PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 1,42 MB
SHA-256 Hash: F8AF0BCDC0E5C5918E83DCED65C2E87D6C0AA884FA94EBBEA1C8A960BBDC658C
SHA-1 Hash: 1E1D5E5DFE21A8EC2C50E4055DBD161E1F3138F2
MD5 Hash: 83201E79A3506E8E53530D1558A42B0E
Imphash: DB2FF716076E91272D6A61E4FA7C7DD1
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 9D3E4
SizeOfHeaders: 400
SizeOfImage: 173000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 1108CC
IAT: CE000
Characteristics: 22
TimeDateStamp: 68C60143
Date: 13/09/2025 23:41:55
File Type: EXE
Number Of Sections: 8
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .gfids, .tls, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	400	CCE00	1000	CCC74	6.3949	5607063.24
.rdata	0x40000040 Initialized Data Readable	CD200	43E00	CE000	43C8E	4.8643	14142461.61
.data	0xC0000040 Initialized Data Readable Writeable	111000	3000	112000	5254	4.0771	568085.71
.pdata	0x40000040 Initialized Data Readable	114000	A600	118000	A5FC	6.0438	815881.35
.gfids	0x40000040 Initialized Data Readable	11E600	800	123000	658	3.3735	190034.5
.tls	0xC0000040 Initialized Data Readable Writeable	11EE00	200	124000	9	0.0204	130049
.rsrc	0x40000040 Initialized Data Readable	11F000	4B400	125000	4B230	4.9022	9301319.69
.reloc	0x42000040 Initialized Data GP-Relative Readable	16A400	1600	171000	145C	5.3108	43524.09

Description

OriginalFilename: mal_unpack.exe
CompanyName: Hashereware (hashereware.com)
LegalCopyright: Copyright 2018-2025 Hasherezade
ProductName: MalUnpack
FileVersion: 1.0.0
FileDescription: MalUnpack: dynamic malware unpacker based on PE-sieve.
ProductVersion: 1.0.0
Language: English (United States) (ID=0x409)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 9C7E4
Code -> 4883EC28E8770800004883C428E976FEFFFFCCCC488BC44C8948204C8940184889501053565741564883EC38498BF1498BD8

Assembler

|SUB RSP, 0X28

|CALL 0X1880

|ADD RSP, 0X28

|JMP 0XE88

|INT3

|MOV RAX, RSP

|MOV QWORD PTR [RAX + 0X20], R9

|MOV QWORD PTR [RAX + 0X18], R8

|MOV QWORD PTR [RAX + 0X10], RDX

|PUSH RBX

|PUSH RSI

|PUSH RDI

|PUSH R14

|SUB RSP, 0X38

|MOV RSI, R9

|MOV RBX, R8

Signatures

Rich Signature Analyzer:
Code -> 3EE0FB347A8195677A8195677A819567CE1D646771819567CE1D6667D8819567CE1D67676081956741DF96667281956741DF90663F81956741DF91665C819567A77E5E67758195677A819467C7819567CBDF906630819567E8DF6A677B819567CBDF97667B819567526963687A819567
Footprint md5 Hash -> 6662BAB30AC81BEF1DBC172CA97BB98B
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Detect It Easy (die)
• PE+(64): compiler: Microsoft Visual C/C++(2015 v.14.0)[-]
• PE+(64): linker: Microsoft Linker(14.0, Visual Studio 2015 14.0*)[-]
• Entropy: 6.19629

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	GetModuleFileNameA	Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL	VirtualAlloc	Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL	GetModuleHandleA	Retrieves a handle to the specified module.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryA	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	CreateToolhelp32Snapshot	Creates a snapshot of the specified processes, heaps, threads, and modules.
KERNEL32.DLL	ReadProcessMemory	Reads data from an area of memory in a specified process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	CreateFileA	Creates or opens a file or I/O device.
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.

