PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 1,29 MB
SHA-256 Hash: F7B4818D359A23A758216E21A27828B13907460C8384418D207C081D70E6245D
SHA-1 Hash: 8FCA3C242B479DF5E0C5ED959860AE9E324A1136
MD5 Hash: 88CE2A1B194D5204E139777276D880E0
Imphash: BC1E8FB7C78167A7E9FE4942EFB59362
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): F3C4C
SizeOfHeaders: A00
SizeOfImage: 19B000
ImageBase: 0000000140000000
Architecture: x64
ExportTable: 126780
ImportTable: 12683C
IAT: FD000
Characteristics: 22
TimeDateStamp: 6A385E9F
Date: 21/06/2026 21:58:55
File Type: EXE
File Type: DLL
Number Of Sections: 45
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .xdata, .enigma1, .enigma2, .vmp0, .vmp1, .vmp2, .arch, .srdata, .xdata, .xpdata, .xtls, .themida, .dsstext, .secx, .secxy, .junkA, .junkB, .stub0, .stub1, .patchX, .patchY, .crypt0, .crypt1, .lzxd, .vmc0, .vmc1, .guardA, .guardB, .fakehdr, .reshook, .shadow0, .shadow1, .ghost, .altmap, .stubb, .trapx, .trapz, .mask0, .mask1, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console
UAC Execution Level Manifest: requireAdministrator
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text
0x60000020
Code
Executable
Readable
 A00 FB400 1000 FB30C
6.3585
7503354.98
.rdata
0x40000040
Initialized Data
Readable
 FBE00 2D600 FD000 2D582
6.3171
2420138.53
.data
0xC0000040
Initialized Data
Readable
Writeable
 129400 2000 12B000 2C5D8
4.6394
413795
.pdata
0x40000040
Initialized Data
Readable
 12B400 C400 158000 C228
5.954
1061303.04
.xdata
0xC0000040
Initialized Data
Readable
Writeable
 137800 D400 165000 D214
5.6967
1154875.53
.enigma1
0xC0000040
Initialized Data
Readable
Writeable
 144C00 200 173000 13
0.3545
121518
.enigma2
0xC0000040
Initialized Data
Readable
Writeable
 144E00 200 174000 13
0.3506
121519
.vmp0
0xC0000040
Initialized Data
Readable
Writeable
 145000 200 175000 A
0.1794
125998
.vmp1
0xC0000040
Initialized Data
Readable
Writeable
 145200 200 176000 10
0.2843
123006
.vmp2
0xC0000040
Initialized Data
Readable
Writeable
 145400 200 177000 13
0.3452
121521
.arch
0xC0000040
Initialized Data
Readable
Writeable
 145600 200 178000 13
0.3584
121517
.srdata
0xC0000040
Initialized Data
Readable
Writeable
 145800 200 179000 7
0.1223
127509
.xdata
0xC0000040
Initialized Data
Readable
Writeable
 145A00 200 17A000 7
0.1223
127509
.xpdata
0xC0000040
Initialized Data
Readable
Writeable
 145C00 200 17B000 B
0.1998
125496
.xtls
0xC0000040
Initialized Data
Readable
Writeable
 145E00 200 17C000 11
0.1998
125496
.themida
0xC0000040
Initialized Data
Readable
Writeable
 146000 200 17D000 13
0.3437
121522
.dsstext
0xC0000040
Initialized Data
Readable
Writeable
 146200 200 17E000 8
0.1426
127004
.secx
0xC0000040
Initialized Data
Readable
Writeable
 146400 200 17F000 B
0.1998
125496
.secxy
0xC0000040
Initialized Data
Readable
Writeable
 146600 200 180000 F
0.2811
123498
.junkA
0xC0000040
Initialized Data
Readable
Writeable
 146800 200 181000 9
0.1591
126501
.junkB
0xC0000040
Initialized Data
Readable
Writeable
 146A00 200 182000 9
0.1591
126501
.stub0
0xC0000040
Initialized Data
Readable
Writeable
 146C00 200 183000 A
0.1755
125999
.stub1
0xC0000040
Initialized Data
Readable
Writeable
 146E00 200 184000 A
0.1755
125999
.patchX
0xC0000040
Initialized Data
Readable
Writeable
 147000 200 185000 B
0.1959
125497
.patchY
0xC0000040
Initialized Data
Readable
Writeable
 147200 200 186000 B
0.1959
125497
.crypt0
0xC0000040
Initialized Data
Readable
Writeable
 147400 200 187000 C
0.2201
124995
.crypt1
0xC0000040
Initialized Data
Readable
Writeable
 147600 200 188000 C
0.2201
124995
.lzxd
0xC0000040
Initialized Data
Readable
Writeable
 147800 200 189000 10
0.2975
123002
.vmc0
0xC0000040
Initialized Data
Readable
Writeable
 147A00 200 18A000 A
0.1794
125998
.vmc1
0xC0000040
Initialized Data
Readable
Writeable
 147C00 200 18B000 A
0.1794
125998
.guardA
0xC0000040
Initialized Data
Readable
Writeable
 147E00 200 18C000 D
0.2326
124497
.guardB
0xC0000040
