PESCAN.IO — Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Executable header (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 309,50 KB
SHA-256 Hash: E0D8F24DAAEC0D239D81C08B8DFE389EC1BEAF69DA0919D7CC1F393FF9DD274E
SHA-1 Hash: B3DDA772F918D6232AF72A0EF965B3C339E2C60D
MD5 Hash: 78FDF5DBC9F56C66D53A7D94D3B058B4
Imphash: EF7EDF68E9A7DCD3D9E162218D564E9B
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 11A00
SizeOfHeaders: 400
SizeOfImage: 53000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 3EA80
IAT: 2E000
Characteristics: 23
TimeDateStamp: 697B897B
Date: 29/01/2026 16:23:23
File Type: EXE
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .fptable, .rsrc
Number Of Executable Sections: 1
Subsystem: Windows GUI

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	60000020 (Code, Executable, Readable)	400	2C400	1000	2C294	6,1163	1403001,23
.rdata	40000040 (Initialized Data, Readable)	2C800	11A00	2E000	119A0	4,7371	4085265,19
.data	C0000040 (Initialized Data, Readable, Writeable)	3E200	1A00	40000	2D14	3,5753	532386,92
.pdata	40000040 (Initialized Data, Readable)	3FC00	3200	43000	31EC	5,3068	393286,00
.fptable	C0000040 (Initialized Data, Readable, Writeable)	42E00	200	47000	100	0,0000	130560,00
.rsrc	40000040 (Initialized Data, Readable)	43000	A600	48000	A598	3,7378	3833434,13

Description

LegalCopyright: All rights reserved
ProductName: Update
FileVersion: 2.3.1.1
FileDescription: Update
ProductVersion: 2.3.1.1
Language: English (United States) (ID=0x409)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 10E00
Code -> 4883EC28E8BB0600004883C428E97AFEFFFFCCCC40534883EC20488BD9488BC2488D0D91CD01000F57C048890B488D530848
• SUB RSP, 0X28
• CALL 0X16C4
• ADD RSP, 0X28
• JMP 0XE8C
• INT3
• INT3
• PUSH RBX
• SUB RSP, 0X20
• MOV RBX, RCX
• MOV RAX, RDX
• LEA RCX, [RIP + 0X1CD91]
• XORPS XMM0, XMM0
• MOV QWORD PTR [RBX], RCX
• LEA RDX, [RBX + 8]

Signatures

Rich Signature Analyzer:
Code -> F5CA9E8AB1ABF0D9B1ABF0D9B1ABF0D9C52AF5D820ABF0D9C52AF3D8B9ABF0D93622F3D8B8ABF0D93622F4D8A0ABF0D93622F5D88BABF0D9C52AF4D8A0ABF0D9C52AF1D8BAABF0D9B1ABF1D912ABF0D93A22F9D8B0ABF0D93A220FD9B0ABF0D93A22F2D8B0ABF0D952696368B1ABF0D9
Footprint md5 Hash -> 23F84924D1972980DF5280A9E35D4023
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Detect It Easy (die)
• PE+(64): compiler: Microsoft Visual C/C++(-)[-]
• PE+(64): linker: Microsoft Linker(14.44**)[-]
• Entropy: 5.78184

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	VirtualAlloc	Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.

File Access

OLEAUT32.dll
ole32.dll
ADVAPI32.dll
USER32.dll
KERNEL32.dll
Fatlthunk.dll
.dat
@.dat

File Access (UNICODE)

\setup_helper.exe
Advapi32.dll
mscoree.dll
\install_log.txt
Update.vbs
\run_helper.vbs
\update_data.zip
Temp
AppData

Interest's Words

wscript
createobject
start
expand

Interest's Words (UNICODE)

wscript
shell.application
createobject
start
expand

URLs (UNICODE)

https://bsc-testnet.publicnode.com"
rpc(1) = "
https://bsc-testnet-dataseed.bnbchain.org"
rpc(2) = "

