QWORD PTR [RIP+0x5FA5D9] |
| 741E | N/A | .text | CALL QWORD PTR [RIP+0x5FA2E4] |
| 97C0 | N/A | .text | CALL QWORD PTR [RIP+0x5F7F62] |
| 98F2 | N/A | .text | CALL QWORD PTR [RIP+0x5F7E20] |
| 9A3E | N/A | .text | CALL QWORD PTR [RIP+0x5F7CD4] |
| A4B2 | N/A | .text | CALL QWORD PTR [RIP+0x5F7250] |
| A6E6 | N/A | .text | CALL QWORD PTR [RIP+0x5F7004] |
| A71B | N/A | .text | CALL QWORD PTR [RIP+0x5F6FCF] |
| AC21 | N/A | .text | CALL QWORD PTR [RIP+0x5F6AC9] |
| BEDA | N/A | .text | JMP QWORD PTR [RIP+0x5F57E8] |
| E3FE | N/A | .text | CALL QWORD PTR [RIP+0x5F3304] |
| EC86 | N/A | .text | CALL QWORD PTR [RIP+0x5F2A7C] |
| 114EF | N/A | .text | CALL QWORD PTR [RIP+0x5F0213] |
| 14C88 | N/A | .text | CALL QWORD PTR [RIP+0x2A5BBA] |
| 14C96 | N/A | .text | CALL QWORD PTR [RIP+0x2A58A4] |
| 14CC8 | N/A | .text | CALL QWORD PTR [RIP+0x2A5B7A] |
| 14D01 | N/A | .text | CALL QWORD PTR [RIP+0x2A5B99] |
| 15E67 | N/A | .text | CALL QWORD PTR [RIP+0x5EB89B] |
| 15E78 | N/A | .text | CALL QWORD PTR [RIP+0x5EB88A] |
| 16029 | N/A | .text | CALL QWORD PTR [RIP+0x2A48B1] |
| 16082 | N/A | .text | CALL QWORD PTR [RIP+0x5EB680] |
| 16092 | N/A | .text | CALL QWORD PTR [RIP+0x5EB670] |
| 161ED | N/A | .text | CALL QWORD PTR [RIP+0x2A4475] |
| 163C6 | N/A | .text | CALL QWORD PTR [RIP+0x2A41D4] |
| 164BE | N/A | .text | CALL QWORD PTR [RIP+0x2A42CC] |
| 164FD | N/A | .text | CALL QWORD PTR [RIP+0x2A43BD] |
| 1650D | N/A | .text | CALL QWORD PTR [RIP+0x5EB1F5] |
| 1651E | N/A | .text | CALL QWORD PTR [RIP+0x5EB1E4] |
| 17389 | N/A | .text | CALL QWORD PTR [RIP+0xC0850000] |
| 19301 | N/A | .text | CALL QWORD PTR [RIP+0x5E83D9] |
| 19884 | N/A | .text | CALL QWORD PTR [RIP+0x5E7E7E] |
| 19C24 | N/A | .text | CALL QWORD PTR [RIP+0x5E7AB6] |
| 19C4D | N/A | .text | CALL QWORD PTR [RIP+0x5E7A8D] |
| 19C9E | N/A | .text | CALL QWORD PTR [RIP+0x5E7A64] |
| 19D65 | N/A | .text | CALL QWORD PTR [RIP+0x5E799D] |
| 19DC5 | N/A | .text | CALL QWORD PTR [RIP+0x5E7965] |
| 19E7C | N/A | .text | CALL QWORD PTR [RIP+0x5E785E] |
| 19EA9 | N/A | .text | CALL QWORD PTR [RIP+0x5E7831] |
| 1ADDA | N/A | .text | CALL QWORD PTR [RIP+0x5E6900] |
| 1AE5C | N/A | .text | CALL QWORD PTR [RIP+0x5E687E] |
| 1AE7B | N/A | .text | CALL QWORD PTR [RIP+0x5E685F] |
| 1AE9A | N/A | .text | CALL QWORD PTR [RIP+0x5E6840] |
| 1AEB9 | N/A | .text | CALL QWORD PTR [RIP+0x5E6821] |
| 1AED8 | N/A | .text | CALL QWORD PTR [RIP+0x5E6802] |
| 1AEF7 | N/A | .text | CALL QWORD PTR [RIP+0x5E67E3] |
| 1AF16 | N/A | .text | CALL QWORD PTR [RIP+0x5E67C4] |
| 1AF35 | N/A | .text | CALL QWORD PTR [RIP+0x5E67A5] |
| 1B073 | N/A | .text | CALL QWORD PTR [RIP+0x5E668F] |
| 1B273 | N/A | .text | CALL QWORD PTR [RIP+0x29F91F] |
| 1B30B | N/A | .text | CALL QWORD PTR [RIP+0x29F30F] |
| 1B324 | N/A | .text | CALL QWORD PTR [RIP+0x29F74E] |
| 1B33C | N/A | .text | CALL QWORD PTR [RIP+0x29F736] |
| 1B409 | N/A | .text | CALL QWORD PTR [RIP+0x29F139] |
| 1B49C | N/A | .text | CALL QWORD PTR [RIP+0x29F9A6] |
