PESCAN.IO - Analysis Report

PREMIUM PESCAN.IO - Analysis Report

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Size: 5,15 MB
SHA-256 Hash: FFDD5650F21F1B8DF076CF52606FF5E4248758A2FD34596FB89B0C084A8743B5
SHA-1 Hash: 845AEFD67B5405ED8AE055DE7CE6986FD504F6EB
MD5 Hash: 8E7C6A75405FB3A5836F6D9A0A969490
Imphash: 3BF0A1D8A035E80B12D367BEF5922E69
MajorOSVersion: 6
MinorOSVersion: 1
CheckSum: 00000000
EntryPoint (rva): 11F0
SizeOfHeaders: 400
SizeOfImage: 589000
ImageBase: 0000000180000000
Architecture: x64
ExportTable: 4EF240
ImportTable: 4EF2B0
IAT: 4EF674
Characteristics: 2022
TimeDateStamp: 68B3685B
Date: 30/08/2025 21:08:43
File Type: DLL
Number Of Sections: 7
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .tls, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	400	266E00	1000	266E00	6.5767	15530844.91
.rdata	0x40000040 Initialized Data Readable	267200	288400	268000	288344	5.5798	60675964.91
.data	0xC0000040 Initialized Data Readable Writeable	4EF600	1DA00	4F1000	7BA50	3.9876	10758675.02
.pdata	0x40000040 Initialized Data Readable	50D000	12200	56D000	120B4	5.4735	1686997.74
.tls	0xC0000040 Initialized Data Readable Writeable	51F200	200	580000	10	0	130560
.rsrc	0x40000040 Initialized Data Readable	51F400	A00	581000	600	2.6374	309889.6
.reloc	0x42000040 Initialized Data GP-Relative Readable	51FE00	6E00	582000	6DB8	5.4125	161059.65

Description

OriginalFilename: ServiceCore.dll
CompanyName: ASUSTeK COMPUTER INC.
LegalCopyright: ASUSTeK Computer Inc.All rights reserved.
ProductName: Armoury Crate Service
FileVersion: 6.4.11.1
FileDescription: Armoury Crate Service Core Plugin
ProductVersion: 6.4.11.1
Language: English (United States) (ID=0x409)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 5F0
Code -> 5756534883EC304889CB4C89C683FA017476488B3D676E2600891785D20F85CD0000008B05AFD6500085C07E538954245831

Assembler

|PUSH RDI

|PUSH RSI

|PUSH RBX

|SUB RSP, 0X30

|MOV RBX, RCX

|MOV RSI, R8

|CMP EDX, 1

|JE 0X1088

|MOV RDI, QWORD PTR [RIP + 0X266E67]

|MOV DWORD PTR [RDI], EDX

|TEST EDX, EDX

|JNE 0X10F0

|MOV EAX, DWORD PTR [RIP + 0X50D6AF]

|TEST EAX, EAX

|JLE 0X1080

|MOV DWORD PTR [RSP + 0X58], EDX

Signatures

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Detect It Easy (die)
• PE+(64): linker: Microsoft Linker(14.0)[-]
• Entropy: 6.37406

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	VirtualAlloc	Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryW	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).

ET Functions (carving)

Original Name -> laxav.dll

Windows REG

Rebuilt string - SOFTWARE\Policies\Microsoft\Windows\System

File Access

WINMM.dll
UxTheme.dll
USER32.dll
SHELL32.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-private-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
KERNEL32.dll
GDI32.dll
laxav.dll
seconds/godebug/non-default-behavior/bcryptprimitives.dll
abi mismatchwrong timerstrace bufferCfgMgr32.dllsetupapi.dllwintrust.dllwtsapi32.dll
abi mismatchwrong timerstrace bufferCfgMgr32.dllsetupapi.dllwintrust.dll
abi mismatchwrong timerstrace bufferCfgMgr32.dllsetupapi.dll
abi mismatchwrong timerstrace bufferCfgMgr32.dll
created by sechost.dllversion.dll
created by sechost.dll
0ntdll.dllole32.dllpsapi.dllwinmm.dll
0ntdll.dllole32.dllpsapi.dll
0ntdll.dllole32.dll
0ntdll.dll
gcm.dll
tdll.dll
el32.dll
base.dll
.dll
wF1srE.scr
olOz2x2Yppaw.piF
jrKDzNIJS.jAR
_s6ZAooKpNg.bat
internal/abi.Name.Dat
time.Dat
@.dat
file.txt
PomTKndKL9.ini
uGu_kEG.ini
bGFYnu.ini
C2BNi8jY.ini
aO6ZdLXl2Iyg.ini
aO6ZdLXl2Iyg.map.ini
HLfSj6JzE.ini
VUU4epUpWuOv.init.0.func1.ini
VUU4epUpWuOv.ini
QwS4U3ayq.ini
wF1srE.init.ini
wF1srE.ini
wF1srE.init.init.func6.ini
wF1srE.init.init.func5.ini
ffsBEa.ini
zf8_lZ0rCjV.ini
fdRxh0daCcg.ini
jpw69o4ES.ini
BrSrXz.ini
olOz2x2Yppaw.ini
HS7i1mUV.ini
kuuvmN.ini
gtWjWhDODm59.ini
_s6ZAooKpNg.ini
pYA7HqP.ini
U6RqYmFM.ini
ZeIAvkct.ini
uJecVPS.ini
p_YdhtNA9.ini
UJv89x.ini
bfK9foun.ini
jrKDzNIJS.ini
EgBfGQdQN.ini
T_aRmjoP.ini
cXCNo7f.init.0.func1.ini
cXCNo7f.ini
oZrUK4krYb2.ini
CyYzKAt4w.ini
btakTbz6UocQ.ini
F_vhHycM.ini
Fzw1q7.init.0.func1.ini
Fzw1q7.ini
arcCDFr.ini
CoW3yuHGMRl.ini
gV9IqoKAJS_C.ini
kGK4bkAq9.ini
VRgTP5Hup.ini
aSejh7.ini
oNXOGvnCf.ini
kkr7uSqoKtn.ini
iaZM0aif.ini
d0vLwW2wUgY8.ini
lHpTlo8qfeVZ.ini
rBDMkBsYyAUV.ini
hwr11w.ini
TXNi0n.ini
agaRlZavrGg.ini
aJJMrzV9wmRu.ini
xXusuYFGCn.ini
RubAF80dacC.ini
__TI0lIDoZMO.ini
fIn6Sp7Nax.ini
fIn6Sp7Nax.map.ini
iAfGsg.ini
DrveJhEG4.ini
sxpaHjgLs.ini
pkmP_XMn7UG.ini
uLWCD1fQ.ini
lCYwRUnHFQD.ini
r1dtSaM__.ini
math.ini
gVuGGec8WbEq.ini
math/bits.init.init.func2.ini
math/bits.init.ini
math/bits.ini
math/bits.init.init.func1.ini
ar3eaxahzJ.ini
ts2YWP.ini
rLLcxj86gUF.ini
aRbHaWPMIj.ini
iDMaXV5Ma.ini
EdnOyey.ini
internal/bytealg.ini
internal/cpu.Ini
internal/abi.ini
TXNi0n.xls
TXNi0n.xlsm
bGFYnu.jSE
aO6ZdLXl2Iyg.Rar
*cqCYceKa6t.Rar
Temp
SysDir
UserProfile