Known IP/Domains (UNICODE)

facebook.com

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (connect)
Text	Ascii	Registry (RegCreateKeyEx)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	Registry (RegSetValueEx)
Text	Ascii	Registry (RegDeleteKeyEx)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (VirtualAlloc)
Text	Ascii	Stealth (VirtualProtect)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\TYPELIB\1\1033	50B18	1A80	4BB18	4D5346540200010000000000090400000000000041000000010000000000000006000000FFFFFFFF00000000000000005000	MSFT................A...........................P.
\ICON\1\1033	48200	4228	43200	2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000	(...@......... ......B............................
\ICON\2\1033	4C428	25A8	47428	2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000	(...0........ ......%............................
\ICON\3\1033	4E9D0	10A8	499D0	2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\4\1033	4FA78	988	4AA78	2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000	(.......0..... ..................................
\ICON\5\1033	50400	468	4B400	2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000	(....... ..... .....@.............................
\GROUP_ICON\128\1033	50868	4C	4B868	00000100050040400000010020002842000001003030000001002000A825000002002020000001002000A8100000030018180000010020008809000004001010000001002000680400000500	......@@.... .(B....00.... ..%.... .... ............. ............. .h.....
\VERSION\1\1033	508B8	260	4B8B8	600234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000300	.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............

Intelligent String

• 2.3.1.1
• Fatlthunk.dll
• mscoree.dll
• rpc(0) = "https://bsc-testnet.publicnode.com"
• rpc(1) = "https://bsc-testnet-dataseed.bnbchain.org"
• rpc(2) = "https://bsc-testnet.drpc.org"
• Advapi32.dll
• .tls
• .bss
• KERNEL32.dll
• USER32.dll
• Update.vbs

