PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 1,36 MB
SHA-256 Hash: 021F53C2328113F02DB282D7BDE017EFCF807B1021173E497C06711A15D7F98F
SHA-1 Hash: 430EF7824759DC2295EB6CC5591BF2558C71E350
MD5 Hash: 8B923746242130BC39F9566CF8AB60DC
Imphash: A98FCC30097A9893402B8BE27C43A74B
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 7C194
SizeOfHeaders: 400
SizeOfImage: 164000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 151F14
IAT: B1000
Characteristics: 22
TimeDateStamp: 640C945C
Date: 11/03/2023 14:46:52
File Type: EXE
Number Of Sections: 7
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, _RDATA, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text
0x60000020
Code
Executable
Readable
 400 AF600 1000 AF4BC
6.5335
4373443.43
.rdata
0x40000040
Initialized Data
Readable
 AFA00 A2400 B1000 A2220
6.2267
10039126.78
.data
0xC0000040
Initialized Data
Readable
Writeable
 151E00 1C00 154000 4204
3.3741
609500.07
.pdata
0x40000040
Initialized Data
Readable
 153A00 7200 159000 7080
5.9276
609288.32
_RDATA
0x40000040
Initialized Data
Readable
 15AC00 200 161000 15C
3.277
36196
.rsrc
0x40000040
Initialized Data
Readable
 15AE00 400 162000 288
3.8469
54698
.reloc
0x42000040
Initialized Data
GP-Relative
Readable
 15B200 E00 163000 D14
5.3315
26336.86
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 7B594
Code -> 4883EC28E8470500004883C428E972FEFFFFCCCC4883EC284D8B4138488BCA498BD1E80D000000B8010000004883C428C3CC
Assembler
|SUB RSP, 0X28
|CALL 0X1550
|ADD RSP, 0X28
|JMP 0XE84
|INT3
|INT3
|SUB RSP, 0X28
|MOV R8, QWORD PTR [R9 + 0X38]
|MOV RCX, RDX
|MOV RDX, R9
|CALL 0X1034
|MOV EAX, 1
|ADD RSP, 0X28
|RET
|INT3
Signatures
Rich Signature Analyzer:
Code -> 325DD1FD763CBFAE763CBFAE763CBFAEA54EBCAF613CBFAEA54EBAAFC83CBFAEA54EBBAF6D3CBFAEC940BBAF643CBFAEC940BCAF7C3CBFAEA54EBEAF7C3CBFAEA46E23AE713CBFAE763CBEAE9B3CBFAEC940BAAF2A3CBFAEA141B6AF673CBFAEA14140AE773CBFAEA141BDAF773CBFAE52696368763CBFAE
Footprint md5 Hash -> B4E52EB116CB264A3632EEE2C7A4C050
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Detect It Easy (die)
PE+(64): compiler: Microsoft Visual C/C++(-)[-]
PE+(64): linker: Microsoft Linker(14.35**)[-]
Entropy: 6.63231
Suspicious Functions
Library Function Description
KERNEL32.DLL GetModuleFileNameA Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL CreateToolhelp32Snapshot Creates a snapshot of the specified processes, heaps, threads, and modules.
KERNEL32.DLL WriteProcessMemory Writes data to an area of memory in a specified process.
KERNEL32.DLL ReadProcessMemory Reads data from an area of memory in a specified process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
USER32.DLL GetAsyncKeyState Retrieves the status of a virtual key asynchronously.