File Access

.exe
cmd.exe
RstrtMgr.dll
bcryptprimitives.dll
bcrypt.dll
oleaut32.dll
VERSION.dll
USERENV.dll
dbghelp.dll
imagehlp.dll
tdh.dll
ADVAPI32.dll
KERNEL32.dll
SHLWAPI.dll
ntdll.dll
coreclr.dll
clr.dll
winsrv.dll
user32.dll
win32u.dll
%SystemRoot%\system32\win32u.dll
%SystemRoot%\system32\ntdll.dll
.bat
.dat
@.dat
unpack.log
.iat_hooks.txt
.not_fixed_imports.txt
.imports.txt
Temp

File Access (UNICODE)

mal_unpack.exe
mscoree.dll
kernel32.dll

Interest's Words

Encrypt
Encryption
exec
attrib
start
pause
comspec
shutdown
systeminfo
ping
expand
replace

Anti-VM/Sandbox/Debug Tricks

OllyDbg Libary - dbghelp.dll

URLs

https://github.com/hasherezade/pe-sieve

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (connect)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Anti-Analysis VM (GlobalMemoryStatusEx)
Text	Ascii	Anti-Analysis VM (CreateToolhelp32Snapshot)
Text	Ascii	Reconnaissance (FindNextFileA)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (GetThreadContext)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (IsBadReadPtr)
Text	Ascii	Stealth (UnmapViewOfFile)
Text	Ascii	Stealth (MapViewOfFile)
Text	Ascii	Stealth (CreateFileMappingA)
Text	Ascii	Stealth (VirtualAlloc)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Stealth (ReadProcessMemory)
Text	Ascii	Execution (CreateProcessA)
Text	Ascii	Execution (ResumeThread)
Text	Ascii	Execution (CreateSemaphoreW)
Text	Ascii	Execution (CreateEventW)
Text	Ascii	Privileges (SeDebugPrivilege)
Text	Ascii	Malicious rerouting of traffic to an attacker-controlled site (Redirect)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\ICON\1\1033	125B40	25A8	11FB40	280000003000000060000000010020000000000080250000000000000000000000000000000000003A2B1BFF3E2F1FFF3426	(...0........ ......%..................:+..>/..4&
\ICON\2\1033	1280E8	10A8	1220E8	280000002000000040000000010020000000000080100000000000000000000000000000000000003E3020FF38291AFF2819	(... ...@..... .........................>0 .8)..(.
\ICON\3\1033	129190	468	123190	2800000010000000200000000100200000000000400400000000000000000000000000000000000036291BFF2B1C0BFF2112	(....... ..... .....@...................6)..+...!.
\ICON\4\1033	1295F8	42028	1235F8	280000000001000000020000010020000000000000200400000000000000000000000000000000003D2E1EFF3D2E1EFF3D2E	(............. ...... ..................=...=...=.
\ICON\5\1033	16B620	4228	165620	280000004000000080000000010020000000000000420000000000000000000000000000000000003D2E1EFF3C2D1DFF3E2F	(...@......... ......B..................=...<-..>/
\ICON\6\1033	16F848	988	169848	280000001800000030000000010020000000000060090000000000000000000000000000000000003F3122FF302112FF2415	(.......0..... ........................?1".0!..$.
\GROUP_ICON\IDI_ICON1\1033	1701D0	5A	16A1D0	0000010006003030000001002000A825000001002020000001002000A810000002001010000001002000680400000300000000000100200028200400040040400000010020002842000005001818000001002000880900000600	......00.... ..%.... .... ............. .h........... .( ....@@.... .(B.......... .......
\VERSION\1\1033	1257F0	350	11F7F0	500334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000	P.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\1033	125240	5B0	11F240	3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279	<?xml version="1.0" encoding="UTF-8" standalone="y