Flow Anomalies

Offset	RVA	Section	Description
88C	N/A	.text	CALL QWORD PTR [RIP+0x2CFD6]
8E7	N/A	.text	CALL QWORD PTR [RIP+0x2CFAB]
A1A	N/A	.text	CALL QWORD PTR [RIP+0x2CA80]
C10	N/A	.text	CALL QWORD PTR [RIP+0x2C842]
CA1	N/A	.text	CALL QWORD PTR [RIP+0x2C8F1]
CC1	N/A	.text	CALL QWORD PTR [RIP+0x2C841]
CF7	N/A	.text	CALL QWORD PTR [RIP+0x2C783]
D31	N/A	.text	CALL QWORD PTR [RIP+0x2C7B1]
D7D	N/A	.text	CALL QWORD PTR [RIP+0x2C735]
D9C	N/A	.text	CALL QWORD PTR [RIP+0x2C6E6]
DC0	N/A	.text	CALL QWORD PTR [RIP+0x2C7EA]
E7B	N/A	.text	CALL QWORD PTR [RIP+0x2C63F]
EE7	N/A	.text	CALL QWORD PTR [RIP+0x2C5C3]
FC4	N/A	.text	CALL QWORD PTR [RIP+0x2C4B6]
10F5	N/A	.text	CALL QWORD PTR [RIP+0x2C685]
1151	N/A	.text	CALL QWORD PTR [RIP+0x2C629]
118E	N/A	.text	CALL QWORD PTR [RIP+0x2C36C]
11B7	N/A	.text	CALL QWORD PTR [RIP+0x2C323]
123B	N/A	.text	CALL QWORD PTR [RIP+0x2C1EF]
1281	N/A	.text	CALL QWORD PTR [RIP+0x2C279]
12AA	N/A	.text	CALL QWORD PTR [RIP+0x2C230]
13A6	N/A	.text	CALL QWORD PTR [RIP+0x2C06C]
13E5	N/A	.text	CALL QWORD PTR [RIP+0x2C115]
140B	N/A	.text	CALL QWORD PTR [RIP+0x2C0CF]
1461	N/A	.text	CALL QWORD PTR [RIP+0x2BFA9]
16B5	N/A	.text	CALL QWORD PTR [RIP+0x2BE15]
1B35	N/A	.text	CALL QWORD PTR [RIP+0x2BD45]
1F82	N/A	.text	CALL QWORD PTR [RIP+0x2B578]
1FA1	N/A	.text	CALL QWORD PTR [RIP+0x2B539]
1FD8	N/A	.text	CALL QWORD PTR [RIP+0x3FFDA]
1FED	N/A	.text	CALL QWORD PTR [RIP+0x2B41D]
2021	N/A	.text	CALL QWORD PTR [RIP+0x2B411]
2054	N/A	.text	CALL QWORD PTR [RIP+0x2B3A6]
2170	N/A	.text	CALL QWORD PTR [RIP+0x2B2A2]
2272	N/A	.text	CALL QWORD PTR [RIP+0x2B1B8]
2301	N/A	.text	CALL QWORD PTR [RIP+0x2B121]
2398	N/A	.text	CALL QWORD PTR [RIP+0x2B08A]
2472	N/A	.text	CALL QWORD PTR [RIP+0x2AFB0]
2546	N/A	.text	CALL QWORD PTR [RIP+0x2AED4]
25F8	N/A	.text	CALL QWORD PTR [RIP+0x2AF2A]
2901	N/A	.text	CALL QWORD PTR [RIP+0x2AEF1]
29C2	N/A	.text	CALL QWORD PTR [RIP+0x2AEC8]
2EAB	N/A	.text	CALL QWORD PTR [RIP+0x2A67F]
2ECB	N/A	.text	CALL QWORD PTR [RIP+0x2A65F]
2F01	N/A	.text	CALL QWORD PTR [RIP+0x2A5B9]
2F2C	N/A	.text	CALL QWORD PTR [RIP+0x2A586]
2F57	N/A	.text	CALL QWORD PTR [RIP+0x2A653]
2FF4	N/A	.text	CALL QWORD PTR [RIP+0x2A476]
3067	N/A	.text	CALL QWORD PTR [RIP+0x2A54B]
33FA	N/A	.text	CALL QWORD PTR [RIP+0x2A128]
3427	N/A	.text	CALL QWORD PTR [RIP+0x2A0FB]
3451	N/A	.text	CALL QWORD PTR [RIP+0x2A0D1]
347B	N/A	.text	CALL QWORD PTR [RIP+0x2A0A7]
35EF	N/A	.text	CALL QWORD PTR [RIP+0x29F33]
3671	N/A	.text	CALL QWORD PTR [RIP+0x2A181]
372A	N/A	.text	CALL QWORD PTR [RIP+0x2A0C8]
37A2	N/A	.text	CALL QWORD PTR [RIP+0x2A050]
37ED	N/A	.text	CALL QWORD PTR [RIP+0x2A005]
3810	N/A	.text	CALL QWORD PTR [RIP+0x29FE2]