File Access
FiveM_b2699_GTAProcess.exe
FiveM_b2612_GTAProcess.exe
FiveM_b2545_GTAProcess.exe
FiveM_b2372_GTAProcess.exe
.exe
cmd.exe
D3DCOMPILER_43.dll
IMM32.dll
KERNEL32.dll
USER32.dll
dwmapi.dll
d3dx9_43.dll
d3d11.dll
xinput1_1.dll
xinput9_1_0.dll
xinput1_2.dll
xinput1_4.dll
xinput1_3.dll
.bat
.dat
@.dat
imgui_log.txt
imgui.ini
Temp
File Access (UNICODE)
mscoree.dll
api-ms-win-core-synch-l1-2-0.dll
kernel32.dll
Interest's Words
exec
attrib
start
pause
comspec
URLs
http://schemas.microsoft.com/SMI/2005/WindowsSettings
URLs (UNICODE)
http://www.zkysky.com.ar/This Font Software is licensed under the SIL Open Font License, Version 1.1. This license is available with a FAQ at:
http://scripts.sil.org/OFL
http://scripts.sil.org/OFL
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Unicode escape - \u00 - (Common Unicode escape sequences)
Text Ascii WinAPI Sockets (bind)
Text Ascii WinAPI Sockets (connect)
Text Ascii File (GetTempPath)
Text Ascii File (CreateFile)
Text Ascii File (WriteFile)
Text Ascii File (ReadFile)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Text Ascii Anti-Analysis VM (CreateToolhelp32Snapshot)
Text Ascii Reconnaissance (FindFirstFileW)
Text Ascii Reconnaissance (FindNextFileW)
Text Ascii Reconnaissance (FindClose)
Text Ascii Stealth (ExitThread)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (VirtualProtect)
Text Ascii Stealth (ReadProcessMemory)
Text Ascii Execution (CreateProcessW)
Text Ascii Execution (CreateEventW)
Text Ascii Keyboard Key ([Process])
Text Ascii Keyboard Key (LBUTTON)
Text Ascii Keyboard Key (MBUTTON)
Text Ascii Keyboard Key (RBUTTON)
Text Ascii Keyboard Key (NUMPAD0)
Text Ascii Keyboard Key (NUMPAD1)
Text Ascii Keyboard Key (NUMPAD2)
Text Ascii Keyboard Key (NUMPAD3)
Text Ascii Keyboard Key (NUMPAD4)
Text Ascii Keyboard Key (NUMPAD5)
Text Ascii Keyboard Key (NUMPAD6)
Text Ascii Keyboard Key (NUMPAD7)
Text Ascii Keyboard Key (NUMPAD8)
Text Ascii Keyboard Key (NUMPAD9)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Resources
Path DataRVA Size FileOffset CodeText
\24\1\1033 162060 224 15AE60 EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65...<?xml version="1.0" encoding="UTF-8" standalone
Intelligent String
• kernel32.dll
• api-ms-win-core-synch-l1-2-0.dll
• COMSPECcmd.exe/c
• mscoree.dll
• .com.exe.bat.cmd
• invalid string: control character U+0000 (NUL) must be escaped to \u0000
• invalid string: control character U+0001 (SOH) must be escaped to \u0001
• invalid string: control character U+0002 (STX) must be escaped to \u0002
• invalid string: control character U+0003 (ETX) must be escaped to \u0003
• invalid string: control character U+0004 (EOT) must be escaped to \u0004
• invalid string: control character U+0005 (ENQ) must be escaped to \u0005