| 1B5D9 | N/A | .text | CALL QWORD PTR [RIP+0x29F8F1] |
| 1B5E2 | N/A | .text | CALL QWORD PTR [RIP+0x29F928] |
| 1B5ED | N/A | .text | CALL QWORD PTR [RIP+0x29F8DD] |
| 1B60B | N/A | .text | JMP QWORD PTR [RIP+0x29F8FF] |
| 1B737 | N/A | .text | CALL QWORD PTR [RIP+0x29EE23] |
| 1B793 | N/A | .text | CALL QWORD PTR [RIP+0x29F6AF] |
| 364BA5-364D20 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 190 |
| 36501F-36509C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 63 |
| 365161-365220 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 96 |
| 3652E5-3653A4 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 96 |
| 3653A7-365466 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 96 |
| 36552B-3655EA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 96 |
| 365833-3658F2 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 96 |
| 365A79-365B38 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 96 |
| 365BFD-365CBC | N/A | .rdata | Potential obfuscated jump sequence detected, count: 96 |
| 365D81-365E40 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 96 |
| 365FC7-366086 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 96 |
| 36620D-366274 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 52 |
| 36BA15-36BA66 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 41 |
| 36BDDD-36BE5C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 64 |
| 36BE87-36BED2 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 38 |
| 36C4F7-36C582 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 70 |
| 37966F-37968D | N/A | .rdata | Potential obfuscated jump sequence detected, count: 14 |
| 3798A7-3798B4 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 379911-379924 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 3A8F60-3A8F75 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 11 |
| 3B3EC7-3B3EDA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 3B3F39-3B3F46 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 3BA193-3BAA9E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 1158 |
| 3BD479-3BD48C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 3BF495-3BF5DA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 163 |
| 3BF6E9-3BF7CA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 113 |
| 3DBB49-3DBB56 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 3DC6A1-3DC6B4 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 3DC927-3DC944 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 15 |
| 3DDBC4-3DDBD8 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 9 |
| 3E9F0B-3E9FA8 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 79 |
| 3EA2BF-3EA324 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 51 |
| 3EA369-3EA3C4 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 46 |
| 3EB775-3EB808 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 74 |
| 3EBA9D-3EBB04 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 52 |