38F0	N/A	.text	CALL QWORD PTR [RIP+0x29F02]
3948	N/A	.text	CALL QWORD PTR [RIP+0x29EAA]
3BD5	N/A	.text	CALL QWORD PTR [RIP+0x29C1D]
3C20	N/A	.text	CALL QWORD PTR [RIP+0x29BD2]
3D13	N/A	.text	CALL QWORD PTR [RIP+0x29AAF]
3F21	N/A	.text	CALL QWORD PTR [RIP+0x29501]
3FEE	N/A	.text	CALL QWORD PTR [RIP+0x29534]
407F	N/A	.text	CALL QWORD PTR [RIP+0x29383]
4317	N/A	.text	CALL QWORD PTR [RIP+0x294DB]
4333	N/A	.text	CALL QWORD PTR [RIP+0x294BF]
434F	N/A	.text	CALL QWORD PTR [RIP+0x294A3]
436B	N/A	.text	CALL QWORD PTR [RIP+0x29487]
43E7	N/A	.text	CALL QWORD PTR [RIP+0x2940B]
44C2	N/A	.text	CALL QWORD PTR [RIP+0x29330]
4636	N/A	.text	CALL QWORD PTR [RIP+0x291BC]
4679	N/A	.text	CALL QWORD PTR [RIP+0x29179]
48E6	N/A	.text	CALL QWORD PTR [RIP+0x28FA4]
49D4	N/A	.text	CALL QWORD PTR [RIP+0x28B4E]
4A07	N/A	.text	CALL QWORD PTR [RIP+0x28B1B]
4B9A	N/A	.text	CALL QWORD PTR [RIP+0x28988]
4BE0	N/A	.text	CALL QWORD PTR [RIP+0x28942]
548A	N/A	.text	CALL QWORD PTR [RIP+0x280E8]
553C	N/A	.text	CALL QWORD PTR [RIP+0x27FBE]
5947	N/A	.text	CALL QWORD PTR [RIP+0x27C2B]
59F7	N/A	.text	CALL QWORD PTR [RIP+0x27B03]
5CF2	N/A	.text	CALL QWORD PTR [RIP+0x27B30]
60D8	N/A	.text	CALL QWORD PTR [RIP+0x27382]
61D1	N/A	.text	CALL QWORD PTR [RIP+0x27289]
659A	N/A	.text	CALL QWORD PTR [RIP+0x26F38]
65CE	N/A	.text	CALL QWORD PTR [RIP+0x26EF4]
6606	N/A	.text	CALL QWORD PTR [RIP+0x26F9C]
6687	N/A	.text	CALL QWORD PTR [RIP+0x26E03]
66BE	N/A	.text	CALL QWORD PTR [RIP+0x26DA4]
7126	N/A	.text	CALL QWORD PTR [RIP+0x2666C]
7451	N/A	.text	CALL QWORD PTR [RIP+0x26121]
74A1	N/A	.text	CALL QWORD PTR [RIP+0x262D1]
74F5	N/A	.text	CALL QWORD PTR [RIP+0x2626D]
76E2	N/A	.text	CALL QWORD PTR [RIP+0x26168]
7748	N/A	.text	CALL QWORD PTR [RIP+0x2609A]
77B7	N/A	.text	CALL QWORD PTR [RIP+0x26053]
7A8E	N/A	.text	CALL QWORD PTR [RIP+0x259DC]
3FC00	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata
3FC0C	1030	.pdata	ExceptionHook \| Pointer to 1030 - 0x430 .text + UnwindInfo: .rdata
3FC18	1060	.pdata	ExceptionHook \| Pointer to 1060 - 0x460 .text + UnwindInfo: .rdata
3FC24	1080	.pdata	ExceptionHook \| Pointer to 1080 - 0x480 .text + UnwindInfo: .rdata
3FC30	10C0	.pdata	ExceptionHook \| Pointer to 10C0 - 0x4C0 .text + UnwindInfo: .rdata
3FC3C	10E4	.pdata	ExceptionHook \| Pointer to 10E4 - 0x4E4 .text + UnwindInfo: .rdata
3FC48	1120	.pdata	ExceptionHook \| Pointer to 1120 - 0x520 .text + UnwindInfo: .rdata
3FC54	1150	.pdata	ExceptionHook \| Pointer to 1150 - 0x550 .text + UnwindInfo: .rdata
3FC60	1210	.pdata	ExceptionHook \| Pointer to 1210 - 0x610 .text + UnwindInfo: .rdata
3FC6C	1260	.pdata	ExceptionHook \| Pointer to 1260 - 0x660 .text + UnwindInfo: .rdata
