PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 9,00 KB
SHA-256 Hash: 7C49DF8AD3EE9218220C6C85FD02A04A1BEB4D70EDC9263C28879283B02C3362
SHA-1 Hash: EFC3657E7F0047FF66841F2F124F170CB2168D0A
MD5 Hash: 8BACC407D01D2AA44C35ED0BDDE9F6AA
Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744
MajorOSVersion: 4
CheckSum: 00000000
EntryPoint (rva): 38DE
SizeOfHeaders: 200
SizeOfImage: 8000
ImageBase: 400000
Architecture: x86
ImportTable: 388C
Characteristics: 22
TimeDateStamp: D3E3EF57
Date: 26/08/2082 0:41:59
File Type: EXE
Number Of Sections: 3
ASLR: Disabled
Section Names: .text, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker
Sections Info
Section Name Flags ROffset RSize VOffset VSize
.text
0x60000020
Executable
 200 1A00 2000 18E4
.rsrc
0x40000040
 1C00 600 4000 5CC
.reloc
0x42000040
 2200 200 6000 C
Description
InternalName: DefenderCheck.exe
OriginalFilename: DefenderCheck.exe
LegalCopyright: Copyright 2019
ProductName: DefenderCheck
FileVersion: 1.0.0.0
Entry Point
The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 1ADE
Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
Assembler
|JMP DWORD PTR [0X402000]
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
|ADD BYTE PTR [EAX], AL
Signatures
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
AnyCPU: False
Version: v4.0
Detect It Easy (die)
PE: library: .NET(v4.0.30319)[-]
PE: linker: Microsoft Linker(48.0)[EXE32,console]
Entropy: 4.84981
File Access
DefenderCheck.exe
mscoree.dll
File Access (UNICODE)
DefenderCheck.exe
\Program Files\Windows Defender\MpCmdRun.exe
\Temp\testfile.exe

Temp
Interest's Words
exec
attrib
start
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Execution (ShellExecute)
Text Ascii Malicious rerouting of traffic to an attacker-controlled site (Redirect)
Entry Point Hex Pattern Microsoft Visual C / Basic .NET
Entry Point Hex Pattern Microsoft Visual C++ 8
Entry Point Hex Pattern Microsoft Visual C++ 8.0
Entry Point Hex Pattern Microsoft Visual C v7.0 / Basic .NET
Entry Point Hex Pattern Microsoft Visual Studio .NET
Entry Point Hex Pattern .NET executable
Resources
Path DataRVA Size FileOffset CodeText
\VERSION\1\0 4090 33C 1C90 3C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000<.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\0 43DC 1EA 1FDC EFBBBF3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E65...<?xml version="1.0" encoding="UTF-8" standalone
Intelligent String
• 1.0.0.0
• DefenderCheck.exe
• OUsage: DefenderCheck.exe [path/to/file]
• C:\Temp
• C:\Temp doesn't exist. Creating it...
• C:\Temp\testfile.exe
• C:\Program Files\Windows Defender\MpCmdRun.exe
• _CorExeMainmscoree.dll
Extra Analysis
Metric Value Percentage
Ascii Code 4741 51,4431%
Null Byte Code 3656 39,6701%
© 2026 All rights reserved.