File Access (UNICODE)

ServiceCore.dll
bcryptprimitives.dll
powrprof.dll
winmm.dll
ntdll.dll
i.dlL

Interest's Words

zombie
Encrypt
Decrypt
exec
netsh
attrib
start
pause
cipher
sdelete
shutdown
systeminfo
ping
dism
expand
replace
route

IP Addresses

1.3.6.10
1.3.6.11
1.4.7.12
1.4.7.13
6.4.11.1

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (WSACleanup)
Text	Ascii	WinAPI Sockets (bind)
Text	Ascii	WinAPI Sockets (listen)
Text	Ascii	WinAPI Sockets (connect)
Text	Ascii	WinAPI Sockets (recv)
Text	Ascii	WinAPI Sockets (send)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	File (GetTempPath)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Service (OpenSCManager)
Text	Ascii	Service (CreateService)
Text	Ascii	Service (StartServiceCtrlDispatcher)
Text	Ascii	Encryption API (CryptAcquireContext)
Text	Ascii	Encryption API (CryptReleaseContext)
Text	Ascii	Anti-Analysis VM (GetSystemInfo)
Text	Ascii	Anti-Analysis VM (GetVersion)
Text	Ascii	Anti-Analysis VM (CreateToolhelp32Snapshot)
Text	Ascii	Reconnaissance (FindFirstFileW)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (GetThreadContext)
Text	Ascii	Stealth (SetThreadContext)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (UnmapViewOfFile)
Text	Ascii	Stealth (MapViewOfFile)
Text	Ascii	Stealth (CreateFileMappingW)
Text	Ascii	Stealth (VirtualAlloc)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Stealth (ReadProcessMemory)
Text	Ascii	Execution (CreateProcessA)
Text	Ascii	Execution (CreateProcessW)
Text	Ascii	Execution (ShellExecute)
Text	Ascii	Execution (ResumeThread)
Text	Ascii	Execution (OpenEventW)
Text	Ascii	Execution (CreateEventA)
Text	Ascii	Execution (CreateEventW)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\VERSION\1\1028	5810A0	350	51F4A0	500334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000400	P.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\2\1033	5813F0	17D	51F7F0	3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779	<?xml version='1.0' encoding='UTF-8' standalone='y

Intelligent String

• ServiceCore.dll
• 6.4.11.1
• @.tls
• decPinCountergetPinnerBitsincPinCounternewPinnerBitsnextFreeIndexpinnerBitSizereportZombiessetPinnerBitschangegstatusmaybeRunAsyncacquireStatustryGetObjFast*[253]uintptrchecknonemptymayNeedWorker*[512]uintptrscannedStacks
• C:\RYPfinptrnilobj()
• goal , cons/mark maxTrigger= pages/byte
• computeMaxProcsupdateMaxProcsGallocmRInternalGC (fractional)write heap dumpasyncpreemptoffcheckfinalizersforce gc (idle)
• .Cap
• .NumMethodImpersonateLoggedOnUserconnection reset by peerlevel 2 not synchronizedlink number out of rangeout of streams resourcesfunction not implementedstructure needs cleaningnot supported by windowsCertFreeCertificateChainCreateToolhelp32SnapshotGetUserProfileDirectoryWtracecheckstackownershiphash of unhashable type span has no free objectsruntime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCcheckfinalizers: queue: update during transitionruntime: markroot index can't scan our own stackgcDrainN phase incorrectpageAlloc: out of memoryruntime: p.searchAddr = range partially overlaps [recovered, repanicked]stack trace unavailable
• internal/runtime/maps.Map
• (*guintptr).set
• (*muintptr).set
• (*gList).pop
• dumpregs
• (*itabTableType).add
• muintptr.ptr
• (*notInHeap).add
• puintptr.ptr
• (*lfstack).pop
• dumpScanStats
• limiterEventStamp.typ
• guintptr.ptr
• (*gQueue).pop
• gcDumpObject
• (*scavengerState).run
• pallocSum.max
• (*activeSweep).end
• (*mSpanStateBox).set
• pallocSum.end
• offAddr.add
• (*pageBits).set
• (*bucket).stk
• (*memRecordCycle).add
• (*addrRanges).add
• (*spanSet).pop
• (*atomicHeadTailIndex).cas
• (*sysMemStat).add
• (*Pinner).Pin
• (*pinState).set
• dumpgstatus
• hexdumpWords
• (*puintptr).set
• (*guintptr).cas
• pMask.set
• (*profAtomic).cas
• (*_DISPATCHER_CONTEXT).ctx
• gclinkptr.ptr
• taggedPointer.tag
• (*timer).maybeRunAsync
• (*timers).run
• tracebackHexdump
• tracebackHexdump.func1
• traceWriter.end
• (*traceMap).put
• (*traceStackTable).put
• (*traceStackTable).dump
• dumpStacksRec
• (*traceStringTable).put
• (*traceTypeTable).put
• (*traceTypeTable).dump
• dumpTypesRec
• (*O8Iorar53grC).Put
• (*O8Iorar53grC).Get
• XHTN1Ga7H.Len
• XHTN1Ga7H.Set
• XHTN1Ga7H.Int
• (*itKJa8m).Key
• (*itKJa8m).Len
• (*XHTN1Ga7H).Len
• (*tD6EBk1wb2).Len
• Nlaxav.dll
• NGDI32.dll
• NKERNEL32.dll
• Napi-ms-win-crt-heap-l1-1-0.dll
• Napi-ms-win-crt-private-l1-1-0.dll
• Napi-ms-win-crt-runtime-l1-1-0.dll
• Napi-ms-win-crt-string-l1-1-0.dll
• NUSER32.dll
• NWINMM.dll
• NWINSPOOL.DRV
• ntdll.dll
• winmm.dll
• powrprof.dll
• bcryptprimitives.dll