3FC78	12A0	.pdata	ExceptionHook \| Pointer to 12A0 - 0x6A0 .text + UnwindInfo: .rdata
3FC84	12E0	.pdata	ExceptionHook \| Pointer to 12E0 - 0x6E0 .text + UnwindInfo: .rdata
3FC90	1330	.pdata	ExceptionHook \| Pointer to 1330 - 0x730 .text + UnwindInfo: .rdata
3FC9C	13A0	.pdata	ExceptionHook \| Pointer to 13A0 - 0x7A0 .text + UnwindInfo: .rdata
3FCA8	1400	.pdata	ExceptionHook \| Pointer to 1400 - 0x800 .text + UnwindInfo: .rdata
3FCB4	1450	.pdata	ExceptionHook \| Pointer to 1450 - 0x850 .text + UnwindInfo: .rdata
3FCC0	14A0	.pdata	ExceptionHook \| Pointer to 14A0 - 0x8A0 .text + UnwindInfo: .rdata
3FCCC	1500	.pdata	ExceptionHook \| Pointer to 1500 - 0x900 .text + UnwindInfo: .rdata
3FCD8	1520	.pdata	ExceptionHook \| Pointer to 1520 - 0x920 .text + UnwindInfo: .rdata
3FCE4	1550	.pdata	ExceptionHook \| Pointer to 1550 - 0x950 .text + UnwindInfo: .rdata
3FCF0	1580	.pdata	ExceptionHook \| Pointer to 1580 - 0x980 .text + UnwindInfo: .rdata
3FCFC	1600	.pdata	ExceptionHook \| Pointer to 1600 - 0xA00 .text + UnwindInfo: .rdata
3FD08	1650	.pdata	ExceptionHook \| Pointer to 1650 - 0xA50 .text + UnwindInfo: .rdata
3FD14	1680	.pdata	ExceptionHook \| Pointer to 1680 - 0xA80 .text + UnwindInfo: .rdata
3FD20	16F0	.pdata	ExceptionHook \| Pointer to 16F0 - 0xAF0 .text + UnwindInfo: .rdata
3FD2C	1730	.pdata	ExceptionHook \| Pointer to 1730 - 0xB30 .text + UnwindInfo: .rdata
3FD38	1770	.pdata	ExceptionHook \| Pointer to 1770 - 0xB70 .text + UnwindInfo: .rdata
3FD44	17B0	.pdata	ExceptionHook \| Pointer to 17B0 - 0xBB0 .text + UnwindInfo: .rdata
3FD50	17F0	.pdata	ExceptionHook \| Pointer to 17F0 - 0xBF0 .text + UnwindInfo: .rdata
3FD5C	1820	.pdata	ExceptionHook \| Pointer to 1820 - 0xC20 .text + UnwindInfo: .rdata
3FD68	1850	.pdata	ExceptionHook \| Pointer to 1850 - 0xC50 .text + UnwindInfo: .rdata
3FD74	1890	.pdata	ExceptionHook \| Pointer to 1890 - 0xC90 .text + UnwindInfo: .rdata
3FD80	18B0	.pdata	ExceptionHook \| Pointer to 18B0 - 0xCB0 .text + UnwindInfo: .rdata
3FD8C	18D0	.pdata	ExceptionHook \| Pointer to 18D0 - 0xCD0 .text + UnwindInfo: .rdata
3FD98	1920	.pdata	ExceptionHook \| Pointer to 1920 - 0xD20 .text + UnwindInfo: .rdata
3FDA4	1960	.pdata	ExceptionHook \| Pointer to 1960 - 0xD60 .text + UnwindInfo: .rdata
3FDB0	1A50	.pdata	ExceptionHook \| Pointer to 1A50 - 0xE50 .text + UnwindInfo: .rdata
3FDBC	1AB0	.pdata	ExceptionHook \| Pointer to 1AB0 - 0xEB0 .text + UnwindInfo: .rdata
3FDC8	1B20	.pdata	ExceptionHook \| Pointer to 1B20 - 0xF20 .text + UnwindInfo: .rdata
3FDD4	1BC0	.pdata	ExceptionHook \| Pointer to 1BC0 - 0xFC0 .text + UnwindInfo: .rdata
3FDE0	1BE0	.pdata	ExceptionHook \| Pointer to 1BE0 - 0xFE0 .text + UnwindInfo: .rdata