| 3EC4DE-3EC4EE | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 3ECE04-3ECE66 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 48 |
| 3ED1C1-3ED284 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 98 |
| 3ED625-3ED728 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 130 |
| 3EE855-3EE926 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 105 |
| 3EF45B-3EF4AC | N/A | .rdata | Potential obfuscated jump sequence detected, count: 41 |
| 3EF9F1-3EFA78 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 68 |
| 3EFDE1-3EFE26 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 35 |
| 559800 | 1008 | .pdata | ExceptionHook | Pointer to 1008 - 0x408 .text + UnwindInfo: .rdata |
| 55980C | 10D4 | .pdata | ExceptionHook | Pointer to 10D4 - 0x4D4 .text + UnwindInfo: .rdata |
| 559818 | 1188 | .pdata | ExceptionHook | Pointer to 1188 - 0x588 .text + UnwindInfo: .rdata |
| 559824 | 1438 | .pdata | ExceptionHook | Pointer to 1438 - 0x838 .text + UnwindInfo: .rdata |
| 559830 | 14B0 | .pdata | ExceptionHook | Pointer to 14B0 - 0x8B0 .text + UnwindInfo: .rdata |
| 55983C | 1510 | .pdata | ExceptionHook | Pointer to 1510 - 0x910 .text + UnwindInfo: .rdata |
| 559848 | 1524 | .pdata | ExceptionHook | Pointer to 1524 - 0x924 .text + UnwindInfo: .rdata |
| 559854 | 15BC | .pdata | ExceptionHook | Pointer to 15BC - 0x9BC .text + UnwindInfo: .rdata |
| 559860 | 15E4 | .pdata | ExceptionHook | Pointer to 15E4 - 0x9E4 .text + UnwindInfo: .rdata |
| 55986C | 16BC | .pdata | ExceptionHook | Pointer to 16BC - 0xABC .text + UnwindInfo: .rdata |
| 559878 | 1728 | .pdata | ExceptionHook | Pointer to 1728 - 0xB28 .text + UnwindInfo: .rdata |
| 559884 | 1794 | .pdata | ExceptionHook | Pointer to 1794 - 0xB94 .text + UnwindInfo: .rdata |
| 559890 | 183C | .pdata | ExceptionHook | Pointer to 183C - 0xC3C .text + UnwindInfo: .rdata |
| 55989C | 1878 | .pdata | ExceptionHook | Pointer to 1878 - 0xC78 .text + UnwindInfo: .rdata |
| 5598A8 | 18A4 | .pdata | ExceptionHook | Pointer to 18A4 - 0xCA4 .text + UnwindInfo: .rdata |
| 5598B4 | 19BC | .pdata | ExceptionHook | Pointer to 19BC - 0xDBC .text + UnwindInfo: .rdata |
| 5598C0 | 1ACC | .pdata | ExceptionHook | Pointer to 1ACC - 0xECC .text + UnwindInfo: .rdata |
| 5598CC | 1B74 | .pdata | ExceptionHook | Pointer to 1B74 - 0xF74 .text + UnwindInfo: .rdata |
| 5598D8 | 1BB0 | .pdata | ExceptionHook | Pointer to 1BB0 - 0xFB0 .text + UnwindInfo: .rdata |
| 5598E4 | 1C64 | .pdata | ExceptionHook | Pointer to 1C64 - 0x1064 .text + UnwindInfo: .rdata |
| 5598F0 | 1F1C | .pdata | ExceptionHook | Pointer to 1F1C - 0x131C .text + UnwindInfo: .rdata |
| 5598FC | 1FE4 | .pdata | ExceptionHook | Pointer to 1FE4 - 0x13E4 .text + UnwindInfo: .rdata |
| 559908 | 2088 | .pdata | ExceptionHook | Pointer to 2088 - 0x1488 .text + UnwindInfo: .rdata |
| 559914 | 2124 | .pdata | ExceptionHook | Pointer to 2124 - 0x1524 .text + UnwindInfo: .rdata |