Flow Anomalies

Offset	RVA	Section	Description
E355	N/A	.text	JMP QWORD PTR [RIP+0xE8840F]
4B273	N/A	.text	JMP QWORD PTR [RIP+0xBBB00]
6102D	N/A	.text	JMP QWORD PTR [RIP+0x8548004C]
BEF42	N/A	.text	CALL QWORD PTR [RIP+0x8B480675]
C4E51	N/A	.text	CALL QWORD PTR [RIP+0x8B480B75]
130250	N/A	.text	CALL QWORD PTR [RIP+0x4C89483B]
1407E4	N/A	.text	JMP QWORD PTR [RIP+0x8F280000]
144801	N/A	.text	CALL QWORD PTR [RIP+0xC4834800]
14E651	N/A	.text	JMP QWORD PTR [RIP+0xFFF723E9]
1FAEEC	N/A	.text	CALL QWORD PTR [RIP+0x485CAEE3]
2041A2	N/A	.text	JMP QWORD PTR [RIP+0x440C766]
2206B4	N/A	.text	JMP QWORD PTR [RIP+0x948948EE]
259E58	N/A	.text	JMP QWORD PTR [RIP+0x2040C7]
259FA4	N/A	.text	JMP QWORD PTR [RIP+0x6B9C031]
262B8C	N/A	.text	JMP QWORD PTR [RIP+0x245C8948]
265BE1	N/A	.text	CALL QWORD PTR [RIP+0x288EB5]
265BFF	N/A	.text	JMP QWORD PTR [RIP+0x288F3F]
265C0A	N/A	.text	CALL QWORD PTR [RIP+0x28909C]
265CA2	N/A	.text	CALL QWORD PTR [RIP+0x288DF4]
265CBB	N/A	.text	CALL QWORD PTR [RIP+0x288E83]
265CD2	N/A	.text	CALL QWORD PTR [RIP+0x288FD4]
265D7C	N/A	.text	CALL QWORD PTR [RIP+0x288F2A]
265D85	N/A	.text	CALL QWORD PTR [RIP+0x288D79]
265DB3	N/A	.text	JMP QWORD PTR [RIP+0x288CDB]
265DD0	N/A	.text	CALL QWORD PTR [RIP+0x288CF6]
265DE0	N/A	.text	CALL QWORD PTR [RIP+0x288D66]
265E09	N/A	.text	CALL QWORD PTR [RIP+0x288CBD]
265E19	N/A	.text	CALL QWORD PTR [RIP+0x288D2D]
265E70	N/A	.text	CALL QWORD PTR [RIP+0x288C56]
265E80	N/A	.text	CALL QWORD PTR [RIP+0x288CC6]
265EC0	N/A	.text	CALL QWORD PTR [RIP+0x288C06]
265ED0	N/A	.text	CALL QWORD PTR [RIP+0x288C76]
265EE9	N/A	.text	CALL QWORD PTR [RIP+0x288DBD]
265F24	N/A	.text	CALL QWORD PTR [RIP+0x288BA2]
265F34	N/A	.text	CALL QWORD PTR [RIP+0x288C12]
265F41	N/A	.text	CALL QWORD PTR [RIP+0x288C55]
265F56	N/A	.text	CALL QWORD PTR [RIP+0x288D50]
265F93	N/A	.text	CALL QWORD PTR [RIP+0x288B33]
265FAA	N/A	.text	JMP QWORD PTR [RIP+0x288B9C]
265FF7	N/A	.text	CALL QWORD PTR [RIP+0x288CAF]
2660A0	N/A	.text	JMP QWORD PTR [RIP+0x288C5E]
2660A8	N/A	.text	JMP QWORD PTR [RIP+0x288C66]
2660B0	N/A	.text	JMP QWORD PTR [RIP+0x288C2E]
2660B8	N/A	.text	JMP QWORD PTR [RIP+0x2889B6]
2660C0	N/A	.text	JMP QWORD PTR [RIP+0x288C5E]
2660C8	N/A	.text	JMP QWORD PTR [RIP+0x288C26]
26638B	N/A	.text	CALL QWORD PTR [RIP+0x28886B]
2663EE	N/A	.text	CALL QWORD PTR [RIP+0x288800]
2663F8	N/A	.text	CALL QWORD PTR [RIP+0x288706]
2667E0	N/A	.text	JMP QWORD PTR [RIP+0x288446]
2667E8	N/A	.text	JMP QWORD PTR [RIP+0x288436]
2667F0	N/A	.text	JMP QWORD PTR [RIP+0x288426]
2667F8	N/A	.text	JMP QWORD PTR [RIP+0x288416]
266800	N/A	.text	JMP QWORD PTR [RIP+0x288406]
266808	N/A	.text	JMP QWORD PTR [RIP+0x2883F6]
266810	N/A	.text	JMP QWORD PTR [RIP+0x2883E6]
266818	N/A	.text	JMP QWORD PTR [RIP+0x2883CE]
266820	N/A	.text	JMP QWORD PTR [RIP+0x2883BE]
266828	N/A	.text	JMP QWORD PTR [RIP+0x2883A6]
266830	N/A	.text	JMP QWORD PTR [RIP+0x288396]
266838	N/A	.text	JMP QWORD PTR [RIP+0x288386]
266840	N/A	.text	JMP QWORD PTR [RIP+0x288376]
266848	N/A	.text	JMP QWORD PTR [RIP+0x288366]
266850	N/A	.text	JMP QWORD PTR [RIP+0x288356]
266858	N/A	.text	JMP QWORD PTR [RIP+0x288346]
266860	N/A	.text	JMP QWORD PTR [RIP+0x288336]
266868	N/A	.text	JMP QWORD PTR [RIP+0x288326]
266870	N/A	.text	JMP QWORD PTR [RIP+0x288316]
266878	N/A	.text	JMP QWORD PTR [RIP+0x288306]
266880	N/A	.text	JMP QWORD PTR [RIP+0x2882F6]
266888	N/A	.text	JMP QWORD PTR [RIP+0x2882E6]
266890	N/A	.text	JMP QWORD PTR [RIP+0x2882D6]