Initialized Data
Readable
Writeable
 148000 200 18D000 D
0.2326
124497
.fakehdr
0xC0000040
Initialized Data
Readable
Writeable
 148200 200 18E000 C
0.2108
124998
.reshook
0xC0000040
Initialized Data
Readable
Writeable
 148400 200 18F000 E
0.2476
124000
.shadow0
0xC0000040
Initialized Data
Readable
Writeable
 148600 200 190000 D
0.2365
124496
.shadow1
0xC0000040
Initialized Data
Readable
Writeable
 148800 200 191000 D
0.2365
124496
.ghost
0xC0000040
Initialized Data
Readable
Writeable
 148A00 200 192000 A
0.1833
125997
.altmap
0xC0000040
Initialized Data
Readable
Writeable
 148C00 200 193000 8
0.1387
127005
.stubb
0xC0000040
Initialized Data
Readable
Writeable
 148E00 200 194000 7
0.1184
127510
.trapx
0xC0000040
Initialized Data
Readable
Writeable
 149000 200 195000 7
0.1223
127509
.trapz
0xC0000040
Initialized Data
Readable
Writeable
 149200 200 196000 7
0.1223
127509
.mask0
0xC0000040
Initialized Data
Readable
Writeable
 149400 200 197000 7
0.1223
127509
.mask1
0xC0000040
Initialized Data
Readable
Writeable
 149600 200 198000 7
0.1223
127509
.rsrc
0x40000040
Initialized Data
Readable
 149800 200 199000 1E8
4.772
8287
.reloc
0x42000040
Initialized Data
GP-Relative
Readable
 149A00 C00 19A000 B90
5.3215
22193.83
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - F364C
Code -> 4883EC28E87B0A00004883C428E972FEFFFFCCCC4883EC284D8B4138488BCA498BD1E80D000000B8010000004883C428C3CC
Assembler
|SUB RSP, 0X28
|CALL 0X1A84
|ADD RSP, 0X28
|JMP 0XE84
|INT3
|INT3
|SUB RSP, 0X28
|MOV R8, QWORD PTR [R9 + 0X38]
|MOV RCX, RDX
|MOV RDX, R9
|CALL 0X1034
|MOV EAX, 1
|ADD RSP, 0X28
|RET
|INT3
Signatures
Rich Signature Analyzer:
Code -> B8C86192FCA90FC1FCA90FC1FCA90FC1F5D19CC1EAA90FC175220AC0FEA90FC17B20F2C1FBA90FC17B200CC0F8A90FC17B200BC0F6A90FC17B200AC0D9A90FC17B200EC0FAA90FC16A200EC0E1A90FC1FCA90EC1ECAB0FC166200AC0FDA90FC10F2B0BC0D7A90FC1EBD60BC07DA90FC1782F0AC0F9A90FC1602006C0F9A90FC160200FC0FDA90FC16020F0C1FDA90FC160200DC0FDA90FC152696368FCA90FC1
Footprint md5 Hash -> D63E93C6A561F623E890C2C66140BAA4
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Duplicate Sections
Section .xdata duplicate 2 times
Packer/Compiler
VMProtect 2.x
Detect It Easy (die)
PE+(64): protector: SecuROM(8.03.03+)[-]
PE+(64): compiler: Microsoft Visual C/C++(-)[-]
PE+(64): linker: Microsoft Linker(14.44**)[-]
Entropy: 6.46924
Suspicious Functions
Library Function Description
KERNEL32.DLL CreateMutexA Create a named or unnamed mutex object for controlling access to a shared resource.
KERNEL32.DLL GetModuleFileNameA Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL LoadLibraryW Loads the specified module into the address space of the calling process.
KERNEL32.DLL CreateToolhelp32Snapshot Creates a snapshot of the specified processes, heaps, threads, and modules.
KERNEL32.DLL CreateRemoteThread Creates a thread in the address space of another process.
KERNEL32.DLL WriteProcessMemory Writes data to an area of memory in a specified process.
KERNEL32.DLL ReadProcessMemory Reads data from an area of memory in a specified process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL CreateFileA Creates or opens a file or I/O device.
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
KERNEL32.DLL SleepEx Pauses the execution of the current thread, optionally allowing the thread to be awakened by a kernel object or upon expiration of a timeout.
Ws2_32.DLL socket Create a communication endpoint for networking applications.
Ws2_32.DLL connect Establish a connection to a specified socket.
ADVAPI32.DLL CryptEncrypt Performs a cryptographic operation on data in a data block.
ADVAPI32.DLL RegCreateKeyExA Creates a new registry key or opens an existing one.
ADVAPI32.DLL RegDeleteKeyA Used to delete a subkey and its values from the Windows registry.
ADVAPI32.DLL RegSetValueExA Sets the data and type of a specified value under a registry key.
SHELL32.DLL ShellExecuteA Performs a run operation on a specific file.
