PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 2,05 MB
SHA-256 Hash: 6DBE49B21CC6C2AC0B03C7B57A3B33287AD9E8B984AF66CDB960A5C6833D38A9
SHA-1 Hash: 890309018163C1C13553F174754EAEC973FBDBEB
MD5 Hash: 7BF64E0B18A30DBE2588EF8BE0362228
Imphash: A0C54CF8C23EFF0FE8CF62200EFF816D
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 117130
SizeOfHeaders: 1000
SizeOfImage: 20E000
ImageBase: 400000
Architecture: x86
ImportTable: 202000
IAT: 2021F8
Characteristics: 10E
TimeDateStamp: 3FB9AEE1
Date: 18/11/2003 5:32:17
File Type: EXE
Number Of Sections: 5
ASLR: Disabled
Section Names: .text, .rdata, .data, .idata, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60000020 (Code, Executable, Readable) 1000 1DC000 1000 1DBEF05,754430091420,90
.rdata 40000040 (Initialized Data, Readable) 1DD000 1F000 1DD000 1E6764,40214977946,37
.data C0000040 (Initialized Data, Readable, Writeable) 1FC000 4000 1FC000 59F82,95411969341,31
.idata C0000040 (Initialized Data, Readable, Writeable) 200000 1000 202000 AB13,3876354776,25
.reloc 42000040 (Initialized Data, GP-Relative, Readable) 201000 B000 203000 AEE95,9934726902,47
Entry Point
The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 117130
Code -> 558BEC6AFF68F02B5F0068DC1E520064A100000000506489250000000083C4F05356578965E8FF153C226000A344FE5F00A1
PUSH EBP
MOV EBP, ESP
PUSH -1
PUSH 0X5F2BF0
PUSH 0X521EDC
MOV EAX, DWORD PTR FS:[0]
PUSH EAX
MOV DWORD PTR FS:[0], ESP
ADD ESP, -0X10
PUSH EBX
PUSH ESI
PUSH EDI
MOV DWORD PTR [EBP - 0X18], ESP
CALL DWORD PTR [0X60223C]
MOV DWORD PTR [0X5FFE44], EAX
EP changed to another address -> (Address Of EntryPoint > Base Of Data)
Signatures
Rich Signature Analyzer:
Code -> CAE6B9C38E87D7908E87D7908E87D7900D9BD9909787D7906698DC909687D7906698DD900187D790EC98C4908B87D7908E87D690C587D7906698CF908F87D790526963688E87D790
Footprint md5 Hash -> CE24326253D66F61D28B649E27D4B37E
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual C ++
Detect It Easy (die)
PE: compiler: EP:Microsoft Visual C/C++(5.0-6.0 (1720-9049))[EXE32]
PE: compiler: Microsoft Visual C/C++(6.0)[libcd]
PE: linker: Microsoft Linker(6.0)[-]
PE: overlay: PDB 2.0 file link(-)[-]
Entropy: 5.80589
Suspicious Functions
Library Function Description
KERNEL32.DLL GetModuleFileNameA Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL CreateFileA Creates or opens a file or I/O device.
File Access
.exe
cmd.exe
USER32.dll
KERNEL32.dll
.bat
@.dat
FATAL.txt
The character has been saved as FATAL.txt
made herein. The file will be called FATAL.txt
Temp
Exec - arp bones protruding from elbows
Interest's Words
fuck - }:)
Virus
Stealer
exec
attrib
start
pause
comspec
ping
dism
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii File (CreateFile)
Text Ascii File (WriteFile)
Text Ascii File (ReadFile)
Text Ascii Anti-Analysis VM (GetVersion)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (IsBadReadPtr)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Execution (CreateProcessA)
Text Ascii Antivirus Software (Panda Antivirus/Firewall)
Text Ascii Malware designed to steal sensitive information from a system (Stealer)
Entry Point Hex Pattern Microsoft Visual C++ 5.0
Entry Point Hex Pattern Microsoft Visual C++
Intelligent String
• Perceived as ending up a victim (dumpee) of love triangles
• www.fatalgames.com
• FATAL.txt
• The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention. cmd.execommand.com/c
• COMSPEConexit.c
• Object dump complete.