266898	N/A	.text	JMP QWORD PTR [RIP+0x2882C6]
2668A0	N/A	.text	JMP QWORD PTR [RIP+0x2882B6]
2668A8	N/A	.text	JMP QWORD PTR [RIP+0x2882A6]
2668B0	N/A	.text	JMP QWORD PTR [RIP+0x288296]
2668B8	N/A	.text	JMP QWORD PTR [RIP+0x288286]
2668C0	N/A	.text	JMP QWORD PTR [RIP+0x288276]
2668C8	N/A	.text	JMP QWORD PTR [RIP+0x288266]
2668D0	N/A	.text	JMP QWORD PTR [RIP+0x288256]
2668D8	N/A	.text	JMP QWORD PTR [RIP+0x288246]
2668E0	N/A	.text	JMP QWORD PTR [RIP+0x288236]
2668E8	N/A	.text	JMP QWORD PTR [RIP+0x288226]
2668F0	N/A	.text	JMP QWORD PTR [RIP+0x288216]
2668F8	N/A	.text	JMP QWORD PTR [RIP+0x288206]
266900	N/A	.text	JMP QWORD PTR [RIP+0x2881F6]
266908	N/A	.text	JMP QWORD PTR [RIP+0x2881E6]
266910	N/A	.text	JMP QWORD PTR [RIP+0x2881D6]
266918	N/A	.text	JMP QWORD PTR [RIP+0x2881C6]
266920	N/A	.text	JMP QWORD PTR [RIP+0x2881B6]
266928	N/A	.text	JMP QWORD PTR [RIP+0x2881A6]
266930	N/A	.text	JMP QWORD PTR [RIP+0x288196]
266938	N/A	.text	JMP QWORD PTR [RIP+0x288186]
266940	N/A	.text	JMP QWORD PTR [RIP+0x28816E]
266948	N/A	.text	JMP QWORD PTR [RIP+0x28815E]
266950	N/A	.text	JMP QWORD PTR [RIP+0x28814E]
266958	N/A	.text	JMP QWORD PTR [RIP+0x28813E]
266960	N/A	.text	JMP QWORD PTR [RIP+0x28812E]
266968	N/A	.text	JMP QWORD PTR [RIP+0x28811E]
266970	N/A	.text	JMP QWORD PTR [RIP+0x28810E]
778E2-779E0	N/A	.text	Potential obfuscated jump sequence detected, count: 51
761-77F	N/A	.text	Unusual BP Cave, count: 31
2642-265F	N/A	.text	Unusual BP Cave, count: 30
2FC1-2FDF	N/A	.text	Unusual BP Cave, count: 31
10062-1007F	N/A	.text	Unusual BP Cave, count: 30
10AA2-10ABF	N/A	.text	Unusual BP Cave, count: 30
11862-1187F	N/A	.text	Unusual BP Cave, count: 30
148A2-148BF	N/A	.text	Unusual BP Cave, count: 30
14FE1-14FFF	N/A	.text	Unusual BP Cave, count: 31
15AE1-15AFF	N/A	.text	Unusual BP Cave, count: 31
15BC1-15BDF	N/A	.text	Unusual BP Cave, count: 31
16AE2-16AFF	N/A	.text	Unusual BP Cave, count: 30
19041-1905F	N/A	.text	Unusual BP Cave, count: 31
19382-1939F	N/A	.text	Unusual BP Cave, count: 30
1D1C2-1D1DF	N/A	.text	Unusual BP Cave, count: 30
1D7A2-1D7BF	N/A	.text	Unusual BP Cave, count: 30
1E922-1E93F	N/A	.text	Unusual BP Cave, count: 30
21B42-21B5F	N/A	.text	Unusual BP Cave, count: 30
23922-2393F	N/A	.text	Unusual BP Cave, count: 30
26442-2645F	N/A	.text	Unusual BP Cave, count: 30
34EA2-34EBF	N/A	.text	Unusual BP Cave, count: 30
35DA1-35DBF	N/A	.text	Unusual BP Cave, count: 31
39641-3965F	N/A	.text	Unusual BP Cave, count: 31
396C1-396DF	N/A	.text	Unusual BP Cave, count: 31
39741-3975F	N/A	.text	Unusual BP Cave, count: 31
397C1-397DF	N/A	.text	Unusual BP Cave, count: 31
39841-3985F	N/A	.text	Unusual BP Cave, count: 31
398C1-398DF	N/A	.text	Unusual BP Cave, count: 31
39941-3995F	N/A	.text	Unusual BP Cave, count: 31
399C1-399DF	N/A	.text	Unusual BP Cave, count: 31
3CF02-3CF1F	N/A	.text	Unusual BP Cave, count: 30
3F102-3F11F	N/A	.text	Unusual BP Cave, count: 30
3FA21-3FA3F	N/A	.text	Unusual BP Cave, count: 31
3FA61-3FA7F	N/A	.text	Unusual BP Cave, count: 31
48FA2-48FBF	N/A	.text	Unusual BP Cave, count: 30
4EC82-4EC9F	N/A	.text	Unusual BP Cave, count: 30
51A01-51A1F	N/A	.text	Unusual BP Cave, count: 31
52081-5209F	N/A	.text	Unusual BP Cave, count: 31
56B21-56B3F	N/A	.text	Unusual BP Cave, count: 31
58482-5849F	N/A	.text	Unusual BP Cave, count: 30
58C42-58C5F	N/A	.text	Unusual BP Cave, count: 30
5BD42-5BD5F	N/A	.text	Unusual BP Cave, count: 30
5C562-5C57F	N/A	.text	Unusual BP Cave, count: 30
