PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 111,00 KBSHA-256 Hash: D92F2EF49D6239850794028EED750533525A469128632A293B0B9407E958C712 SHA-1 Hash: 8EE530EEF1FE015CA2AE3BEC450E5A4D9409D587 MD5 Hash: 6EE21C192583371AF767C884BE36949D Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744 MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 4936 SizeOfHeaders: 200 SizeOfImage: 22000 ImageBase: 400000 Architecture: x86 ImportTable: 48E2 IAT: 2000 Characteristics: 22 TimeDateStamp: 90BCB401 Date: 13/12/2046 3:52:33 File Type: EXE Number Of Sections: 3 ASLR: Disabled Section Names: .text, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows Console UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
200 | 2A00 | 2000 | 293C |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
2C00 | 18E00 | 6000 | 18CA0 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
1BA00 | 200 | 20000 | C |
|
|
| Description |
| OriginalFilename: SendDisponibilidad.exe LegalCopyright: Copyright 2019 ProductName: SendDisponibilidad FileVersion: 2.0.0.0 FileDescription: SendDisponibilidad ProductVersion: 2.0.0.0 Language: Unknown (ID=0x0) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 2B36 Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Assembler |JMP DWORD PTR [0X402000] |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |
| Signatures |
| Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual .NET - (You can use a decompiler for this...) • AnyCPU: True • Version: v4.0 Detect It Easy (die) • PE: library: .NET(v4.0.30319)[-] • PE: linker: Microsoft Linker(48.0)[-] • Entropy: 5.14886 |
| File Access |
| SendDisponibilidad.exe mscoree.dll |
| File Access (UNICODE) |
| SendDisponibilidad.exe SendGmail.exe Temp |
| Interest's Words |
| smtp <body <main exec attrib start replace |
| Interest's Words (UNICODE) |
| smtp |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (send) |
| Text | Ascii | Information used for user authentication (Credential) |
| Entry Point | Hex Pattern | Microsoft Visual C / Basic .NET |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 |
| Entry Point | Hex Pattern | Microsoft Visual C v7.0 / Basic .NET |
| Entry Point | Hex Pattern | Microsoft Visual Studio .NET |
| Entry Point | Hex Pattern | Microsoft Windows Enhanced Metafile |
| Entry Point | Hex Pattern | .NET executable |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \ICON\1\0 | 6180 | 10828 | 2D80 | 2800000080000000000100000100200000000000000801000000000000000000000000000000000000000000000000000000 | (............. ................................... |
| \ICON\2\0 | 169B8 | 4228 | 135B8 | 2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000 | (...@......... ......B............................ |
| \ICON\3\0 | 1ABF0 | 25A8 | 177F0 | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\4\0 | 1D1A8 | 10A8 | 19DA8 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\5\0 | 1E260 | 468 | 1AE60 | 2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000 | (....... ..... .....@............................. |
| \GROUP_ICON\32512\0 | 1E6D8 | 4C | 1B2D8 | 000001000500808000000100200028080100010040400000010020002842000002003030000001002000A825000003002020000001002000A810000004001010000001002000680400000500 | ............ .(.....@@.... .(B....00.... ..%.... .... ............. .h..... |
| \VERSION\1\0 | 1E734 | 36C | 1B334 | 6C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | l.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\0 | 1EAB0 | 1EA | 1B6B0 | EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65 | ...<?xml version="1.0" encoding="UTF-8" standalone |
| Intelligent String |
| • 2.0.0.0 • SendDisponibilidad.exe • SendGmail.exe • D:\Proyectos\NewHotelUtil\SendDisponibilidad\obj\Debug\SendDisponibilidad.pdb • _CorExeMainmscoree.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 2B36 | 402000 | .text | JMP [static] | Indirect jump to absolute memory address |
| 741B | 23FFD64D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 760F | 1AFFD74D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 7E33 | 15FFDC5A | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 7E37 | 14FFDC5C | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 922F | BFFEC95 | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 942F | CFFEC95 | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 962F | CFFEB94 | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 982F | CFFEB93 | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 9A2F | CFFEB92 | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 9C2F | CFFEB91 | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| B8D3 | 26FF328A | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| B8DB | 25FF338B | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| B8DF | 24FF348C | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| BACF | 24FF348C | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| BAFF | 14FF57A9 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| BCCF | 24FF348B | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| BF03 | 14FF57A9 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| C0D3 | 24FF348B | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| C107 | 14FF57A9 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| C2D7 | 24FF348B | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| C30F | 14FF57A9 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| C4DB | 24FF338B | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| C51B | 14FF57A9 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| C6E3 | 24FF348C | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| C72F | 15FF57A9 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| C733 | 15FF57AA | .rsrc | CALL [static] | Indirect call to absolute memory address |
| C737 | 15FF58AA | .rsrc | CALL [static] | Indirect call to absolute memory address |
| C73B | 15FF58AA | .rsrc | CALL [static] | Indirect call to absolute memory address |
| C73F | 14FF59AB | .rsrc | CALL [static] | Indirect call to absolute memory address |
| C8EB | 24FF348C | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| CAF3 | 25FF338B | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| CAF7 | 24FF358C | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| CD03 | 24FF348B | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| CE5F | 1AFFDC5B | .rsrc | CALL [static] | Indirect call to absolute memory address |
| CF17 | 25FF348B | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| CF1B | 24FF358C | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 14A1B | 23FFE06C | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 1503B | 1AFFDE60 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 1513B | 1AFFDE5F | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 1523B | 1AFFDD5E | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 1533B | 1AFFDD5D | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 1543B | 1AFFDD5B | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 15887 | 25FF348C | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 1588B | 25FF358C | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 1588F | 25FF358D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 15893 | 25FF368D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 15897 | 25FF368D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 1589B | 25FF368D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 1589F | 25FF368D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 158A3 | 25FF368D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 158A7 | 25FF368E | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 158AB | 26FF368D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 15973 | 22FF348B | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 15A8F | 13FF57A9 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 18387 | 11FFE47B | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 184FF | 57FFD94F | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 18C9B | 1AFFDE60 | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 18D5B | 1AFFDD5D | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 18E0B | 12FFE06D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 18E73 | 27FF368D | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 1905B | 1AFFDB57 | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| 1A6B3 | 23FF59AB | .rsrc | CALL [static] | Indirect call to absolute memory address |
| 1A7B7 | 61FF348C | .rsrc | JMP [static] | Indirect jump to absolute memory address |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 51061 | 44,9228% |
| Null Byte Code | 32625 | 28,703% |
© 2026 All rights reserved.