• File Error(%d) : Dumping objects ->
• user32.dll
• .com
• .exe
• .bat
• .cmd
• tzset.cTZ
• KERNEL32.dll
• C:\Program Files\Microsoft Visual Studio\FATAL Character Generator\Debug\FATALGenerator.pdb
Flow Anomalies
Offset RVA Section Description
AEDC2 117130 .text JMP [static] | Indirect jump to absolute memory address
E4E8A 6021FC .text CALL [static] | Indirect call to absolute memory address
E4EA2 60228C .text CALL [static] | Indirect call to absolute memory address
E7BEC FF .text JMP [static] | Indirect jump to absolute memory address
EB123 FF .text JMP [static] | Indirect jump to absolute memory address
EB36E FF .text JMP [static] | Indirect jump to absolute memory address
EB5B9 FF .text JMP [static] | Indirect jump to absolute memory address
F09AD FF .text JMP [static] | Indirect jump to absolute memory address
F0A0C E00 .text JMP [static] | Indirect jump to absolute memory address
F0ABB FF .text JMP [static] | Indirect jump to absolute memory address
F0F2D FF .text JMP [static] | Indirect jump to absolute memory address
F0FFF FF .text JMP [static] | Indirect jump to absolute memory address
F2DA2 FF .text JMP [static] | Indirect jump to absolute memory address
F2FFE FF .text JMP [static] | Indirect jump to absolute memory address
F325A FF .text JMP [static] | Indirect jump to absolute memory address
F434A FF .text JMP [static] | Indirect jump to absolute memory address
F48CE FF .text JMP [static] | Indirect jump to absolute memory address
F49D5 FF .text JMP [static] | Indirect jump to absolute memory address
F4F07 FF .text JMP [static] | Indirect jump to absolute memory address
F56E9 FF .text JMP [static] | Indirect jump to absolute memory address
F5B6D FF .text JMP [static] | Indirect jump to absolute memory address
F5D8A FF .text JMP [static] | Indirect jump to absolute memory address
F5F1D FF .text JMP [static] | Indirect jump to absolute memory address
F71D8 FF .text JMP [static] | Indirect jump to absolute memory address
F7DD0 4000 .text JMP [static] | Indirect jump to absolute memory address
F7ED1 1C0 .text JMP [static] | Indirect jump to absolute memory address
F81F6 2000 .text JMP [static] | Indirect jump to absolute memory address
F8366 2000 .text JMP [static] | Indirect jump to absolute memory address
F84DF 1C0 .text JMP [static] | Indirect jump to absolute memory address
F8841 1C0 .text JMP [static] | Indirect jump to absolute memory address
F8FAA 1C0 .text JMP [static] | Indirect jump to absolute memory address
FACFD FF .text JMP [static] | Indirect jump to absolute memory address
FADDF FF .text JMP [static] | Indirect jump to absolute memory address
FB2B6 60228C .text JMP [static] | Indirect jump to absolute memory address
FB2BC 6021FC .text JMP [static] | Indirect jump to absolute memory address
FB2C2 602200 .text CALL [static] | Indirect call to absolute memory address
FB2F4 602384 .text CALL [static] | Indirect call to absolute memory address
FC7C1 FF .text JMP [static] | Indirect jump to absolute memory address
FD203 FFFF .text JMP [static] | Indirect jump to absolute memory address
FD21D FFFF .text JMP [static] | Indirect jump to absolute memory address
10091F 4000 .text JMP [static] | Indirect jump to absolute memory address
101FC4 FF .text JMP [static] | Indirect jump to absolute memory address
102177 FF .text JMP [static] | Indirect jump to absolute memory address
102B0A 602204 .text CALL [static] | Indirect call to absolute memory address
102E45 602208 .text CALL [static] | Indirect call to absolute memory address
102EE0 602208 .text CALL [static] | Indirect call to absolute memory address
102F2E 602208 .text CALL [static] | Indirect call to absolute memory address
1040ED FF .text JMP [static] | Indirect jump to absolute memory address
10465F 4000 .text JMP [static] | Indirect jump to absolute memory address
105257 4000 .text JMP [static] | Indirect jump to absolute memory address
105358 1C0 .text JMP [static] | Indirect jump to absolute memory address
10551C 2000 .text JMP [static] | Indirect jump to absolute memory address
1055EC 2000 .text JMP [static] | Indirect jump to absolute memory address
