PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 2,79 MB SHA-256 Hash: A32BACB35F0484723657597AF1DDD68C227D4FB7B4E165DB023EA646443975A4 SHA-1 Hash: D05170C3504DE54047699453FF1CEC2D90B073EF MD5 Hash: 6DC0B42661505D714571C04C88A95EAC Imphash: 77C2FB4DF8864731A1674D3BADF90CFC MajorOSVersion: 6 MinorOSVersion: 0 CheckSum: 002D9030 EntryPoint (rva): 1E01E0 SizeOfHeaders: 400 SizeOfImage: 2CE000 ImageBase: 0000000140000000 Architecture: x64 ImportTable: 2A3CC4 IAT: 22E000 Characteristics: 22 TimeDateStamp: 69320408 Date: 04/12/2025 21:58:32 File Type: EXE Number Of Sections: 7 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, _RDATA, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows Console UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 22C400 | 1000 | 22C3CC |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
22C800 | 7A600 | 22E000 | 7A574 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
2A6E00 | 8C00 | 2A9000 | B0A8 |
|
|
| .pdata | 0x40000040 Initialized Data Readable |
2AFA00 | 14200 | 2B5000 | 1404C |
|
|
| _RDATA | 0x40000040 Initialized Data Readable |
2C3C00 | 400 | 2CA000 | 280 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
2C4000 | 200 | 2CB000 | 1E0 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
2C4200 | 1E00 | 2CC000 | 1CF8 |
|
|
| Entry Point |
The section number (1) have the Entry Point Information -> EntryPoint (calculated) - 1DF5E0 Code -> 4883EC28E8B30800004883C428E9FEFDFFFFCCCCCCCCCCCCCCCCCCCCCCCCCCCC4883EC28E817F1FFFFEB0233C04883C428C3 Assembler |SUB RSP, 0X28 |CALL 0X18BC |ADD RSP, 0X28 |JMP 0XE10 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |INT3 |SUB RSP, 0X28 |CALL 0X140 |JMP 0X102D |XOR EAX, EAX |ADD RSP, 0X28 |RET |
| Signatures |
| Rich Signature Analyzer: Code -> A0ABF980E4CA97D3E4CA97D3E4CA97D3E4CA97D3E5CA97D3E24B93D2E9CA97D3E24B92D28DCA97D3E24B94D2F0CA97D3EDB204D3F2CA97D3944B96D2E2CA97D3F74E92D2EACA97D38B4B96D2E7CA97D3E4CA96D3B8CB97D38B4B92D2B8CA97D38B4B68D3E5CA97D38B4B95D2E5CA97D352696368E4CA97D3 Footprint md5 Hash -> 26334DC97236B91326753D5763C31876 • The Rich header apparently has not been modified Certificate - Digital Signature: • The file is signed and the signature is correct |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Compiler: Pure Basic 4.x Detect It Easy (die) • PE+(64): compiler: Microsoft Visual C/C++(-)[-] • PE+(64): linker: Microsoft Linker(14.38**)[-] • PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7] • Entropy: 6.44311 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | CopyFileW | Copies an existing file to a new file. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| Ws2_32.DLL | socket | Create a communication endpoint for networking applications. |