Windows REG
SYSTEM\CurrentControlSet\Control\DeviceGuard
File Access
opsec new loader.exe
exeinfope.exe
die.exe
pestudio.exe
pe-bear.exe
hiew32.exe
hiew.exe
immunitydebugger.exe
httpdebugger.exe
dumpcap.exe
filemon.exe
regmon.exe
apimonitor-x86.exe
apimonitor-x64.exe
wireshark.exe
fiddlereverywhere.exe
fiddler.exe
cheatengine.exe
cheatengine-i386.exe
cheatengine-x86_64.exe
de4dot.exe
dnspy.exe
systeminformer.exe
processhacker.exe
procmon64.exe
procmon.exe
ghidrarun.exe
ghidra.exe
r2.exe
radare2.exe
ntsd.exe
cdb.exe
kd.exe
windbg.exe
idaq64.exe
idaq.exe
ida64.exe
ida.exe
ollyice.exe
ollydbg.exe
x32dbg.exe
x64dbg.exe
startmenuexperiencehost.exe
searchhost.exe
applicationframehost.exe
runtimebroker.exe
rundll32.exe
galaxyclient.exe
eadesktop.exe
origin.exe
battlenet.exe
epicgameslauncher.exe
steamwebhelper.exe
steam.exe
msbuild.exe
clion64.exe
rider64.exe
code.exe
msvsmon.exe
devenv.exe
services.exe
taskmgr.exe
svchost.exe
wt.exe
windowsterminal.exe
conhost.exe
pwsh.exe
powershell.exe
cmd.exe
explorer.exe
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
VCRUNTIME140.dll
VCRUNTIME140_1.dll
USERENV.dll
SHLWAPI.dll
ntdll.dll
PSAPI.DLL
WS2_32.dll
CRYPT32.dll
bcrypt.dll
MSVCP140.dll
SHELL32.dll
ADVAPI32.dll
USER32.dll
KERNEL32.dll
dbghelp.dll
kernelbase.dll
wintrust.dll
crack.dll
x32dbg.dll
x64dbg.dll
ucrtbase.dll
%s\ntdll.dll
C/Windows/System32/Fake/NotReal.dll
.dat
@.dat
.txt
.pdf
Temp
UserProfile
File Access (UNICODE)
Unknownntdll.dll
secur32.dll
security.dll
iphlpapi.dll
Interest's Words
rcpt to:
smtp
Encrypt
Decrypt
Encryption
PassWord
exec
powershell
certutil
attrib
start
pause
cipher
hostname
shutdown
rundll32
systeminfo
ping
rundll
replace
Anti-VM/Sandbox/Debug Tricks
OllyDbg Libary - dbghelp.dll
OllyDbg EXE - ollydbg.exe
LabTools - wireshark
LabTools - procmon
LabTools - regmon
LabTools - immunitydebugger
LabTools - taskmgr
URLs
https://curl.se/docs/http-cookies.html
https://curl.se/docs/alt-svc.html
https://curl.se/docs/hsts.html
IP Addresses
127.0.0.1
2.5.29.17
2.5.4.10
2.5.4.11
2.5.4.12
2.5.4.13
2.5.4.17
2.5.4.41
2.5.4.42
2.5.4.43
2.5.4.44
2.5.4.45
2.5.4.46
2.5.4.65
2.5.4.72
2.5.29.18
2.5.29.19
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Unicode escape - \u00 - (Common Unicode escape sequences)
Text Ascii WinAPI Sockets (bind)
Text Ascii WinAPI Sockets (listen)
Text Ascii WinAPI Sockets (accept)
Text Ascii WinAPI Sockets (connect)
Text Ascii WinAPI Sockets (recv)
Text Ascii WinAPI Sockets (send)
Text Ascii Registry (RegCreateKeyEx)
Text Ascii Registry (RegOpenKeyEx)
Text Ascii Registry (RegSetValueEx)
Text Ascii File (CreateFile)
Text Ascii File (ReadFile)
Text Unicode Encryption (Microsoft Unified Security Protocol Provider)
Text Ascii Encryption API (CryptAcquireContext)
Text Ascii Encryption API (CryptReleaseContext)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Text Ascii Anti-Analysis VM (GetSystemInfo)
Text Ascii Anti-Analysis VM (CreateToolhelp32Snapshot)
Text Ascii Reconnaissance (FindFirstFileW)
Text Ascii Reconnaissance (FindClose)
Text Ascii Stealth (GetThreadContext)
Text Ascii Stealth (SetThreadContext)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (IsBadReadPtr)
Text Ascii Stealth (UnmapViewOfFile)
Text Ascii Stealth (MapViewOfFile)
Text Ascii Stealth (CreateFileMappingA)
Text Ascii Stealth (CreateFileMappingW)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Stealth (ReadProcessMemory)
Text Ascii Stealth (CreateRemoteThread)
Text Ascii Execution (CreateProcessA)
Text Ascii Execution (CreateProcessW)
Text Ascii Execution (ShellExecute)
Text Ascii Execution (ResumeThread)
Text Ascii Privileges (SeDebugPrivilege)
Text Unicode Software that records user activity (Logger)
Text Ascii Information used for user authentication (Credential)