105705 1C0 .text JMP [static] | Indirect jump to absolute memory address
1061EE FF .text JMP [static] | Indirect jump to absolute memory address
107D1C 1C0 .text JMP [static] | Indirect jump to absolute memory address
108326 1C0 .text JMP [static] | Indirect jump to absolute memory address
108BA1 FF .text JMP [static] | Indirect jump to absolute memory address
108C96 FF .text JMP [static] | Indirect jump to absolute memory address
108DB1 FF .text JMP [static] | Indirect jump to absolute memory address
108E52 FF .text JMP [static] | Indirect jump to absolute memory address
1090B8 FF .text JMP [static] | Indirect jump to absolute memory address
109169 FF .text JMP [static] | Indirect jump to absolute memory address
109693 1C0 .text JMP [static] | Indirect jump to absolute memory address
10B24B FF .text JMP [static] | Indirect jump to absolute memory address
10B647 FF .text JMP [static] | Indirect jump to absolute memory address
10B767 FF .text JMP [static] | Indirect jump to absolute memory address
10B887 FF .text JMP [static] | Indirect jump to absolute memory address
10B9A7 FF .text JMP [static] | Indirect jump to absolute memory address
10BAC7 FF .text JMP [static] | Indirect jump to absolute memory address
10BBE7 FF .text JMP [static] | Indirect jump to absolute memory address
10BD07 FF .text JMP [static] | Indirect jump to absolute memory address
10BE27 FF .text JMP [static] | Indirect jump to absolute memory address
10BF47 FF .text JMP [static] | Indirect jump to absolute memory address
10C067 FF .text JMP [static] | Indirect jump to absolute memory address
10C187 FF .text JMP [static] | Indirect jump to absolute memory address
10C2A7 FF .text JMP [static] | Indirect jump to absolute memory address
10C3C7 FF .text JMP [static] | Indirect jump to absolute memory address
10DE1D FF .text JMP [static] | Indirect jump to absolute memory address
10EAA6 FF .text JMP [static] | Indirect jump to absolute memory address
10FC52 FF .text JMP [static] | Indirect jump to absolute memory address
10FD82 FF .text JMP [static] | Indirect jump to absolute memory address
10FE5C FF .text JMP [static] | Indirect jump to absolute memory address
10FEFA FF .text JMP [static] | Indirect jump to absolute memory address
11014C FF .text JMP [static] | Indirect jump to absolute memory address
1101FB FF .text JMP [static] | Indirect jump to absolute memory address
110721 1C0 .text JMP [static] | Indirect jump to absolute memory address
110FDD FF .text JMP [static] | Indirect jump to absolute memory address
111567 FF .text JMP [static] | Indirect jump to absolute memory address
111687 FF .text JMP [static] | Indirect jump to absolute memory address
1117A7 FF .text JMP [static] | Indirect jump to absolute memory address
1118C7 FF .text JMP [static] | Indirect jump to absolute memory address
1119E7 FF .text JMP [static] | Indirect jump to absolute memory address
111B07 FF .text JMP [static] | Indirect jump to absolute memory address
111C27 FF .text JMP [static] | Indirect jump to absolute memory address
111D47 FF .text JMP [static] | Indirect jump to absolute memory address
1131DC 5FD9D8 .text CALL [static] | Indirect call to absolute memory address
1132A1 602214 .text CALL [static] | Indirect call to absolute memory address
1132A8 602210 .text CALL [static] | Indirect call to absolute memory address
11335F 60220C .text CALL [static] | Indirect call to absolute memory address
1005-1BAD N/A .text Potential obfuscated jump sequence detected, count: 597
1BAE-275F N/A .text Unusual BP Cave, count: 2994
2CB9-2E0F N/A .text Unusual BP Cave, count: 343
2FB4-301F N/A .text Unusual BP Cave, count: 108
3139-316F N/A .text Unusual BP Cave, count: 55
37AF-393F N/A .text Unusual BP Cave, count: 401
3A57-3A9F N/A .text Unusual BP Cave, count: 73
3E42-3F2F N/A .text Unusual BP Cave, count: 238
4051-409F N/A .text Unusual BP Cave, count: 79
431C-43BF N/A .text Unusual BP Cave, count: 164
60B0-67EF N/A .text Unusual BP Cave, count: 1856
6B61-6BBF N/A .text Unusual BP Cave, count: 95
7199-72FF N/A .text Unusual BP Cave, count: 359
