PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 4,42 MBSHA-256 Hash: B58EAA7EA99746C3F3D7675AD0229B9053D18862D32F185C8DE379A51E0842FD SHA-1 Hash: 0775AEBF19A0EC1C6F6C1B5A4DE9706B2B0FC7D1 MD5 Hash: 7CD10D88BE64FC09C01F0BCD4FE17572 Imphash: 86790A5FF78BE5F96AD4AAFE7B1FAACB MajorOSVersion: 6 MinorOSVersion: 0 CheckSum: 004795EF EntryPoint (rva): 2344E8 SizeOfHeaders: 400 SizeOfImage: 876000 ImageBase: 0000000140000000 Architecture: x64 ImportTable: 43EB38 IAT: 43F4C8 Characteristics: 22 TimeDateStamp: 69E02597 Date: 15/04/2026 23:56:07 File Type: EXE Number Of Sections: 14 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, .00cfg, .fptable, .raddbg, .rdbgia, .retplne, .tls, .voltbl, _RDATA, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker [Incomplete Binary or Compressor Packer - 4,04 MB Missing] |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 251000 | 1000 | 250F06 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
251400 | 1F5800 | 252000 | 1F570C |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
446C00 | 17200 | 448000 | 419164 |
|
|
| .pdata | 0x40000040 Initialized Data Readable |
45DE00 | 3C00 | 862000 | 3A98 |
|
|
| .00cfg | 0x40000040 Initialized Data Readable |
461A00 | 200 | 866000 | 28 |
|
|
| .fptable | 0xC0000040 Initialized Data Readable Writeable |
461C00 | 200 | 867000 | 100 |
|
|
| .raddbg | 0xC0000040 Initialized Data Readable Writeable |
461E00 | 200 | 868000 | 1B |
|
|
| .rdbgia | 0xC0000040 Initialized Data Readable Writeable |
462000 | 200 | 869000 | 1 |
|
|
| .retplne | 0x None |
462200 | 200 | 86A000 | 1C |
|
|
| .tls | 0xC0000040 Initialized Data Readable Writeable |
462400 | 200 | 86B000 | D9 |
|
|
| .voltbl | 0x None |
462600 | 200 | 86C000 | 2F |
|
|
| _RDATA | 0x40000040 Initialized Data Readable |
462800 | 200 | 86D000 | F4 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
462A00 | 2200 | 86E000 | 2150 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
464C00 | 4800 | 871000 | 4614 |
|
|
| Entry Point |
The section number (1) have the Entry Point Information -> EntryPoint (calculated) - 2338E8 Code -> 4883EC28E85B0200004883C428E97AFEFFFFCCCC4883EC28E80F00000048F7D81BC0F7D8FFC84883C428C3CC40534883EC20 Assembler |SUB RSP, 0X28 |CALL 0X1264 |ADD RSP, 0X28 |JMP 0XE8C |INT3 |INT3 |SUB RSP, 0X28 |CALL 0X102C |NEG RAX |SBB EAX, EAX |NEG EAX |DEC EAX |ADD RSP, 0X28 |RET |INT3 |PUSH RBX |SUB RSP, 0X20 |
| Signatures |
| Certificate - Digital Signature: • The file is signed and the signature is correct |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Detect It Easy (die) • PE+(64): compiler: Microsoft Visual C/C++(2015 v.14.0)[-] • PE+(64): linker: Microsoft Linker(14.0)[-] • PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7] • Entropy: 6.5199 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | CreateToolhelp32Snapshot | Creates a snapshot of the specified processes, heaps, threads, and modules. |
| KERNEL32.DLL | CreateRemoteThread | Creates a thread in the address space of another process. |
| KERNEL32.DLL | WriteProcessMemory | Writes data to an area of memory in a specified process. |