5D522-5D53F	N/A	.text	Unusual BP Cave, count: 30
62561-6257F	N/A	.text	Unusual BP Cave, count: 31
628E2-628FF	N/A	.text	Unusual BP Cave, count: 30
64502-6451F	N/A	.text	Unusual BP Cave, count: 30
65CA2-65CBF	N/A	.text	Unusual BP Cave, count: 30
6AD41-6AD5F	N/A	.text	Unusual BP Cave, count: 31
6BA42-6BA5F	N/A	.text	Unusual BP Cave, count: 30
6C722-6C73F	N/A	.text	Unusual BP Cave, count: 30
6D142-6D15F	N/A	.text	Unusual BP Cave, count: 30
6FEC1-6FEDF	N/A	.text	Unusual BP Cave, count: 31
71841-7185F	N/A	.text	Unusual BP Cave, count: 31
726E1-726FF	N/A	.text	Unusual BP Cave, count: 31
72902-7291F	N/A	.text	Unusual BP Cave, count: 30
743C1-743DF	N/A	.text	Unusual BP Cave, count: 31
74622-7463F	N/A	.text	Unusual BP Cave, count: 30
752A1-752BF	N/A	.text	Unusual BP Cave, count: 31
79082-7909F	N/A	.text	Unusual BP Cave, count: 30
79102-7911F	N/A	.text	Unusual BP Cave, count: 30
79A61-79A7F	N/A	.text	Unusual BP Cave, count: 31
821C1-821DF	N/A	.text	Unusual BP Cave, count: 31
82C42-82C5F	N/A	.text	Unusual BP Cave, count: 30
8BDC2-8BDDF	N/A	.text	Unusual BP Cave, count: 30
8BEC2-8BEDF	N/A	.text	Unusual BP Cave, count: 30
90522-9053F	N/A	.text	Unusual BP Cave, count: 30
A8DE2-A8DFF	N/A	.text	Unusual BP Cave, count: 30
AA842-AA85F	N/A	.text	Unusual BP Cave, count: 30
ACB82-ACB9F	N/A	.text	Unusual BP Cave, count: 30
AD522-AD53F	N/A	.text	Unusual BP Cave, count: 30
AE6E2-AE6FF	N/A	.text	Unusual BP Cave, count: 30
AE762-AE77F	N/A	.text	Unusual BP Cave, count: 30
AEAE2-AEAFF	N/A	.text	Unusual BP Cave, count: 30
B0E02-B0E1F	N/A	.text	Unusual BP Cave, count: 30
B6C62-B6C7F	N/A	.text	Unusual BP Cave, count: 30
B77E2-B77FF	N/A	.text	Unusual BP Cave, count: 30
C2602-C261F	N/A	.text	Unusual BP Cave, count: 30
D0AA1-D0ABF	N/A	.text	Unusual BP Cave, count: 31
D2582-D259F	N/A	.text	Unusual BP Cave, count: 30
11D521-11D53F	N/A	.text	Unusual BP Cave, count: 31
131422-13143F	N/A	.text	Unusual BP Cave, count: 30
15A782-15A79F	N/A	.text	Unusual BP Cave, count: 30
16F0A2-16F0BF	N/A	.text	Unusual BP Cave, count: 30
17EF41-17EF5F	N/A	.text	Unusual BP Cave, count: 31
17F041-17F05F	N/A	.text	Unusual BP Cave, count: 31
188341-18835F	N/A	.text	Unusual BP Cave, count: 31
196241-19625F	N/A	.text	Unusual BP Cave, count: 31
1C3F21-1C3F3F	N/A	.text	Unusual BP Cave, count: 31
1D04C2-1D04DF	N/A	.text	Unusual BP Cave, count: 30
1D9882-1D989F	N/A	.text	Unusual BP Cave, count: 30
1D9EE2-1D9EFF	N/A	.text	Unusual BP Cave, count: 30
1DDF02-1DDF1F	N/A	.text	Unusual BP Cave, count: 30
1DE542-1DE55F	N/A	.text	Unusual BP Cave, count: 30
1DF342-1DF35F	N/A	.text	Unusual BP Cave, count: 30
1E04E2-1E04FF	N/A	.text	Unusual BP Cave, count: 30
1E06C2-1E06DF	N/A	.text	Unusual BP Cave, count: 30
1E0EA2-1E0EBF	N/A	.text	Unusual BP Cave, count: 30
1E6982-1E699F	N/A	.text	Unusual BP Cave, count: 30
1E78E2-1E78FF	N/A	.text	Unusual BP Cave, count: 30
1E9002-1E901F	N/A	.text	Unusual BP Cave, count: 30
1E94A2-1E94BF	N/A	.text	Unusual BP Cave, count: 30
1ED4C2-1ED4DF	N/A	.text	Unusual BP Cave, count: 30
1EFDC2-1EFDDF	N/A	.text	Unusual BP Cave, count: 30
1F0962-1F097F	N/A	.text	Unusual BP Cave, count: 30
1F09C2-1F09DF	N/A	.text	Unusual BP Cave, count: 30
1F2982-1F299F	N/A	.text	Unusual BP Cave, count: 30
1F2B62-1F2B7F	N/A	.text	Unusual BP Cave, count: 30
1F2CE2-1F2CFF	N/A	.text	Unusual BP Cave, count: 30
1F3D22-1F3D3F	N/A	.text	Unusual BP Cave, count: 30
1F3F82-1F3F9F	N/A	.text	Unusual BP Cave, count: 30