• invalid string: control character U+0006 (ACK) must be escaped to \u0006
• invalid string: control character U+0007 (BEL) must be escaped to \u0007
• invalid string: control character U+0008 (BS) must be escaped to \u0008 or \b
• invalid string: control character U+0009 (HT) must be escaped to \u0009 or \t
• invalid string: control character U+000A (LF) must be escaped to \u000A or \n
• invalid string: control character U+000B (VT) must be escaped to \u000B
• invalid string: control character U+000C (FF) must be escaped to \u000C or \f
• invalid string: control character U+000D (CR) must be escaped to \u000D or \r
• invalid string: control character U+000E (SO) must be escaped to \u000E
• invalid string: control character U+000F (SI) must be escaped to \u000F
• invalid string: control character U+0010 (DLE) must be escaped to \u0010
• invalid string: control character U+0011 (DC1) must be escaped to \u0011
• invalid string: control character U+0012 (DC2) must be escaped to \u0012
• invalid string: control character U+0013 (DC3) must be escaped to \u0013
• invalid string: control character U+0014 (DC4) must be escaped to \u0014
• invalid string: control character U+0015 (NAK) must be escaped to \u0015
• invalid string: control character U+0016 (SYN) must be escaped to \u0016
• invalid string: control character U+0017 (ETB) must be escaped to \u0017
• invalid string: control character U+0018 (CAN) must be escaped to \u0018
• invalid string: control character U+0019 (EM) must be escaped to \u0019
• invalid string: control character U+001A (SUB) must be escaped to \u001A
• invalid string: control character U+001B (ESC) must be escaped to \u001B
• invalid string: control character U+001C (FS) must be escaped to \u001C
• invalid string: control character U+001D (GS) must be escaped to \u001D
• invalid string: control character U+001E (RS) must be escaped to \u001E
• invalid string: control character U+001F (US) must be escaped to \u001Finvalid string: ill-formed UTF-8 byte
• .exe
• FiveM_b2372_GTAProcess.exe
• FiveM_b2545_GTAProcess.exe
• FiveM_b2612_GTAProcess.exe
• FiveM_b2699_GTAProcess.exe
• (your company). 2022. All Rights ReservedRegularpsy0409:Version 1.00Version 1.00;November 6, 2022;FontCreator 12.0.0.2554 32-bitThis font was created using FontCreator 12.0 from High-Logic.com
• Copyright 2011 The Montserrat Project Authors (https://github.com/JulietaUla/Montserrat)MontserratRegular7.200;ULA ;Montserrat-RegularMontserrat RegularVersion 7.200Montserrat-RegularJulieta Ulanovskyhttp://www.zkysky.com.ar/This Font Software is licensed under the SIL Open Font License, Version 1.1. This license is available with a FAQ at: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
