PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 1,37 MBSHA-256 Hash: 42CDB16F6DD64C4FEC30C7A71960FE4D0015862C37E7B02C8DBA5C0D68384C74 SHA-1 Hash: AD53FDDFBCEAD7B3E6C322C0AAD8C4A826BD4967 MD5 Hash: 7A4662BB7F331D2252F3D949657D821D Imphash: DAA01A2E7E70EF8B3ED0F442EACB2F8A MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 0016ACF8 EntryPoint (rva): 3D3270 SizeOfHeaders: 200 SizeOfImage: 3DF000 ImageBase: 0000000140000000 Architecture: x64 ImportTable: 3DE18C Characteristics: 22E TimeDateStamp: 65A7E13A Date: 17/01/2024 14:16:26 File Type: EXE Number Of Sections: 3 ASLR: Disabled Section Names (Optional Header): UPX0, UPX1, .rsrc Number Of Executable Sections: 2 Subsystem: Windows GUI [Incomplete Binary or Compressor Packer - 2,50 MB Missing] |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| UPX0 | 0xE0000080 Uninitialized Data Executable Readable Writeable |
200 | 0 | 1000 | 282000 |
|
|
| UPX1 | 0xE0000040 Initialized Data Executable Readable Writeable |
200 | 151000 | 283000 | 151000 |
|
|
| .rsrc | 0xC0000040 Initialized Data Readable Writeable |
151200 | A600 | 3D4000 | B000 |
|
|
| Description |
| OriginalFilename: rufus-4.4.exe CompanyName: Akeo Consulting LegalCopyright: 2011-2024 Pete Batard (GPL v3) LegalTrademarks: https://www.gnu.org/licenses/gpl-3.0.html ProductName: Rufus FileVersion: 4.4.2103 FileDescription: Rufus ProductVersion: 4.4.2103 Comments: https://rufus.ie Language: Unknown (ID=0x0) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (2) have the Entry Point Information -> EntryPoint (calculated) - 150470 Code -> 53565755488D35AAFDEAFF488DBEDBDFD7FF57B8ED173D00504889E14889FA4889F7BE41021500554889E5448B094989D048 Assembler |PUSH RBX |PUSH RSI |PUSH RDI |PUSH RBP |LEA RSI, [RIP - 0X150256] |LEA RDI, [RSI - 0X282025] |PUSH RDI |MOV EAX, 0X3D17ED |PUSH RAX |MOV RCX, RSP |MOV RDX, RDI |MOV RDI, RSI |MOV ESI, 0X150241 |PUSH RBP |MOV RBP, RSP |MOV R9D, DWORD PTR [RCX] |MOV R8, RDX |
| Signatures |
| Certificate - Digital Signature: • The file is signed and the signature is correct |
| Packer/Compiler |
| Compression: UPX Detect It Easy (die) • PE+(64): packer: UPX(4.22)[LZMA,brute] • PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7] • Entropy: 7.97162 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| SHELL32.DLL | ShellExecuteA | Performs a run operation on a specific file. |
| File Access |
| USER32.dll SHLWAPI.dll SHELL32.dll SETUPAPI.dll ole32.dll msvcrt.dll KERNEL32.DLL GDI32.dll CRYPT32.dll COMCTL32.dll ADVAPI32.dll |
| File Access (UNICODE) |
| 4.exe |
| Interest's Words |
| exec ping |
| URLs |
| http://schemas.microsoft.com/SMI/2005/WindowsSettings http://schemas.microsoft.com/SMI/2016/WindowsSettings http://schemas.microsoft.com/SMI/2019/WindowsSettings http://crl.comodoca.com/AAACertificateServices.crl http://ocsp.comodoca.com http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0 http://ocsp.sectigo.com http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt http://s.symcd.com http://s.symcb.com/universal-root.crl http://ts-crl.ws.symantec.com/sha256-tss-ca.crl http://ts-ocsp.ws.symantec.com http://ts-aia.ws.symantec.com/sha256-tss-ca.cer https://sectigo.com/CPS0 https://d.symcb.com/cps0% https://d.symcb.com/rpa0. https://d.symcb.com/rpa0@ |