1F5742-1F575F	N/A	.text	Unusual BP Cave, count: 30
1F61C2-1F61DF	N/A	.text	Unusual BP Cave, count: 30
1F6802-1F681F	N/A	.text	Unusual BP Cave, count: 30
1F9822-1F983F	N/A	.text	Unusual BP Cave, count: 30
1FDC82-1FDC9F	N/A	.text	Unusual BP Cave, count: 30
201B22-201B3F	N/A	.text	Unusual BP Cave, count: 30
218DA2-218DBF	N/A	.text	Unusual BP Cave, count: 30
227B22-227B3F	N/A	.text	Unusual BP Cave, count: 30
22CC21-22CC3F	N/A	.text	Unusual BP Cave, count: 31
22CC41-22CC5F	N/A	.text	Unusual BP Cave, count: 31
22D022-22D03F	N/A	.text	Unusual BP Cave, count: 30
22E2A2-22E2BF	N/A	.text	Unusual BP Cave, count: 30
23BE82-23BE9F	N/A	.text	Unusual BP Cave, count: 30
23C2C2-23C2DF	N/A	.text	Unusual BP Cave, count: 30
23C322-23C33F	N/A	.text	Unusual BP Cave, count: 30
23C722-23C73F	N/A	.text	Unusual BP Cave, count: 30
23C782-23C79F	N/A	.text	Unusual BP Cave, count: 30
23C7E2-23C7FF	N/A	.text	Unusual BP Cave, count: 30
23C9A2-23C9BF	N/A	.text	Unusual BP Cave, count: 30
2532A2-2532BF	N/A	.text	Unusual BP Cave, count: 30
2629A1-2629BF	N/A	.text	Unusual BP Cave, count: 31
265A98-265ADF	N/A	.text	Unusual BP Cave, count: 72
4EE3F8	266DF0	.rdata	TLS Callback \| Pointer to 180266DF0 - 0x2661F0 .text
4EE400	266DD0	.rdata	TLS Callback \| Pointer to 180266DD0 - 0x2661D0 .text
50D000	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata
50D00C	11F0	.pdata	ExceptionHook \| Pointer to 11F0 - 0x5F0 .text + UnwindInfo: .rdata
50D018	1330	.pdata	ExceptionHook \| Pointer to 1330 - 0x730 .text + UnwindInfo: .rdata
50D024	1340	.pdata	ExceptionHook \| Pointer to 1340 - 0x740 .text + UnwindInfo: .rdata
50D030	1350	.pdata	ExceptionHook \| Pointer to 1350 - 0x750 .text + UnwindInfo: .rdata
50D03C	1380	.pdata	ExceptionHook \| Pointer to 1380 - 0x780 .text + UnwindInfo: .rdata
50D048	14E0	.pdata	ExceptionHook \| Pointer to 14E0 - 0x8E0 .text + UnwindInfo: .rdata
50D054	1540	.pdata	ExceptionHook \| Pointer to 1540 - 0x940 .text + UnwindInfo: .rdata
50D060	15C0	.pdata	ExceptionHook \| Pointer to 15C0 - 0x9C0 .text + UnwindInfo: .rdata
50D06C	1680	.pdata	ExceptionHook \| Pointer to 1680 - 0xA80 .text + UnwindInfo: .rdata
50D078	1780	.pdata	ExceptionHook \| Pointer to 1780 - 0xB80 .text + UnwindInfo: .rdata
50D084	1C00	.pdata	ExceptionHook \| Pointer to 1C00 - 0x1000 .text + UnwindInfo: .rdata
50D090	1C20	.pdata	ExceptionHook \| Pointer to 1C20 - 0x1020 .text + UnwindInfo: .rdata
50D09C	1DE0	.pdata	ExceptionHook \| Pointer to 1DE0 - 0x11E0 .text + UnwindInfo: .rdata
50D0A8	1E60	.pdata	ExceptionHook \| Pointer to 1E60 - 0x1260 .text + UnwindInfo: .rdata
50D0B4	1EA0	.pdata	ExceptionHook \| Pointer to 1EA0 - 0x12A0 .text + UnwindInfo: .rdata
50D0C0	1F00	.pdata	ExceptionHook \| Pointer to 1F00 - 0x1300 .text + UnwindInfo: .rdata
50D0CC	2440	.pdata	ExceptionHook \| Pointer to 2440 - 0x1840 .text + UnwindInfo: .rdata
50D0D8	2D80	.pdata	ExceptionHook \| Pointer to 2D80 - 0x2180 .text + UnwindInfo: .rdata
50D0E4	2E00	.pdata	ExceptionHook \| Pointer to 2E00 - 0x2200 .text + UnwindInfo: .rdata
50D0F0	3D60	.pdata	ExceptionHook \| Pointer to 3D60 - 0x3160 .text + UnwindInfo: .rdata
50D0FC	3DA0	.pdata	ExceptionHook \| Pointer to 3DA0 - 0x31A0 .text + UnwindInfo: .rdata
50D108	4020	.pdata	ExceptionHook \| Pointer to 4020 - 0x3420 .text + UnwindInfo: .rdata
50D114	42A0	.pdata	ExceptionHook \| Pointer to 42A0 - 0x36A0 .text + UnwindInfo: .rdata
50D120	43C0	.pdata	ExceptionHook \| Pointer to 43C0 - 0x37C0 .text + UnwindInfo: .rdata