Intelligent String

• mal_unpack.exe
• %systemroot%\system32\win32u.dll
• %systemroot%\system32\ntdll.dll
• kernel32.dll
• @.tls
• .NET: scan non-executable in .NET applications
• minidmpCreate a minidump of the detected process
• dump_mode
• Set in which mode the detected PE files should be dumped.
• 2. scan options3. dump options4. output options
• unpack.log
• .out
• "dump_base" :
• "dump_file" :
• "dump_mode" :
• "minidump_path" : "
• "dumped" :
• [+] Report dumped to:
• [+] Dumped modified to:
• [*] Creating minidump...
• .dmp
• [+] Minidump saved to: [-] Creating minidump failed!
• dbghelp.dll
• MiniDumpWriteDump
• dump_report.json
• .imports.txt
• .not_fixed_imports.txt
• [*] Dumped module to:
• .tag
• .pattern.tag
• .iat_hooks.txt
• ntdll.dll
• win32u.dll
• user32.dll
• winsrv.dll
• clr.dll
• coreclr.dll
• IND)ind)COMSPECcmd.exe/c
• mscoree.dll
• .com.exe.bat.cmd
• .bss
• .tls

Flow Anomalies

Offset	RVA	Section	Description
417	N/A	.text	CALL QWORD PTR [RIP+0xCD323]
4EB	N/A	.text	CALL QWORD PTR [RIP+0xCD24F]
585	N/A	.text	CALL QWORD PTR [RIP+0xCD1B5]
20027	N/A	.text	CALL QWORD PTR [RIP+0xAD483]
200F4	N/A	.text	CALL QWORD PTR [RIP+0xAD3BE]
20130	N/A	.text	CALL QWORD PTR [RIP+0xAD382]
2016E	N/A	.text	CALL QWORD PTR [RIP+0xAD344]
20188	N/A	.text	CALL QWORD PTR [RIP+0xAD32A]
2027B	N/A	.text	CALL QWORD PTR [RIP+0xAD237]
2037C	N/A	.text	CALL QWORD PTR [RIP+0xAD126]
22463	N/A	.text	CALL QWORD PTR [RIP+0xAB057]
22D1E	N/A	.text	CALL QWORD PTR [RIP+0xAA79C]
23270	N/A	.text	CALL QWORD PTR [RIP+0xAA24A]
23F1F	N/A	.text	CALL QWORD PTR [RIP+0xA95A3]
23F91	N/A	.text	CALL QWORD PTR [RIP+0xA9539]
23F9C	N/A	.text	CALL QWORD PTR [RIP+0xA9506]
2401F	N/A	.text	CALL QWORD PTR [RIP+0xA94A3]
24091	N/A	.text	CALL QWORD PTR [RIP+0xA9439]
2409C	N/A	.text	CALL QWORD PTR [RIP+0xA9406]
2434A	N/A	.text	CALL QWORD PTR [RIP+0xA9178]
24387	N/A	.text	CALL QWORD PTR [RIP+0xA9143]
24392	N/A	.text	CALL QWORD PTR [RIP+0xA9110]
24669	N/A	.text	CALL QWORD PTR [RIP+0xA8E59]
2467C	N/A	.text	CALL QWORD PTR [RIP+0xA8E26]
247F7	N/A	.text	CALL QWORD PTR [RIP+0xA8CCB]
2480A	N/A	.text	CALL QWORD PTR [RIP+0xA8C98]
24887	N/A	.text	CALL QWORD PTR [RIP+0xA8C3B]
248F8	N/A	.text	CALL QWORD PTR [RIP+0xA8BE2]
24909	N/A	.text	CALL QWORD PTR [RIP+0xA8BC9]
2491B	N/A	.text	CALL QWORD PTR [RIP+0xA8BC7]
24929	N/A	.text	CALL QWORD PTR [RIP+0xA8B79]
2498A	N/A	.text	CALL QWORD PTR [RIP+0xA8B38]