| URLs (UNICODE) |
| https://rufus.ie https://www.gnu.org/licenses/gpl-3.0.html |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Antivirus Software (comodo) |
| Text | Ascii | Antivirus Software (Symantec) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \ICON\1\0 | 3D4E84 | 4228 | 152084 | 2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000 | (...@......... ......B............................ |
| \ICON\2\0 | 3D90B0 | 25A8 | 1562B0 | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\3\0 | 3DB65C | 10A8 | 15885C | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\4\0 | 3DC708 | 988 | 159908 | 2800000018000000300000000100200000000000600900000000000000000000000000000000000000000000000000000000 | (.......0..... .................................. |
| \ICON\5\0 | 3DD094 | 468 | 15A294 | 2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000 | (....... ..... .....@............................. |
| \DIALOG\101\0 | 12A4E8 | 95E | 1296E8 | 69A77D1AA2B55BB0F87DA58571E093AB2310FA53DC6C717B83029EAC5556FD948A5D69D16C0F0C12DB205E71053429540AE8 | i.}...[..}..q.....S.lq{....UV...]i.l.... q.4)T.. |
| \DIALOG\102\0 | 12AE48 | 13C | 12A048 | AA65B2D0D3FB5248D3295B42E6C351CF65BEE3ED789BE9BF233B17C41A3622B41F1BC25B3CC7B333A1D8E79C02BF7EE6B841 | .e....RH.)[B..Q.e...x...;...6"....[<..3......~..A |
| \DIALOG\103\0 | 12AF88 | 1D6 | 12A188 | A5C215384EE2DCF4CB28016D9428879A015E33DB15064A3E3D921E1E4FCE2A3BA01EE6A164D9D9EADC9AD84729DC68A259E2 | ...8N....(.m.(...3...J>=...O.*;....d......G).h.Y. |
| \DIALOG\104\0 | 12B160 | 514 | 12A360 | 11952A4E73A03E03EDCDFDF2DBFA786C0606C52FB6CFCFECE1EE15CE224FEC6D0D084CD872948FF25CD91CEDEF3D21568BBB | ..*Ns.>.......xl.../........"O.m..L.r...\....=!V.. |
| \DIALOG\105\0 | 12B678 | AC | 12A878 | E8CB8ECB114B62867CAC5D7BB069214BB87A6F43EF5A29AAB67F00ABFEF91D75A4037A93129760228862AD35ADEB42865D69 | .....Kb.|.]{.i!K.zoC.Z)........u..z...".b.5..B.]i |
| \DIALOG\106\0 | 12B728 | EA | 12A928 | 113A6EF7816A227A3295DB3D0415D944E9B085A8494C3EBE74945EE2BF749DB82C6A3DDC0FC581603F7C3A4F278FED3A4A00 | .:n..j"z2..=...D....IL>.t...t..,j=....?|:O'..:J. |
| \DIALOG\107\0 | 12B818 | 252 | 12AA18 | BAB26B5CAF24722F564894583225203F1D711C120EC15447713DE3D3371A71825CF57A9D5908712E23D1A090453F49346EFC | ..k\.$r/VH.X2% ?.q....TGq=..7.q.\.z.Y.q....E?I4n. |
| \DIALOG\108\0 | 12BA70 | 330 | 12AC70 | B8740FF4387EBF80BDCFD6744A2BE34C86D52D5619AFDBB5B54CDA467A5BEE493BCDDF370B0CB9C667C045204B93F6A535BB | .t..8~.....tJ+.L..-V.....L.Fz[.I;..7....g.E K...5. |
| \DIALOG\109\0 | 12BDA0 | 1B0 | 12AFA0 | 712F0CB70E2F3B76E99F8CBA6EBE3D6FE0B96ECA4F305308C54D871D40CCA34D700B2A5629EB533C7FC48F857408801321C8 | q/.../;v....n.=o..n.O0S..M..@..Mp.*V).S<....t...!. |
