PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 3,12 MB SHA-256 Hash: 5A92F85843D0AE8F73D539A528D69F863467F9FBB0D947AAD165E80C46FA48AC SHA-1 Hash: D4108F52DAF47A4F34AB96D02E535E4F7E5D066D MD5 Hash: 9DAC36AFF21AAED14C29FA0B43237CFB Imphash: F10D19DF77EDB8ED4C9D5669C9859E69 MajorOSVersion: 6 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 274770 SizeOfHeaders: 400 SizeOfImage: 333000 ImageBase: 0000000140000000 Architecture: x64 ExportTable: 2E8CF0 ImportTable: 2E8D50 IAT: 27F000 Characteristics: 22 TimeDateStamp: 685D6698 Date: 26/06/2025 15:26:16 File Type: EXE File Type: DLL Number Of Sections: 5 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, .reloc Number Of Executable Sections: 1 Subsystem: Windows Console |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 27DE00 | 1000 | 27DCCB |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
27E200 | 70A00 | 27F000 | 70974 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
2EEC00 | 12C00 | 2F0000 | 24550 |
|
|
| .pdata | 0x40000040 Initialized Data Readable |
301800 | 19800 | 315000 | 19668 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
31B000 | 3400 | 32F000 | 33E0 |
|
|
| Entry Point |
The section number (1) have the Entry Point Information -> EntryPoint (calculated) - 273B70 Code -> 4883EC28E89F0500004883C428E972FEFFFFCCCC488BC44889580848896810488970184889782041564883EC204D8B513848 Assembler |SUB RSP, 0X28 |CALL 0X15A8 |ADD RSP, 0X28 |JMP 0XE84 |INT3 |INT3 |MOV RAX, RSP |MOV QWORD PTR [RAX + 8], RBX |MOV QWORD PTR [RAX + 0X10], RBP |MOV QWORD PTR [RAX + 0X18], RSI |MOV QWORD PTR [RAX + 0X20], RDI |PUSH R14 |SUB RSP, 0X20 |MOV R10, QWORD PTR [R9 + 0X38] |
| Signatures |
| Rich Signature Analyzer: Code -> 9C3931C6D8585F95D8585F95D8585F95D120CC95CE585F955FD1A295D9585F955FD15B94D2585F955FD15A94F5585F955FD15C94DE585F955FD15E94DE585F9551D15E94C8585F9551D15694DB585F9551D15B94DA585F9551D15C94D9585F950B2A5E94DD585F95D8585E95B25A5F9551D15A949A585F9551D15F94D9585F9551D15D94D9585F9552696368D8585F95 Footprint md5 Hash -> 20CCD429E01D97D6BD36DDB8A48B694B • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Detect It Easy (die) • PE+(64): compiler: Microsoft Visual C/C++(-)[-] • PE+(64): linker: Microsoft Linker(14.44**)[-] • Entropy: 6.52482 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| File Access |
| CitiTest.exe os.exe lua os.exe api-ms-win-crt-utility-l1-1-0.dll api-ms-win-crt-environment-l1-1-0.dll api-ms-win-crt-filesystem-l1-1-0.dll api-ms-win-crt-locale-l1-1-0.dll api-ms-win-crt-time-l1-1-0.dll api-ms-win-crt-convert-l1-1-0.dll api-ms-win-crt-string-l1-1-0.dll api-ms-win-crt-math-l1-1-0.dll api-ms-win-crt-heap-l1-1-0.dll api-ms-win-crt-stdio-l1-1-0.dll api-ms-win-crt-runtime-l1-1-0.dll VCRUNTIME140_1.dll VCRUNTIME140.dll MSVCP140.dll citizen-server-net.dll citizen-server-instance.dll vfs-core.dll net-base.dll citizen-resources-core.dll citizen-server-impl.dll CoreRT.dll citizen-scripting-lua54.dll USER32.dll KERNEL32.dll !\?.dll tbbmalloc.dll .dat 0].dat Span{clientData3.dat (clientData2.dat 1].dat (clientData1.dat clientMumbleMessage.dat counter].dat string_view(data.dat string_view(keyBuffer.dat string_view(idBuffer.dat stateBag.data.dat stateBag.dat (randomData.dat {randomEventData.dat serverNetGameEvent.event.dat (test.dat Read(test.dat (testBuffer.dat Write(test.dat lua os.dat os.dat packet.dat @.dat @test/test.txt @test/test2.txt @test/lines.txt test.txt 503.txt 404.txt @test/rename.txt Temp |