| File Access |
| cmd.exe api-ms-win-crt-time-l1-1-0.dll WS2_32.dll api-ms-win-crt-utility-l1-1-0.dll api-ms-win-crt-environment-l1-1-0.dll api-ms-win-crt-filesystem-l1-1-0.dll api-ms-win-crt-convert-l1-1-0.dll api-ms-win-crt-locale-l1-1-0.dll api-ms-win-crt-string-l1-1-0.dll api-ms-win-crt-math-l1-1-0.dll api-ms-win-crt-stdio-l1-1-0.dll api-ms-win-crt-heap-l1-1-0.dll api-ms-win-crt-runtime-l1-1-0.dll SHELL32.dll KERNEL32.dll xrt_coreutil.dll host.os.sys os.sys .dat mem_topology.board.memory.dat @.dat Temp |
| File Access (UNICODE) |
| ntdll.dll kernel32.dll Temp AppData UserProfile |
| Interest's Words |
| exec attrib start hostname shutdown systeminfo ping |
| URLs |
| http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202014.crl http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202014.crt http://www.microsoft.com/pkiops/Docs/Repository.htm http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl http://www.microsoft.com/pkiops/certs/Microsoft%20Time-Stamp%20PCA%202010(1).crt http://www.microsoft.com/pkiops/crl/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crl http://www.microsoft.com/pkiops/certs/Microsoft%20Windows%20Third%20Party%20Component%20CA%202012.crt https://www.microsoft.com/en-us/windows |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (bind) |
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Ascii | WinAPI Sockets (send) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (CopyFile) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Execution (CreateProcessA) |
| Text | Ascii | Keyboard Key (Ctrl+C) |
| Text | Ascii | Unauthorized movement of funds or data (Transfer) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 (DLL) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \24\1\1033 | 2CB060 | 17D | 2C4060 | 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779 | <?xml version='1.0' encoding='UTF-8' standalone='y |
| Intelligent String |
| • api-ms-win-crt-filesystem-l1-1-0.dll • api-ms-win-crt-convert-l1-1-0.dll • api-ms-win-crt-math-l1-1-0.dll • api-ms-win-crt-stdio-l1-1-0.dll • api-ms-win-crt-heap-l1-1-0.dll • strncpynisspacemispunctapi-ms-win-crt-runtime-l1-1-0.dll • W:\src\sw-stack\XRT-MCDM\ext\include\boost-1_86\boost/asio/detail/impl/winsock_init.ippwinsocksystem • cmd.exe " • W:\src\sw-stack\XRT-MCDM\ext\include\boost-1_86\boost/property_tree/detail/ptree_implementation.hpp • /etc/msd.conf • W:\src\sw-stack\XRT-MCDM\ext\include\boost-1_86\boost/property_tree/json_parser.hpp • W:\src\sw-stack\XRT-MCDM\ext\include\boost-1_86\boost/property_tree/json_parser/detail/parser.hpp • .elf • W:\src\sw-stack\XRT-MCDM\ext\include\boost-1_86\boost/property_tree/json_parser/detail/write.hpp • host.xrt • kernel32.dll • ntdll.dll • W:\src\sw-stack\XRT-MCDM\build\WRelease\src\xrt\src\symbols\Release\xrt-smi.pdb • .tls • .bss • xrt_coreutil.dll • api-ms-win-crt-string-l1-1-0.dll • api-ms-win-crt-locale-l1-1-0.dll • api-ms-win-crt-environment-l1-1-0.dll • api-ms-win-crt-utility-l1-1-0.dll • ws2_32.dll • wcsncmpapi-ms-win-crt-time-l1-1-0.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 12F3 | N/A | .text | CALL QWORD PTR [RIP+0x22C53F] |
| 7940 | N/A | .text | CALL QWORD PTR [RIP+0x226622] |
| 795C | N/A | .text | CALL QWORD PTR [RIP+0x226606] |
| 7982 | N/A | .text | CALL QWORD PTR [RIP+0x2265E0] |
| 799E | N/A | .text | CALL QWORD PTR [RIP+0x2265C4] |
| 79C4 | N/A | .text | CALL QWORD PTR [RIP+0x22659E] |
| 79E0 | N/A | .text | CALL QWORD PTR [RIP+0x226582] |
| 7A06 | N/A | .text | CALL QWORD PTR [RIP+0x22655C] |
| 7A20 | N/A | .text | CALL QWORD PTR [RIP+0x226542] |
| 7F01 | N/A | .text | CALL QWORD PTR [RIP+0x226061] |
| 7F1D | N/A | .text | CALL QWORD PTR [RIP+0x226045] |
| 7F45 | N/A | .text | CALL QWORD PTR [RIP+0x22601D] |
| 7F61 | N/A | .text | CALL QWORD PTR [RIP+0x226001] |
| 7F89 | N/A | .text | CALL QWORD PTR [RIP+0x225FD9] |
| 7FA5 | N/A | .text | CALL QWORD PTR [RIP+0x225FBD] |
| 7FCD | N/A | .text | CALL QWORD PTR [RIP+0x225F95] |
| 7FE9 | N/A | .text | CALL QWORD PTR [RIP+0x225F79] |
| 8011 | N/A | .text | CALL QWORD PTR [RIP+0x225F51] |
| 802D | N/A | .text | CALL QWORD PTR [RIP+0x225F35] |
| 8055 | N/A | .text | CALL QWORD PTR [RIP+0x225F0D] |
| 8071 | N/A | .text | CALL QWORD PTR [RIP+0x225EF1] |
| 8099 | N/A | .text | CALL QWORD PTR [RIP+0x225EC9] |
| 80B5 | N/A | .text | CALL QWORD PTR [RIP+0x225EAD] |
| 80DD | N/A | .text | CALL QWORD PTR [RIP+0x225E85] |
| 80F9 | N/A | .text | CALL QWORD PTR [RIP+0x225E69] |
| 8121 | N/A | .text | CALL QWORD PTR [RIP+0x225E41] |
| 813D | N/A | .text | CALL QWORD PTR [RIP+0x225E25] |
| 8165 | N/A | .text | CALL QWORD PTR [RIP+0x225DFD] |
| 8181 | N/A | .text | CALL QWORD PTR [RIP+0x225DE1] |
| 81A9 | N/A | .text | CALL QWORD PTR [RIP+0x225DB9] |
| 81C5 | N/A | .text | CALL QWORD PTR [RIP+0x225D9D] |
| 81ED | N/A | .text | CALL QWORD PTR [RIP+0x225D75] |
| 8209 | N/A | .text | CALL QWORD PTR [RIP+0x225D59] |
| 8231 | N/A | .text | CALL QWORD PTR [RIP+0x225D31] |
| 824D | N/A | .text | CALL QWORD PTR [RIP+0x225D15] |
| 8275 | N/A | .text | CALL QWORD PTR [RIP+0x225CED] |
| 8291 | N/A | .text | CALL QWORD PTR [RIP+0x225CD1] |
| 82B9 | N/A | .text | CALL QWORD PTR [RIP+0x225CA9] |
| 82D5 | N/A | .text | CALL QWORD PTR [RIP+0x225C8D] |
