PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Icon: Icon
Size: 526,11 KB
SHA-256 Hash: E2138362EA8CF69F86C567C0F7E74696017C410498A994258FD6A6CE97257A48
SHA-1 Hash: D27CE3CA0105312FD512EDFE587FE75A44C93198
MD5 Hash: 74F31BC80DB49C58BA0CA669594C744D
Imphash: 7A8C872F8E13D32F36A675B52EDA1D6E
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 0008F5E7
EntryPoint (rva): 125C0
SizeOfHeaders: 400
SizeOfImage: 85000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 2346C
IAT: 18000
Characteristics: 22
TimeDateStamp: 69340000
Date: 06/12/2025 10:05:52
File Type: EXE
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .reloc, .rsrc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60000020 (Code, Executable, Readable) 400 16E00 1000 16DAC6,3521678160,98
.rdata 40000040 (Initialized Data, Readable) 17200 C400 18000 C3A04,83241965630,65
.data C0000040 (Initialized Data, Readable, Writeable) 23600 C00 25000 1A482,2458422461,33
.pdata 40000040 (Initialized Data, Readable) 24200 1600 27000 14404,8811250531,18
.reloc 42000040 (Initialized Data, GP-Relative, Readable) 25800 400 29000 33C4,796519316,00
.rsrc 40000040 (Initialized Data, Readable) 25C00 5AE00 2A000 5AD985,300113011456,09
Description
OriginalFilename: RegistryExplorer.dll
CompanyName: Eric R. Zimmerman 501-313-3778
LegalCopyright: Eric Zimmerman
ProductName: Registry Explorer
FileVersion: 2.1.0.0
FileDescription: Registry Explorer
ProductVersion: 2.1.0+13ffd70124f0c9dafb4d1baf91986117ee98cd26
Comments: A Registry viewer powered by plugins
Language: Unknown (ID=0x0)
CodePage: Unicode (UTF-16 LE) (0x4B0)
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 119C0
Code -> 4883EC28E8EB0700004883C428E96AFEFFFFCCCCE9B7FAFFFFCCCCCC4883EC284D8B4138488BCA498BD1E80D000000B80100
SUB RSP, 0X28
CALL 0X17F4
ADD RSP, 0X28
JMP 0XE7C
INT3
INT3
JMP 0XAD0
INT3
INT3
INT3
SUB RSP, 0X28
MOV R8, QWORD PTR [R9 + 0X38]
MOV RCX, RDX
MOV RDX, R9
CALL 0X103C
Signatures
Rich Signature Analyzer:
Code -> F2E3AB16B682C545B682C545B682C545310BC644BC82C545310BC144BA82C545310BC044E182C545BFFA5645A682C545C203C444BF82C545B682C4456782C545270BCC44BC82C545270BC744B782C54552696368B682C545
Footprint md5 Hash -> 487814C13843B38E84F4B476626DB2C6
• The Rich header apparently has not been modified
Certificate - Digital Signature:
• The file is signed and the signature is correct
Packer/Compiler
Compiler: Microsoft Visual Studio
Detect It Easy (die)
PE+(64): compiler: Microsoft Visual C/C++(-)[-]
PE+(64): linker: Microsoft Linker(14.44**)[-]
PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7]
Entropy: 5.88976
Suspicious Functions
Library Function Description
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
SHELL32.DLL ShellExecuteW Performs a run operation on a specific file.
Windows REG (UNICODE)
SOFTWARE\dotnet
File Access
RegistryExplorer.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
USER32.dll
KERNEL32.dll
ADVAPI32.dll
SHELL32.dll
ntdll.dll
.dat
@.dat
Temp
File Access (UNICODE)
kernel32.dll
RegistryExplorer.dll
comctl32.dll
hostfxr.dll
ProgramFiles
Interest's Words
exec
attrib
start
ping
Interest's Words (UNICODE)
exec
start
URLs
http://crl.comodoca.com/AAACertificateServices.crl
http://ocsp.comodoca.com
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0
http://ocsp.sectigo.com
http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl
http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
http://ocsp.usertrust.com
https://sectigo.com/CPS0
URLs (UNICODE)
https://go.microsoft.com/fwlink/?linkid=798306
https://aka.ms/dotnet/app-launch-failedDownload the .NET runtime:%s&apphost_version=%s
https://aka.ms/dotnet-core-applaunch?
https://aka.ms/dotnet/app-launch-failed
https://aka.ms/dotnet/app-launch-failedWould you like to download it now?