249A0	N/A	.text	CALL QWORD PTR [RIP+0xA8B02]
249F7	N/A	.text	CALL QWORD PTR [RIP+0xA8ACB]
24A42	N/A	.text	CALL QWORD PTR [RIP+0xA8A88]
24A4D	N/A	.text	CALL QWORD PTR [RIP+0xA8A55]
24AB2	N/A	.text	CALL QWORD PTR [RIP+0xA8A18]
24AFB	N/A	.text	CALL QWORD PTR [RIP+0xA89CF]
24B97	N/A	.text	CALL QWORD PTR [RIP+0xA892B]
24BD5	N/A	.text	CALL QWORD PTR [RIP+0xA88F5]
24BE0	N/A	.text	CALL QWORD PTR [RIP+0xA88C2]
254DD	N/A	.text	CALL QWORD PTR [RIP+0xA800D]
2555C	N/A	.text	CALL QWORD PTR [RIP+0xA7F46]
25562	N/A	.text	CALL QWORD PTR [RIP+0xA7F88]
25688	N/A	.text	CALL QWORD PTR [RIP+0xA7E1A]
259B0	N/A	.text	CALL QWORD PTR [RIP+0xA7B5A]
25AAA	N/A	.text	CALL QWORD PTR [RIP+0xA7A58]
25B60	N/A	.text	CALL QWORD PTR [RIP+0xA79B2]
25BB5	N/A	.text	CALL QWORD PTR [RIP+0xA78ED]
25E46	N/A	.text	CALL QWORD PTR [RIP+0xA76CC]
25ED8	N/A	.text	CALL QWORD PTR [RIP+0xA75CA]
26088	N/A	.text	CALL QWORD PTR [RIP+0xA748A]
260A2	N/A	.text	CALL QWORD PTR [RIP+0xA7470]
260B0	N/A	.text	CALL QWORD PTR [RIP+0xA743A]
260D8	N/A	.text	CALL QWORD PTR [RIP+0xA78C2]
260E5	N/A	.text	CALL QWORD PTR [RIP+0xA740D]
260F6	N/A	.text	CALL QWORD PTR [RIP+0xA73AC]
26AC4	N/A	.text	CALL QWORD PTR [RIP+0xA6EB6]
26F0D	N/A	.text	CALL QWORD PTR [RIP+0xA666D]
26F30	N/A	.text	CALL QWORD PTR [RIP+0xA6632]
2720F	N/A	.text	CALL QWORD PTR [RIP+0xA6783]
27257	N/A	.text	CALL QWORD PTR [RIP+0xA672B]
2730D	N/A	.text	CALL QWORD PTR [RIP+0xA6265]
273A4	N/A	.text	CALL QWORD PTR [RIP+0xA61DE]
273CE	N/A	.text	CALL QWORD PTR [RIP+0xA619C]
273D9	N/A	.text	CALL QWORD PTR [RIP+0xA65B1]
274B2	N/A	.text	CALL QWORD PTR [RIP+0xA6038]
275E4	N/A	.text	CALL QWORD PTR [RIP+0xA5F76]
27608	N/A	.text	CALL QWORD PTR [RIP+0xA5E9A]
27693	N/A	.text	CALL QWORD PTR [RIP+0xA5EC7]
276AD	N/A	.text	CALL QWORD PTR [RIP+0xA5EBD]
276B8	N/A	.text	CALL QWORD PTR [RIP+0xA5DEA]
2A91D	N/A	.text	CALL QWORD PTR [RIP+0xA2C6D]
2AB4D	N/A	.text	CALL QWORD PTR [RIP+0xA2A45]
2AB6C	N/A	.text	CALL QWORD PTR [RIP+0xA2A26]
309FD	N/A	.text	CALL QWORD PTR [RIP+0x9CF05]
30C10	N/A	.text	CALL QWORD PTR [RIP+0x9C902]
30C7D	N/A	.text	JMP QWORD PTR [RIP+0x9C825]
319A1	N/A	.text	CALL QWORD PTR [RIP+0x9BB71]
319C0	N/A	.text	CALL QWORD PTR [RIP+0x9BB52]
319D6	N/A	.text	CALL QWORD PTR [RIP+0x9BB3C]
319EF	N/A	.text	CALL QWORD PTR [RIP+0x9BBC3]
31A6A	N/A	.text	CALL QWORD PTR [RIP+0x9BA80]
31ACB	N/A	.text	CALL QWORD PTR [RIP+0x9BACF]
31B48	N/A	.text	CALL QWORD PTR [RIP+0x9BA52]