| 82FD | N/A | .text | CALL QWORD PTR [RIP+0x225C65] |
| 8319 | N/A | .text | CALL QWORD PTR [RIP+0x225C49] |
| 8341 | N/A | .text | CALL QWORD PTR [RIP+0x225C21] |
| 835D | N/A | .text | CALL QWORD PTR [RIP+0x225C05] |
| 8385 | N/A | .text | CALL QWORD PTR [RIP+0x225BDD] |
| 83A1 | N/A | .text | CALL QWORD PTR [RIP+0x225BC1] |
| 83C9 | N/A | .text | CALL QWORD PTR [RIP+0x225B99] |
| 83E5 | N/A | .text | CALL QWORD PTR [RIP+0x225B7D] |
| 840D | N/A | .text | CALL QWORD PTR [RIP+0x225B55] |
| 8429 | N/A | .text | CALL QWORD PTR [RIP+0x225B39] |
| 8451 | N/A | .text | CALL QWORD PTR [RIP+0x225B11] |
| 846D | N/A | .text | CALL QWORD PTR [RIP+0x225AF5] |
| 8495 | N/A | .text | CALL QWORD PTR [RIP+0x225ACD] |
| 84AF | N/A | .text | CALL QWORD PTR [RIP+0x225AB3] |
| 965E | N/A | .text | CALL QWORD PTR [RIP+0x224904] |
| 9740 | N/A | .text | CALL QWORD PTR [RIP+0x224822] |
| 97E8 | N/A | .text | CALL QWORD PTR [RIP+0x22477A] |
| 98AB | N/A | .text | CALL QWORD PTR [RIP+0x2246B7] |
| 9ED5 | N/A | .text | CALL QWORD PTR [RIP+0x22408D] |
| 9FF4 | N/A | .text | CALL QWORD PTR [RIP+0x223F6E] |
| A0A7 | N/A | .text | CALL QWORD PTR [RIP+0x223EBB] |
| A12A | N/A | .text | CALL QWORD PTR [RIP+0x223E38] |
| A5EA | N/A | .text | CALL QWORD PTR [RIP+0x223978] |
| A6B5 | N/A | .text | CALL QWORD PTR [RIP+0x2238AD] |
| A721 | N/A | .text | CALL QWORD PTR [RIP+0x223841] |
| A792 | N/A | .text | CALL QWORD PTR [RIP+0x2237D0] |
| A831 | N/A | .text | CALL QWORD PTR [RIP+0x223731] |
| A920 | N/A | .text | CALL QWORD PTR [RIP+0x223642] |
| A9DF | N/A | .text | CALL QWORD PTR [RIP+0x223583] |
| AA1F | N/A | .text | CALL QWORD PTR [RIP+0x223543] |
| AA7F | N/A | .text | CALL QWORD PTR [RIP+0x2234E3] |
| AB19 | N/A | .text | CALL QWORD PTR [RIP+0x223449] |
| AE3A | N/A | .text | CALL QWORD PTR [RIP+0x223128] |
| AEF6 | N/A | .text | CALL QWORD PTR [RIP+0x22306C] |
| AF33 | N/A | .text | CALL QWORD PTR [RIP+0x22302F] |
| AF92 | N/A | .text | CALL QWORD PTR [RIP+0x222FD0] |
| B027 | N/A | .text | CALL QWORD PTR [RIP+0x222F3B] |
| B735 | N/A | .text | CALL QWORD PTR [RIP+0x22282D] |
| BB36 | N/A | .text | CALL QWORD PTR [RIP+0x22242C] |
| BF62 | N/A | .text | CALL QWORD PTR [RIP+0x222000] |
| BF7E | N/A | .text | CALL QWORD PTR [RIP+0x221FE4] |
| BF92 | N/A | .text | CALL QWORD PTR [RIP+0x221FD0] |
| BFA6 | N/A | .text | CALL QWORD PTR [RIP+0x221FBC] |
| BFC2 | N/A | .text | CALL QWORD PTR [RIP+0x221FA0] |
| BFE0 | N/A | .text | CALL QWORD PTR [RIP+0x221F82] |
| C227 | N/A | .text | CALL QWORD PTR [RIP+0x221D3B] |
| C26B | N/A | .text | CALL QWORD PTR [RIP+0x221CF7] |
| C2D1 | N/A | .text | CALL QWORD PTR [RIP+0x221C91] |