• Copyright 2011 The Montserrat Project Authors (https://github.com/JulietaUla/Montserrat)MontserratBold7.200;ULA ;Montserrat-BoldMontserrat BoldVersion 7.200Montserrat-BoldJulieta Ulanovskyhttp://www.zkysky.com.ar/This Font Software is licensed under the SIL Open Font License, Version 1.1. This license is available with a FAQ at: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
• imgui.ini
• imgui_log.txt
• xinput1_3.dll
• xinput1_4.dll
• xinput1_2.dll
• xinput1_1.dll
• .tls
• .bss
• dwmapi.dll
• D3DCOMPILER_43.dll
• <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>
Flow Anomalies
Offset RVA Section Description
D661 N/A .text CALL QWORD PTR [RIP+0xA2EF1]
D768 N/A .text CALL QWORD PTR [RIP+0xA2DEA]
D817 N/A .text CALL QWORD PTR [RIP+0xA2D3B]
D8A7 N/A .text CALL QWORD PTR [RIP+0xA2CAB]
DA1A N/A .text CALL QWORD PTR [RIP+0xA2B38]
DA47 N/A .text CALL QWORD PTR [RIP+0xA2B0B]
DA8F N/A .text CALL QWORD PTR [RIP+0xA2AC3]
DCD7 N/A .text CALL QWORD PTR [RIP+0xA287B]
DCE7 N/A .text CALL QWORD PTR [RIP+0xA2C8B]
DEB9 N/A .text CALL QWORD PTR [RIP+0xA2699]
E0D5 N/A .text CALL QWORD PTR [RIP+0xA247D]
E0FC N/A .text CALL QWORD PTR [RIP+0xA2456]
E120 N/A .text CALL QWORD PTR [RIP+0xA2432]
E280 N/A .text CALL QWORD PTR [RIP+0xA22CA]
E4AD N/A .text CALL QWORD PTR [RIP+0xA209D]
29509 N/A .text CALL QWORD PTR [RIP+0x87069]
29527 N/A .text CALL QWORD PTR [RIP+0x87033]
29544 N/A .text CALL QWORD PTR [RIP+0x8701E]
2959C N/A .text CALL QWORD PTR [RIP+0x86FCE]
295B5 N/A .text CALL QWORD PTR [RIP+0x86FC5]
29B8A N/A .text CALL QWORD PTR [RIP+0x86CA8]
29BB0 N/A .text CALL QWORD PTR [RIP+0x86D9A]
29BC3 N/A .text CALL QWORD PTR [RIP+0x86D8F]
29C93 N/A .text CALL QWORD PTR [RIP+0x8690F]
29CB8 N/A .text CALL QWORD PTR [RIP+0x868CA]
29CDA N/A .text CALL QWORD PTR [RIP+0x868D0]
29CF4 N/A .text CALL QWORD PTR [RIP+0x868BE]
29D89 N/A .text CALL QWORD PTR [RIP+0x86811]
29DBF N/A .text CALL QWORD PTR [RIP+0x867E3]
29DE4 N/A .text CALL QWORD PTR [RIP+0x867AE]
29E32 N/A .text CALL QWORD PTR [RIP+0x86758]
29E44 N/A .text CALL QWORD PTR [RIP+0x8676E]
2A1DE N/A .text CALL QWORD PTR [RIP+0x863C4]
2A1FD N/A .text CALL QWORD PTR [RIP+0x86385]
2A25C N/A .text CALL QWORD PTR [RIP+0x8634E]
2A26E N/A .text CALL QWORD PTR [RIP+0x86344]
2A5CF N/A .text CALL QWORD PTR [RIP+0x85FEB]
2A5F5 N/A .text CALL QWORD PTR [RIP+0x85F5D]
2A624 N/A .text CALL QWORD PTR [RIP+0x85F96]
2A679 N/A .text CALL QWORD PTR [RIP+0x85F41]
2A69C N/A .text CALL QWORD PTR [RIP+0x85EB6]
2A6C8 N/A .text CALL QWORD PTR [RIP+0x85EF2]
2ABC3 N/A .text CALL QWORD PTR [RIP+0x8598F]
2AC02 N/A .text CALL QWORD PTR [RIP+0x85950]
2F461 N/A .text CALL QWORD PTR [RIP+0x81499]
2F4F1 N/A .text CALL QWORD PTR [RIP+0x81441]
2F589 N/A .text CALL QWORD PTR [RIP+0x81039]
2F59E N/A .text CALL QWORD PTR [RIP+0x8137C]
2F5B3 N/A .text CALL QWORD PTR [RIP+0x8130F]
2F5E3 N/A .text CALL QWORD PTR [RIP+0x81337]
2F5F9 N/A .text CALL QWORD PTR [RIP+0x81341]