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Unicode WinAPI Sockets (bind)
Text Ascii WinAPI Sockets (connect)
Text Ascii Registry (RegOpenKeyEx)
Text Ascii Registry (RegGetValue)
Text Ascii File (GetTempPath)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Text Ascii Anti-Analysis VM (GetVersion)
Text Ascii Reconnaissance (FindNextFileW)
Text Ascii Reconnaissance (FindClose)
Text Ascii Execution (ShellExecute)
Text Ascii Antivirus Software (comodo)
Text Unicode Malicious rerouting of traffic to an attacker-controlled site (Redirect)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Resources
Path DataRVA Size FileOffset CodeText
\ICON\1\0 2A190 468 25D90 28000000100000002000000001002000000000004004000000000000000000000000000000000000FFFFFF01FFFFFF01FFFF(....... ..... .....@.............................
\ICON\2\0 2A5F8 10A8 261F8 28000000200000004000000001002000000000008010000000000000000000000000000000000000FFFFFF01FFFFFF01FFFF(... ...@..... ...................................
\ICON\3\0 2B6A0 25A8 272A0 28000000300000006000000001002000000000008025000000000000000000000000000000000000FFFFFF01FFFFFF01FFFF(...0........ ......%............................
\ICON\4\0 2DC48 4228 29848 28000000400000008000000001002000000000000042000000000000000000000000000000000000FFFFFF01FFFFFF01FFFF(...@......... ......B............................
\ICON\5\0 31E70 10828 2DA70 28000000800000000001000001002000000000000008010000000000000000000000000000000000FFFFFF01FFFFFF01FFFF(............. ...................................
\ICON\6\0 42698 42028 3E298 28000000000100000002000001002000000000000020040000000000000000000000000000000000FFFFFF01FFFFFF01FFFF(............. ...... ............................
\GROUP_ICON\32512\0 846C0 5A 802C0 00000100060010100000010020006804000001002020000001002000A810000002003030000001002000A82500000300404000000100200028420000040080800000010020002808010005000000000001002000282004000600............ .h..... .... .......00.... ..%....@@.... .(B.......... .(........... .( ....
\VERSION\1\0 8471C 400 8031C 000434000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000100..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\0 84B1C 1EA 8071C EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65...<?xml version="1.0" encoding="UTF-8" standalone
Intelligent String
• RegistryExplorer.dll
• 2.1.0.0
• api-ms-win-crt-heap-l1-1-0.dll
• setvbufapi-ms-win-crt-runtime-l1-1-0.dll
• https://aka.ms/dotnet/app-launch-failed
• hostfxr.dll
• https://go.microsoft.com/fwlink/?linkid=798306
• <A HREF="
• comctl32.dll
• TaskDialogIndirect
• kernel32.dll
• ntdll.dll
• D:\a\_work\1\s\artifacts\obj\win-x64.Release\corehost\apphost\standalone\apphost.pdb
• .tls
• .bss
• KERNEL32.dll
• api-ms-win-crt-time-l1-1-0.dll