| C32C | N/A | .text | CALL QWORD PTR [RIP+0x221C36] |
| C37C | N/A | .text | CALL QWORD PTR [RIP+0x221BE6] |
| C3C1 | N/A | .text | CALL QWORD PTR [RIP+0x221BA1] |
| C47B | N/A | .text | CALL QWORD PTR [RIP+0x221AE7] |
| C4FB | N/A | .text | CALL QWORD PTR [RIP+0x221A67] |
| C524 | N/A | .text | CALL QWORD PTR [RIP+0x221A3E] |
| C560 | N/A | .text | CALL QWORD PTR [RIP+0x221A02] |
| C6F5 | N/A | .text | CALL QWORD PTR [RIP+0x22186D] |
| C733 | N/A | .text | CALL QWORD PTR [RIP+0x22182F] |
| C7B4 | N/A | .text | CALL QWORD PTR [RIP+0x2217AE] |
| C86D | N/A | .text | CALL QWORD PTR [RIP+0x2216F5] |
| CC46 | N/A | .text | CALL QWORD PTR [RIP+0x22131C] |
| CC62 | N/A | .text | CALL QWORD PTR [RIP+0x221300] |
| 2AFA00 | 1000 | .pdata | ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata |
| 2AFA0C | 1BC0 | .pdata | ExceptionHook | Pointer to 1BC0 - 0xFC0 .text + UnwindInfo: .rdata |
| 2AFA18 | 1EB0 | .pdata | ExceptionHook | Pointer to 1EB0 - 0x12B0 .text + UnwindInfo: .rdata |
| 2AFA24 | 1F30 | .pdata | ExceptionHook | Pointer to 1F30 - 0x1330 .text + UnwindInfo: .rdata |
| 2AFA30 | 1F60 | .pdata | ExceptionHook | Pointer to 1F60 - 0x1360 .text + UnwindInfo: .rdata |
| 2AFA3C | 2390 | .pdata | ExceptionHook | Pointer to 2390 - 0x1790 .text + UnwindInfo: .rdata |
| 2AFA48 | 27C0 | .pdata | ExceptionHook | Pointer to 27C0 - 0x1BC0 .text + UnwindInfo: .rdata |
| 2AFA54 | 33E0 | .pdata | ExceptionHook | Pointer to 33E0 - 0x27E0 .text + UnwindInfo: .rdata |
| 2AFA60 | 36F0 | .pdata | ExceptionHook | Pointer to 36F0 - 0x2AF0 .text + UnwindInfo: .rdata |
| 2AFA6C | 37D0 | .pdata | ExceptionHook | Pointer to 37D0 - 0x2BD0 .text + UnwindInfo: .rdata |
| 2AFA78 | 3800 | .pdata | ExceptionHook | Pointer to 3800 - 0x2C00 .text + UnwindInfo: .rdata |
| 2AFA84 | 3A30 | .pdata | ExceptionHook | Pointer to 3A30 - 0x2E30 .text + UnwindInfo: .rdata |
| 2AFA90 | 3CB0 | .pdata | ExceptionHook | Pointer to 3CB0 - 0x30B0 .text + UnwindInfo: .rdata |
| 2AFA9C | 3FF0 | .pdata | ExceptionHook | Pointer to 3FF0 - 0x33F0 .text + UnwindInfo: .rdata |
| 2AFAA8 | 4CF0 | .pdata | ExceptionHook | Pointer to 4CF0 - 0x40F0 .text + UnwindInfo: .rdata |
| 2AFAB4 | 51A0 | .pdata | ExceptionHook | Pointer to 51A0 - 0x45A0 .text + UnwindInfo: .rdata |
| 2AFAC0 | 51C0 | .pdata | ExceptionHook | Pointer to 51C0 - 0x45C0 .text + UnwindInfo: .rdata |
| 2AFACC | 5300 | .pdata | ExceptionHook | Pointer to 5300 - 0x4700 .text + UnwindInfo: .rdata |
| 2AFAD8 | 53E0 | .pdata | ExceptionHook | Pointer to 53E0 - 0x47E0 .text + UnwindInfo: .rdata |
| 2AFAE4 | 5520 | .pdata | ExceptionHook | Pointer to 5520 - 0x4920 .text + UnwindInfo: .rdata |