| 559920 | 21B8 | .pdata | ExceptionHook | Pointer to 21B8 - 0x15B8 .text + UnwindInfo: .rdata |
| 55992C | 22FC | .pdata | ExceptionHook | Pointer to 22FC - 0x16FC .text + UnwindInfo: .rdata |
| 559938 | 2474 | .pdata | ExceptionHook | Pointer to 2474 - 0x1874 .text + UnwindInfo: .rdata |
| 559944 | 2524 | .pdata | ExceptionHook | Pointer to 2524 - 0x1924 .text + UnwindInfo: .rdata |
| 559950 | 28C4 | .pdata | ExceptionHook | Pointer to 28C4 - 0x1CC4 .text + UnwindInfo: .rdata |
| 55995C | 2918 | .pdata | ExceptionHook | Pointer to 2918 - 0x1D18 .text + UnwindInfo: .rdata |
| 559968 | 29A8 | .pdata | ExceptionHook | Pointer to 29A8 - 0x1DA8 .text + UnwindInfo: .rdata |
| 559974 | 2A60 | .pdata | ExceptionHook | Pointer to 2A60 - 0x1E60 .text + UnwindInfo: .rdata |
| 559980 | 2C08 | .pdata | ExceptionHook | Pointer to 2C08 - 0x2008 .text + UnwindInfo: .rdata |
| 55998C | 2CC4 | .pdata | ExceptionHook | Pointer to 2CC4 - 0x20C4 .text + UnwindInfo: .rdata |
| 559998 | 2CF4 | .pdata | ExceptionHook | Pointer to 2CF4 - 0x20F4 .text + UnwindInfo: .rdata |
| 5599A4 | 2DCC | .pdata | ExceptionHook | Pointer to 2DCC - 0x21CC .text + UnwindInfo: .rdata |
| 5599B0 | 2FB4 | .pdata | ExceptionHook | Pointer to 2FB4 - 0x23B4 .text + UnwindInfo: .rdata |
| 5599BC | 30E0 | .pdata | ExceptionHook | Pointer to 30E0 - 0x24E0 .text + UnwindInfo: .rdata |
| 5599C8 | 3158 | .pdata | ExceptionHook | Pointer to 3158 - 0x2558 .text + UnwindInfo: .rdata |
| 5599D4 | 3188 | .pdata | ExceptionHook | Pointer to 3188 - 0x2588 .text + UnwindInfo: .rdata |
| 5599E0 | 31B8 | .pdata | ExceptionHook | Pointer to 31B8 - 0x25B8 .text + UnwindInfo: .rdata |
| 5599EC | 31E8 | .pdata | ExceptionHook | Pointer to 31E8 - 0x25E8 .text + UnwindInfo: .rdata |
| 5599F8 | 3230 | .pdata | ExceptionHook | Pointer to 3230 - 0x2630 .text + UnwindInfo: .rdata |
| 559A04 | 3288 | .pdata | ExceptionHook | Pointer to 3288 - 0x2688 .text + UnwindInfo: .rdata |
| 559A10 | 32DC | .pdata | ExceptionHook | Pointer to 32DC - 0x26DC .text + UnwindInfo: .rdata |
| 559A1C | 3328 | .pdata | ExceptionHook | Pointer to 3328 - 0x2728 .text + UnwindInfo: .rdata |
| 559A28 | 336C | .pdata | ExceptionHook | Pointer to 336C - 0x276C .text + UnwindInfo: .rdata |
| 559A34 | 3460 | .pdata | ExceptionHook | Pointer to 3460 - 0x2860 .text + UnwindInfo: .rdata |
| 559A40 | 34CC | .pdata | ExceptionHook | Pointer to 34CC - 0x28CC .text + UnwindInfo: .rdata |
| 559A4C | 35F4 | .pdata | ExceptionHook | Pointer to 35F4 - 0x29F4 .text + UnwindInfo: .rdata |
| 559A58 | 3644 | .pdata | ExceptionHook | Pointer to 3644 - 0x2A44 .text + UnwindInfo: .rdata |
| 559A64 | 367C | .pdata | ExceptionHook | Pointer to 367C - 0x2A7C .text + UnwindInfo: .rdata |
| 559A70 | 3710 | .pdata | ExceptionHook | Pointer to 3710 - 0x2B10 .text + UnwindInfo: .rdata |
| 559A7C | 38BC | .pdata | ExceptionHook | Pointer to 38BC - 0x2CBC .text + UnwindInfo: .rdata |
| 559A88 | 3958 | .pdata | ExceptionHook | Pointer to 3958 - 0x2D58 .text + UnwindInfo: .rdata |