• api-ms-win-crt-stdio-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-math-l1-1-0.dll
Flow Anomalies
Offset RVA Section Description
6C5 N/A .text JMP QWORD PTR [RIP+0x8D480001]
889 N/A .text CALL QWORD PTR [RIP+0x16C59]
935 N/A .text CALL QWORD PTR [RIP+0x16BAD]
9BF N/A .text CALL QWORD PTR [RIP+0x16DB3]
A2E N/A .text CALL QWORD PTR [RIP+0x16D44]
D6A N/A .text CALL QWORD PTR [RIP+0x16A08]
E6F N/A .text CALL QWORD PTR [RIP+0x16903]
F91 N/A .text CALL QWORD PTR [RIP+0x167E1]
100C N/A .text CALL QWORD PTR [RIP+0x16766]
10BD N/A .text CALL QWORD PTR [RIP+0x166B5]
113B N/A .text CALL QWORD PTR [RIP+0x16637]
11DF N/A .text CALL QWORD PTR [RIP+0x16593]
13CE N/A .text CALL QWORD PTR [RIP+0x163A4]
145F N/A .text CALL QWORD PTR [RIP+0x16313]
14BB N/A .text CALL QWORD PTR [RIP+0x162B7]
1659 N/A .text CALL QWORD PTR [RIP+0x161F1]
16E8 N/A .text CALL QWORD PTR [RIP+0x15DFA]
172B N/A .text CALL QWORD PTR [RIP+0x15DB7]
18A2 N/A .text CALL QWORD PTR [RIP+0x15ED0]
19BD N/A .text CALL QWORD PTR [RIP+0x15DB5]
1C53 N/A .text CALL QWORD PTR [RIP+0x15B1F]
1D67 N/A .text CALL QWORD PTR [RIP+0x15A0B]
1E17 N/A .text CALL QWORD PTR [RIP+0x15653]
1F3E N/A .text CALL QWORD PTR [RIP+0x1552C]
1F91 N/A .text CALL QWORD PTR [RIP+0x158B9]
1FBA N/A .text CALL QWORD PTR [RIP+0x15890]
1FD1 N/A .text CALL QWORD PTR [RIP+0x15879]
1FE4 N/A .text CALL QWORD PTR [RIP+0x15486]
2059 N/A .text CALL QWORD PTR [RIP+0x15411]
20A1 N/A .text CALL QWORD PTR [RIP+0x157A9]
216E N/A .text CALL QWORD PTR [RIP+0x152FC]
21C2 N/A .text CALL QWORD PTR [RIP+0x15688]
21E6 N/A .text CALL QWORD PTR [RIP+0x15664]
221F N/A .text CALL QWORD PTR [RIP+0x1562B]
230D N/A .text CALL QWORD PTR [RIP+0x15465]
2370 N/A .text CALL QWORD PTR [RIP+0x15402]
23D3 N/A .text CALL QWORD PTR [RIP+0x1539F]
2439 N/A .text CALL QWORD PTR [RIP+0x15339]
24C3 N/A .text CALL QWORD PTR [RIP+0x152AF]
25D0 N/A .text CALL QWORD PTR [RIP+0x151A2]
2699 N/A .text CALL QWORD PTR [RIP+0x15121]
26AC N/A .text CALL QWORD PTR [RIP+0x150EE]
26B5 N/A .text CALL QWORD PTR [RIP+0x15105]
26C0 N/A .text CALL QWORD PTR [RIP+0x150DA]
26C9 N/A .text CALL QWORD PTR [RIP+0x150F1]
2768 N/A .text CALL QWORD PTR [RIP+0x150E2]
2981 N/A .text CALL QWORD PTR [RIP+0x14EC9]
29E5 N/A .text CALL QWORD PTR [RIP+0x14D8D]
2A9C N/A .text CALL QWORD PTR [RIP+0x14CD6]
2DE4 N/A .text CALL QWORD PTR [RIP+0x14A66]
2E05 N/A .text JMP QWORD PTR [RIP+0x14A45]
2F2C N/A .text CALL QWORD PTR [RIP+0x1472E]
2F3F N/A .text CALL QWORD PTR [RIP+0x1471B]
2F52 N/A .text CALL QWORD PTR [RIP+0x14708]
2F65 N/A .text CALL QWORD PTR [RIP+0x146F5]
2F78 N/A .text CALL QWORD PTR [RIP+0x146E2]
2F8B N/A .text CALL QWORD PTR [RIP+0x146CF]
3061 N/A .text CALL QWORD PTR [RIP+0x147E9]
30D1 N/A .text CALL QWORD PTR [RIP+0x14779]
33E3 N/A .text CALL QWORD PTR [RIP+0x14277]