77A9-78DF N/A .text Unusual BP Cave, count: 311
7B47-7BDF N/A .text Unusual BP Cave, count: 153
8042-814F N/A .text Unusual BP Cave, count: 270
8287-82DF N/A .text Unusual BP Cave, count: 89
124CD-14D2F N/A .text Unusual BP Cave, count: 10339
14E37-14E7F N/A .text Unusual BP Cave, count: 73
14FB7-1500F N/A .text Unusual BP Cave, count: 89
1775F-1811F N/A .text Unusual BP Cave, count: 2497
181DD-1820F N/A .text Unusual BP Cave, count: 51
18347-1839F N/A .text Unusual BP Cave, count: 89
1AF8D-1BA6F N/A .text Unusual BP Cave, count: 2787
1BB54-1BB8F N/A .text Unusual BP Cave, count: 60
1BCC7-1BD1F N/A .text Unusual BP Cave, count: 89
1E2DF-1EC2F N/A .text Unusual BP Cave, count: 2385
1ECED-1ED1F N/A .text Unusual BP Cave, count: 51
1EE57-1EEAF N/A .text Unusual BP Cave, count: 89
2146F-21DBF N/A .text Unusual BP Cave, count: 2385
21E7D-21EAF N/A .text Unusual BP Cave, count: 51
22B84-22EBF N/A .text Unusual BP Cave, count: 828
230BC-2313F N/A .text Unusual BP Cave, count: 132
27C25-28EDF N/A .text Unusual BP Cave, count: 4795
29111-2919F N/A .text Unusual BP Cave, count: 143
2D833-2E9DF N/A .text Unusual BP Cave, count: 4525
31090-31A3F N/A .text Unusual BP Cave, count: 2480
31BCC-31C2F N/A .text Unusual BP Cave, count: 100
31CB3-31CDF N/A .text Unusual BP Cave, count: 45
31E48-31E8F N/A .text Unusual BP Cave, count: 72
32097-3211F N/A .text Unusual BP Cave, count: 137
32398-3243F N/A .text Unusual BP Cave, count: 168
327CB-328AF N/A .text Unusual BP Cave, count: 229
32A07-32A5F N/A .text Unusual BP Cave, count: 89
34DFF-356EF N/A .text Unusual BP Cave, count: 2289
35770-3578F N/A .text Unusual BP Cave, count: 32
36E2B-373DF N/A .text Unusual BP Cave, count: 1461
3748A-374BF N/A .text Unusual BP Cave, count: 54
3BD67-3CF8F N/A .text Unusual BP Cave, count: 4649
3D407-3D50F N/A .text Unusual BP Cave, count: 265
3E230-3E57F N/A .text Unusual BP Cave, count: 848
3EE0D-3F02F N/A .text Unusual BP Cave, count: 547
3F89B-3FABF N/A .text Unusual BP Cave, count: 549
4053F-407DF N/A .text Unusual BP Cave, count: 673
41142-4139F N/A .text Unusual BP Cave, count: 606
420C0-4240F N/A .text Unusual BP Cave, count: 848
42615-4269F N/A .text Unusual BP Cave, count: 139
428DE-4296F N/A .text Unusual BP Cave, count: 146
42BF7-42C9F N/A .text Unusual BP Cave, count: 169
42F50-42FFF N/A .text Unusual BP Cave, count: 176
4328A-4332F N/A .text Unusual BP Cave, count: 166
437F8-4392F N/A .text Unusual BP Cave, count: 312
44B8A-4501F N/A .text Unusual BP Cave, count: 1174
458EA-45B1F N/A .text Unusual BP Cave, count: 566
46186-4631F N/A .text Unusual BP Cave, count: 410
465E7-4669F N/A .text Unusual BP Cave, count: 185
46A62-46B5F N/A .text Unusual BP Cave, count: 254
4742A-4765F N/A .text Unusual BP Cave, count: 566
47FC2-4821F N/A .text Unusual BP Cave, count: 606
48FAE-4931F N/A .text Unusual BP Cave, count: 882
4A01A-4A35F N/A .text Unusual BP Cave, count: 838
4AC35-4AE6F N/A .text Unusual BP Cave, count: 571
4BB6A-4BEAF N/A .text Unusual BP Cave, count: 838
4C06D-4C0DF N/A .text Unusual BP Cave, count: 115
4C22F-4C28F N/A .text Unusual BP Cave, count: 97
4C483-4C4FF N/A .text Unusual BP Cave, count: 125
4C6BD-4C72F N/A .text Unusual BP Cave, count: 115
4C8ED-4C95F N/A .text Unusual BP Cave, count: 115
4CB1D-4CB8F N/A .text Unusual BP Cave, count: 115
4CD4D-4CDBF N/A .text Unusual BP Cave, count: 115
4DE06-4E21F N/A .text Unusual BP Cave, count: 1050
4EE2E-4F0FF N/A .text Unusual BP Cave, count: 722
50D84-514AF N/A .text Unusual BP Cave, count: 1836
51545-5156F N/A .text Unusual BP Cave, count: 43
51683-516CF N/A .text Unusual BP Cave, count: 77
52269-5254F N/A .text Unusual BP Cave, count: 743
525C4-525EF N/A .text Unusual BP Cave, count: 44
533DE-5375F N/A .text Unusual BP Cave, count: 898
53924-5396F N/A .text Unusual BP Cave, count: 76
58C79-5A13F N/A .text Unusual BP Cave, count: 5319
5A6E7-5A84F N/A .text Unusual BP Cave, count: 361
5A942-5A97F N/A .text Unusual BP Cave, count: 62
5ABCB-5AC5F N/A .text Unusual BP Cave, count: 149
5ACC0-5ACDF N/A .text Unusual BP Cave, count: 32