| \DIALOG\110\0 | 12BF50 | 3E2 | 12B150 | 572BD8EAC8064E8AF7A84087B2596D387F2C7EE1B32E658DE825A1628656AF1891ACA426982643913C07B59DCDBC8927338A | W+....N...@..Ym8.,~...e..%.b.V.....&.&C.<......'3. |
| \RCDATA\121\0 | 12C338 | 26A | 12B538 | 13FDC4E391418CF8D9023463C5D816DACCF0E88C13AC24B6170864C3FF9BDC19B52C97512E5CAA5E8923C924F2BDE81457CC | .....A....4c..........$...d......,.Q.\...$....W. |
| \RCDATA\122\0 | 12C5A8 | 1A5 | 12B7A8 | 5E4DAED7C3590C3533B3ABDE7D6BF50A585BDBA14BC7E4E5CDFF6977780490095E21966C87618B670ED2AEF5BD11E097DB0A | M...Y.53...}k..X[..K.....iwx...!.l.a.g.......... |
| \RCDATA\123\0 | 12C750 | CF | 12B950 | 81F74E1A2B2F1FF632C67E28BAC8F8D15A3E665D87FBD59939AC863DBE21212077B52C5872B12C7488A65B9699B8BF3368CF | ..N.+/..2.~(....Z>f]....9..=.!! w.,Xr.,t..[....3h. |
| \RCDATA\124\0 | 12C820 | 15F | 12BA20 | FF40A12EF21CEFC17E6161903C90D354E4F9742E0DF83F30386B1CC52A7F2F198C9E0296AA4587D9C538B2E45E6A7CD96AC1 | .@......~aa.<..T..t...?08k..*./......E...8..j|.j. |
| \RCDATA\125\0 | 12C980 | BF | 12BB80 | ECCD930797E1204F3BF3ABEF7AD474E301359A35F35BBC13D51D5153FF6F1BAB5C6B05EEC99BBB24B5338A954302D300028A | ...... O;...z.t..5.5.[....QS.o..\k.....$.3..C..... |
| \RCDATA\126\0 | 12CA40 | 1F6 | 12BC40 | 328F883EF3FEC3301687F2B8B32F0D35FA19032509157497EA8B642B33D86D98FA95568F37F6D99C6A488D9B1AAED9CE60C5 | 2..>...0...../.5...%..t...d+3.m...V.7...jH....... |
| \RCDATA\131\0 | 12CC38 | 33B | 12BE38 | 60C663EB32D57A52ECB9585051E23A9D55A6E254737E73EAC7618E681C2DF9C80DF187636FE62EA5F12453481C5FA6AEF557 | .c.2.zR..XPQ.:.U..Ts~s..a.h.-.....co....$SH._...W |
| \RCDATA\132\0 | 12CF78 | 1F0 | 12C178 | CBAEBA4B6D88282B6CB9060E6E459886C869CAD01151BE8AB2EAE8F67D98905272426C74E9C5C6B24AA6F602AFDB46911C16 | ...Km.(+l...nE...i...Q......}..RrBlt....J.....F... |
| \RCDATA\133\0 | 12D168 | 181 | 12C368 | FD1A16D32255CA0CC88735749DE98D4E683F47DAF1A6CD754FB6C5A71EF914BD2FC509D5DFA6E7300CB3F5005D32677F34F7 | ...."U....5t...Nh?G....uO......./......0....]2g.4. |
| \RCDATA\134\0 | 12D2F0 | 205 | 12C4F0 | 165BE3D5D80A3E69B271CF7661175CB4905F1A9BC23A66D27EE748232A8C90C73A5DB6DFD04E3227535A3878194C11AE538A | .[....>i.q.va.\.._...:f.~.H*...:]...N2'SZ8x.L..S. |
| \RCDATA\135\0 | 12D4F8 | 154 | 12C6F8 | C1A07EF6DB7792635B7B1EEF5A9B546DBE99E8DC35BC0DEE4EEAA0CFBF736A2E7C4B8B86E8FA156174941E072866165BE4AC | ..~..w.c[{..Z.Tm....5...N....sj.|K.....at...(f.[.. |
| \RCDATA\136\0 | 12D650 | 279 | 12C850 | 7F0A5C0BB9FE76391DEFC0C00A5B84A8049CE44C27ACAAC3E322D2B57D7BDE1DE0107FD21F0F3C2BC6FB309E3E227B811D7F | ..\...v9.....[.....L'...."..}{........<+..0.>"{... |
| \RCDATA\141\0 | 12D8D0 | 430 | 12CAD0 | D060E9F8286BBD9C784E6AD9FD246413338EBA1770D78D52CAB0D974EA9AB22DB626BC17993DA78548FBD6F926EEA3BC5A8E | ...(k..xNj..$d.3...p..R...t...-.&...=..H...&...Z. |
| \RCDATA\142\0 | 12DD00 | 2DC | 12CF00 | 3DE6D805A1106F085EE5E9BBD212FD8D84A669FCCD5D7FE0BA431D382ABA9B49F02061615F7C3D6A2E50B12638BB2B0BEA06 | =.....o..........i..]...C.8*..I. aa_|=j.P.&8.+... |
| \RCDATA\143\0 | 12DFE0 | 120 | 12D1E0 | 7E6AD514C7C1FF8A104304EA888AE871B5261B1CF1617DB5548C9DD867BF36A0B9AC5AE36AB5E82E17BE676F1113618F0B88 | ~j.......C.....q.&...a}.T...g.6...Z.j.....go..a... |