| KERNEL32.DLL | ReadProcessMemory | Reads data from an area of memory in a specified process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| SHELL32.DLL | ShellExecuteW | Performs a run operation on a specific file. |
| Windows REG (UNICODE) |
| Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Fonts SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug\ SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\ |
| File Access |
| program.exe radbin --rdi program.exe KERNEL32.dll D3DCOMPILER_47.dll d3d11.dll DWrite.dll COMDLG32.dll dwmapi.dll GDI32.dll WS2_32.dll COMCTL32.dll SHLWAPI.dll ADVAPI32.dll SHELL32.dll ole32.dll USER32.dll shcore.dll dbghelp.dll .dat @.dat Output path has .dump or .txt Temp |
| File Access (UNICODE) |
| mscoree.dll Temp |
| Interest's Words |
| <head exec powershell attrib start pause systeminfo ping expand replace setx |
| Interest's Words (UNICODE) |
| exec |
| Anti-VM/Sandbox/Debug Tricks |
| OllyDbg Libary - dbghelp.dll |
| URLs |
| http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl http://www.microsoft.com/pkiops/certs/MicCodSigPCA2011_2011-07-08.crt http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt http://www.microsoft.com/pkiops/docs/primarycps.htm http://www.microsoft.com http://crl.microsoft.com/pki/crl/products/MicTimStaPCA_2010-07-01.crl http://www.microsoft.com/pki/certs/MicTimStaPCA_2010-07-01.crt http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt http://www.microsoft.com/PKI/docs/CPS/default.htm http://fontello.com http://ocsp.digicert.com http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl http://cacerts.digicert.com/DigiCertTrustedRootG4.crt http://crl3.digicert.com/DigiCertTrustedRootG4.crl http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl http://www.digicert.com/CPS0 http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt https://github.com/EpicGamesExt/raddebugger/issues |
| URLs (UNICODE) |
| http://fontello.com https://www.jetbrains.com https://www.jetbrains.comThis Font Software is licensed under the SIL Open Font License, Version 1.1. This license is available with a FAQ at: https://scripts.sil.org/OFL https://scripts.sil.org/OFLClassic constructionClosed constructionBroken equals ligaturesRased bar f |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (bind) |
| Text | Ascii | WinAPI Sockets (accept) |
| Text | Ascii | WinAPI Sockets (send) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Anti-Analysis VM (CreateToolhelp32Snapshot) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (GetThreadContext) |
| Text | Ascii | Stealth (SetThreadContext) |
| Text | Ascii | Stealth (ExitThread) |
| Text | Ascii | Stealth (ReleaseSemaphore) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (UnmapViewOfFile) |
| Text | Ascii | Stealth (MapViewOfFile) |
| Text | Ascii | Stealth (CreateFileMappingA) |
| Text | Ascii | Stealth (CreateFileMappingW) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Stealth (ReadProcessMemory) |
| Text | Ascii | Stealth (CreateRemoteThread) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Execution (CreateSemaphoreW) |
| Text | Ascii | Privileges (SeLockMemoryPrivilege) |