5AE1E-5AE6F N/A .text Unusual BP Cave, count: 82
5DFA9-5EBFF N/A .text Unusual BP Cave, count: 3159
5EF90-5F07F N/A .text Unusual BP Cave, count: 240
5F12A-5F15F N/A .text Unusual BP Cave, count: 54
5F21D-5F24F N/A .text Unusual BP Cave, count: 51
5F66C-5F77F N/A .text Unusual BP Cave, count: 276
C6FEA-E0DDF N/A .text Unusual BP Cave, count: 105974
E0FE0-E105F N/A .text Unusual BP Cave, count: 128
E16A8-E183F N/A .text Unusual BP Cave, count: 408
E194A-E198F N/A .text Unusual BP Cave, count: 70
E1A57-E1A8F N/A .text Unusual BP Cave, count: 57
E3E09-E46EF N/A .text Unusual BP Cave, count: 2279
E4BFA-E4D3F N/A .text Unusual BP Cave, count: 326
E4E07-E4E3F N/A .text Unusual BP Cave, count: 57
E5165-E522F N/A .text Unusual BP Cave, count: 203
E5A2C-E5BFF N/A .text Unusual BP Cave, count: 468
E617E-E62DF N/A .text Unusual BP Cave, count: 354
E72DB-E76DF N/A .text Unusual BP Cave, count: 1029
E7770-E779F N/A .text Unusual BP Cave, count: 48
E78F7-E794F N/A .text Unusual BP Cave, count: 89
E7A66-E7AAF N/A .text Unusual BP Cave, count: 74
E7B3B-E7B5F N/A .text Unusual BP Cave, count: 37
EBD5A-ECDDF N/A .text Unusual BP Cave, count: 4230
ED272-ED28F N/A .text Unusual BP Cave, count: 30
ED2E2-ED2FF N/A .text Unusual BP Cave, count: 30
ED352-ED36F N/A .text Unusual BP Cave, count: 30
F07CB-F07EF N/A .text Unusual BP Cave, count: 37
F0B3F-F0BBF N/A .text Unusual BP Cave, count: 129
F0C30-F0C4F N/A .text Unusual BP Cave, count: 32
F0CC4-F0CEF N/A .text Unusual BP Cave, count: 44
F0DE2-F0DFF N/A .text Unusual BP Cave, count: 30
F1085-F10FF N/A .text Unusual BP Cave, count: 123
F119E-F11BF N/A .text Unusual BP Cave, count: 34
F12C5-F12FF N/A .text Unusual BP Cave, count: 59
F13D5-F13FF N/A .text Unusual BP Cave, count: 43
F145D-F147F N/A .text Unusual BP Cave, count: 35
F15AA-F15DF N/A .text Unusual BP Cave, count: 54
F1622-F163F N/A .text Unusual BP Cave, count: 30
F1807-F182F N/A .text Unusual BP Cave, count: 41
F19D8-F1A2F N/A .text Unusual BP Cave, count: 88
F1BD4-F1C1F N/A .text Unusual BP Cave, count: 76
F1FA9-F203F N/A .text Unusual BP Cave, count: 151
F208F-F20AF N/A .text Unusual BP Cave, count: 33
F22AF-F231F N/A .text Unusual BP Cave, count: 113
F244C-F246F N/A .text Unusual BP Cave, count: 36
F2626-F269F N/A .text Unusual BP Cave, count: 122
F27AC-F27DF N/A .text Unusual BP Cave, count: 52
F28F6-F293F N/A .text Unusual BP Cave, count: 74
F29A8-F29CF N/A .text Unusual BP Cave, count: 40
F2A2D-F2A4F N/A .text Unusual BP Cave, count: 35
F2B11-F2B2F N/A .text Unusual BP Cave, count: 31
F2B81-F2B9F N/A .text Unusual BP Cave, count: 31
F2C61-F2C7F N/A .text Unusual BP Cave, count: 31
F2CD1-F2CEF N/A .text Unusual BP Cave, count: 31
F2DEB-F2E1F N/A .text Unusual BP Cave, count: 53
F3049-F30AF N/A .text Unusual BP Cave, count: 103
F3286-F32BF N/A .text Unusual BP Cave, count: 58
F34C3-F34FF N/A .text Unusual BP Cave, count: 61
F35C2-F35FF N/A .text Unusual BP Cave, count: 62
F36F2-F370F N/A .text Unusual BP Cave, count: 30
F3761-F377F N/A .text Unusual BP Cave, count: 31
F3811-F382F N/A .text Unusual BP Cave, count: 31
F3980-F399F N/A .text Unusual BP Cave, count: 32
F3CD2-F3CEF N/A .text Unusual BP Cave, count: 30
F3D42-F3D5F N/A .text Unusual BP Cave, count: 30
F3E12-F3E2F N/A .text Unusual BP Cave, count: 30
F3EBE-F3EEF N/A .text Unusual BP Cave, count: 50
F3FCF-F3FEF N/A .text Unusual BP Cave, count: 33
F404D-F406F N/A .text Unusual BP Cave, count: 35
F40DC-F40FF N/A .text Unusual BP Cave, count: 36
F4170-F418F N/A .text Unusual BP Cave, count: 32
F4280-F429F N/A .text Unusual BP Cave, count: 32
F4300-F431F N/A .text Unusual BP Cave, count: 32
F438D-F43AF N/A .text Unusual BP Cave, count: 35
F4535-F455F N/A .text Unusual BP Cave, count: 43
F46BA-F470F N/A .text Unusual BP Cave, count: 86
F4828-F484F N/A .text Unusual BP Cave, count: 40
F492A-F494F N/A .text Unusual BP Cave, count: 38
F4A2F-F4A5F N/A .text Unusual BP Cave, count: 49
F4AA2-F4ABF N/A .text Unusual BP Cave, count: 30
F4B0F-F4B2F N/A .text Unusual BP Cave, count: 33
F4BF6-F4C1F N/A .text Unusual BP Cave, count: 42
F4C9A-F4CBF N/A .text Unusual BP Cave, count: 38