| \RCDATA\144\0 | 12E100 | 16D | 12D300 | B66983FDBCC5857A4B760E40D9202041D3F269C66A0A948BC3A28B27CB10F4F1718BF23DDB436B1623C8812F964DF06C646E | .i.....zKv.@. A..i.j......'....q..=.Ck.../.M.ldn |
| \RCDATA\145\0 | 12E270 | 10D | 12D470 | 3448100A46886A74BC568D94830129323B76CBC4FE43899FF7D6D07AC12CBF6EEDC0319C75D61DE8CC06BB0690674ED98C0B | 4H..F.jt.V....)2;v...C.....z.,.n..1.u........gN... |
| \RCDATA\146\0 | 12E380 | 366 | 12D580 | 0F8AAC6F31F68FB0C7B44911E003C627AA2C56AE5511355A0867E2954019985E4AB8C2212F325B3C54D32DE0E1494078E2A1 | ...o1.....I....'.,V.U.5Z.g..@..J..!/2[<T.-..I@x.. |
| \RCDATA\300\0 | 12E6E8 | 14DE8 | 12D8E8 | 3FA780829DA6D8E38523622CE7DF5812271250A6C3B5564EDF976E8538B0B168F372EF5655D3166BCECF27211E1FC1A96136 | ?........b,..X.'.P...VN..n.8..h.r.VU..k..'!....a6 |
| \RCDATA\301\0 | 1434D0 | B4B0 | 1426D0 | 3B223792560DA54C6489024E7C7CABDAECDE967991D3805D7EAD020BEB8682AE31241F125046DDA9A79DE10623F3D4900885 | ;"7.V..Ld..N||.....y...]~.......1$..PF........... |
| \RCDATA\302\0 | 14E980 | E49 | 14DB80 | 9D261CC2C48B8C927458DD67286D7DE2ED897729A2D540B74A4063E677B65B390A3A5C41B5854FD12341C03AE0D505C9F2B1 | .&......tX.g(m}...w)..@.J@c.w.[9.:\A..O.A.:...... |
| \RCDATA\303\0 | 14F7D0 | 2CB6 | 14E9D0 | 8B7007B1417563CF41C63937AFF7657B34BD70FA7144947FE0FB96C85C5F9ED11721EE9A5F3AD3E1E871736A575B65532891 | .p..Auc.A.97..e{4.p.qD......\_...!.._:...qsjW[eS(. |
| \RCDATA\304\0 | 152488 | 3F74 | 151688 | 43010000680B008044010000900B008045010000B80B008046010000E00B008090010000080C008091010000300C00809201 | C...h...D.......E.......F...................0..... |
| \RCDATA\305\0 | 156400 | 9DA8 | 155600 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\306\0 | 1601A8 | 7436 | 15F3A8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\307\0 | 1675E0 | 7DB2 | 1667E0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\308\0 | 16F398 | 3331 | 16E598 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\309\0 | 1726D0 | 1940 | 1718D0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\310\0 | 174010 | 1B93 | 173210 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\311\0 | 175BA8 | 155D | 174DA8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\312\0 | 177108 | 114F | 176308 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\313\0 | 178258 | 1C31 | 177458 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\314\0 | 179E90 | 1CF1 | 179090 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\315\0 | 17BB88 | 150B | 17AD88 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\316\0 | 17D098 | 1B3D | 17C298 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\317\0 | 17EBD8 | 1699 | 17DDD8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\318\0 | 180278 | 15A7 | 17F478 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\319\0 | 181820 | 1C3C | 180A20 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\320\0 | 183460 | 1FB7 | 182660 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\321\0 | 185418 | 1889 | 184618 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\322\0 | 186CA8 | 1E4E | 185EA8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\323\0 | 188AF8 | 193A | 187CF8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\324\0 | 18A438 | 1E71 | 189638 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\325\0 | 18C2B0 | 22E1 | 18B4B0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\326\0 | 18E598 | 1426 | 18D798 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\400\0 | 18F9C0 | 200 | 18EBC0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\401\0 | 18FBC0 | 8E88 | 18EDC0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\402\0 | 198A48 | 200 | 197C48 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\403\0 | 198C48 | 10A19 | 197E48 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\404\0 | 1A9668 | 855C | 1A8868 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\450\0 | 1B1BC8 | 2000 | 1B0DC8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\451\0 | 1B3BC8 | 95FF | 1B2DC8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\452\0 | 1BD1C8 | 4F1 | 1BC3C8 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\500\0 | 1BD6C0 | 10F144 | 1BC8C0 | 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | .................................................. |
| \RCDATA\501\0 | 2CC808 | 800 | 49A08 | 74B542FFABB0DACDF3CAAF7CACF6B11EA134F45D200B53DA9F45EDC3DFBC1D09A602991F57AFB17848E2C1A313EC4327D602 | t.B........|.....4.] .S..E..........W..xH.....C'.. |
| \RCDATA\502\0 | 2CD008 | 100000 | 4A208 | 6F74CC67466214B7DC0352DB58E1D9359167C46B36E93998B087CF8DE067E933A7D4C7B5A7CD4C9E6D5F41CB60ED8AAD31BB | ot.gFb....R.X..5.g.k6.9......g.3......L.m_A....1. |
| \GROUP_ICON\120\0 | 3DD500 | 4C | 15A700 | 00000100050040400000010020002842000001003030000001002000A825000002002020000001002000A8100000030018180000010020008809000004001010000001002000680400000500 | ......@@.... .(B....00.... ..%.... .... ............. ............. .h..... |
| \VERSION\1\0 | 3DD550 | 378 | 15A750 | 780334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000400 | x.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\0 | 3DD8CC | 8BE | 15AACC | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • https://rufus.ie • https://www.gnu.org/licenses/gpl-3.0.html • rufus-4.4.exe • <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"> • <asmv3:windowsSettings xmlns:ws2="http://schemas.microsoft.com/SMI/2016/WindowsSettings"> • <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2019/WindowsSettings"> • +0U 00U 0g0KUD0B0@><:http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0{+o0m0F+0:http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0+0http://ocsp.sectigo.com0*H_6rZ-9JZBJ |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| FC6 | N/A | UPX1 | JMP QWORD PTR [RIP+0xA0EF0B84] |
| 1F3C | N/A | UPX1 | CALL QWORD PTR [RIP+0x1E72992A] |
| 15628 | N/A | UPX1 | CALL QWORD PTR [RIP+0x2031B746] |
| 15ED5 | N/A | UPX1 | JMP QWORD PTR [RIP+0x622328DA] |