| 2AFAF0 | 5600 | .pdata | ExceptionHook | Pointer to 5600 - 0x4A00 .text + UnwindInfo: .rdata |
| 2AFAFC | 5740 | .pdata | ExceptionHook | Pointer to 5740 - 0x4B40 .text + UnwindInfo: .rdata |
| 2AFB08 | 5820 | .pdata | ExceptionHook | Pointer to 5820 - 0x4C20 .text + UnwindInfo: .rdata |
| 2AFB14 | 5850 | .pdata | ExceptionHook | Pointer to 5850 - 0x4C50 .text + UnwindInfo: .rdata |
| 2AFB20 | 5880 | .pdata | ExceptionHook | Pointer to 5880 - 0x4C80 .text + UnwindInfo: .rdata |
| 2AFB2C | 5910 | .pdata | ExceptionHook | Pointer to 5910 - 0x4D10 .text + UnwindInfo: .rdata |
| 2AFB38 | 5A40 | .pdata | ExceptionHook | Pointer to 5A40 - 0x4E40 .text + UnwindInfo: .rdata |
| 2AFB44 | 8390 | .pdata | ExceptionHook | Pointer to 8390 - 0x7790 .text + UnwindInfo: .rdata |
| 2AFB50 | 8650 | .pdata | ExceptionHook | Pointer to 8650 - 0x7A50 .text + UnwindInfo: .rdata |
| 2AFB5C | 90E0 | .pdata | ExceptionHook | Pointer to 90E0 - 0x84E0 .text + UnwindInfo: .rdata |
| 2AFB68 | 9270 | .pdata | ExceptionHook | Pointer to 9270 - 0x8670 .text + UnwindInfo: .rdata |
| 2AFB74 | 9D40 | .pdata | ExceptionHook | Pointer to 9D40 - 0x9140 .text + UnwindInfo: .rdata |
| 2AFB80 | 9D70 | .pdata | ExceptionHook | Pointer to 9D70 - 0x9170 .text + UnwindInfo: .rdata |
| 2AFB8C | 9DB0 | .pdata | ExceptionHook | Pointer to 9DB0 - 0x91B0 .text + UnwindInfo: .rdata |
| 2AFB98 | 9DE0 | .pdata | ExceptionHook | Pointer to 9DE0 - 0x91E0 .text + UnwindInfo: .rdata |
| 2AFBA4 | 9E70 | .pdata | ExceptionHook | Pointer to 9E70 - 0x9270 .text + UnwindInfo: .rdata |
| 2AFBB0 | 9E90 | .pdata | ExceptionHook | Pointer to 9E90 - 0x9290 .text + UnwindInfo: .rdata |
| 2AFBBC | 9EC0 | .pdata | ExceptionHook | Pointer to 9EC0 - 0x92C0 .text + UnwindInfo: .rdata |
| 2AFBC8 | 9F60 | .pdata | ExceptionHook | Pointer to 9F60 - 0x9360 .text + UnwindInfo: .rdata |
| 2AFBD4 | 9F80 | .pdata | ExceptionHook | Pointer to 9F80 - 0x9380 .text + UnwindInfo: .rdata |
| 2AFBE0 | 9FB0 | .pdata | ExceptionHook | Pointer to 9FB0 - 0x93B0 .text + UnwindInfo: .rdata |
| 2AFBEC | A030 | .pdata | ExceptionHook | Pointer to A030 - 0x9430 .text + UnwindInfo: .rdata |
| 2AFBF8 | A050 | .pdata | ExceptionHook | Pointer to A050 - 0x9450 .text + UnwindInfo: .rdata |
| 2AFC04 | A0A0 | .pdata | ExceptionHook | Pointer to A0A0 - 0x94A0 .text + UnwindInfo: .rdata |
| 2AFC10 | A0F0 | .pdata | ExceptionHook | Pointer to A0F0 - 0x94F0 .text + UnwindInfo: .rdata |
| 2AFC1C | A110 | .pdata | ExceptionHook | Pointer to A110 - 0x9510 .text + UnwindInfo: .rdata |
| 2AFC28 | A140 | .pdata | ExceptionHook | Pointer to A140 - 0x9540 .text + UnwindInfo: .rdata |
| 2AFC34 | A170 | .pdata | ExceptionHook | Pointer to A170 - 0x9570 .text + UnwindInfo: .rdata |