| 559A94 | 398C | .pdata | ExceptionHook | Pointer to 398C - 0x2D8C .text + UnwindInfo: .rdata |
| 559AA0 | 3AC8 | .pdata | ExceptionHook | Pointer to 3AC8 - 0x2EC8 .text + UnwindInfo: .rdata |
| 559AAC | 3C7C | .pdata | ExceptionHook | Pointer to 3C7C - 0x307C .text + UnwindInfo: .rdata |
| 559AB8 | 3D6C | .pdata | ExceptionHook | Pointer to 3D6C - 0x316C .text + UnwindInfo: .rdata |
| 559AC4 | 3DD8 | .pdata | ExceptionHook | Pointer to 3DD8 - 0x31D8 .text + UnwindInfo: .rdata |
| 559AD0 | 3E24 | .pdata | ExceptionHook | Pointer to 3E24 - 0x3224 .text + UnwindInfo: .rdata |
| 559ADC | 3E5C | .pdata | ExceptionHook | Pointer to 3E5C - 0x325C .text + UnwindInfo: .rdata |
| 559AE8 | 3E94 | .pdata | ExceptionHook | Pointer to 3E94 - 0x3294 .text + UnwindInfo: .rdata |
| 559AF4 | 3EEC | .pdata | ExceptionHook | Pointer to 3EEC - 0x32EC .text + UnwindInfo: .rdata |
| 559B00 | 3FB8 | .pdata | ExceptionHook | Pointer to 3FB8 - 0x33B8 .text + UnwindInfo: .rdata |
| 559B0C | 401C | .pdata | ExceptionHook | Pointer to 401C - 0x341C .text + UnwindInfo: .rdata |
| 559B18 | 4080 | .pdata | ExceptionHook | Pointer to 4080 - 0x3480 .text + UnwindInfo: .rdata |
| 559B24 | 411C | .pdata | ExceptionHook | Pointer to 411C - 0x351C .text + UnwindInfo: .rdata |
| 559B30 | 4200 | .pdata | ExceptionHook | Pointer to 4200 - 0x3600 .text + UnwindInfo: .rdata |
| 559B3C | 4228 | .pdata | ExceptionHook | Pointer to 4228 - 0x3628 .text + UnwindInfo: .rdata |
| 559B48 | 42C4 | .pdata | ExceptionHook | Pointer to 42C4 - 0x36C4 .text + UnwindInfo: .rdata |
| 559B54 | 4330 | .pdata | ExceptionHook | Pointer to 4330 - 0x3730 .text + UnwindInfo: .rdata |
| 559B60 | 43F8 | .pdata | ExceptionHook | Pointer to 43F8 - 0x37F8 .text + UnwindInfo: .rdata |
| 559B6C | 4450 | .pdata | ExceptionHook | Pointer to 4450 - 0x3850 .text + UnwindInfo: .rdata |
| 559B78 | 44A8 | .pdata | ExceptionHook | Pointer to 44A8 - 0x38A8 .text + UnwindInfo: .rdata |
| 559B84 | 44F4 | .pdata | ExceptionHook | Pointer to 44F4 - 0x38F4 .text + UnwindInfo: .rdata |
| 559B90 | 453C | .pdata | ExceptionHook | Pointer to 453C - 0x393C .text + UnwindInfo: .rdata |
| 559B9C | 45E0 | .pdata | ExceptionHook | Pointer to 45E0 - 0x39E0 .text + UnwindInfo: .rdata |
| 559BA8 | 475C | .pdata | ExceptionHook | Pointer to 475C - 0x3B5C .text + UnwindInfo: .rdata |
| 559BB4 | 4800 | .pdata | ExceptionHook | Pointer to 4800 - 0x3C00 .text + UnwindInfo: .rdata |
| 559BC0 | 49A0 | .pdata | ExceptionHook | Pointer to 49A0 - 0x3DA0 .text + UnwindInfo: .rdata |
| 559BCC | 4B3C | .pdata | ExceptionHook | Pointer to 4B3C - 0x3F3C .text + UnwindInfo: .rdata |
| 559BD8 | 4D0C | .pdata | ExceptionHook | Pointer to 4D0C - 0x410C .text + UnwindInfo: .rdata |
| 559BE4 | 4DEC | .pdata | ExceptionHook | Pointer to 4DEC - 0x41EC .text + UnwindInfo: .rdata |
| 559BF0 | 4F84 | .pdata | ExceptionHook | Pointer to 4F84 - 0x4384 .text + UnwindInfo: .rdata |