| Text | Ascii | Keyboard Key (Page Down) |
| Text | Ascii | Keyboard Key (Scroll) |
| Text | Ascii | Keyboard Key (Num Lock) |
| Text | Ascii | Keyboard Key (Backspace) |
| Text | Unicode | Keyboard Key (Ctrl+C) |
| Text | Ascii | Process of gathering information about network resources (Enumeration) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 (DLL) |
| Entry Point | Hex Pattern | PE-Exe Executable Image |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \ICON\1\1033 | 86E0F0 | 1E02 | 462AF0 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A86600001DC949444154789CEDDD7B7C14E5BD | .PNG........IHDR.............\r.f....IDATx...{|... |
| \GROUP_ICON\1\1033 | 86FEF8 | 14 | 4648F8 | 0000010001000000000001002000021E00000100 | ............ ....... |
| \24\1\1033 | 86FF10 | 23F | 464910 | 3C3F786D6C2076657273696F6E3D22312E3022207374616E64616C6F6E653D22796573223F3E0A3C617373656D626C792078 | <?xml version="1.0" standalone="yes"?>.<assembly x |
| Intelligent String |
| • .tls • meH%X • rex.rxb • rex.wxb • rex.wrb • rex.wrx • dbghelp.dll • https://github.com/EpicGamesExt/raddebugger/issues • Generate Crash Dump File • raddbg_crash_dump.dmp • radbin --rdi program.exe • radbin program.pdb --out:program.rdi • radbin --dump program.rdi • Outputs the textual dump of the debug information stored in program.rdi. • Info (.rdi) format. It can also parse and dump textualized contents of several • --dump Specifies that the utility should dump textualized contents of • not specified, the utility will choose a fallback. If dumping • All input files specified on the command line will be dumped. The following • All input files specified on the command line will be dumped. Currently, only • mscoree.dll • The following license, based on the MIT license (http://en.wikipedia.org/wiki/MIT_License), applies to the OpenType Layout logic for Biblical Hebrew Layout Logic as jointly developed by Ralph Hancock and John Hudson. • Classic constructionClosed constructionBroken equals ligaturesRased bar fCopyright 2020 The JetBrains Mono Project Authors (https://github.com/JetBrains/JetBrainsMono)JetBrains MonoRegular2.304;JB;JetBrainsMono-RegularJetBrains Mono RegularVersion 2.304; ttfautohint (v1.8.4.7-5d5b)JetBrainsMono-RegularJetBrains Mono is a trademark of JetBrains s.r.o.JetBrainsPhilipp Nurullin, Konstantin Bulenkovhttps://www.jetbrains.comhttps://www.jetbrains.comThis Font Software is licensed under the SIL Open Font License, Version 1.1. This license is available with a FAQ at: https://scripts.sil.org/OFLhttps://scripts.sil.org/OFLClassic constructionClosed constructionBroken equals ligaturesRased bar f • Copyright (C) 2025 by original authors @ fontello.comfontelloRegularfontellofontelloVersion 1.0fontelloGenerated by svg2ttf from Fontello project.http://fontello.comCopyright (C) 2025 by original authors @ fontello.comfontelloRegularfontellofontelloVersion 1.0fontelloGenerated by svg2ttf from Fontello project.http://fontello.com • raddbg.pdb • :060U00Uq]dL.g?O0U0E1-Q!m0U0y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0EU>0<0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0U |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 411 | N/A | .text | JMP QWORD PTR [RIP+0x43E9A1] |