31F5D	N/A	.text	CALL QWORD PTR [RIP+0x9B9A5]
31F99	N/A	.text	CALL QWORD PTR [RIP+0x9B509]
3204A	N/A	.text	CALL QWORD PTR [RIP+0x9B578]
32102	N/A	.text	CALL QWORD PTR [RIP+0x9B4B8]
32153	N/A	.text	CALL QWORD PTR [RIP+0x9B397]
32432	N/A	.text	CALL QWORD PTR [RIP+0x9B198]
325E4	N/A	.text	CALL QWORD PTR [RIP+0x9AF8E]
338EC	N/A	.text	CALL QWORD PTR [RIP+0x99BB6]
34186	N/A	.text	CALL QWORD PTR [RIP+0x99464]
34445	N/A	.text	CALL QWORD PTR [RIP+0x9918D]
34481	N/A	.text	JMP QWORD PTR [RIP+0x99151]
34629	N/A	.text	CALL QWORD PTR [RIP+0x99369]
346CE	N/A	.text	CALL QWORD PTR [RIP+0x992A4]
347D8	N/A	.text	CALL QWORD PTR [RIP+0x991A2]
34C11	N/A	.text	CALL QWORD PTR [RIP+0x989C9]
114000	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata
11400C	1030	.pdata	ExceptionHook \| Pointer to 1030 - 0x430 .text + UnwindInfo: .rdata
114018	1090	.pdata	ExceptionHook \| Pointer to 1090 - 0x490 .text + UnwindInfo: .rdata
114024	10E0	.pdata	ExceptionHook \| Pointer to 10E0 - 0x4E0 .text + UnwindInfo: .rdata
114030	1110	.pdata	ExceptionHook \| Pointer to 1110 - 0x510 .text + UnwindInfo: .rdata
11403C	11A4	.pdata	ExceptionHook \| Pointer to 11A4 - 0x5A4 .text + UnwindInfo: .rdata
114048	11DC	.pdata	ExceptionHook \| Pointer to 11DC - 0x5DC .text + UnwindInfo: .rdata
114054	120C	.pdata	ExceptionHook \| Pointer to 120C - 0x60C .text + UnwindInfo: .rdata
114060	1268	.pdata	ExceptionHook \| Pointer to 1268 - 0x668 .text + UnwindInfo: .rdata
11406C	1288	.pdata	ExceptionHook \| Pointer to 1288 - 0x688 .text + UnwindInfo: .rdata
114078	12B8	.pdata	ExceptionHook \| Pointer to 12B8 - 0x6B8 .text + UnwindInfo: .rdata
114084	1340	.pdata	ExceptionHook \| Pointer to 1340 - 0x740 .text + UnwindInfo: .rdata
114090	136C	.pdata	ExceptionHook \| Pointer to 136C - 0x76C .text + UnwindInfo: .rdata
11409C	138C	.pdata	ExceptionHook \| Pointer to 138C - 0x78C .text + UnwindInfo: .rdata
1140A8	13BC	.pdata	ExceptionHook \| Pointer to 13BC - 0x7BC .text + UnwindInfo: .rdata
1140B4	1424	.pdata	ExceptionHook \| Pointer to 1424 - 0x824 .text + UnwindInfo: .rdata
1140C0	1444	.pdata	ExceptionHook \| Pointer to 1444 - 0x844 .text + UnwindInfo: .rdata
1140CC	1474	.pdata	ExceptionHook \| Pointer to 1474 - 0x874 .text + UnwindInfo: .rdata
1140D8	14B0	.pdata	ExceptionHook \| Pointer to 14B0 - 0x8B0 .text + UnwindInfo: .rdata
1140E4	14D0	.pdata	ExceptionHook \| Pointer to 14D0 - 0x8D0 .text + UnwindInfo: .rdata