| 297F9 | N/A | UPX1 | CALL QWORD PTR [RIP+0x14EA2D2B] |
| 2A921 | N/A | UPX1 | CALL QWORD PTR [RIP+0xDC0E694A] |
| 43451 | N/A | UPX1 | CALL QWORD PTR [RIP+0x75E8A9B8] |
| 4D3DF | N/A | UPX1 | CALL QWORD PTR [RIP+0xAFD7C668] |
| 56A9A | N/A | UPX1 | CALL QWORD PTR [RIP+0xB1A1785C] |
| 5C4E4 | N/A | UPX1 | JMP QWORD PTR [RIP+0x94248E4F] |
| 5D81C | N/A | UPX1 | CALL QWORD PTR [RIP+0xA581D12E] |
| 601DC | N/A | UPX1 | JMP QWORD PTR [RIP+0xD9C093D6] |
| 623DB | N/A | UPX1 | JMP QWORD PTR [RIP+0x6A0E8D7F] |
| 62E93 | N/A | UPX1 | JMP QWORD PTR [RIP+0x64161496] |
| 63EFD | N/A | UPX1 | CALL QWORD PTR [RIP+0x40C0FB29] |
| 65EC1 | N/A | UPX1 | JMP QWORD PTR [RIP+0xE3D11F24] |
| 6A0DD | N/A | UPX1 | CALL QWORD PTR [RIP+0xA1DC0AF4] |
| 6E61D | N/A | UPX1 | JMP QWORD PTR [RIP+0x37642452] |
| 730F2 | N/A | UPX1 | CALL QWORD PTR [RIP+0xC285B093] |
| 7C0FA | N/A | UPX1 | JMP QWORD PTR [RIP+0x4105908F] |
| 94FE5 | N/A | UPX1 | JMP QWORD PTR [RIP+0x65E4E3A0] |
| 9D44D | N/A | UPX1 | JMP QWORD PTR [RIP+0x2D63DD75] |
| A43A5 | N/A | UPX1 | CALL QWORD PTR [RIP+0x9B42EE] |
| A4C61 | N/A | UPX1 | CALL QWORD PTR [RIP+0x49A3788C] |
| A4D48 | N/A | UPX1 | CALL QWORD PTR [RIP+0x9DEB0D23] |
| BA33A | N/A | UPX1 | CALL QWORD PTR [RIP+0xBBACDC90] |
| BE773 | N/A | UPX1 | JMP QWORD PTR [RIP+0x98C87740] |
| D3084 | N/A | UPX1 | JMP QWORD PTR [RIP+0x8F2DADB3] |
| D312B | N/A | UPX1 | CALL QWORD PTR [RIP+0x34E0F201] |
| D7B08 | N/A | UPX1 | JMP QWORD PTR [RIP+0x370AD674] |
| E0E44 | N/A | UPX1 | CALL QWORD PTR [RIP+0xFA82BB69] |
| E995D | N/A | UPX1 | CALL QWORD PTR [RIP+0x36294A6] |
| E9EE1 | N/A | UPX1 | JMP QWORD PTR [RIP+0xBEBB7C37] |
| F83E7 | N/A | UPX1 | CALL QWORD PTR [RIP+0x564B32B4] |
| F8840 | N/A | UPX1 | CALL QWORD PTR [RIP+0x30045500] |
| FC0A5 | N/A | UPX1 | CALL QWORD PTR [RIP+0x74EF8705] |
| FEAC9 | N/A | UPX1 | CALL QWORD PTR [RIP+0xE811BC77] |
| 102C87 | N/A | UPX1 | JMP QWORD PTR [RIP+0xAA504459] |
| 10A19F | N/A | UPX1 | CALL QWORD PTR [RIP+0x75D050F9] |
| 126205 | N/A | UPX1 | CALL QWORD PTR [RIP+0x34C4C404] |
| 12B03A | N/A | UPX1 | JMP QWORD PTR [RIP+0x7BD7D60B] |
| 12B519 | N/A | UPX1 | CALL QWORD PTR [RIP+0xBE085078] |
| 130C9A | N/A | UPX1 | JMP QWORD PTR [RIP+0xFC50CFCB] |
| 13CA3D | N/A | UPX1 | JMP QWORD PTR [RIP+0x3BF1BFF8] |
| 148760 | N/A | UPX1 | JMP QWORD PTR [RIP+0x4FA15BB5] |
| 14F4D2 | N/A | UPX1 | JMP QWORD PTR [RIP+0x321D3685] |
| 150269 | N/A | UPX1 | CALL QWORD PTR [RIP+0x6A62135] |
| 150F6D | N/A | UPX1 | CALL QWORD PTR [RIP+0xA549] |
| 150F8B | N/A | UPX1 | CALL QWORD PTR [RIP+0xA53B] |
| 150F9F | N/A | UPX1 | JMP QWORD PTR [RIP+0xA51F] |
| 1510B8 | 3D3E5E | UPX1 | TLS Callback | Pointer to 1403D3E5E - 0x15105E UPX1 |
| 200-1511FF | 283000 | UPX1 | Executable section anomaly, first bytes: 342E323200555058 |
| 15B800 | N/A | *Overlay* | 48240000000202003082243C06092A864886F70D | H$......0.$<..*.H... |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 968921 | 67,6315% |
| Null Byte Code | 30638 | 2,1386% |
© 2026 All rights reserved.