33ED N/A .text CALL QWORD PTR [RIP+0x1426D]
34D6 N/A .text CALL QWORD PTR [RIP+0x1429C]
36AB N/A .text CALL QWORD PTR [RIP+0x140EF]
36B9 N/A .text CALL QWORD PTR [RIP+0x13DF9]
3717 N/A .text CALL QWORD PTR [RIP+0x13CF3]
3A35 N/A .text CALL QWORD PTR [RIP+0x139CD]
3A3E N/A .text CALL QWORD PTR [RIP+0x139E4]
3A8B N/A .text CALL QWORD PTR [RIP+0x13CE7]
3C94 N/A .text CALL QWORD PTR [RIP+0x13ADE]
3E34 N/A .text CALL QWORD PTR [RIP+0x137CE]
3E68 N/A .text CALL QWORD PTR [RIP+0x135FA]
3F0A N/A .text CALL QWORD PTR [RIP+0x13538]
3F2A N/A .text CALL QWORD PTR [RIP+0x13528]
3F4E N/A .text CALL QWORD PTR [RIP+0x134FC]
3F58 N/A .text CALL QWORD PTR [RIP+0x134FA]
3FC1 N/A .text CALL QWORD PTR [RIP+0x137B1]
3FD2 N/A .text CALL QWORD PTR [RIP+0x13480]
4280 N/A .text CALL QWORD PTR [RIP+0x13202]
4298 N/A .text CALL QWORD PTR [RIP+0x131D2]
42A9 N/A .text CALL QWORD PTR [RIP+0x131D1]
42EC N/A .text CALL QWORD PTR [RIP+0x13186]
4303 N/A .text CALL QWORD PTR [RIP+0x13157]
449D N/A .text CALL QWORD PTR [RIP+0x133AD]
44C2 N/A .text CALL QWORD PTR [RIP+0x12FB8]
450F N/A .text CALL QWORD PTR [RIP+0x13263]
4571 N/A .text CALL QWORD PTR [RIP+0x13091]
45F0 N/A .text CALL QWORD PTR [RIP+0x12EE2]
4603 N/A .text CALL QWORD PTR [RIP+0x12E4F]
465C N/A .text CALL QWORD PTR [RIP+0x12E76]
466A N/A .text CALL QWORD PTR [RIP+0x12DE8]
47BD N/A .text CALL QWORD PTR [RIP+0x12FB5]
4848 N/A .text CALL QWORD PTR [RIP+0x12DDA]
4941 N/A .text CALL QWORD PTR [RIP+0x12E31]
5042 N/A .text CALL QWORD PTR [RIP+0x12730]
53E6 N/A .text CALL QWORD PTR [RIP+0x1238C]
53FC N/A .text CALL QWORD PTR [RIP+0x12376]
5657 N/A .text CALL QWORD PTR [RIP+0x11FBB]
5692 N/A .text CALL QWORD PTR [RIP+0x11F70]
56E5 N/A .text CALL QWORD PTR [RIP+0x1208D]
577E N/A .text CALL QWORD PTR [RIP+0x11FF4]
359A0-359B7 N/A .rsrc Potential obfuscated jump sequence detected, count: 12
35BA8-35BC3 N/A .rsrc Potential obfuscated jump sequence detected, count: 14
5DCCE-5DCE7 N/A .rsrc Potential obfuscated jump sequence detected, count: 13
5E0C8-5E0F7 N/A .rsrc Potential obfuscated jump sequence detected, count: 24
5E4D4-5E503 N/A .rsrc Potential obfuscated jump sequence detected, count: 24
5E8E0-5E90F N/A .rsrc Potential obfuscated jump sequence detected, count: 24
24200 1010 .pdata ExceptionHook | Pointer to 1010 - 0x410 .text + UnwindInfo: .rdata
2420C 1040 .pdata ExceptionHook | Pointer to 1040 - 0x440 .text + UnwindInfo: .rdata
24218 1070 .pdata ExceptionHook | Pointer to 1070 - 0x470 .text + UnwindInfo: .rdata
24224 10A0 .pdata ExceptionHook | Pointer to 10A0 - 0x4A0 .text + UnwindInfo: .rdata
24230 10D0 .pdata ExceptionHook | Pointer to 10D0 - 0x4D0 .text + UnwindInfo: .rdata
2423C 1120 .pdata ExceptionHook | Pointer to 1120 - 0x520 .text + UnwindInfo: .rdata