| 4CC | N/A | .text | CALL QWORD PTR [RIP+0x43EA76] |
| 4DF | N/A | .text | CALL QWORD PTR [RIP+0x43E96B] |
| 4EF | N/A | .text | CALL QWORD PTR [RIP+0x43E863] |
| 51F | N/A | .text | CALL QWORD PTR [RIP+0x43E893] |
| 776 | N/A | .text | CALL QWORD PTR [RIP+0x43E634] |
| 7B2 | N/A | .text | CALL QWORD PTR [RIP+0x43E808] |
| 7FA | N/A | .text | CALL QWORD PTR [RIP+0x43E7C0] |
| 8A9 | N/A | .text | CALL QWORD PTR [RIP+0x43E6E1] |
| 911 | N/A | .text | CALL QWORD PTR [RIP+0x43E6A9] |
| A00 | N/A | .text | CALL QWORD PTR [RIP+0x43E5BA] |
| A4C | N/A | .text | CALL QWORD PTR [RIP+0x43E056] |
| A68 | N/A | .text | CALL QWORD PTR [RIP+0x43E5F2] |
| A75 | N/A | .text | CALL QWORD PTR [RIP+0x43E4CD] |
| A88 | N/A | .text | CALL QWORD PTR [RIP+0x43E3C2] |
| A98 | N/A | .text | CALL QWORD PTR [RIP+0x43E2BA] |
| A9E | N/A | .text | CALL QWORD PTR [RIP+0x43E2FC] |
| AB3 | N/A | .text | CALL QWORD PTR [RIP+0x43E05F] |
| ACF | N/A | .text | CALL QWORD PTR [RIP+0x43E03B] |
| B0D | N/A | .text | CALL QWORD PTR [RIP+0x43DFF5] |
| B22 | N/A | .text | CALL QWORD PTR [RIP+0x43E138] |
| B40 | N/A | .text | CALL QWORD PTR [RIP+0x43E042] |
| B6D | N/A | .text | CALL QWORD PTR [RIP+0x43E025] |
| BB5 | N/A | .text | CALL QWORD PTR [RIP+0x43DFC5] |
| BBE | N/A | .text | CALL QWORD PTR [RIP+0x43DFCC] |
| BE3 | N/A | .text | CALL QWORD PTR [RIP+0x43E28F] |
| BF8 | N/A | .text | CALL QWORD PTR [RIP+0x43E3BA] |
| C26 | N/A | .text | CALL QWORD PTR [RIP+0x43E1DC] |
| C46 | N/A | .text | CALL QWORD PTR [RIP+0x43E15C] |
| 11FC | N/A | .text | CALL QWORD PTR [RIP+0x43DB7E] |
| 1286 | N/A | .text | CALL QWORD PTR [RIP+0x43DB9C] |
| 13E3 | N/A | .text | CALL QWORD PTR [RIP+0x43D6F7] |
| 14A2 | N/A | .text | CALL QWORD PTR [RIP+0x43D928] |
| 15A8 | N/A | .text | CALL QWORD PTR [RIP+0x43D93A] |
| 1628 | N/A | .text | CALL QWORD PTR [RIP+0x43D78A] |
| 1652 | N/A | .text | CALL QWORD PTR [RIP+0x43D968] |
| 167F | N/A | .text | CALL QWORD PTR [RIP+0x43D65B] |
| 16E2 | N/A | .text | CALL QWORD PTR [RIP+0x43D858] |
| 16F2 | N/A | .text | CALL QWORD PTR [RIP+0x43D7E0] |
| 1702 | N/A | .text | CALL QWORD PTR [RIP+0x43D5D8] |
| 1765 | N/A | .text | CALL QWORD PTR [RIP+0x43D7D5] |
| 1775 | N/A | .text | CALL QWORD PTR [RIP+0x43D76D] |
| 1785 | N/A | .text | CALL QWORD PTR [RIP+0x43D555] |
| 17E5 | N/A | .text | CALL QWORD PTR [RIP+0x43D755] |
| 17F5 | N/A | .text | CALL QWORD PTR [RIP+0x43D6ED] |
| 19CD | N/A | .text | CALL QWORD PTR [RIP+0x43D30D] |
| 1A2C | N/A | .text | CALL QWORD PTR [RIP+0x43D50E] |
| 1A3C | N/A | .text | CALL QWORD PTR [RIP+0x43D4A6] |
| 1AB4 | N/A | .text | CALL QWORD PTR [RIP+0x43D226] |
| 1B17 | N/A | .text | CALL QWORD PTR [RIP+0x43D423] |
| 1B27 | N/A | .text | CALL QWORD PTR [RIP+0x43D3BB] |
| 1BC8 | N/A | .text | CALL QWORD PTR [RIP+0x43D112] |
| 1C27 | N/A | .text | CALL QWORD PTR [RIP+0x43D313] |
| 1C66 | N/A | .text | CALL QWORD PTR [RIP+0x43D03C] |
| 1E16 | N/A | .text | CALL QWORD PTR [RIP+0x43D0BC] |
| 1EAB | N/A | .text | CALL QWORD PTR [RIP+0x43CE2F] |
| 1F16 | N/A | .text | CALL QWORD PTR [RIP+0x43CFEC] |