Text Ascii Unauthorized movement of funds or data (Transfer)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Resources
Path DataRVA Size FileOffset CodeText
\24\1\1033 199060 188 149860 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779<?xml version='1.0' encoding='UTF-8' standalone='y
Intelligent String
• api-ms-win-crt-math-l1-1-0.dll
• api-ms-win-crt-stdio-l1-1-0.dll
• api-ms-win-crt-runtime-l1-1-0.dll
• ntdll.dll
• kernel32.dll
• kernelbase.dll
• .txt
• Could not read a file:// file
• Login denied
• Bad login part
• Bad file:// URLUnsupported number of slashes following scheme
• https://curl.se/docs/http-cookies.html
• .gif
• .jpg
• .png
• .svg
• .htm
• .pdf
• application/pdf.xml
• %s cached session ID for %s://%s:%dPROXY
• Failed to add Session ID to cache for %s://%s:%d [%s]
• Added Session ID to cache for %s://%s:%d [%s]
• %s://%sURL rejected: %s
• iphlpapi.dll
• Your alt-svc cache. https://curl.se/docs/alt-svc.html
• Your HSTS cache. https://curl.se/docs/hsts.html
• 127.0.0.1
• %s%s.tmp
• LOGIN %s %s
• AUTH=+LOGIN
• failed to resume file:// transfer
• file://%s%s%s
• machinelogin
• security.dll
• secur32.dll
• 2.5.29.17
• 2.5.4.10
• 2.5.4.11
• 2.5.4.12
• 2.5.4.13
• 2.5.4.17
• 2.5.4.41
• 2.5.4.42
• 2.5.4.43
• 2.5.4.44
• 2.5.4.45
• 2.5.4.46
• 2.5.4.65
• 2.5.4.72
• 2.5.29.18
• 2.5.29.19
• LOGIN
• path:C/Windows/System32/Fake/NotReal.dll
• Unknownntdll.dll
• user32.dll
• advapi32.dll
• %s\ntdll.dll
• ksdumper
• \\.\KsDumper
• ucrtbase.dll
• x64dbg.dll
• x32dbg.dll
• reclass.net
• exploitcrack.dll
• c:\program files
• d:\program files
• wintrust.dll
• C:\%08X
• explorer.exe
• cmd.exepowershell.exe
• pwsh.exe
• conhost.exe
• windowsterminal.exewt.exe
• svchost.exe
• taskmgr.exe
• services.exe
• devenv.exe
• msvsmon.exe
• code.exe
• rider64.exe
• clion64.exe
• msbuild.exe
• steam.exe
• steamwebhelper.exe
• epicgameslauncher.exe
• battlenet.exe
• origin.exe
• eadesktop.exe
• galaxyclient.exe
• rundll32.exe
• runtimebroker.exe
• applicationframehost.exe
• searchhost.exe
• startmenuexperiencehost.exe
• x64dbg.exe
• x32dbg.exe
• ollydbg.exe
• ollyice.exe
• ida.exeida64.exe
• idaq.exe
• idaq64.exe
• windbg.exe
• kd.exe
• cdb.exentsd.exe
• radare2.exer2.exe
• ghidra.exe
• ghidrarun.exe
• procmon.exe
• procmon64.exe
• processhacker.exe
• systeminformer.exe
• dnspy.exe
• de4dot.exe
• cheatengine-x86_64.exe
• cheatengine-i386.exe
• cheatengine.exefiddler.exe
• fiddlereverywhere.exe
• wireshark.exe
• apimonitor-x64.exe
• apimonitor-x86.exe
• regmon.exe
• filemon.exe
• dumpcap.exe
• httpdebugger.exe
• immunitydebugger.exe
• hiew.exe
• hiew32.exe
• pe-bear.exe
• pestudio.exe
• die.exeexeinfope.exe
• dbghelp.dll
• MiniDumpWriteDump
• invalid string: control character U+0000 (NUL) must be escaped to \u0000
• invalid string: control character U+0001 (SOH) must be escaped to \u0001
• invalid string: control character U+0002 (STX) must be escaped to \u0002
• invalid string: control character U+0003 (ETX) must be escaped to \u0003
• invalid string: control character U+0004 (EOT) must be escaped to \u0004
• invalid string: control character U+0005 (ENQ) must be escaped to \u0005
• invalid string: control character U+0006 (ACK) must be escaped to \u0006
• invalid string: control character U+0007 (BEL) must be escaped to \u0007
• invalid string: control character U+0008 (BS) must be escaped to \u0008 or \b
• invalid string: control character U+0009 (HT) must be escaped to \u0009 or \t
• invalid string: control character U+000A (LF) must be escaped to \u000A or \n
• invalid string: control character U+000B (VT) must be escaped to \u000B
• invalid string: control character U+000C (FF) must be escaped to \u000C or \f
• invalid string: control character U+000D (CR) must be escaped to \u000D or \r