3FDEC	1C00	.pdata	ExceptionHook \| Pointer to 1C00 - 0x1000 .text + UnwindInfo: .rdata
3FDF8	1C70	.pdata	ExceptionHook \| Pointer to 1C70 - 0x1070 .text + UnwindInfo: .rdata
3FE04	1CD0	.pdata	ExceptionHook \| Pointer to 1CD0 - 0x10D0 .text + UnwindInfo: .rdata
3FE10	1D10	.pdata	ExceptionHook \| Pointer to 1D10 - 0x1110 .text + UnwindInfo: .rdata
3FE1C	1D40	.pdata	ExceptionHook \| Pointer to 1D40 - 0x1140 .text + UnwindInfo: .rdata
3FE28	1D60	.pdata	ExceptionHook \| Pointer to 1D60 - 0x1160 .text + UnwindInfo: .rdata
3FE34	1E50	.pdata	ExceptionHook \| Pointer to 1E50 - 0x1250 .text + UnwindInfo: .rdata
3FE40	1FC0	.pdata	ExceptionHook \| Pointer to 1FC0 - 0x13C0 .text + UnwindInfo: .rdata
3FE4C	2100	.pdata	ExceptionHook \| Pointer to 2100 - 0x1500 .text + UnwindInfo: .rdata
3FE58	2180	.pdata	ExceptionHook \| Pointer to 2180 - 0x1580 .text + UnwindInfo: .rdata
3FE64	2210	.pdata	ExceptionHook \| Pointer to 2210 - 0x1610 .text + UnwindInfo: .rdata
3FE70	2240	.pdata	ExceptionHook \| Pointer to 2240 - 0x1640 .text + UnwindInfo: .rdata
3FE7C	2300	.pdata	ExceptionHook \| Pointer to 2300 - 0x1700 .text + UnwindInfo: .rdata
3FE88	2330	.pdata	ExceptionHook \| Pointer to 2330 - 0x1730 .text + UnwindInfo: .rdata
3FE94	2350	.pdata	ExceptionHook \| Pointer to 2350 - 0x1750 .text + UnwindInfo: .rdata
3FEA0	23A0	.pdata	ExceptionHook \| Pointer to 23A0 - 0x17A0 .text + UnwindInfo: .rdata
3FEAC	23D0	.pdata	ExceptionHook \| Pointer to 23D0 - 0x17D0 .text + UnwindInfo: .rdata
3FEB8	2400	.pdata	ExceptionHook \| Pointer to 2400 - 0x1800 .text + UnwindInfo: .rdata
3FEC4	2430	.pdata	ExceptionHook \| Pointer to 2430 - 0x1830 .text + UnwindInfo: .rdata
3FED0	2450	.pdata	ExceptionHook \| Pointer to 2450 - 0x1850 .text + UnwindInfo: .rdata
3FEDC	2490	.pdata	ExceptionHook \| Pointer to 2490 - 0x1890 .text + UnwindInfo: .rdata
3FEE8	24D0	.pdata	ExceptionHook \| Pointer to 24D0 - 0x18D0 .text + UnwindInfo: .rdata
3FEF4	2560	.pdata	ExceptionHook \| Pointer to 2560 - 0x1960 .text + UnwindInfo: .rdata
3FF00	2610	.pdata	ExceptionHook \| Pointer to 2610 - 0x1A10 .text + UnwindInfo: .rdata
3FF0C	2640	.pdata	ExceptionHook \| Pointer to 2640 - 0x1A40 .text + UnwindInfo: .rdata
3FF18	2660	.pdata	ExceptionHook \| Pointer to 2660 - 0x1A60 .text + UnwindInfo: .rdata
3FF24	2690	.pdata	ExceptionHook \| Pointer to 2690 - 0x1A90 .text + UnwindInfo: .rdata
3FF30	26E0	.pdata	ExceptionHook \| Pointer to 26E0 - 0x1AE0 .text + UnwindInfo: .rdata
3FF3C	2780	.pdata	ExceptionHook \| Pointer to 2780 - 0x1B80 .text + UnwindInfo: .rdata
3FF48	2860	.pdata	ExceptionHook \| Pointer to 2860 - 0x1C60 .text + UnwindInfo: .rdata