50D12C	4500	.pdata	ExceptionHook \| Pointer to 4500 - 0x3900 .text + UnwindInfo: .rdata
50D138	47C0	.pdata	ExceptionHook \| Pointer to 47C0 - 0x3BC0 .text + UnwindInfo: .rdata
50D144	4840	.pdata	ExceptionHook \| Pointer to 4840 - 0x3C40 .text + UnwindInfo: .rdata
50D150	49E0	.pdata	ExceptionHook \| Pointer to 49E0 - 0x3DE0 .text + UnwindInfo: .rdata
50D15C	4BE0	.pdata	ExceptionHook \| Pointer to 4BE0 - 0x3FE0 .text + UnwindInfo: .rdata
50D168	4C40	.pdata	ExceptionHook \| Pointer to 4C40 - 0x4040 .text + UnwindInfo: .rdata
50D174	4DA0	.pdata	ExceptionHook \| Pointer to 4DA0 - 0x41A0 .text + UnwindInfo: .rdata
50D180	4F00	.pdata	ExceptionHook \| Pointer to 4F00 - 0x4300 .text + UnwindInfo: .rdata
50D18C	5080	.pdata	ExceptionHook \| Pointer to 5080 - 0x4480 .text + UnwindInfo: .rdata
50D198	52A0	.pdata	ExceptionHook \| Pointer to 52A0 - 0x46A0 .text + UnwindInfo: .rdata
50D1A4	54C0	.pdata	ExceptionHook \| Pointer to 54C0 - 0x48C0 .text + UnwindInfo: .rdata
50D1B0	55C0	.pdata	ExceptionHook \| Pointer to 55C0 - 0x49C0 .text + UnwindInfo: .rdata
50D1BC	56E0	.pdata	ExceptionHook \| Pointer to 56E0 - 0x4AE0 .text + UnwindInfo: .rdata
50D1C8	58C0	.pdata	ExceptionHook \| Pointer to 58C0 - 0x4CC0 .text + UnwindInfo: .rdata
50D1D4	5AA0	.pdata	ExceptionHook \| Pointer to 5AA0 - 0x4EA0 .text + UnwindInfo: .rdata
50D1E0	5E40	.pdata	ExceptionHook \| Pointer to 5E40 - 0x5240 .text + UnwindInfo: .rdata
50D1EC	5F80	.pdata	ExceptionHook \| Pointer to 5F80 - 0x5380 .text + UnwindInfo: .rdata
50D1F8	6080	.pdata	ExceptionHook \| Pointer to 6080 - 0x5480 .text + UnwindInfo: .rdata
50D204	6700	.pdata	ExceptionHook \| Pointer to 6700 - 0x5B00 .text + UnwindInfo: .rdata
50D210	6760	.pdata	ExceptionHook \| Pointer to 6760 - 0x5B60 .text + UnwindInfo: .rdata
50D21C	6980	.pdata	ExceptionHook \| Pointer to 6980 - 0x5D80 .text + UnwindInfo: .rdata
50D228	6B60	.pdata	ExceptionHook \| Pointer to 6B60 - 0x5F60 .text + UnwindInfo: .rdata
50D234	6D60	.pdata	ExceptionHook \| Pointer to 6D60 - 0x6160 .text + UnwindInfo: .rdata
50D240	6F80	.pdata	ExceptionHook \| Pointer to 6F80 - 0x6380 .text + UnwindInfo: .rdata
50D24C	7320	.pdata	ExceptionHook \| Pointer to 7320 - 0x6720 .text + UnwindInfo: .rdata
50D258	7520	.pdata	ExceptionHook \| Pointer to 7520 - 0x6920 .text + UnwindInfo: .rdata
50D264	7740	.pdata	ExceptionHook \| Pointer to 7740 - 0x6B40 .text + UnwindInfo: .rdata
50D270	7B00	.pdata	ExceptionHook \| Pointer to 7B00 - 0x6F00 .text + UnwindInfo: .rdata
50D27C	7E80	.pdata	ExceptionHook \| Pointer to 7E80 - 0x7280 .text + UnwindInfo: .rdata
50D288	8120	.pdata	ExceptionHook \| Pointer to 8120 - 0x7520 .text + UnwindInfo: .rdata
50D294	83C0	.pdata	ExceptionHook \| Pointer to 83C0 - 0x77C0 .text + UnwindInfo: .rdata
50D2A0	8940	.pdata	ExceptionHook \| Pointer to 8940 - 0x7D40 .text + UnwindInfo: .rdata
50D2AC	8C00	.pdata	ExceptionHook \| Pointer to 8C00 - 0x8000 .text + UnwindInfo: .rdata
50D2B8	9180	.pdata	ExceptionHook \| Pointer to 9180 - 0x8580 .text + UnwindInfo: .rdata
50D2C4	9200	.pdata	ExceptionHook \| Pointer to 9200 - 0x8600 .text + UnwindInfo: .rdata
50D2D0	92C0	.pdata	ExceptionHook \| Pointer to 92C0 - 0x86C0 .text + UnwindInfo: .rdata
50D2DC	9480	.pdata	ExceptionHook \| Pointer to 9480 - 0x8880 .text + UnwindInfo: .rdata
50D2E8	9AE0	.pdata	ExceptionHook \| Pointer to 9AE0 - 0x8EE0 .text + UnwindInfo: .rdata
50D2F4	9D40	.pdata	ExceptionHook \| Pointer to 9D40 - 0x9140 .text + UnwindInfo: .rdata