| 1F24 | N/A | .text | CALL QWORD PTR [RIP+0x43CDB6] |
| 2056 | N/A | .text | CALL QWORD PTR [RIP+0x43CE7C] |
| 20EB | N/A | .text | CALL QWORD PTR [RIP+0x43CBEF] |
| 2156 | N/A | .text | CALL QWORD PTR [RIP+0x43CDAC] |
| 2164 | N/A | .text | CALL QWORD PTR [RIP+0x43CB76] |
| 2296 | N/A | .text | CALL QWORD PTR [RIP+0x43CC3C] |
| 232B | N/A | .text | CALL QWORD PTR [RIP+0x43C9AF] |
| 2396 | N/A | .text | CALL QWORD PTR [RIP+0x43CB6C] |
| 23A4 | N/A | .text | CALL QWORD PTR [RIP+0x43C936] |
| 260A | N/A | .text | CALL QWORD PTR [RIP+0x43C930] |
| 26B2 | N/A | .text | CALL QWORD PTR [RIP+0x43C628] |
| 27B2 | N/A | .text | CALL QWORD PTR [RIP+0x43C4F0] |
| 2812 | N/A | .text | CALL QWORD PTR [RIP+0x43C4C8] |
| 2877 | N/A | .text | CALL QWORD PTR [RIP+0x43C65B] |
| 2890 | N/A | .text | CALL QWORD PTR [RIP+0x43C44A] |
| 28F7 | N/A | .text | CALL QWORD PTR [RIP+0x43C5EB] |
| 2910 | N/A | .text | CALL QWORD PTR [RIP+0x43C3CA] |
| 2AB0 | N/A | .text | CALL QWORD PTR [RIP+0x43C22A] |
| 2B16 | N/A | .text | CALL QWORD PTR [RIP+0x43C424] |
| 2B26 | N/A | .text | CALL QWORD PTR [RIP+0x43C3BC] |
| 2BA2 | N/A | .text | CALL QWORD PTR [RIP+0x43C138] |
| 2C02 | N/A | .text | CALL QWORD PTR [RIP+0x43C338] |
| 2C12 | N/A | .text | CALL QWORD PTR [RIP+0x43C2D0] |
| 2F1A | N/A | .text | CALL QWORD PTR [RIP+0x43C060] |
| 2FE0 | N/A | .text | CALL QWORD PTR [RIP+0x43BCFA] |
| 3093 | N/A | .text | CALL QWORD PTR [RIP+0x43BEA7] |
| 30D2 | N/A | .text | CALL QWORD PTR [RIP+0x43BBD0] |
| 3105 | N/A | .text | CALL QWORD PTR [RIP+0x43BE5D] |
| 3120 | N/A | .text | CALL QWORD PTR [RIP+0x43BBBA] |
| 3183 | N/A | .text | CALL QWORD PTR [RIP+0x43BDB7] |
| 3193 | N/A | .text | CALL QWORD PTR [RIP+0x43BD4F] |
| 3211 | N/A | .text | CALL QWORD PTR [RIP+0x43BAC9] |
| 3271 | N/A | .text | CALL QWORD PTR [RIP+0x43BCC9] |
| 3281 | N/A | .text | CALL QWORD PTR [RIP+0x43BC61] |
| 33E3 | N/A | .text | CALL QWORD PTR [RIP+0x43B8F7] |
| 3449 | N/A | .text | CALL QWORD PTR [RIP+0x43BAF1] |
| 34F6 | N/A | .text | CALL QWORD PTR [RIP+0x43BA44] |
| 3531 | N/A | .text | CALL QWORD PTR [RIP+0x43B771] |
| 356C | N/A | .text | CALL QWORD PTR [RIP+0x43B76E] |
| 35AC | N/A | .text | CALL QWORD PTR [RIP+0x43BB46] |
| 3611 | N/A | .text | CALL QWORD PTR [RIP+0x43B6C9] |
| 362C | N/A | .text | CALL QWORD PTR [RIP+0x43B90E] |
| B89E | N/A | .text | CALL QWORD PTR [RIP+0x433824] |
| 327185-327199 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 9 |
| 251306-2513FF | N/A | .text | Unusual BP Cave, count: 250 |
| 45DE00 | 1020 | .pdata | ExceptionHook | Pointer to 1020 - 0x420 .text + UnwindInfo: .rdata |
| 45DE0C | 13D0 | .pdata | ExceptionHook | Pointer to 13D0 - 0x7D0 .text + UnwindInfo: .rdata |
| 45DE18 | 1420 | .pdata | ExceptionHook | Pointer to 1420 - 0x820 .text + UnwindInfo: .rdata |
| 45DE24 | 14C0 | .pdata | ExceptionHook | Pointer to 14C0 - 0x8C0 .text + UnwindInfo: .rdata |
| 45DE30 | 1520 | .pdata | ExceptionHook | Pointer to 1520 - 0x920 .text + UnwindInfo: .rdata |
| 45DE3C | 1620 | .pdata | ExceptionHook | Pointer to 1620 - 0xA20 .text + UnwindInfo: .rdata |
| 45DE48 | 42C0 | .pdata | ExceptionHook | Pointer to 42C0 - 0x36C0 .text + UnwindInfo: .rdata |