1140F0	1720	.pdata	ExceptionHook \| Pointer to 1720 - 0xB20 .text + UnwindInfo: .rdata
1140FC	1990	.pdata	ExceptionHook \| Pointer to 1990 - 0xD90 .text + UnwindInfo: .rdata
114108	1BE0	.pdata	ExceptionHook \| Pointer to 1BE0 - 0xFE0 .text + UnwindInfo: .rdata
114114	1ED0	.pdata	ExceptionHook \| Pointer to 1ED0 - 0x12D0 .text + UnwindInfo: .rdata
114120	2130	.pdata	ExceptionHook \| Pointer to 2130 - 0x1530 .text + UnwindInfo: .rdata
11412C	2180	.pdata	ExceptionHook \| Pointer to 2180 - 0x1580 .text + UnwindInfo: .rdata
114138	21F0	.pdata	ExceptionHook \| Pointer to 21F0 - 0x15F0 .text + UnwindInfo: .rdata
114144	22D0	.pdata	ExceptionHook \| Pointer to 22D0 - 0x16D0 .text + UnwindInfo: .rdata
114150	2370	.pdata	ExceptionHook \| Pointer to 2370 - 0x1770 .text + UnwindInfo: .rdata
11415C	2440	.pdata	ExceptionHook \| Pointer to 2440 - 0x1840 .text + UnwindInfo: .rdata
114168	24B0	.pdata	ExceptionHook \| Pointer to 24B0 - 0x18B0 .text + UnwindInfo: .rdata
114174	24F0	.pdata	ExceptionHook \| Pointer to 24F0 - 0x18F0 .text + UnwindInfo: .rdata
114180	2550	.pdata	ExceptionHook \| Pointer to 2550 - 0x1950 .text + UnwindInfo: .rdata
11418C	25A0	.pdata	ExceptionHook \| Pointer to 25A0 - 0x19A0 .text + UnwindInfo: .rdata
114198	2630	.pdata	ExceptionHook \| Pointer to 2630 - 0x1A30 .text + UnwindInfo: .rdata
1141A4	26C0	.pdata	ExceptionHook \| Pointer to 26C0 - 0x1AC0 .text + UnwindInfo: .rdata
1141B0	2840	.pdata	ExceptionHook \| Pointer to 2840 - 0x1C40 .text + UnwindInfo: .rdata
1141BC	2AF0	.pdata	ExceptionHook \| Pointer to 2AF0 - 0x1EF0 .text + UnwindInfo: .rdata
1141C8	2B70	.pdata	ExceptionHook \| Pointer to 2B70 - 0x1F70 .text + UnwindInfo: .rdata
1141D4	2E20	.pdata	ExceptionHook \| Pointer to 2E20 - 0x2220 .text + UnwindInfo: .rdata
1141E0	30F0	.pdata	ExceptionHook \| Pointer to 30F0 - 0x24F0 .text + UnwindInfo: .rdata
1141EC	3350	.pdata	ExceptionHook \| Pointer to 3350 - 0x2750 .text + UnwindInfo: .rdata
1141F8	3610	.pdata	ExceptionHook \| Pointer to 3610 - 0x2A10 .text + UnwindInfo: .rdata
114204	38D0	.pdata	ExceptionHook \| Pointer to 38D0 - 0x2CD0 .text + UnwindInfo: .rdata
114210	3B30	.pdata	ExceptionHook \| Pointer to 3B30 - 0x2F30 .text + UnwindInfo: .rdata
11421C	3CA0	.pdata	ExceptionHook \| Pointer to 3CA0 - 0x30A0 .text + UnwindInfo: .rdata
114228	3F20	.pdata	ExceptionHook \| Pointer to 3F20 - 0x3320 .text + UnwindInfo: .rdata