F4DC1-F4E0F N/A .text Unusual BP Cave, count: 79
F4F8A-F4FDF N/A .text Unusual BP Cave, count: 86
F506D-F508F N/A .text Unusual BP Cave, count: 35
F50D2-F50EF N/A .text Unusual BP Cave, count: 30
F52B3-F530F N/A .text Unusual BP Cave, count: 93
F5362-F537F N/A .text Unusual BP Cave, count: 30
F5410-F543F N/A .text Unusual BP Cave, count: 48
F549C-F54BF N/A .text Unusual BP Cave, count: 36
F5906-F59BF N/A .text Unusual BP Cave, count: 186
F5AED-F5B1F N/A .text Unusual BP Cave, count: 51
F5C4F-F5C9F N/A .text Unusual BP Cave, count: 81
F5F63-F5FEF N/A .text Unusual BP Cave, count: 141
F60D0-F60EF N/A .text Unusual BP Cave, count: 32
F6162-F617F N/A .text Unusual BP Cave, count: 30
F6200-F621F N/A .text Unusual BP Cave, count: 32
F6359-F63AF N/A .text Unusual BP Cave, count: 87
F6511-F652F N/A .text Unusual BP Cave, count: 31
F65FA-F661F N/A .text Unusual BP Cave, count: 38
F6734-F677F N/A .text Unusual BP Cave, count: 76
F6881-F689F N/A .text Unusual BP Cave, count: 31
F6931-F694F N/A .text Unusual BP Cave, count: 31
F6A61-F6A9F N/A .text Unusual BP Cave, count: 63
F6B10-F6B2F N/A .text Unusual BP Cave, count: 32
F6D91-F6DAF N/A .text Unusual BP Cave, count: 31
F6FE1-F6FFF N/A .text Unusual BP Cave, count: 31
F7097-F70BF N/A .text Unusual BP Cave, count: 41
F7157-F717F N/A .text Unusual BP Cave, count: 41
F744B-F74FF N/A .text Unusual BP Cave, count: 181
F7635-F768F N/A .text Unusual BP Cave, count: 91
F7728-F774F N/A .text Unusual BP Cave, count: 40
F78E5-F793F N/A .text Unusual BP Cave, count: 91
F79EC-F7A1F N/A .text Unusual BP Cave, count: 52
F7A62-F7A7F N/A .text Unusual BP Cave, count: 30
F7BE2-F7BFF N/A .text Unusual BP Cave, count: 30
F7D10-F7D3F N/A .text Unusual BP Cave, count: 48
F7FA4-F803F N/A .text Unusual BP Cave, count: 156
F80D2-F80FF N/A .text Unusual BP Cave, count: 46
F8192-F81BF N/A .text Unusual BP Cave, count: 46
F82B3-F82EF N/A .text Unusual BP Cave, count: 61
F8423-F845F N/A .text Unusual BP Cave, count: 61
F858F-F85DF N/A .text Unusual BP Cave, count: 81
F8631-F864F N/A .text Unusual BP Cave, count: 31
F8785-F87BF N/A .text Unusual BP Cave, count: 59
F8B94-F8C8F N/A .text Unusual BP Cave, count: 252
F8D64-F8D9F N/A .text Unusual BP Cave, count: 60
F9199-F929F N/A .text Unusual BP Cave, count: 263
F93AE-F93CF N/A .text Unusual BP Cave, count: 34
F9438-F945F N/A .text Unusual BP Cave, count: 40
F95B5-F95DF N/A .text Unusual BP Cave, count: 43
F9682-F969F N/A .text Unusual BP Cave, count: 30
F96E2-F96FF N/A .text Unusual BP Cave, count: 30
F98A5-F98FF N/A .text Unusual BP Cave, count: 91
F99B0-F99DF N/A .text Unusual BP Cave, count: 48
F9B41-F9B5F N/A .text Unusual BP Cave, count: 31
F9D01-F9D1F N/A .text Unusual BP Cave, count: 31
F9E50-F9E7F N/A .text Unusual BP Cave, count: 48
FA0A1-FA0BF N/A .text Unusual BP Cave, count: 31
FA13E-FA15F N/A .text Unusual BP Cave, count: 34
FA1EF-FA21F N/A .text Unusual BP Cave, count: 49
FA2AF-FA2DF N/A .text Unusual BP Cave, count: 49
FA36F-FA39F N/A .text Unusual BP Cave, count: 49
FA42F-FA45F N/A .text Unusual BP Cave, count: 49
FA5DD-FA60F N/A .text Unusual BP Cave, count: 51
FA805-FA83F N/A .text Unusual BP Cave, count: 59
FA9AB-FA9DF N/A .text Unusual BP Cave, count: 53
FAA8B-FAABF N/A .text Unusual BP Cave, count: 53
FAB6B-FAB9F N/A .text Unusual BP Cave, count: 53
FAC4B-FAC7F N/A .text Unusual BP Cave, count: 53
FAD4E-FAD8F N/A .text Unusual BP Cave, count: 66
FAE28-FAE4F N/A .text Unusual BP Cave, count: 40
FAEE3-FAF0F N/A .text Unusual BP Cave, count: 45
FAF61-FAF7F N/A .text Unusual BP Cave, count: 31
12CAA2-139D0F N/A .text Unusual BP Cave, count: 53870
13A738-13A84F N/A .text Unusual BP Cave, count: 280
13AC98-13ADAF N/A .text Unusual BP Cave, count: 280
13B1F8-13B30F N/A .text Unusual BP Cave, count: 280
13B833-13B97F N/A .text Unusual BP Cave, count: 333
13DEA3-144233 N/A .text Unusual BP Cave, count: 25489
14423C-145049 N/A .text Unusual BP Cave, count: 3598
14524A-1452C9 N/A .text Unusual BP Cave, count: 128
145912-145AA9 N/A .text Unusual BP Cave, count: 408
145BB4-145BF9 N/A .text Unusual BP Cave, count: 70