| 45DE54 | 48B0 | .pdata | ExceptionHook | Pointer to 48B0 - 0x3CB0 .text + UnwindInfo: .rdata |
| 45DE60 | 5490 | .pdata | ExceptionHook | Pointer to 5490 - 0x4890 .text + UnwindInfo: .rdata |
| 45DE6C | 5E10 | .pdata | ExceptionHook | Pointer to 5E10 - 0x5210 .text + UnwindInfo: .rdata |
| 45DE78 | 6DF0 | .pdata | ExceptionHook | Pointer to 6DF0 - 0x61F0 .text + UnwindInfo: .rdata |
| 45DE84 | 7000 | .pdata | ExceptionHook | Pointer to 7000 - 0x6400 .text + UnwindInfo: .rdata |
| 45DE90 | 8170 | .pdata | ExceptionHook | Pointer to 8170 - 0x7570 .text + UnwindInfo: .rdata |
| 45DE9C | 8300 | .pdata | ExceptionHook | Pointer to 8300 - 0x7700 .text + UnwindInfo: .rdata |
| 45DEA8 | 8520 | .pdata | ExceptionHook | Pointer to 8520 - 0x7920 .text + UnwindInfo: .rdata |
| 45DEB4 | 9F90 | .pdata | ExceptionHook | Pointer to 9F90 - 0x9390 .text + UnwindInfo: .rdata |
| 45DEC0 | A140 | .pdata | ExceptionHook | Pointer to A140 - 0x9540 .text + UnwindInfo: .rdata |
| 45DECC | A2B0 | .pdata | ExceptionHook | Pointer to A2B0 - 0x96B0 .text + UnwindInfo: .rdata |
| 45DED8 | A3D0 | .pdata | ExceptionHook | Pointer to A3D0 - 0x97D0 .text + UnwindInfo: .rdata |
| 45DEE4 | AD50 | .pdata | ExceptionHook | Pointer to AD50 - 0xA150 .text + UnwindInfo: .rdata |
| 45DEF0 | ADF0 | .pdata | ExceptionHook | Pointer to ADF0 - 0xA1F0 .text + UnwindInfo: .rdata |
| 45DEFC | B320 | .pdata | ExceptionHook | Pointer to B320 - 0xA720 .text + UnwindInfo: .rdata |
| 45DF08 | B3A0 | .pdata | ExceptionHook | Pointer to B3A0 - 0xA7A0 .text + UnwindInfo: .rdata |
| 45DF14 | B470 | .pdata | ExceptionHook | Pointer to B470 - 0xA870 .text + UnwindInfo: .rdata |
| 45DF20 | C2D0 | .pdata | ExceptionHook | Pointer to C2D0 - 0xB6D0 .text + UnwindInfo: .rdata |
| 45DF2C | C330 | .pdata | ExceptionHook | Pointer to C330 - 0xB730 .text + UnwindInfo: .rdata |
| 45DF38 | C540 | .pdata | ExceptionHook | Pointer to C540 - 0xB940 .text + UnwindInfo: .rdata |
| 45DF44 | C820 | .pdata | ExceptionHook | Pointer to C820 - 0xBC20 .text + UnwindInfo: .rdata |
| 45DF50 | C930 | .pdata | ExceptionHook | Pointer to C930 - 0xBD30 .text + UnwindInfo: .rdata |
| 45DF5C | D580 | .pdata | ExceptionHook | Pointer to D580 - 0xC980 .text + UnwindInfo: .rdata |
| 45DF68 | D5D0 | .pdata | ExceptionHook | Pointer to D5D0 - 0xC9D0 .text + UnwindInfo: .rdata |
| 45DF74 | D960 | .pdata | ExceptionHook | Pointer to D960 - 0xCD60 .text + UnwindInfo: .rdata |
| 45DF80 | DAD0 | .pdata | ExceptionHook | Pointer to DAD0 - 0xCED0 .text + UnwindInfo: .rdata |
| 45DF8C | E020 | .pdata | ExceptionHook | Pointer to E020 - 0xD420 .text + UnwindInfo: .rdata |
| 45DF98 | E400 | .pdata | ExceptionHook | Pointer to E400 - 0xD800 .text + UnwindInfo: .rdata |
| 45DFA4 | EB40 | .pdata | ExceptionHook | Pointer to EB40 - 0xDF40 .text + UnwindInfo: .rdata |
| 45DFB0 | F5A0 | .pdata | ExceptionHook | Pointer to F5A0 - 0xE9A0 .text + UnwindInfo: .rdata |
| 45DFBC | F680 | .pdata | ExceptionHook | Pointer to F680 - 0xEA80 .text + UnwindInfo: .rdata |
| 45DFC8 | F730 | .pdata | ExceptionHook | Pointer to F730 - 0xEB30 .text + UnwindInfo: .rdata |