2F646 N/A .text CALL QWORD PTR [RIP+0x812BC]
2F734 N/A .text CALL QWORD PTR [RIP+0x8122E]
2F794 N/A .text CALL QWORD PTR [RIP+0x81196]
2F7F0 N/A .text CALL QWORD PTR [RIP+0x8111A]
2F805 N/A .text CALL QWORD PTR [RIP+0x81105]
2F81C N/A .text CALL QWORD PTR [RIP+0x810B6]
2F826 N/A .text CALL QWORD PTR [RIP+0x8111C]
2F8B1 N/A .text CALL QWORD PTR [RIP+0x80D51]
2F8C7 N/A .text CALL QWORD PTR [RIP+0x80D53]
2F9C8 N/A .text CALL QWORD PTR [RIP+0x80C32]
2F9EF N/A .text CALL QWORD PTR [RIP+0x80C1B]
2FA03 N/A .text CALL QWORD PTR [RIP+0x80C07]
2FE88 N/A .text CALL QWORD PTR [RIP+0x80A9A]
2FEA4 N/A .text CALL QWORD PTR [RIP+0x80A6E]
2FEB2 N/A .text CALL QWORD PTR [RIP+0x80A08]
2FED0 N/A .text CALL QWORD PTR [RIP+0x80A52]
2FFEC N/A .text CALL QWORD PTR [RIP+0x80966]
30028 N/A .text CALL QWORD PTR [RIP+0x8095A]
3004E N/A .text CALL QWORD PTR [RIP+0x808A4]
32B85 N/A .text CALL QWORD PTR [RIP+0x7DD65]
32BB9 N/A .text CALL QWORD PTR [RIP+0x7DD11]
32BDD N/A .text CALL QWORD PTR [RIP+0x7DCED]
32BEA N/A .text CALL QWORD PTR [RIP+0x7DCE8]
32C08 N/A .text CALL QWORD PTR [RIP+0x7DCCA]
32C34 N/A .text CALL QWORD PTR [RIP+0x7DC96]
32C56 N/A .text CALL QWORD PTR [RIP+0x7DC8C]
32C64 N/A .text CALL QWORD PTR [RIP+0x7DC86]
32C76 N/A .text CALL QWORD PTR [RIP+0x7DC64]
32CDD N/A .text CALL QWORD PTR [RIP+0x7D86D]
34FE5 N/A .text CALL QWORD PTR [RIP+0x7B565]
3533B N/A .text CALL QWORD PTR [RIP+0x7B59F]
37129 N/A .text CALL QWORD PTR [RIP+0x794A1]
37149 N/A .text CALL QWORD PTR [RIP+0x79481]
371A0 N/A .text CALL QWORD PTR [RIP+0x7942A]
371C4 N/A .text CALL QWORD PTR [RIP+0x79406]
4B240 N/A .text CALL QWORD PTR [RIP+0x65652]
4B264 N/A .text CALL QWORD PTR [RIP+0x65646]
4B272 N/A .text CALL QWORD PTR [RIP+0x65628]
4B287 N/A .text CALL QWORD PTR [RIP+0x6535B]
4B2C2 N/A .text CALL QWORD PTR [RIP+0x65328]
4B325 N/A .text CALL QWORD PTR [RIP+0x652C5]
4B333 N/A .text CALL QWORD PTR [RIP+0x652BF]
4B339 N/A .text CALL QWORD PTR [RIP+0x65561]
4B36B N/A .text CALL QWORD PTR [RIP+0x65527]
4B39C N/A .text CALL QWORD PTR [RIP+0x6522E]
4B3B0 N/A .text CALL QWORD PTR [RIP+0x65222]
4B3C1 N/A .text CALL QWORD PTR [RIP+0x65221]
4B3E0 N/A .text CALL QWORD PTR [RIP+0x651EA]
4B3E9 N/A .text CALL QWORD PTR [RIP+0x65209]
E16D8-E179F N/A .rdata Potential obfuscated jump sequence detected, count: 100
153A00 1000 .pdata ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata
153A0C 1080 .pdata ExceptionHook | Pointer to 1080 - 0x480 .text + UnwindInfo: .rdata
153A18 10F0 .pdata ExceptionHook | Pointer to 10F0 - 0x4F0 .text + UnwindInfo: .rdata
153A24 1170 .pdata ExceptionHook | Pointer to 1170 - 0x570 .text + UnwindInfo: .rdata
153A30 11F0 .pdata ExceptionHook | Pointer to 11F0 - 0x5F0 .text + UnwindInfo: .rdata
153A3C 26F0 .pdata ExceptionHook | Pointer to 26F0 - 0x1AF0 .text + UnwindInfo: .rdata