| 2AFC40 | A1A0 | .pdata | ExceptionHook | Pointer to A1A0 - 0x95A0 .text + UnwindInfo: .rdata |
| 2AFC4C | A1F0 | .pdata | ExceptionHook | Pointer to A1F0 - 0x95F0 .text + UnwindInfo: .rdata |
| 2AFC58 | A230 | .pdata | ExceptionHook | Pointer to A230 - 0x9630 .text + UnwindInfo: .rdata |
| 2AFC64 | A2A0 | .pdata | ExceptionHook | Pointer to A2A0 - 0x96A0 .text + UnwindInfo: .rdata |
| 2AFC70 | A330 | .pdata | ExceptionHook | Pointer to A330 - 0x9730 .text + UnwindInfo: .rdata |
| 2AFC7C | A370 | .pdata | ExceptionHook | Pointer to A370 - 0x9770 .text + UnwindInfo: .rdata |
| 2AFC88 | A396 | .pdata | ExceptionHook | Pointer to A396 - 0x9796 .text + UnwindInfo: .rdata |
| 2AFC94 | A40A | .pdata | ExceptionHook | Pointer to A40A - 0x980A .text + UnwindInfo: .rdata |
| 2AFCA0 | A430 | .pdata | ExceptionHook | Pointer to A430 - 0x9830 .text + UnwindInfo: .rdata |
| 2AFCAC | A456 | .pdata | ExceptionHook | Pointer to A456 - 0x9856 .text + UnwindInfo: .rdata |
| 2AFCB8 | A4CB | .pdata | ExceptionHook | Pointer to A4CB - 0x98CB .text + UnwindInfo: .rdata |
| 2AFCC4 | A560 | .pdata | ExceptionHook | Pointer to A560 - 0x9960 .text + UnwindInfo: .rdata |
| 2AFCD0 | A5A0 | .pdata | ExceptionHook | Pointer to A5A0 - 0x99A0 .text + UnwindInfo: .rdata |
| 2AFCDC | A6E0 | .pdata | ExceptionHook | Pointer to A6E0 - 0x9AE0 .text + UnwindInfo: .rdata |
| 2AFCE8 | A8A0 | .pdata | ExceptionHook | Pointer to A8A0 - 0x9CA0 .text + UnwindInfo: .rdata |
| 2AFCF4 | A8F8 | .pdata | ExceptionHook | Pointer to A8F8 - 0x9CF8 .text + UnwindInfo: .rdata |
| 2AFD00 | A902 | .pdata | ExceptionHook | Pointer to A902 - 0x9D02 .text + UnwindInfo: .rdata |
| 2AFD0C | A9AB | .pdata | ExceptionHook | Pointer to A9AB - 0x9DAB .text + UnwindInfo: .rdata |
| 2AFD18 | AA9F | .pdata | ExceptionHook | Pointer to AA9F - 0x9E9F .text + UnwindInfo: .rdata |
| 2AFD24 | AAF0 | .pdata | ExceptionHook | Pointer to AAF0 - 0x9EF0 .text + UnwindInfo: .rdata |
| 2AFD30 | AB30 | .pdata | ExceptionHook | Pointer to AB30 - 0x9F30 .text + UnwindInfo: .rdata |
| 2AFD3C | ABA0 | .pdata | ExceptionHook | Pointer to ABA0 - 0x9FA0 .text + UnwindInfo: .rdata |
| 2AFD48 | ABD0 | .pdata | ExceptionHook | Pointer to ABD0 - 0x9FD0 .text + UnwindInfo: .rdata |
| 2AFD54 | AC30 | .pdata | ExceptionHook | Pointer to AC30 - 0xA030 .text + UnwindInfo: .rdata |
| 2AFD60 | AD00 | .pdata | ExceptionHook | Pointer to AD00 - 0xA100 .text + UnwindInfo: .rdata |
| 2AFD6C | ADA0 | .pdata | ExceptionHook | Pointer to ADA0 - 0xA1A0 .text + UnwindInfo: .rdata |
| 2AFD78 | ADF0 | .pdata | ExceptionHook | Pointer to ADF0 - 0xA1F0 .text + UnwindInfo: .rdata |