| 45DFD4 | FBC0 | .pdata | ExceptionHook | Pointer to FBC0 - 0xEFC0 .text + UnwindInfo: .rdata |
| 45DFE0 | 10040 | .pdata | ExceptionHook | Pointer to 10040 - 0xF440 .text + UnwindInfo: .rdata |
| 45DFEC | 100C0 | .pdata | ExceptionHook | Pointer to 100C0 - 0xF4C0 .text + UnwindInfo: .rdata |
| 45DFF8 | 104A0 | .pdata | ExceptionHook | Pointer to 104A0 - 0xF8A0 .text + UnwindInfo: .rdata |
| 45E004 | 10680 | .pdata | ExceptionHook | Pointer to 10680 - 0xFA80 .text + UnwindInfo: .rdata |
| 45E010 | 11710 | .pdata | ExceptionHook | Pointer to 11710 - 0x10B10 .text + UnwindInfo: .rdata |
| 45E01C | 12010 | .pdata | ExceptionHook | Pointer to 12010 - 0x11410 .text + UnwindInfo: .rdata |
| 45E028 | 12740 | .pdata | ExceptionHook | Pointer to 12740 - 0x11B40 .text + UnwindInfo: .rdata |
| 45E034 | 128C0 | .pdata | ExceptionHook | Pointer to 128C0 - 0x11CC0 .text + UnwindInfo: .rdata |
| 45E040 | 12B00 | .pdata | ExceptionHook | Pointer to 12B00 - 0x11F00 .text + UnwindInfo: .rdata |
| 45E04C | 12D50 | .pdata | ExceptionHook | Pointer to 12D50 - 0x12150 .text + UnwindInfo: .rdata |
| 45E058 | 13080 | .pdata | ExceptionHook | Pointer to 13080 - 0x12480 .text + UnwindInfo: .rdata |
| 45E064 | 13360 | .pdata | ExceptionHook | Pointer to 13360 - 0x12760 .text + UnwindInfo: .rdata |
| 45E070 | 13710 | .pdata | ExceptionHook | Pointer to 13710 - 0x12B10 .text + UnwindInfo: .rdata |
| 45E07C | 13A10 | .pdata | ExceptionHook | Pointer to 13A10 - 0x12E10 .text + UnwindInfo: .rdata |
| 45E088 | 13B20 | .pdata | ExceptionHook | Pointer to 13B20 - 0x12F20 .text + UnwindInfo: .rdata |
| 45E094 | 16270 | .pdata | ExceptionHook | Pointer to 16270 - 0x15670 .text + UnwindInfo: .rdata |
| 45E0A0 | 16B70 | .pdata | ExceptionHook | Pointer to 16B70 - 0x15F70 .text + UnwindInfo: .rdata |
| 45E0AC | 16FF0 | .pdata | ExceptionHook | Pointer to 16FF0 - 0x163F0 .text + UnwindInfo: .rdata |
| 45E0B8 | 17370 | .pdata | ExceptionHook | Pointer to 17370 - 0x16770 .text + UnwindInfo: .rdata |
| 45E0C4 | 18290 | .pdata | ExceptionHook | Pointer to 18290 - 0x17690 .text + UnwindInfo: .rdata |
| 45E0D0 | 18980 | .pdata | ExceptionHook | Pointer to 18980 - 0x17D80 .text + UnwindInfo: .rdata |
| 45E0DC | 19220 | .pdata | ExceptionHook | Pointer to 19220 - 0x18620 .text + UnwindInfo: .rdata |
| 45E0E8 | 195A0 | .pdata | ExceptionHook | Pointer to 195A0 - 0x189A0 .text + UnwindInfo: .rdata |
| 45E0F4 | 19950 | .pdata | ExceptionHook | Pointer to 19950 - 0x18D50 .text + UnwindInfo: .rdata |
| 45E100 | 19AD0 | .pdata | ExceptionHook | Pointer to 19AD0 - 0x18ED0 .text + UnwindInfo: .rdata |
| 45E10C | 1A040 | .pdata | ExceptionHook | Pointer to 1A040 - 0x19440 .text + UnwindInfo: .rdata |
| 45E118 | 1A4E0 | .pdata | ExceptionHook | Pointer to 1A4E0 - 0x198E0 .text + UnwindInfo: .rdata |
| 45E124 | 1A680 | .pdata | ExceptionHook | Pointer to 1A680 - 0x19A80 .text + UnwindInfo: .rdata |
| 45E130 | 1A6B0 | .pdata | ExceptionHook | Pointer to 1A6B0 - 0x19AB0 .text + UnwindInfo: .rdata |
| 45E13C | 1A7D0 | .pdata | ExceptionHook | Pointer to 1A7D0 - 0x19BD0 .text + UnwindInfo: .rdata |
| 45E148 | 1A810 | .pdata | ExceptionHook | Pointer to 1A810 - 0x19C10 .text + UnwindInfo: .rdata |