153A48 2770 .pdata ExceptionHook | Pointer to 2770 - 0x1B70 .text + UnwindInfo: .rdata
153A54 27E0 .pdata ExceptionHook | Pointer to 27E0 - 0x1BE0 .text + UnwindInfo: .rdata
153A60 2860 .pdata ExceptionHook | Pointer to 2860 - 0x1C60 .text + UnwindInfo: .rdata
153A6C 28E0 .pdata ExceptionHook | Pointer to 28E0 - 0x1CE0 .text + UnwindInfo: .rdata
153A78 3DE0 .pdata ExceptionHook | Pointer to 3DE0 - 0x31E0 .text + UnwindInfo: .rdata
153A84 3E60 .pdata ExceptionHook | Pointer to 3E60 - 0x3260 .text + UnwindInfo: .rdata
153A90 3ED0 .pdata ExceptionHook | Pointer to 3ED0 - 0x32D0 .text + UnwindInfo: .rdata
153A9C 3F50 .pdata ExceptionHook | Pointer to 3F50 - 0x3350 .text + UnwindInfo: .rdata
153AA8 3FD0 .pdata ExceptionHook | Pointer to 3FD0 - 0x33D0 .text + UnwindInfo: .rdata
153AB4 54D0 .pdata ExceptionHook | Pointer to 54D0 - 0x48D0 .text + UnwindInfo: .rdata
153AC0 5550 .pdata ExceptionHook | Pointer to 5550 - 0x4950 .text + UnwindInfo: .rdata
153ACC 55C0 .pdata ExceptionHook | Pointer to 55C0 - 0x49C0 .text + UnwindInfo: .rdata
153AD8 5640 .pdata ExceptionHook | Pointer to 5640 - 0x4A40 .text + UnwindInfo: .rdata
153AE4 56C0 .pdata ExceptionHook | Pointer to 56C0 - 0x4AC0 .text + UnwindInfo: .rdata
153AF0 6BC0 .pdata ExceptionHook | Pointer to 6BC0 - 0x5FC0 .text + UnwindInfo: .rdata
153AFC 6C40 .pdata ExceptionHook | Pointer to 6C40 - 0x6040 .text + UnwindInfo: .rdata
153B08 6CB0 .pdata ExceptionHook | Pointer to 6CB0 - 0x60B0 .text + UnwindInfo: .rdata
153B14 6D30 .pdata ExceptionHook | Pointer to 6D30 - 0x6130 .text + UnwindInfo: .rdata
153B20 6DB0 .pdata ExceptionHook | Pointer to 6DB0 - 0x61B0 .text + UnwindInfo: .rdata
153B2C 82B0 .pdata ExceptionHook | Pointer to 82B0 - 0x76B0 .text + UnwindInfo: .rdata
153B38 8330 .pdata ExceptionHook | Pointer to 8330 - 0x7730 .text + UnwindInfo: .rdata
153B44 83A0 .pdata ExceptionHook | Pointer to 83A0 - 0x77A0 .text + UnwindInfo: .rdata
153B50 8420 .pdata ExceptionHook | Pointer to 8420 - 0x7820 .text + UnwindInfo: .rdata
153B5C 84A0 .pdata ExceptionHook | Pointer to 84A0 - 0x78A0 .text + UnwindInfo: .rdata
153B68 99A0 .pdata ExceptionHook | Pointer to 99A0 - 0x8DA0 .text + UnwindInfo: .rdata
153B74 9A20 .pdata ExceptionHook | Pointer to 9A20 - 0x8E20 .text + UnwindInfo: .rdata
153B80 9A90 .pdata ExceptionHook | Pointer to 9A90 - 0x8E90 .text + UnwindInfo: .rdata
153B8C 9B10 .pdata ExceptionHook | Pointer to 9B10 - 0x8F10 .text + UnwindInfo: .rdata
153B98 9B90 .pdata ExceptionHook | Pointer to 9B90 - 0x8F90 .text + UnwindInfo: .rdata
153BA4 B090 .pdata ExceptionHook | Pointer to B090 - 0xA490 .text + UnwindInfo: .rdata
153BB0 B110 .pdata ExceptionHook | Pointer to B110 - 0xA510 .text + UnwindInfo: .rdata
153BBC B180 .pdata ExceptionHook | Pointer to B180 - 0xA580 .text + UnwindInfo: .rdata