| 559BFC | 4FA8 | .pdata | ExceptionHook | Pointer to 4FA8 - 0x43A8 .text + UnwindInfo: .rdata |
| 559C08 | 5060 | .pdata | ExceptionHook | Pointer to 5060 - 0x4460 .text + UnwindInfo: .rdata |
| 559C14 | 5120 | .pdata | ExceptionHook | Pointer to 5120 - 0x4520 .text + UnwindInfo: .rdata |
| 559C20 | 5288 | .pdata | ExceptionHook | Pointer to 5288 - 0x4688 .text + UnwindInfo: .rdata |
| 559C2C | 5378 | .pdata | ExceptionHook | Pointer to 5378 - 0x4778 .text + UnwindInfo: .rdata |
| 559C38 | 53B8 | .pdata | ExceptionHook | Pointer to 53B8 - 0x47B8 .text + UnwindInfo: .rdata |
| 559C44 | 5450 | .pdata | ExceptionHook | Pointer to 5450 - 0x4850 .text + UnwindInfo: .rdata |
| 559C50 | 54B8 | .pdata | ExceptionHook | Pointer to 54B8 - 0x48B8 .text + UnwindInfo: .rdata |
| 559C5C | 54EC | .pdata | ExceptionHook | Pointer to 54EC - 0x48EC .text + UnwindInfo: .rdata |
| 559C68 | 5718 | .pdata | ExceptionHook | Pointer to 5718 - 0x4B18 .text + UnwindInfo: .rdata |
| 559C74 | 58C4 | .pdata | ExceptionHook | Pointer to 58C4 - 0x4CC4 .text + UnwindInfo: .rdata |
| 559C80 | 5934 | .pdata | ExceptionHook | Pointer to 5934 - 0x4D34 .text + UnwindInfo: .rdata |
| 559C8C | 59E4 | .pdata | ExceptionHook | Pointer to 59E4 - 0x4DE4 .text + UnwindInfo: .rdata |
| 559C98 | 5AF4 | .pdata | ExceptionHook | Pointer to 5AF4 - 0x4EF4 .text + UnwindInfo: .rdata |
| 559CA4 | 5BA8 | .pdata | ExceptionHook | Pointer to 5BA8 - 0x4FA8 .text + UnwindInfo: .rdata |
| 367D38 | N/A | .rdata | Injected Junk Code | HitsBL=116/200 - UniqueHits=17 - Ratio=0,58 |
| 368378 | N/A | .rdata | Injected Junk Code | HitsBL=109/200 - UniqueHits=19 - Ratio=0,55 |
| 368508 | N/A | .rdata | Injected Junk Code | HitsBL=117/200 - UniqueHits=20 - Ratio=0,59 |
| 372E90 | N/A | .rdata | Injected Junk Code | HitsBL=97/200 - UniqueHits=17 - Ratio=0,49 |
| 373FC0 | N/A | .rdata | Injected Junk Code | HitsBL=99/200 - UniqueHits=17 - Ratio=0,50 |
| 37A230 | N/A | .rdata | Injected Junk Code | HitsBL=116/200 - UniqueHits=17 - Ratio=0,58 |
| 37A550 | N/A | .rdata | Injected Junk Code | HitsBL=116/200 - UniqueHits=18 - Ratio=0,58 |
| 37A618 | N/A | .rdata | Injected Junk Code | HitsBL=116/200 - UniqueHits=18 - Ratio=0,58 |
| 37A6E0 | N/A | .rdata | Injected Junk Code | HitsBL=100/200 - UniqueHits=21 - Ratio=0,50 |
| 37A938 | N/A | .rdata | Injected Junk Code | HitsBL=98/200 - UniqueHits=18 - Ratio=0,49 |
| 3A98C8 | N/A | .rdata | Injected Junk Code | HitsBL=95/200 - UniqueHits=17 - Ratio=0,48 |
| 3D13F0 | N/A | .rdata | Injected Junk Code | HitsBL=101/200 - UniqueHits=17 - Ratio=0,51 |
| 3D2458 | N/A | .rdata | Injected Junk Code | HitsBL=97/200 - UniqueHits=20 - Ratio=0,49 |
| 3D2CF0 | N/A | .rdata | Injected Junk Code | HitsBL=114/200 - UniqueHits=15 - Ratio=0,57 |
| 5D2000 | N/A | *Overlay* | 58370000000202003082374706092A864886F70D | X7......0.7G..*.H... |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 3276457 | 53,5613% |
| Null Byte Code | 1453215 | 23,7562% |
© 2026 All rights reserved.