24248 1140 .pdata ExceptionHook | Pointer to 1140 - 0x540 .text + UnwindInfo: .rdata
24254 11A0 .pdata ExceptionHook | Pointer to 11A0 - 0x5A0 .text + UnwindInfo: .rdata
24260 1240 .pdata ExceptionHook | Pointer to 1240 - 0x640 .text + UnwindInfo: .rdata
2426C 1260 .pdata ExceptionHook | Pointer to 1260 - 0x660 .text + UnwindInfo: .rdata
24278 12A0 .pdata ExceptionHook | Pointer to 12A0 - 0x6A0 .text + UnwindInfo: .rdata
24284 12E0 .pdata ExceptionHook | Pointer to 12E0 - 0x6E0 .text + UnwindInfo: .rdata
24290 1300 .pdata ExceptionHook | Pointer to 1300 - 0x700 .text + UnwindInfo: .rdata
2429C 1670 .pdata ExceptionHook | Pointer to 1670 - 0xA70 .text + UnwindInfo: .rdata
242A8 1A80 .pdata ExceptionHook | Pointer to 1A80 - 0xE80 .text + UnwindInfo: .rdata
242B4 1BA0 .pdata ExceptionHook | Pointer to 1BA0 - 0xFA0 .text + UnwindInfo: .rdata
242C0 1C20 .pdata ExceptionHook | Pointer to 1C20 - 0x1020 .text + UnwindInfo: .rdata
242CC 1CD0 .pdata ExceptionHook | Pointer to 1CD0 - 0x10D0 .text + UnwindInfo: .rdata
242D8 1D50 .pdata ExceptionHook | Pointer to 1D50 - 0x1150 .text + UnwindInfo: .rdata
242E4 1DA5 .pdata ExceptionHook | Pointer to 1DA5 - 0x11A5 .text + UnwindInfo: .rdata
242F0 1E4E .pdata ExceptionHook | Pointer to 1E4E - 0x124E .text + UnwindInfo: .rdata
242FC 1E6A .pdata ExceptionHook | Pointer to 1E6A - 0x126A .text + UnwindInfo: .rdata
24308 1E70 .pdata ExceptionHook | Pointer to 1E70 - 0x1270 .text + UnwindInfo: .rdata
24314 1E99 .pdata ExceptionHook | Pointer to 1E99 - 0x1299 .text + UnwindInfo: .rdata
24320 1FBF .pdata ExceptionHook | Pointer to 1FBF - 0x13BF .text + UnwindInfo: .rdata
2432C 1FD5 .pdata ExceptionHook | Pointer to 1FD5 - 0x13D5 .text + UnwindInfo: .rdata
24338 1FDB .pdata ExceptionHook | Pointer to 1FDB - 0x13DB .text + UnwindInfo: .rdata
24344 1FF0 .pdata ExceptionHook | Pointer to 1FF0 - 0x13F0 .text + UnwindInfo: .rdata
24350 2010 .pdata ExceptionHook | Pointer to 2010 - 0x1410 .text + UnwindInfo: .rdata
2435C 2070 .pdata ExceptionHook | Pointer to 2070 - 0x1470 .text + UnwindInfo: .rdata
24368 20D0 .pdata ExceptionHook | Pointer to 20D0 - 0x14D0 .text + UnwindInfo: .rdata
24374 2240 .pdata ExceptionHook | Pointer to 2240 - 0x1640 .text + UnwindInfo: .rdata
24380 2270 .pdata ExceptionHook | Pointer to 2270 - 0x1670 .text + UnwindInfo: .rdata
2438C 24F0 .pdata ExceptionHook | Pointer to 24F0 - 0x18F0 .text + UnwindInfo: .rdata
24398 25F0 .pdata ExceptionHook | Pointer to 25F0 - 0x19F0 .text + UnwindInfo: .rdata
243A4 3100 .pdata ExceptionHook | Pointer to 3100 - 0x2500 .text + UnwindInfo: .rdata
243B0 3300 .pdata ExceptionHook | Pointer to 3300 - 0x2700 .text + UnwindInfo: .rdata
243BC 3350 .pdata ExceptionHook | Pointer to 3350 - 0x2750 .text + UnwindInfo: .rdata