• invalid string: control character U+000E (SO) must be escaped to \u000E
• invalid string: control character U+000F (SI) must be escaped to \u000F
• invalid string: control character U+0010 (DLE) must be escaped to \u0010
• invalid string: control character U+0011 (DC1) must be escaped to \u0011
• invalid string: control character U+0012 (DC2) must be escaped to \u0012
• invalid string: control character U+0013 (DC3) must be escaped to \u0013
• invalid string: control character U+0014 (DC4) must be escaped to \u0014
• invalid string: control character U+0015 (NAK) must be escaped to \u0015
• invalid string: control character U+0016 (SYN) must be escaped to \u0016
• invalid string: control character U+0017 (ETB) must be escaped to \u0017
• invalid string: control character U+0018 (CAN) must be escaped to \u0018
• invalid string: control character U+0019 (EM) must be escaped to \u0019
• invalid string: control character U+001A (SUB) must be escaped to \u001A
• invalid string: control character U+001B (ESC) must be escaped to \u001B
• invalid string: control character U+001C (FS) must be escaped to \u001C
• invalid string: control character U+001D (GS) must be escaped to \u001D
• invalid string: control character U+001E (RS) must be escaped to \u001E
• invalid string: control character U+001F (US) must be escaped to \u001Finvalid string: ill-formed UTF-8 byte
• .tls
• .bss
• KERNEL32.dll
• MSVCP140.dll
• bcrypt.dll
• WS2_32.dll
• VCRUNTIME140.dll
• api-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-convert-l1-1-0.dll
• api-ms-win-crt-time-l1-1-0.dll
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-filesystem-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll
• www.vmpsoft.com
Flow Anomalies
Offset RVA Section Description
1160 N/A .text CALL QWORD PTR [RIP+0xFBC8A]
116C N/A .text CALL QWORD PTR [RIP+0xFBC86]
12F3 N/A .text CALL QWORD PTR [RIP+0xFBAB7]
1A34 N/A .text CALL QWORD PTR [RIP+0xFB3D6]
1A54 N/A .text CALL QWORD PTR [RIP+0xFB3B6]
1D44 N/A .text CALL QWORD PTR [RIP+0xFB5EE]
1D9D N/A .text CALL QWORD PTR [RIP+0xFB58D]
1DDF N/A .text JMP QWORD PTR [RIP+0xFB54B]
1E64 N/A .text CALL QWORD PTR [RIP+0xFB4CE]
1EA4 N/A .text CALL QWORD PTR [RIP+0xFB48E]
1EEB N/A .text CALL QWORD PTR [RIP+0xFB217]
1F0D N/A .text CALL QWORD PTR [RIP+0xFB06D]
1F1F N/A .text JMP QWORD PTR [RIP+0xFB06B]
1FE2 N/A .text CALL QWORD PTR [RIP+0xFAF88]
2039 N/A .text JMP QWORD PTR [RIP+0xFB189]
205A N/A .text CALL QWORD PTR [RIP+0xFAF20]
2071 N/A .text CALL QWORD PTR [RIP+0xFAF21]
20A4 N/A .text CALL QWORD PTR [RIP+0xFAEFE]
20C4 N/A .text CALL QWORD PTR [RIP+0xFAE9E]
20D1 N/A .text CALL QWORD PTR [RIP+0xFAE89]
2115 N/A .text CALL QWORD PTR [RIP+0xFB085]
2121 N/A .text CALL QWORD PTR [RIP+0xFB091]
212A N/A .text CALL QWORD PTR [RIP+0xFB090]
21B9 N/A .text CALL QWORD PTR [RIP+0xFB021]
21DF N/A .text CALL QWORD PTR [RIP+0xFAFDB]
21EF N/A .text CALL QWORD PTR [RIP+0xFAFEB]
223C N/A .text CALL QWORD PTR [RIP+0xFAF66]
225E N/A .text CALL QWORD PTR [RIP+0xFAF4C]
2286 N/A .text CALL QWORD PTR [RIP+0xFAF1C]
22CE N/A .text CALL QWORD PTR [RIP+0xFAEBC]
22D5 N/A .text CALL QWORD PTR [RIP+0xFAE1D]
22E2 N/A .text CALL QWORD PTR [RIP+0xFAEA0]
23CD N/A .text CALL QWORD PTR [RIP+0xFB225]
24B5 N/A .text CALL QWORD PTR [RIP+0xFAD25]
24DB N/A .text CALL QWORD PTR [RIP+0xFACDF]
24EB N/A .text CALL QWORD PTR [RIP+0xFACEF]
2538 N/A .text CALL QWORD PTR [RIP+0xFAC6A]
2566 N/A .text CALL QWORD PTR [RIP+0xFAC3C]
25A1 N/A .text CALL QWORD PTR [RIP+0xFAC09]
25D5 N/A .text CALL QWORD PTR [RIP+0xFABB5]
25DC N/A .text CALL QWORD PTR [RIP+0xFAB16]
25E9 N/A .text CALL QWORD PTR [RIP+0xFAB99]
2629 N/A .text CALL QWORD PTR [RIP+0xFAAC9]
2636 N/A .text CALL QWORD PTR [RIP+0xFAB4C]
26DB N/A .text CALL QWORD PTR [RIP+0xFAF17]