| 2AFD84 | AE50 | .pdata | ExceptionHook | Pointer to AE50 - 0xA250 .text + UnwindInfo: .rdata |
| 2AFD90 | AED6 | .pdata | ExceptionHook | Pointer to AED6 - 0xA2D6 .text + UnwindInfo: .rdata |
| 2AFD9C | AF2E | .pdata | ExceptionHook | Pointer to AF2E - 0xA32E .text + UnwindInfo: .rdata |
| 2AFDA8 | AF40 | .pdata | ExceptionHook | Pointer to AF40 - 0xA340 .text + UnwindInfo: .rdata |
| 2AFDB4 | AFA0 | .pdata | ExceptionHook | Pointer to AFA0 - 0xA3A0 .text + UnwindInfo: .rdata |
| 2AFDC0 | B1A0 | .pdata | ExceptionHook | Pointer to B1A0 - 0xA5A0 .text + UnwindInfo: .rdata |
| 2AFDCC | B4B0 | .pdata | ExceptionHook | Pointer to B4B0 - 0xA8B0 .text + UnwindInfo: .rdata |
| 2AFDD8 | B790 | .pdata | ExceptionHook | Pointer to B790 - 0xAB90 .text + UnwindInfo: .rdata |
| 2AFDE4 | B800 | .pdata | ExceptionHook | Pointer to B800 - 0xAC00 .text + UnwindInfo: .rdata |
| 2AFDF0 | B880 | .pdata | ExceptionHook | Pointer to B880 - 0xAC80 .text + UnwindInfo: .rdata |
| 2AFDFC | B8CA | .pdata | ExceptionHook | Pointer to B8CA - 0xACCA .text + UnwindInfo: .rdata |
| 2AFE08 | B91F | .pdata | ExceptionHook | Pointer to B91F - 0xAD1F .text + UnwindInfo: .rdata |
| 2AFE14 | B930 | .pdata | ExceptionHook | Pointer to B930 - 0xAD30 .text + UnwindInfo: .rdata |
| 2AFE20 | B960 | .pdata | ExceptionHook | Pointer to B960 - 0xAD60 .text + UnwindInfo: .rdata |
| 2AFE2C | B9D0 | .pdata | ExceptionHook | Pointer to B9D0 - 0xADD0 .text + UnwindInfo: .rdata |
| 2AFE38 | BCB0 | .pdata | ExceptionHook | Pointer to BCB0 - 0xB0B0 .text + UnwindInfo: .rdata |
| 2AFE44 | BD80 | .pdata | ExceptionHook | Pointer to BD80 - 0xB180 .text + UnwindInfo: .rdata |
| 2AFE50 | BEC0 | .pdata | ExceptionHook | Pointer to BEC0 - 0xB2C0 .text + UnwindInfo: .rdata |
| 2AFE5C | BF00 | .pdata | ExceptionHook | Pointer to BF00 - 0xB300 .text + UnwindInfo: .rdata |
| 2AFE68 | BF3D | .pdata | ExceptionHook | Pointer to BF3D - 0xB33D .text + UnwindInfo: .rdata |
| 2AFE74 | C063 | .pdata | ExceptionHook | Pointer to C063 - 0xB463 .text + UnwindInfo: .rdata |
| 2AFE80 | C069 | .pdata | ExceptionHook | Pointer to C069 - 0xB469 .text + UnwindInfo: .rdata |
| 2AFE8C | C070 | .pdata | ExceptionHook | Pointer to C070 - 0xB470 .text + UnwindInfo: .rdata |
| 2AFE98 | C190 | .pdata | ExceptionHook | Pointer to C190 - 0xB590 .text + UnwindInfo: .rdata |
| 2AFEA4 | C450 | .pdata | ExceptionHook | Pointer to C450 - 0xB850 .text + UnwindInfo: .rdata |
| 2C6000 | N/A | *Overlay* | 684F00000002020030824F5A06092A864886F70D | hO......0.OZ..*.H... |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 1846217 | 63,0434% |
| Null Byte Code | 434935 | 14,8519% |
© 2026 All rights reserved.