114234	41A0	.pdata	ExceptionHook \| Pointer to 41A0 - 0x35A0 .text + UnwindInfo: .rdata
114240	4300	.pdata	ExceptionHook \| Pointer to 4300 - 0x3700 .text + UnwindInfo: .rdata
11424C	45A0	.pdata	ExceptionHook \| Pointer to 45A0 - 0x39A0 .text + UnwindInfo: .rdata
114258	45BB	.pdata	ExceptionHook \| Pointer to 45BB - 0x39BB .text + UnwindInfo: .rdata
114264	465A	.pdata	ExceptionHook \| Pointer to 465A - 0x3A5A .text + UnwindInfo: .rdata
114270	4670	.pdata	ExceptionHook \| Pointer to 4670 - 0x3A70 .text + UnwindInfo: .rdata
11427C	4780	.pdata	ExceptionHook \| Pointer to 4780 - 0x3B80 .text + UnwindInfo: .rdata
114288	4840	.pdata	ExceptionHook \| Pointer to 4840 - 0x3C40 .text + UnwindInfo: .rdata
114294	4900	.pdata	ExceptionHook \| Pointer to 4900 - 0x3D00 .text + UnwindInfo: .rdata
1142A0	49B0	.pdata	ExceptionHook \| Pointer to 49B0 - 0x3DB0 .text + UnwindInfo: .rdata
1142AC	4A60	.pdata	ExceptionHook \| Pointer to 4A60 - 0x3E60 .text + UnwindInfo: .rdata
1142B8	4B10	.pdata	ExceptionHook \| Pointer to 4B10 - 0x3F10 .text + UnwindInfo: .rdata
1142C4	4BA0	.pdata	ExceptionHook \| Pointer to 4BA0 - 0x3FA0 .text + UnwindInfo: .rdata
1142D0	5040	.pdata	ExceptionHook \| Pointer to 5040 - 0x4440 .text + UnwindInfo: .rdata
1142DC	5270	.pdata	ExceptionHook \| Pointer to 5270 - 0x4670 .text + UnwindInfo: .rdata
1142E8	5E40	.pdata	ExceptionHook \| Pointer to 5E40 - 0x5240 .text + UnwindInfo: .rdata
1142F4	5FE0	.pdata	ExceptionHook \| Pointer to 5FE0 - 0x53E0 .text + UnwindInfo: .rdata
114300	6180	.pdata	ExceptionHook \| Pointer to 6180 - 0x5580 .text + UnwindInfo: .rdata
11430C	62C0	.pdata	ExceptionHook \| Pointer to 62C0 - 0x56C0 .text + UnwindInfo: .rdata
114318	6400	.pdata	ExceptionHook \| Pointer to 6400 - 0x5800 .text + UnwindInfo: .rdata
114324	6540	.pdata	ExceptionHook \| Pointer to 6540 - 0x5940 .text + UnwindInfo: .rdata
114330	6680	.pdata	ExceptionHook \| Pointer to 6680 - 0x5A80 .text + UnwindInfo: .rdata
11433C	67C0	.pdata	ExceptionHook \| Pointer to 67C0 - 0x5BC0 .text + UnwindInfo: .rdata
114348	6900	.pdata	ExceptionHook \| Pointer to 6900 - 0x5D00 .text + UnwindInfo: .rdata
114354	6A40	.pdata	ExceptionHook \| Pointer to 6A40 - 0x5E40 .text + UnwindInfo: .rdata
114360	6B80	.pdata	ExceptionHook \| Pointer to 6B80 - 0x5F80 .text + UnwindInfo: .rdata
11436C	6C30	.pdata	ExceptionHook \| Pointer to 6C30 - 0x6030 .text + UnwindInfo: .rdata