2771 N/A .text CALL QWORD PTR [RIP+0xFAE81]
286B N/A .text CALL QWORD PTR [RIP+0xFAD87]
28CA N/A .text CALL QWORD PTR [RIP+0xFAD28]
2921 N/A .text CALL QWORD PTR [RIP+0xFACD1]
296F N/A .text CALL QWORD PTR [RIP+0xFAC83]
2A33 N/A .text CALL QWORD PTR [RIP+0xFACAF]
2A98 N/A .text CALL QWORD PTR [RIP+0xFA89A]
2AFE N/A .text CALL QWORD PTR [RIP+0xFA834]
2B54 N/A .text CALL QWORD PTR [RIP+0xFA7DE]
2D2C N/A .text CALL QWORD PTR [RIP+0xFA606]
2D9D N/A .text CALL QWORD PTR [RIP+0xFA58D]
2E3A N/A .text CALL QWORD PTR [RIP+0xFA4F8]
2EF8 N/A .text CALL QWORD PTR [RIP+0xFA43A]
2F58 N/A .text CALL QWORD PTR [RIP+0xFA3DA]
2FAC N/A .text CALL QWORD PTR [RIP+0xFA296]
3103 N/A .text CALL QWORD PTR [RIP+0xFA11F]
3224 N/A .text CALL QWORD PTR [RIP+0xFA10E]
37CD N/A .text CALL QWORD PTR [RIP+0xF9A15]
37D6 N/A .text CALL QWORD PTR [RIP+0xF9A84]
38AA N/A .text CALL QWORD PTR [RIP+0xF9D20]
38EC N/A .text CALL QWORD PTR [RIP+0xF9976]
3907 N/A .text CALL QWORD PTR [RIP+0xF98F3]
3BB0 N/A .text CALL QWORD PTR [RIP+0xF9782]
3EA8 N/A .text CALL QWORD PTR [RIP+0xF9482]
3F08 N/A .text JMP QWORD PTR [RIP+0xF9422]
3F3D N/A .text CALL QWORD PTR [RIP+0xF93F5]
410B N/A .text CALL QWORD PTR [RIP+0xF8FF7]
41B6 N/A .text CALL QWORD PTR [RIP+0xF8E34]
41C4 N/A .text CALL QWORD PTR [RIP+0xF8E4E]
41D8 N/A .text JMP QWORD PTR [RIP+0xF8E0A]
4276 N/A .text CALL QWORD PTR [RIP+0xF8D74]
4284 N/A .text CALL QWORD PTR [RIP+0xF8DA6]
4298 N/A .text JMP QWORD PTR [RIP+0xF8D4A]
431E N/A .text CALL QWORD PTR [RIP+0xF954C]
4336 N/A .text CALL QWORD PTR [RIP+0xF953C]
4345 N/A .text CALL QWORD PTR [RIP+0xF9535]
44D2 N/A .text CALL QWORD PTR [RIP+0xF9120]
44EC N/A .text CALL QWORD PTR [RIP+0xF9106]
45D5 N/A .text CALL QWORD PTR [RIP+0xF89A5]
45F2 N/A .text CALL QWORD PTR [RIP+0xF8958]
4830 N/A .text CALL QWORD PTR [RIP+0xF81DA]
4B2E N/A .text CALL QWORD PTR [RIP+0xF7ED4]
4B3B N/A .text CALL QWORD PTR [RIP+0xF7EDF]
4DB7 N/A .text CALL QWORD PTR [RIP+0xF7CDB]
4DF0 N/A .text CALL QWORD PTR [RIP+0xF7C22]
4DFF N/A .text CALL QWORD PTR [RIP+0xF7C1B]
4E27 N/A .text CALL QWORD PTR [RIP+0xF7BF3]
525C N/A .text CALL QWORD PTR [RIP+0xF7D1E]
526A N/A .text CALL QWORD PTR [RIP+0xF7D20]
539F N/A .text CALL QWORD PTR [RIP+0xF7BCB]
53EF N/A .text CALL QWORD PTR [RIP+0xF7DD3]
5455 N/A .text CALL QWORD PTR [RIP+0xF7B25]
5461 N/A .text CALL QWORD PTR [RIP+0xF7B29]
559E N/A .text CALL QWORD PTR [RIP+0xF79DC]
55B9 N/A .text CALL QWORD PTR [RIP+0xF7991]
12B400 1020 .pdata ExceptionHook | Pointer to 1020 - 0xA20 .text + UnwindInfo: .xdata
12B40C 1031 .pdata ExceptionHook | Pointer to 1031 - 0xA31 .text + UnwindInfo: .xdata
12B418 10C6 .pdata ExceptionHook | Pointer to 10C6 - 0xAC6 .text + UnwindInfo: .xdata
12B424 1100 .pdata ExceptionHook | Pointer to 1100 - 0xB00 .text + UnwindInfo: .xdata
12B430 1111 .pdata ExceptionHook | Pointer to 1111 - 0xB11 .text + UnwindInfo: .xdata
12B43C 11A6 .pdata ExceptionHook | Pointer to 11A6 - 0xBA6 .text + UnwindInfo: .xdata
12B448 11E0 .pdata ExceptionHook | Pointer to 11E0 - 0xBE0 .text + UnwindInfo: .xdata
12B454 1270 .pdata ExceptionHook | Pointer to 1270 - 0xC70 .text + UnwindInfo: .xdata
12B460 12E0 .pdata ExceptionHook | Pointer to 12E0 - 0xCE0 .text + UnwindInfo: .xdata
12B46C 1340 .pdata ExceptionHook | Pointer to 1340 - 0xD40 .text + UnwindInfo: .xdata
12B478 134B .pdata ExceptionHook | Pointer to 134B - 0xD4B .text + UnwindInfo: .xdata
12B484 1424 .pdata ExceptionHook | Pointer to 1424 - 0xE24 .text + UnwindInfo: .xdata
12B490 1497 .pdata ExceptionHook | Pointer to 1497 - 0xE97 .text + UnwindInfo: .xdata
12B49C 14B4 .pdata ExceptionHook | Pointer to 14B4 - 0xEB4 .text + UnwindInfo: .xdata
12B4A8 14F0 .pdata ExceptionHook | Pointer to 14F0 - 0xEF0 .text + UnwindInfo: .xdata