153BC8 B200 .pdata ExceptionHook | Pointer to B200 - 0xA600 .text + UnwindInfo: .rdata
153BD4 B280 .pdata ExceptionHook | Pointer to B280 - 0xA680 .text + UnwindInfo: .rdata
153BE0 C780 .pdata ExceptionHook | Pointer to C780 - 0xBB80 .text + UnwindInfo: .rdata
153BEC C800 .pdata ExceptionHook | Pointer to C800 - 0xBC00 .text + UnwindInfo: .rdata
153BF8 C870 .pdata ExceptionHook | Pointer to C870 - 0xBC70 .text + UnwindInfo: .rdata
153C04 C8F0 .pdata ExceptionHook | Pointer to C8F0 - 0xBCF0 .text + UnwindInfo: .rdata
153C10 C970 .pdata ExceptionHook | Pointer to C970 - 0xBD70 .text + UnwindInfo: .rdata
153C1C DE7C .pdata ExceptionHook | Pointer to DE7C - 0xD27C .text + UnwindInfo: .rdata
153C28 DE9C .pdata ExceptionHook | Pointer to DE9C - 0xD29C .text + UnwindInfo: .rdata
153C34 DECC .pdata ExceptionHook | Pointer to DECC - 0xD2CC .text + UnwindInfo: .rdata
153C40 DF64 .pdata ExceptionHook | Pointer to DF64 - 0xD364 .text + UnwindInfo: .rdata
153C4C DF9C .pdata ExceptionHook | Pointer to DF9C - 0xD39C .text + UnwindInfo: .rdata
153C58 DFD0 .pdata ExceptionHook | Pointer to DFD0 - 0xD3D0 .text + UnwindInfo: .rdata
153C64 E050 .pdata ExceptionHook | Pointer to E050 - 0xD450 .text + UnwindInfo: .rdata
153C70 E0D0 .pdata ExceptionHook | Pointer to E0D0 - 0xD4D0 .text + UnwindInfo: .rdata
153C7C E0F0 .pdata ExceptionHook | Pointer to E0F0 - 0xD4F0 .text + UnwindInfo: .rdata
153C88 E130 .pdata ExceptionHook | Pointer to E130 - 0xD530 .text + UnwindInfo: .rdata
153C94 E170 .pdata ExceptionHook | Pointer to E170 - 0xD570 .text + UnwindInfo: .rdata
153CA0 E190 .pdata ExceptionHook | Pointer to E190 - 0xD590 .text + UnwindInfo: .rdata
153CAC E1B0 .pdata ExceptionHook | Pointer to E1B0 - 0xD5B0 .text + UnwindInfo: .rdata
153CB8 E210 .pdata ExceptionHook | Pointer to E210 - 0xD610 .text + UnwindInfo: .rdata
153CC4 E2C0 .pdata ExceptionHook | Pointer to E2C0 - 0xD6C0 .text + UnwindInfo: .rdata
153CD0 E3E0 .pdata ExceptionHook | Pointer to E3E0 - 0xD7E0 .text + UnwindInfo: .rdata
153CDC E470 .pdata ExceptionHook | Pointer to E470 - 0xD870 .text + UnwindInfo: .rdata
153CE8 E510 .pdata ExceptionHook | Pointer to E510 - 0xD910 .text + UnwindInfo: .rdata
153CF4 E7D0 .pdata ExceptionHook | Pointer to E7D0 - 0xDBD0 .text + UnwindInfo: .rdata
153D00 EA50 .pdata ExceptionHook | Pointer to EA50 - 0xDE50 .text + UnwindInfo: .rdata
153D0C EBC0 .pdata ExceptionHook | Pointer to EBC0 - 0xDFC0 .text + UnwindInfo: .rdata
153D18 F100 .pdata ExceptionHook | Pointer to F100 - 0xE500 .text + UnwindInfo: .rdata
153D24 F890 .pdata ExceptionHook | Pointer to F890 - 0xEC90 .text + UnwindInfo: .rdata
153D30 F8F0 .pdata ExceptionHook | Pointer to F8F0 - 0xECF0 .text + UnwindInfo: .rdata
153D3C FA6B .pdata ExceptionHook | Pointer to FA6B - 0xEE6B .text + UnwindInfo: .rdata