114378	6D10	.pdata	ExceptionHook \| Pointer to 6D10 - 0x6110 .text + UnwindInfo: .rdata
114384	6DD0	.pdata	ExceptionHook \| Pointer to 6DD0 - 0x61D0 .text + UnwindInfo: .rdata
114390	6E90	.pdata	ExceptionHook \| Pointer to 6E90 - 0x6290 .text + UnwindInfo: .rdata
11439C	6ED0	.pdata	ExceptionHook \| Pointer to 6ED0 - 0x62D0 .text + UnwindInfo: .rdata
1143A8	6F50	.pdata	ExceptionHook \| Pointer to 6F50 - 0x6350 .text + UnwindInfo: .rdata
1143B4	7000	.pdata	ExceptionHook \| Pointer to 7000 - 0x6400 .text + UnwindInfo: .rdata
1143C0	7070	.pdata	ExceptionHook \| Pointer to 7070 - 0x6470 .text + UnwindInfo: .rdata
1143CC	7170	.pdata	ExceptionHook \| Pointer to 7170 - 0x6570 .text + UnwindInfo: .rdata
1143D8	7240	.pdata	ExceptionHook \| Pointer to 7240 - 0x6640 .text + UnwindInfo: .rdata
1143E4	72E0	.pdata	ExceptionHook \| Pointer to 72E0 - 0x66E0 .text + UnwindInfo: .rdata
1143F0	7770	.pdata	ExceptionHook \| Pointer to 7770 - 0x6B70 .text + UnwindInfo: .rdata
1143FC	77E0	.pdata	ExceptionHook \| Pointer to 77E0 - 0x6BE0 .text + UnwindInfo: .rdata
114408	A7A0	.pdata	ExceptionHook \| Pointer to A7A0 - 0x9BA0 .text + UnwindInfo: .rdata
114414	A830	.pdata	ExceptionHook \| Pointer to A830 - 0x9C30 .text + UnwindInfo: .rdata
114420	A900	.pdata	ExceptionHook \| Pointer to A900 - 0x9D00 .text + UnwindInfo: .rdata
11442C	AA40	.pdata	ExceptionHook \| Pointer to AA40 - 0x9E40 .text + UnwindInfo: .rdata
114438	AA90	.pdata	ExceptionHook \| Pointer to AA90 - 0x9E90 .text + UnwindInfo: .rdata
114444	AAD0	.pdata	ExceptionHook \| Pointer to AAD0 - 0x9ED0 .text + UnwindInfo: .rdata
114450	AB10	.pdata	ExceptionHook \| Pointer to AB10 - 0x9F10 .text + UnwindInfo: .rdata
11445C	AB70	.pdata	ExceptionHook \| Pointer to AB70 - 0x9F70 .text + UnwindInfo: .rdata
114468	ABB0	.pdata	ExceptionHook \| Pointer to ABB0 - 0x9FB0 .text + UnwindInfo: .rdata
114474	AC30	.pdata	ExceptionHook \| Pointer to AC30 - 0xA030 .text + UnwindInfo: .rdata
114480	ACB0	.pdata	ExceptionHook \| Pointer to ACB0 - 0xA0B0 .text + UnwindInfo: .rdata
11448C	AD10	.pdata	ExceptionHook \| Pointer to AD10 - 0xA110 .text + UnwindInfo: .rdata
114498	AD40	.pdata	ExceptionHook \| Pointer to AD40 - 0xA140 .text + UnwindInfo: .rdata
1144A4	AE00	.pdata	ExceptionHook \| Pointer to AE00 - 0xA200 .text + UnwindInfo: .rdata

Extra Analysis

Metric	Value	Percentage
Ascii Code	798186	53,5908%
Null Byte Code	289034	19,406%

PESCAN.IO - Analysis Report Basic