243C8 33E0 .pdata ExceptionHook | Pointer to 33E0 - 0x27E0 .text + UnwindInfo: .rdata
243D4 36F0 .pdata ExceptionHook | Pointer to 36F0 - 0x2AF0 .text + UnwindInfo: .rdata
243E0 3740 .pdata ExceptionHook | Pointer to 3740 - 0x2B40 .text + UnwindInfo: .rdata
243EC 37A0 .pdata ExceptionHook | Pointer to 37A0 - 0x2BA0 .text + UnwindInfo: .rdata
243F8 3800 .pdata ExceptionHook | Pointer to 3800 - 0x2C00 .text + UnwindInfo: .rdata
24404 38C0 .pdata ExceptionHook | Pointer to 38C0 - 0x2CC0 .text + UnwindInfo: .rdata
24410 3920 .pdata ExceptionHook | Pointer to 3920 - 0x2D20 .text + UnwindInfo: .rdata
2441C 3940 .pdata ExceptionHook | Pointer to 3940 - 0x2D40 .text + UnwindInfo: .rdata
24428 3980 .pdata ExceptionHook | Pointer to 3980 - 0x2D80 .text + UnwindInfo: .rdata
24434 39D0 .pdata ExceptionHook | Pointer to 39D0 - 0x2DD0 .text + UnwindInfo: .rdata
24440 3A10 .pdata ExceptionHook | Pointer to 3A10 - 0x2E10 .text + UnwindInfo: .rdata
2444C 3BD0 .pdata ExceptionHook | Pointer to 3BD0 - 0x2FD0 .text + UnwindInfo: .rdata
24458 3C20 .pdata ExceptionHook | Pointer to 3C20 - 0x3020 .text + UnwindInfo: .rdata
24464 3C90 .pdata ExceptionHook | Pointer to 3C90 - 0x3090 .text + UnwindInfo: .rdata
24470 3D10 .pdata ExceptionHook | Pointer to 3D10 - 0x3110 .text + UnwindInfo: .rdata
2447C 3D25 .pdata ExceptionHook | Pointer to 3D25 - 0x3125 .text + UnwindInfo: .rdata
24488 3D4C .pdata ExceptionHook | Pointer to 3D4C - 0x314C .text + UnwindInfo: .rdata
24494 3D70 .pdata ExceptionHook | Pointer to 3D70 - 0x3170 .text + UnwindInfo: .rdata
244A0 3D85 .pdata ExceptionHook | Pointer to 3D85 - 0x3185 .text + UnwindInfo: .rdata
244AC 3DAC .pdata ExceptionHook | Pointer to 3DAC - 0x31AC .text + UnwindInfo: .rdata
244B8 3DC0 .pdata ExceptionHook | Pointer to 3DC0 - 0x31C0 .text + UnwindInfo: .rdata
244C4 3E10 .pdata ExceptionHook | Pointer to 3E10 - 0x3210 .text + UnwindInfo: .rdata
244D0 3E26 .pdata ExceptionHook | Pointer to 3E26 - 0x3226 .text + UnwindInfo: .rdata
244DC 3E9E .pdata ExceptionHook | Pointer to 3E9E - 0x329E .text + UnwindInfo: .rdata
244E8 3EB0 .pdata ExceptionHook | Pointer to 3EB0 - 0x32B0 .text + UnwindInfo: .rdata
244F4 3F10 .pdata ExceptionHook | Pointer to 3F10 - 0x3310 .text + UnwindInfo: .rdata
24500 3F40 .pdata ExceptionHook | Pointer to 3F40 - 0x3340 .text + UnwindInfo: .rdata
2450C 3FA3 .pdata ExceptionHook | Pointer to 3FA3 - 0x33A3 .text + UnwindInfo: .rdata
24518 3FC0 .pdata ExceptionHook | Pointer to 3FC0 - 0x33C0 .text + UnwindInfo: .rdata
24524 4020 .pdata ExceptionHook | Pointer to 4020 - 0x3420 .text + UnwindInfo: .rdata
24530 4110 .pdata ExceptionHook | Pointer to 4110 - 0x3510 .text + UnwindInfo: .rdata
2453C 4170 .pdata ExceptionHook | Pointer to 4170 - 0x3570 .text + UnwindInfo: .rdata