153D48 FB79 .pdata ExceptionHook | Pointer to FB79 - 0xEF79 .text + UnwindInfo: .rdata
153D54 FD22 .pdata ExceptionHook | Pointer to FD22 - 0xF122 .text + UnwindInfo: .rdata
153D60 FD60 .pdata ExceptionHook | Pointer to FD60 - 0xF160 .text + UnwindInfo: .rdata
153D6C FDE0 .pdata ExceptionHook | Pointer to FDE0 - 0xF1E0 .text + UnwindInfo: .rdata
153D78 FE70 .pdata ExceptionHook | Pointer to FE70 - 0xF270 .text + UnwindInfo: .rdata
153D84 10090 .pdata ExceptionHook | Pointer to 10090 - 0xF490 .text + UnwindInfo: .rdata
153D90 101D0 .pdata ExceptionHook | Pointer to 101D0 - 0xF5D0 .text + UnwindInfo: .rdata
153D9C 10200 .pdata ExceptionHook | Pointer to 10200 - 0xF600 .text + UnwindInfo: .rdata
153DA8 10260 .pdata ExceptionHook | Pointer to 10260 - 0xF660 .text + UnwindInfo: .rdata
153DB4 102A0 .pdata ExceptionHook | Pointer to 102A0 - 0xF6A0 .text + UnwindInfo: .rdata
153DC0 103C0 .pdata ExceptionHook | Pointer to 103C0 - 0xF7C0 .text + UnwindInfo: .rdata
153DCC 104F0 .pdata ExceptionHook | Pointer to 104F0 - 0xF8F0 .text + UnwindInfo: .rdata
153DD8 10559 .pdata ExceptionHook | Pointer to 10559 - 0xF959 .text + UnwindInfo: .rdata
153DE4 105D7 .pdata ExceptionHook | Pointer to 105D7 - 0xF9D7 .text + UnwindInfo: .rdata
153DF0 105DD .pdata ExceptionHook | Pointer to 105DD - 0xF9DD .text + UnwindInfo: .rdata
153DFC 105E3 .pdata ExceptionHook | Pointer to 105E3 - 0xF9E3 .text + UnwindInfo: .rdata
153E08 105F0 .pdata ExceptionHook | Pointer to 105F0 - 0xF9F0 .text + UnwindInfo: .rdata
153E14 10665 .pdata ExceptionHook | Pointer to 10665 - 0xFA65 .text + UnwindInfo: .rdata
153E20 107E6 .pdata ExceptionHook | Pointer to 107E6 - 0xFBE6 .text + UnwindInfo: .rdata
153E2C 107F2 .pdata ExceptionHook | Pointer to 107F2 - 0xFBF2 .text + UnwindInfo: .rdata
153E38 10800 .pdata ExceptionHook | Pointer to 10800 - 0xFC00 .text + UnwindInfo: .rdata
153E44 1081C .pdata ExceptionHook | Pointer to 1081C - 0xFC1C .text + UnwindInfo: .rdata
153E50 108A9 .pdata ExceptionHook | Pointer to 108A9 - 0xFCA9 .text + UnwindInfo: .rdata
153E5C 108B1 .pdata ExceptionHook | Pointer to 108B1 - 0xFCB1 .text + UnwindInfo: .rdata
153E68 108C0 .pdata ExceptionHook | Pointer to 108C0 - 0xFCC0 .text + UnwindInfo: .rdata
153E74 10B60 .pdata ExceptionHook | Pointer to 10B60 - 0xFF60 .text + UnwindInfo: .rdata
153E80 10C05 .pdata ExceptionHook | Pointer to 10C05 - 0x10005 .text + UnwindInfo: .rdata
153E8C 10C57 .pdata ExceptionHook | Pointer to 10C57 - 0x10057 .text + UnwindInfo: .rdata
153E98 10E00 .pdata ExceptionHook | Pointer to 10E00 - 0x10200 .text + UnwindInfo: .rdata
153EA4 10E60 .pdata ExceptionHook | Pointer to 10E60 - 0x10260 .text + UnwindInfo: .rdata
Extra Analysis
Metric Value Percentage
Ascii Code 848862 59,5522%
Null Byte Code 252007 17,6796%
© 2026 All rights reserved.