12B4B4 1540 .pdata ExceptionHook | Pointer to 1540 - 0xF40 .text + UnwindInfo: .xdata
12B4C0 15C0 .pdata ExceptionHook | Pointer to 15C0 - 0xFC0 .text + UnwindInfo: .xdata
12B4CC 1630 .pdata ExceptionHook | Pointer to 1630 - 0x1030 .text + UnwindInfo: .xdata
12B4D8 1740 .pdata ExceptionHook | Pointer to 1740 - 0x1140 .text + UnwindInfo: .xdata
12B4E4 17C0 .pdata ExceptionHook | Pointer to 17C0 - 0x11C0 .text + UnwindInfo: .xdata
12B4F0 17E0 .pdata ExceptionHook | Pointer to 17E0 - 0x11E0 .text + UnwindInfo: .xdata
12B4FC 1810 .pdata ExceptionHook | Pointer to 1810 - 0x1210 .text + UnwindInfo: .xdata
12B508 1970 .pdata ExceptionHook | Pointer to 1970 - 0x1370 .text + UnwindInfo: .xdata
12B514 19B0 .pdata ExceptionHook | Pointer to 19B0 - 0x13B0 .text + UnwindInfo: .xdata
12B520 19E0 .pdata ExceptionHook | Pointer to 19E0 - 0x13E0 .text + UnwindInfo: .xdata
12B52C 1A10 .pdata ExceptionHook | Pointer to 1A10 - 0x1410 .text + UnwindInfo: .xdata
12B538 1A40 .pdata ExceptionHook | Pointer to 1A40 - 0x1440 .text + UnwindInfo: .xdata
12B544 1A70 .pdata ExceptionHook | Pointer to 1A70 - 0x1470 .text + UnwindInfo: .xdata
12B550 1AA0 .pdata ExceptionHook | Pointer to 1AA0 - 0x14A0 .text + UnwindInfo: .xdata
12B55C 1AE0 .pdata ExceptionHook | Pointer to 1AE0 - 0x14E0 .text + UnwindInfo: .xdata
12B568 1B10 .pdata ExceptionHook | Pointer to 1B10 - 0x1510 .text + UnwindInfo: .xdata
12B574 1C10 .pdata ExceptionHook | Pointer to 1C10 - 0x1610 .text + UnwindInfo: .xdata
12B580 1DD0 .pdata ExceptionHook | Pointer to 1DD0 - 0x17D0 .text + UnwindInfo: .xdata
12B58C 1EF0 .pdata ExceptionHook | Pointer to 1EF0 - 0x18F0 .text + UnwindInfo: .xdata
12B598 1F30 .pdata ExceptionHook | Pointer to 1F30 - 0x1930 .text + UnwindInfo: .xdata
12B5A4 1F70 .pdata ExceptionHook | Pointer to 1F70 - 0x1970 .text + UnwindInfo: .xdata
12B5B0 1FB0 .pdata ExceptionHook | Pointer to 1FB0 - 0x19B0 .text + UnwindInfo: .xdata
12B5BC 1FF0 .pdata ExceptionHook | Pointer to 1FF0 - 0x19F0 .text + UnwindInfo: .xdata
12B5C8 2030 .pdata ExceptionHook | Pointer to 2030 - 0x1A30 .text + UnwindInfo: .xdata
12B5D4 2050 .pdata ExceptionHook | Pointer to 2050 - 0x1A50 .text + UnwindInfo: .xdata
12B5E0 2070 .pdata ExceptionHook | Pointer to 2070 - 0x1A70 .text + UnwindInfo: .xdata
12B5EC 20B0 .pdata ExceptionHook | Pointer to 20B0 - 0x1AB0 .text + UnwindInfo: .xdata
12B5F8 20F0 .pdata ExceptionHook | Pointer to 20F0 - 0x1AF0 .text + UnwindInfo: .xdata
12B604 2130 .pdata ExceptionHook | Pointer to 2130 - 0x1B30 .text + UnwindInfo: .xdata
12B610 2170 .pdata ExceptionHook | Pointer to 2170 - 0x1B70 .text + UnwindInfo: .xdata
12B61C 21B0 .pdata ExceptionHook | Pointer to 21B0 - 0x1BB0 .text + UnwindInfo: .xdata
12B628 21D0 .pdata ExceptionHook | Pointer to 21D0 - 0x1BD0 .text + UnwindInfo: .xdata
12B634 22E8 .pdata ExceptionHook | Pointer to 22E8 - 0x1CE8 .text + UnwindInfo: .xdata
12B640 2320 .pdata ExceptionHook | Pointer to 2320 - 0x1D20 .text + UnwindInfo: .xdata
12B64C 2380 .pdata ExceptionHook | Pointer to 2380 - 0x1D80 .text + UnwindInfo: .xdata
12B658 2420 .pdata ExceptionHook | Pointer to 2420 - 0x1E20 .text + UnwindInfo: .xdata
12B664 2440 .pdata ExceptionHook | Pointer to 2440 - 0x1E40 .text + UnwindInfo: .xdata
12B670 2480 .pdata ExceptionHook | Pointer to 2480 - 0x1E80 .text + UnwindInfo: .xdata
12B67C 24E0 .pdata ExceptionHook | Pointer to 24E0 - 0x1EE0 .text + UnwindInfo: .xdata
12B688 2500 .pdata ExceptionHook | Pointer to 2500 - 0x1F00 .text + UnwindInfo: .xdata
12B694 2530 .pdata ExceptionHook | Pointer to 2530 - 0x1F30 .text + UnwindInfo: .xdata
12B6A0 2640 .pdata ExceptionHook | Pointer to 2640 - 0x2040 .text + UnwindInfo: .xdata
12B6AC 268C .pdata ExceptionHook | Pointer to 268C - 0x208C .text + UnwindInfo: .xdata