145CC1-145CF9 N/A .text Unusual BP Cave, count: 57
148073-148959 N/A .text Unusual BP Cave, count: 2279
148E64-148FA9 N/A .text Unusual BP Cave, count: 326
149071-1490A9 N/A .text Unusual BP Cave, count: 57
1493CF-149499 N/A .text Unusual BP Cave, count: 203
149C96-149E69 N/A .text Unusual BP Cave, count: 468
14A3E8-14A549 N/A .text Unusual BP Cave, count: 354
14B545-14B949 N/A .text Unusual BP Cave, count: 1029
14B9DA-14BA09 N/A .text Unusual BP Cave, count: 48
14BB61-14BBB9 N/A .text Unusual BP Cave, count: 89
14BCD0-14BD19 N/A .text Unusual BP Cave, count: 74
14BDA5-14BDC9 N/A .text Unusual BP Cave, count: 37
14FFCC-151051 N/A .text Unusual BP Cave, count: 4230
1514E4-151501 N/A .text Unusual BP Cave, count: 30
151554-151571 N/A .text Unusual BP Cave, count: 30
1515C4-1515E1 N/A .text Unusual BP Cave, count: 30
154A45-154A69 N/A .text Unusual BP Cave, count: 37
154DB9-154E39 N/A .text Unusual BP Cave, count: 129
154EAA-154EC9 N/A .text Unusual BP Cave, count: 32
154F3E-154F69 N/A .text Unusual BP Cave, count: 44
15505C-155079 N/A .text Unusual BP Cave, count: 30
1552FF-155379 N/A .text Unusual BP Cave, count: 123
155418-155439 N/A .text Unusual BP Cave, count: 34
15553F-155579 N/A .text Unusual BP Cave, count: 59
15564F-155679 N/A .text Unusual BP Cave, count: 43
1556D7-1556F9 N/A .text Unusual BP Cave, count: 35
155824-155859 N/A .text Unusual BP Cave, count: 54
15589C-1558B9 N/A .text Unusual BP Cave, count: 30
155A81-155AA9 N/A .text Unusual BP Cave, count: 41
155C52-155CA9 N/A .text Unusual BP Cave, count: 88
155E4E-155E99 N/A .text Unusual BP Cave, count: 76
156223-1562B9 N/A .text Unusual BP Cave, count: 151
156309-156329 N/A .text Unusual BP Cave, count: 33
156529-156599 N/A .text Unusual BP Cave, count: 113
1566C6-1566E9 N/A .text Unusual BP Cave, count: 36
1568A0-156919 N/A .text Unusual BP Cave, count: 122
156A26-156A59 N/A .text Unusual BP Cave, count: 52
156B70-156BB9 N/A .text Unusual BP Cave, count: 74
156C22-156C49 N/A .text Unusual BP Cave, count: 40
156CA7-156CC9 N/A .text Unusual BP Cave, count: 35
156D8B-156DA9 N/A .text Unusual BP Cave, count: 31
156DFB-156E19 N/A .text Unusual BP Cave, count: 31
156EDB-156EF9 N/A .text Unusual BP Cave, count: 31
156F4B-156F69 N/A .text Unusual BP Cave, count: 31
157065-157099 N/A .text Unusual BP Cave, count: 53
1572C3-157329 N/A .text Unusual BP Cave, count: 103
157500-157539 N/A .text Unusual BP Cave, count: 58
15773D-157779 N/A .text Unusual BP Cave, count: 61
15783C-157879 N/A .text Unusual BP Cave, count: 62
15796C-157989 N/A .text Unusual BP Cave, count: 30
1579DB-1579F9 N/A .text Unusual BP Cave, count: 31
157A8B-157AA9 N/A .text Unusual BP Cave, count: 31
157BFA-157C19 N/A .text Unusual BP Cave, count: 32
157F4C-157F69 N/A .text Unusual BP Cave, count: 30
157FBC-157FD9 N/A .text Unusual BP Cave, count: 30
15808C-1580A9 N/A .text Unusual BP Cave, count: 30
158138-158169 N/A .text Unusual BP Cave, count: 50
158249-158269 N/A .text Unusual BP Cave, count: 33
1582C7-1582E9 N/A .text Unusual BP Cave, count: 35
158356-158379 N/A .text Unusual BP Cave, count: 36
1583EA-158409 N/A .text Unusual BP Cave, count: 32
1584FA-158519 N/A .text Unusual BP Cave, count: 32
15857A-158599 N/A .text Unusual BP Cave, count: 32
158607-158629 N/A .text Unusual BP Cave, count: 35
1587AF-1587D9 N/A .text Unusual BP Cave, count: 43
158934-158989 N/A .text Unusual BP Cave, count: 86
158AA2-158AC9 N/A .text Unusual BP Cave, count: 40
158BA4-158BC9 N/A .text Unusual BP Cave, count: 38
158CA9-158CD9 N/A .text Unusual BP Cave, count: 49
158D1C-158D39 N/A .text Unusual BP Cave, count: 30
158D89-158DA9 N/A .text Unusual BP Cave, count: 33
158E70-158E99 N/A .text Unusual BP Cave, count: 42
158F14-158F39 N/A .text Unusual BP Cave, count: 38
15903B-159089 N/A .text Unusual BP Cave, count: 79
159204-159259 N/A .text Unusual BP Cave, count: 86
1592E7-159309 N/A .text Unusual BP Cave, count: 35
15934C-159369 N/A .text Unusual BP Cave, count: 30
15952D-159589 N/A .text Unusual BP Cave, count: 93
1595DC-1595F9 N/A .text Unusual BP Cave, count: 30
15968A-1596B9 N/A .text Unusual BP Cave, count: 48