| 45E154 | 1A890 | .pdata | ExceptionHook | Pointer to 1A890 - 0x19C90 .text + UnwindInfo: .rdata |
| 45E160 | 1B080 | .pdata | ExceptionHook | Pointer to 1B080 - 0x1A480 .text + UnwindInfo: .rdata |
| 45E16C | 1B1A0 | .pdata | ExceptionHook | Pointer to 1B1A0 - 0x1A5A0 .text + UnwindInfo: .rdata |
| 45E178 | 1BE10 | .pdata | ExceptionHook | Pointer to 1BE10 - 0x1B210 .text + UnwindInfo: .rdata |
| 45E184 | 1BE90 | .pdata | ExceptionHook | Pointer to 1BE90 - 0x1B290 .text + UnwindInfo: .rdata |
| 45E190 | 1BF90 | .pdata | ExceptionHook | Pointer to 1BF90 - 0x1B390 .text + UnwindInfo: .rdata |
| 45E19C | 1C140 | .pdata | ExceptionHook | Pointer to 1C140 - 0x1B540 .text + UnwindInfo: .rdata |
| 45E1A8 | 1C420 | .pdata | ExceptionHook | Pointer to 1C420 - 0x1B820 .text + UnwindInfo: .rdata |
| 45E1B4 | 1C510 | .pdata | ExceptionHook | Pointer to 1C510 - 0x1B910 .text + UnwindInfo: .rdata |
| 45E1C0 | 1C5D0 | .pdata | ExceptionHook | Pointer to 1C5D0 - 0x1B9D0 .text + UnwindInfo: .rdata |
| 45E1CC | 1C6B0 | .pdata | ExceptionHook | Pointer to 1C6B0 - 0x1BAB0 .text + UnwindInfo: .rdata |
| 45E1D8 | 1C7D0 | .pdata | ExceptionHook | Pointer to 1C7D0 - 0x1BBD0 .text + UnwindInfo: .rdata |
| 45E1E4 | 1C830 | .pdata | ExceptionHook | Pointer to 1C830 - 0x1BC30 .text + UnwindInfo: .rdata |
| 45E1F0 | 1C870 | .pdata | ExceptionHook | Pointer to 1C870 - 0x1BC70 .text + UnwindInfo: .rdata |
| 45E1FC | 1CA20 | .pdata | ExceptionHook | Pointer to 1CA20 - 0x1BE20 .text + UnwindInfo: .rdata |
| 45E208 | 1CFF0 | .pdata | ExceptionHook | Pointer to 1CFF0 - 0x1C3F0 .text + UnwindInfo: .rdata |
| 45E214 | 1D030 | .pdata | ExceptionHook | Pointer to 1D030 - 0x1C430 .text + UnwindInfo: .rdata |
| 45E220 | 1D320 | .pdata | ExceptionHook | Pointer to 1D320 - 0x1C720 .text + UnwindInfo: .rdata |
| 45E22C | 1EC60 | .pdata | ExceptionHook | Pointer to 1EC60 - 0x1E060 .text + UnwindInfo: .rdata |
| 45E238 | 1EDD0 | .pdata | ExceptionHook | Pointer to 1EDD0 - 0x1E1D0 .text + UnwindInfo: .rdata |
| 45E244 | 1EEF0 | .pdata | ExceptionHook | Pointer to 1EEF0 - 0x1E2F0 .text + UnwindInfo: .rdata |
| 45E250 | 1F140 | .pdata | ExceptionHook | Pointer to 1F140 - 0x1E540 .text + UnwindInfo: .rdata |
| 45E25C | 1F260 | .pdata | ExceptionHook | Pointer to 1F260 - 0x1E660 .text + UnwindInfo: .rdata |
| 45E268 | 1F490 | .pdata | ExceptionHook | Pointer to 1F490 - 0x1E890 .text + UnwindInfo: .rdata |
| 45E274 | 1F600 | .pdata | ExceptionHook | Pointer to 1F600 - 0x1EA00 .text + UnwindInfo: .rdata |
| 45E280 | 1F680 | .pdata | ExceptionHook | Pointer to 1F680 - 0x1EA80 .text + UnwindInfo: .rdata |
| 45E28C | 1F770 | .pdata | ExceptionHook | Pointer to 1F770 - 0x1EB70 .text + UnwindInfo: .rdata |
| 45E298 | 1F7F0 | .pdata | ExceptionHook | Pointer to 1F7F0 - 0x1EBF0 .text + UnwindInfo: .rdata |
| 45E2A4 | 1F8E0 | .pdata | ExceptionHook | Pointer to 1F8E0 - 0x1ECE0 .text + UnwindInfo: .rdata |
| 469400 | N/A | *Overlay* | A0280000000202003082289306092A864886F70D | .(......0.(...*.H...) |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 2744265 | 59,1971% |
| Null Byte Code | 876515 | 18,9075% |
© 2026 All rights reserved.