50D300	9F60	.pdata	ExceptionHook \| Pointer to 9F60 - 0x9360 .text + UnwindInfo: .rdata
50D30C	9FC0	.pdata	ExceptionHook \| Pointer to 9FC0 - 0x93C0 .text + UnwindInfo: .rdata
50D318	A060	.pdata	ExceptionHook \| Pointer to A060 - 0x9460 .text + UnwindInfo: .rdata
50D324	A140	.pdata	ExceptionHook \| Pointer to A140 - 0x9540 .text + UnwindInfo: .rdata
50D330	A240	.pdata	ExceptionHook \| Pointer to A240 - 0x9640 .text + UnwindInfo: .rdata
50D33C	A800	.pdata	ExceptionHook \| Pointer to A800 - 0x9C00 .text + UnwindInfo: .rdata
50D348	A840	.pdata	ExceptionHook \| Pointer to A840 - 0x9C40 .text + UnwindInfo: .rdata
50D354	A9A0	.pdata	ExceptionHook \| Pointer to A9A0 - 0x9DA0 .text + UnwindInfo: .rdata
50D360	A9E0	.pdata	ExceptionHook \| Pointer to A9E0 - 0x9DE0 .text + UnwindInfo: .rdata
50D36C	AA20	.pdata	ExceptionHook \| Pointer to AA20 - 0x9E20 .text + UnwindInfo: .rdata
50D378	AA60	.pdata	ExceptionHook \| Pointer to AA60 - 0x9E60 .text + UnwindInfo: .rdata
50D384	AAA0	.pdata	ExceptionHook \| Pointer to AAA0 - 0x9EA0 .text + UnwindInfo: .rdata
50D390	AAE0	.pdata	ExceptionHook \| Pointer to AAE0 - 0x9EE0 .text + UnwindInfo: .rdata
50D39C	ABA0	.pdata	ExceptionHook \| Pointer to ABA0 - 0x9FA0 .text + UnwindInfo: .rdata
50D3A8	AC60	.pdata	ExceptionHook \| Pointer to AC60 - 0xA060 .text + UnwindInfo: .rdata
50D3B4	ACC0	.pdata	ExceptionHook \| Pointer to ACC0 - 0xA0C0 .text + UnwindInfo: .rdata
50D3C0	AD20	.pdata	ExceptionHook \| Pointer to AD20 - 0xA120 .text + UnwindInfo: .rdata
50D3CC	AFA0	.pdata	ExceptionHook \| Pointer to AFA0 - 0xA3A0 .text + UnwindInfo: .rdata
50D3D8	B000	.pdata	ExceptionHook \| Pointer to B000 - 0xA400 .text + UnwindInfo: .rdata
50D3E4	B060	.pdata	ExceptionHook \| Pointer to B060 - 0xA460 .text + UnwindInfo: .rdata
50D3F0	B0C0	.pdata	ExceptionHook \| Pointer to B0C0 - 0xA4C0 .text + UnwindInfo: .rdata
50D3FC	B180	.pdata	ExceptionHook \| Pointer to B180 - 0xA580 .text + UnwindInfo: .rdata
50D408	B240	.pdata	ExceptionHook \| Pointer to B240 - 0xA640 .text + UnwindInfo: .rdata
50D414	B2E0	.pdata	ExceptionHook \| Pointer to B2E0 - 0xA6E0 .text + UnwindInfo: .rdata
50D420	B340	.pdata	ExceptionHook \| Pointer to B340 - 0xA740 .text + UnwindInfo: .rdata
50D42C	B4E0	.pdata	ExceptionHook \| Pointer to B4E0 - 0xA8E0 .text + UnwindInfo: .rdata
50D438	B5C0	.pdata	ExceptionHook \| Pointer to B5C0 - 0xA9C0 .text + UnwindInfo: .rdata
50D444	B6E0	.pdata	ExceptionHook \| Pointer to B6E0 - 0xAAE0 .text + UnwindInfo: .rdata
50D450	B960	.pdata	ExceptionHook \| Pointer to B960 - 0xAD60 .text + UnwindInfo: .rdata
50D45C	BCA0	.pdata	ExceptionHook \| Pointer to BCA0 - 0xB0A0 .text + UnwindInfo: .rdata
50D468	BD40	.pdata	ExceptionHook \| Pointer to BD40 - 0xB140 .text + UnwindInfo: .rdata
50D474	BE00	.pdata	ExceptionHook \| Pointer to BE00 - 0xB200 .text + UnwindInfo: .rdata
50D480	C020	.pdata	ExceptionHook \| Pointer to C020 - 0xB420 .text + UnwindInfo: .rdata
50D48C	C040	.pdata	ExceptionHook \| Pointer to C040 - 0xB440 .text + UnwindInfo: .rdata
50D498	C620	.pdata	ExceptionHook \| Pointer to C620 - 0xBA20 .text + UnwindInfo: .rdata
50D4A4	C660	.pdata	ExceptionHook \| Pointer to C660 - 0xBA60 .text + UnwindInfo: .rdata

Extra Analysis

Metric	Value	Percentage
Ascii Code	3174268	58,7653%
Null Byte Code	1090366	20,186%
NOP Cave Found	0x9090909090	Block Count: 30 \| Total: 0,0014%

PREMIUM PESCAN.IO - Analysis Report