159716-159739 N/A .text Unusual BP Cave, count: 36
159B80-159C39 N/A .text Unusual BP Cave, count: 186
159D67-159D99 N/A .text Unusual BP Cave, count: 51
159EC9-159F19 N/A .text Unusual BP Cave, count: 81
15A1DD-15A269 N/A .text Unusual BP Cave, count: 141
15A34A-15A369 N/A .text Unusual BP Cave, count: 32
15A3DC-15A3F9 N/A .text Unusual BP Cave, count: 30
15A47A-15A499 N/A .text Unusual BP Cave, count: 32
15A5D3-15A629 N/A .text Unusual BP Cave, count: 87
15A78B-15A7A9 N/A .text Unusual BP Cave, count: 31
15A874-15A899 N/A .text Unusual BP Cave, count: 38
15A9AE-15A9F9 N/A .text Unusual BP Cave, count: 76
15AAFB-15AB19 N/A .text Unusual BP Cave, count: 31
15ABAB-15ABC9 N/A .text Unusual BP Cave, count: 31
15ACDB-15AD19 N/A .text Unusual BP Cave, count: 63
15AD8A-15ADA9 N/A .text Unusual BP Cave, count: 32
15B00B-15B029 N/A .text Unusual BP Cave, count: 31
15B25B-15B279 N/A .text Unusual BP Cave, count: 31
15B311-15B339 N/A .text Unusual BP Cave, count: 41
15B3D1-15B3F9 N/A .text Unusual BP Cave, count: 41
15B6C5-15B779 N/A .text Unusual BP Cave, count: 181
15B8AF-15B909 N/A .text Unusual BP Cave, count: 91
15B9A2-15B9C9 N/A .text Unusual BP Cave, count: 40
15BB5F-15BBB9 N/A .text Unusual BP Cave, count: 91
15BC66-15BC99 N/A .text Unusual BP Cave, count: 52
15BCDC-15BCF9 N/A .text Unusual BP Cave, count: 30
15BE5C-15BE79 N/A .text Unusual BP Cave, count: 30
15BF8A-15BFB9 N/A .text Unusual BP Cave, count: 48
15C21E-15C24B N/A .text Unusual BP Cave, count: 46
15C254-15C2C1 N/A .text Unusual BP Cave, count: 110
15C354-15C381 N/A .text Unusual BP Cave, count: 46
15C414-15C441 N/A .text Unusual BP Cave, count: 46
15C535-15C571 N/A .text Unusual BP Cave, count: 61
15C6A5-15C6E1 N/A .text Unusual BP Cave, count: 61
15C811-15C861 N/A .text Unusual BP Cave, count: 81
15C8B3-15C8D1 N/A .text Unusual BP Cave, count: 31
15CA07-15CA41 N/A .text Unusual BP Cave, count: 59
15CE16-15CF11 N/A .text Unusual BP Cave, count: 252
15CFE6-15D021 N/A .text Unusual BP Cave, count: 60
15D41B-15D521 N/A .text Unusual BP Cave, count: 263
15D630-15D651 N/A .text Unusual BP Cave, count: 34
15D6BA-15D6E1 N/A .text Unusual BP Cave, count: 40
15D837-15D861 N/A .text Unusual BP Cave, count: 43
15D904-15D921 N/A .text Unusual BP Cave, count: 30
15D964-15D981 N/A .text Unusual BP Cave, count: 30
15DB27-15DB81 N/A .text Unusual BP Cave, count: 91
15DC32-15DC61 N/A .text Unusual BP Cave, count: 48
15DDC3-15DDE1 N/A .text Unusual BP Cave, count: 31
15DF83-15DFA1 N/A .text Unusual BP Cave, count: 31
15E0D2-15E101 N/A .text Unusual BP Cave, count: 48
15E323-15E341 N/A .text Unusual BP Cave, count: 31
15E3C0-15E3E1 N/A .text Unusual BP Cave, count: 34
15E471-15E4A1 N/A .text Unusual BP Cave, count: 49
15E531-15E561 N/A .text Unusual BP Cave, count: 49
15E5F1-15E621 N/A .text Unusual BP Cave, count: 49
15E6B1-15E6E1 N/A .text Unusual BP Cave, count: 49
15E85F-15E891 N/A .text Unusual BP Cave, count: 51
15EA87-15EAC1 N/A .text Unusual BP Cave, count: 59
15EC2D-15EC61 N/A .text Unusual BP Cave, count: 53
15ED0D-15ED41 N/A .text Unusual BP Cave, count: 53
15EDED-15EE21 N/A .text Unusual BP Cave, count: 53
15EECD-15EF01 N/A .text Unusual BP Cave, count: 53
15EFD0-15F011 N/A .text Unusual BP Cave, count: 66
15F0AA-15F0D1 N/A .text Unusual BP Cave, count: 40
15F165-15F191 N/A .text Unusual BP Cave, count: 45
15F1E3-15F201 N/A .text Unusual BP Cave, count: 31
190D54-194283 N/A .text Unusual BP Cave, count: 13616
19428C-19C28B N/A .text Unusual BP Cave, count: 32768
19C294-19DFD1 N/A .text Unusual BP Cave, count: 7486
19E9FA-19EB11 N/A .text Unusual BP Cave, count: 280
19EF5A-19F071 N/A .text Unusual BP Cave, count: 280
19F4BA-19F5D1 N/A .text Unusual BP Cave, count: 280
19FAF5-19FC41 N/A .text Unusual BP Cave, count: 333
1A2165-1A39B1 N/A .text Unusual BP Cave, count: 6221
20C000 N/A *Overlay* 4E42313000000000E1AEB93F01000000433A5C50 | NB10.......?....C:\P
Extra Analysis
Metric Value Percentage
Ascii Code 1460330 68,0359%
Null Byte Code 280138 13,0515%
NOP Cave Found 0x9090909090 Block Count: 4 | Total: 0,0005%
© 2026 All rights reserved.