24548 41B0 .pdata ExceptionHook | Pointer to 41B0 - 0x35B0 .text + UnwindInfo: .rdata
24554 41BD .pdata ExceptionHook | Pointer to 41BD - 0x35BD .text + UnwindInfo: .rdata
24560 41FA .pdata ExceptionHook | Pointer to 41FA - 0x35FA .text + UnwindInfo: .rdata
2456C 423C .pdata ExceptionHook | Pointer to 423C - 0x363C .text + UnwindInfo: .rdata
24578 426F .pdata ExceptionHook | Pointer to 426F - 0x366F .text + UnwindInfo: .rdata
24584 42E0 .pdata ExceptionHook | Pointer to 42E0 - 0x36E0 .text + UnwindInfo: .rdata
24590 46C0 .pdata ExceptionHook | Pointer to 46C0 - 0x3AC0 .text + UnwindInfo: .rdata
2459C 48E0 .pdata ExceptionHook | Pointer to 48E0 - 0x3CE0 .text + UnwindInfo: .rdata
245A8 4A10 .pdata ExceptionHook | Pointer to 4A10 - 0x3E10 .text + UnwindInfo: .rdata
245B4 4A40 .pdata ExceptionHook | Pointer to 4A40 - 0x3E40 .text + UnwindInfo: .rdata
245C0 4C10 .pdata ExceptionHook | Pointer to 4C10 - 0x4010 .text + UnwindInfo: .rdata
245CC 4E40 .pdata ExceptionHook | Pointer to 4E40 - 0x4240 .text + UnwindInfo: .rdata
245D8 5140 .pdata ExceptionHook | Pointer to 5140 - 0x4540 .text + UnwindInfo: .rdata
245E4 5180 .pdata ExceptionHook | Pointer to 5180 - 0x4580 .text + UnwindInfo: .rdata
245F0 6490 .pdata ExceptionHook | Pointer to 6490 - 0x5890 .text + UnwindInfo: .rdata
245FC 65B0 .pdata ExceptionHook | Pointer to 65B0 - 0x59B0 .text + UnwindInfo: .rdata
24608 6990 .pdata ExceptionHook | Pointer to 6990 - 0x5D90 .text + UnwindInfo: .rdata
24614 69C0 .pdata ExceptionHook | Pointer to 69C0 - 0x5DC0 .text + UnwindInfo: .rdata
24620 69E8 .pdata ExceptionHook | Pointer to 69E8 - 0x5DE8 .text + UnwindInfo: .rdata
2462C 6A2D .pdata ExceptionHook | Pointer to 6A2D - 0x5E2D .text + UnwindInfo: .rdata
24638 6A40 .pdata ExceptionHook | Pointer to 6A40 - 0x5E40 .text + UnwindInfo: .rdata
24644 6A71 .pdata ExceptionHook | Pointer to 6A71 - 0x5E71 .text + UnwindInfo: .rdata
24650 6AB8 .pdata ExceptionHook | Pointer to 6AB8 - 0x5EB8 .text + UnwindInfo: .rdata
2465C 6AD0 .pdata ExceptionHook | Pointer to 6AD0 - 0x5ED0 .text + UnwindInfo: .rdata
24668 6AFD .pdata ExceptionHook | Pointer to 6AFD - 0x5EFD .text + UnwindInfo: .rdata
24674 6B44 .pdata ExceptionHook | Pointer to 6B44 - 0x5F44 .text + UnwindInfo: .rdata
24680 6B60 .pdata ExceptionHook | Pointer to 6B60 - 0x5F60 .text + UnwindInfo: .rdata
2468C 6D70 .pdata ExceptionHook | Pointer to 6D70 - 0x6170 .text + UnwindInfo: .rdata
24698 6E17 .pdata ExceptionHook | Pointer to 6E17 - 0x6217 .text + UnwindInfo: .rdata
246A4 6E7E .pdata ExceptionHook | Pointer to 6E7E - 0x627E .text + UnwindInfo: .rdata
80A00 N/A *Overlay* 702E00000002020030822E6306092A864886F70D | p.......0..c..*.H...
Extra Analysis
Metric Value Percentage
Ascii Code 221679 41,148%
Null Byte Code 73213 13,5898%
© 2026 All rights reserved.