3FF54	2890	.pdata	ExceptionHook \| Pointer to 2890 - 0x1C90 .text + UnwindInfo: .rdata
3FF60	28B0	.pdata	ExceptionHook \| Pointer to 28B0 - 0x1CB0 .text + UnwindInfo: .rdata
3FF6C	28F0	.pdata	ExceptionHook \| Pointer to 28F0 - 0x1CF0 .text + UnwindInfo: .rdata
3FF78	2960	.pdata	ExceptionHook \| Pointer to 2960 - 0x1D60 .text + UnwindInfo: .rdata
3FF84	29A0	.pdata	ExceptionHook \| Pointer to 29A0 - 0x1DA0 .text + UnwindInfo: .rdata
3FF90	29E0	.pdata	ExceptionHook \| Pointer to 29E0 - 0x1DE0 .text + UnwindInfo: .rdata
3FF9C	2A20	.pdata	ExceptionHook \| Pointer to 2A20 - 0x1E20 .text + UnwindInfo: .rdata
3FFA8	2A80	.pdata	ExceptionHook \| Pointer to 2A80 - 0x1E80 .text + UnwindInfo: .rdata
3FFB4	2AA0	.pdata	ExceptionHook \| Pointer to 2AA0 - 0x1EA0 .text + UnwindInfo: .rdata
3FFC0	2B30	.pdata	ExceptionHook \| Pointer to 2B30 - 0x1F30 .text + UnwindInfo: .rdata
3FFCC	2C00	.pdata	ExceptionHook \| Pointer to 2C00 - 0x2000 .text + UnwindInfo: .rdata
3FFD8	2C30	.pdata	ExceptionHook \| Pointer to 2C30 - 0x2030 .text + UnwindInfo: .rdata
3FFE4	2C80	.pdata	ExceptionHook \| Pointer to 2C80 - 0x2080 .text + UnwindInfo: .rdata
3FFF0	2DF0	.pdata	ExceptionHook \| Pointer to 2DF0 - 0x21F0 .text + UnwindInfo: .rdata
3FFFC	2EC0	.pdata	ExceptionHook \| Pointer to 2EC0 - 0x22C0 .text + UnwindInfo: .rdata
40008	2F10	.pdata	ExceptionHook \| Pointer to 2F10 - 0x2310 .text + UnwindInfo: .rdata
40014	2FB0	.pdata	ExceptionHook \| Pointer to 2FB0 - 0x23B0 .text + UnwindInfo: .rdata
40020	3080	.pdata	ExceptionHook \| Pointer to 3080 - 0x2480 .text + UnwindInfo: .rdata
4002C	31E0	.pdata	ExceptionHook \| Pointer to 31E0 - 0x25E0 .text + UnwindInfo: .rdata
40038	3210	.pdata	ExceptionHook \| Pointer to 3210 - 0x2610 .text + UnwindInfo: .rdata
40044	3240	.pdata	ExceptionHook \| Pointer to 3240 - 0x2640 .text + UnwindInfo: .rdata
40050	3440	.pdata	ExceptionHook \| Pointer to 3440 - 0x2840 .text + UnwindInfo: .rdata
4005C	34E0	.pdata	ExceptionHook \| Pointer to 34E0 - 0x28E0 .text + UnwindInfo: .rdata
40068	3530	.pdata	ExceptionHook \| Pointer to 3530 - 0x2930 .text + UnwindInfo: .rdata
40074	35B0	.pdata	ExceptionHook \| Pointer to 35B0 - 0x29B0 .text + UnwindInfo: .rdata
40080	35D0	.pdata	ExceptionHook \| Pointer to 35D0 - 0x29D0 .text + UnwindInfo: .rdata
4008C	3760	.pdata	ExceptionHook \| Pointer to 3760 - 0x2B60 .text + UnwindInfo: .rdata
40098	3790	.pdata	ExceptionHook \| Pointer to 3790 - 0x2B90 .text + UnwindInfo: .rdata
400A4	3830	.pdata	ExceptionHook \| Pointer to 3830 - 0x2C30 .text + UnwindInfo: .rdata

Extra Analysis

Metric	Value	Percentage
Ascii Code	169476	53,4746%
Null Byte Code	86759	27,375%

PESCAN.IO - Analysis Report Basic