12B6B8 26DC .pdata ExceptionHook | Pointer to 26DC - 0x20DC .text + UnwindInfo: .xdata
12B6C4 2700 .pdata ExceptionHook | Pointer to 2700 - 0x2100 .text + UnwindInfo: .xdata
12B6D0 2740 .pdata ExceptionHook | Pointer to 2740 - 0x2140 .text + UnwindInfo: .xdata
12B6DC 2930 .pdata ExceptionHook | Pointer to 2930 - 0x2330 .text + UnwindInfo: .xdata
12B6E8 2A50 .pdata ExceptionHook | Pointer to 2A50 - 0x2450 .text + UnwindInfo: .xdata
12B6F4 2C20 .pdata ExceptionHook | Pointer to 2C20 - 0x2620 .text + UnwindInfo: .xdata
12B700 2C70 .pdata ExceptionHook | Pointer to 2C70 - 0x2670 .text + UnwindInfo: .xdata
12B70C 2D20 .pdata ExceptionHook | Pointer to 2D20 - 0x2720 .text + UnwindInfo: .xdata
12B718 2DC0 .pdata ExceptionHook | Pointer to 2DC0 - 0x27C0 .text + UnwindInfo: .xdata
12B724 2E20 .pdata ExceptionHook | Pointer to 2E20 - 0x2820 .text + UnwindInfo: .xdata
12B730 2E80 .pdata ExceptionHook | Pointer to 2E80 - 0x2880 .text + UnwindInfo: .xdata
12B73C 2EE0 .pdata ExceptionHook | Pointer to 2EE0 - 0x28E0 .text + UnwindInfo: .xdata
12B748 2F30 .pdata ExceptionHook | Pointer to 2F30 - 0x2930 .text + UnwindInfo: .xdata
12B754 2FF0 .pdata ExceptionHook | Pointer to 2FF0 - 0x29F0 .text + UnwindInfo: .xdata
12B760 3050 .pdata ExceptionHook | Pointer to 3050 - 0x2A50 .text + UnwindInfo: .xdata
12B76C 30C0 .pdata ExceptionHook | Pointer to 30C0 - 0x2AC0 .text + UnwindInfo: .xdata
12B778 3130 .pdata ExceptionHook | Pointer to 3130 - 0x2B30 .text + UnwindInfo: .xdata
12B784 3180 .pdata ExceptionHook | Pointer to 3180 - 0x2B80 .text + UnwindInfo: .xdata
12B790 3200 .pdata ExceptionHook | Pointer to 3200 - 0x2C00 .text + UnwindInfo: .xdata
12B79C 3380 .pdata ExceptionHook | Pointer to 3380 - 0x2D80 .text + UnwindInfo: .xdata
12B7A8 33D0 .pdata ExceptionHook | Pointer to 33D0 - 0x2DD0 .text + UnwindInfo: .xdata
12B7B4 3490 .pdata ExceptionHook | Pointer to 3490 - 0x2E90 .text + UnwindInfo: .xdata
12B7C0 34D0 .pdata ExceptionHook | Pointer to 34D0 - 0x2ED0 .text + UnwindInfo: .xdata
12B7CC 3530 .pdata ExceptionHook | Pointer to 3530 - 0x2F30 .text + UnwindInfo: .xdata
12B7D8 35A0 .pdata ExceptionHook | Pointer to 35A0 - 0x2FA0 .text + UnwindInfo: .xdata
12B7E4 35F0 .pdata ExceptionHook | Pointer to 35F0 - 0x2FF0 .text + UnwindInfo: .xdata
12B7F0 3630 .pdata ExceptionHook | Pointer to 3630 - 0x3030 .text + UnwindInfo: .xdata
12B7FC 36D0 .pdata ExceptionHook | Pointer to 36D0 - 0x30D0 .text + UnwindInfo: .xdata
12B808 3770 .pdata ExceptionHook | Pointer to 3770 - 0x3170 .text + UnwindInfo: .xdata
12B814 37E0 .pdata ExceptionHook | Pointer to 37E0 - 0x31E0 .text + UnwindInfo: .xdata
12B820 3800 .pdata ExceptionHook | Pointer to 3800 - 0x3200 .text + UnwindInfo: .xdata
12B82C 3850 .pdata ExceptionHook | Pointer to 3850 - 0x3250 .text + UnwindInfo: .xdata
12B838 3890 .pdata ExceptionHook | Pointer to 3890 - 0x3290 .text + UnwindInfo: .xdata
12B844 3B80 .pdata ExceptionHook | Pointer to 3B80 - 0x3580 .text + UnwindInfo: .xdata
12B850 3BD0 .pdata ExceptionHook | Pointer to 3BD0 - 0x35D0 .text + UnwindInfo: .xdata
12B85C 3C20 .pdata ExceptionHook | Pointer to 3C20 - 0x3620 .text + UnwindInfo: .xdata
12B868 3C40 .pdata ExceptionHook | Pointer to 3C40 - 0x3640 .text + UnwindInfo: .xdata
12B874 3C60 .pdata ExceptionHook | Pointer to 3C60 - 0x3660 .text + UnwindInfo: .xdata
12B880 3D30 .pdata ExceptionHook | Pointer to 3D30 - 0x3730 .text + UnwindInfo: .xdata
12B88C 3DC0 .pdata ExceptionHook | Pointer to 3DC0 - 0x37C0 .text + UnwindInfo: .xdata
12B898 3EA0 .pdata ExceptionHook | Pointer to 3EA0 - 0x38A0 .text + UnwindInfo: .xdata
12B8A4 3ED0 .pdata ExceptionHook | Pointer to 3ED0 - 0x38D0 .text + UnwindInfo: .xdata
Extra Analysis
Metric Value Percentage
Ascii Code 841224 62,1648%
Null Byte Code 218575 16,1523%
© 2026 All rights reserved.