| File Access (UNICODE) |
| ntdll.dll wtsapi32.dll CoreRT.dll |
| Interest's Words |
| exec attrib start pause hostname systeminfo ping expand replace route |
| URLs |
| https://github.com/citizenfx/fivem. |
| IP Addresses |
| 127.0.0.1 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Hex | Hex Pattern | SYSCALL (SYSCALL - 4C8BD1B8) |
| Text | Ascii | WinAPI Sockets (bind) |
| Text | Ascii | WinAPI Sockets (listen) |
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (ReleaseSemaphore) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Technique used to capture communications between systems (Intercept) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 (DLL) |
| Intelligent String |
| • api-ms-win-crt-heap-l1-1-0.dll • api-ms-win-crt-stdio-l1-1-0.dll • api-ms-win-crt-runtime-l1-1-0.dll • ;.\?.dll • ;!\loadall.dll • ;!\..\lib\lua\5.4\?.dll • !\?.dll • C:\fivem\vendor\fmtlib\include\fmt\format.h • CoreRT.dll • wtsapi32.dll • C:\fivem\code\client\common\Error.cpp • C:\fivem\vendor\fmtlib\include\fmt\core.h • C:\fivem\vendor\xenium\xenium\marked_ptr.hpp • 127.0.0.1 • C:\fivem\vendor\xenium\xenium\reclamation\detail\retire_list.hpp • C:\fivem\vendor\boost-submodules\boost-optional\include\boost\optional\optional.hpp • C:\fivem\vendor\xenium\xenium\reclamation\impl\generic_epoch_based.hpp • C:\fivem\vendor\xenium\xenium\reclamation\detail\thread_block_list.hpp • C:\fivem\code\client\shared\Registry.h • C:\fivem\code\tests\server\TestArrayUpdate.cpp • C:\fivem\code\vendor\catch2\include\catch_amalgamated.hpp • C:\fivem\code\tests\server\TestEventReassembly.cpp • C:\fivem\code\tests\server\TestGameStateAckPacketHandler.cpp • C:\fivem\code\tests\server\TestGameStateNAckPacketHandler.cpp • C:\fivem\code\components\citizen-server-impl\include\packethandlers\HeHostPacketHandler.h • C:\fivem\code\tests\server\TestHeHostHandler.cpp • C:\fivem\code\tests\server\TestIHostHandler.cppH*@ • C:\fivem\code\tests\server\TestIQuitHandler.cpp__cfx_internal:client • C:\fivem\code\client\citicore\console\ProgramArguments.h • C:\fivem\code\shared\TokenBucket.h • C:\fivem\code\tests\server\TestInfoOutOfBand.cpp • result, what, code = os.execute("rd /s /q D:\\") • C:\fivem\code\tests\server\TestLua.cpp • main.lua • @test/rename.txt • test.txt • @test/test.txt • C:\fivem\code\tests\server\TestOOB.cpp • C:\fivem\code\tests\server\TestRequestObjectIds.cpp • C:\fivem\code\tests\server\TestRoutingHandler.cpp • C:\fivem\vendor\msgpack-cpp\include\msgpack\v2\create_object_visitor.hpp • C:\fivem\vendor\msgpack-cpp\include\msgpack\v1\detail\cpp11_zone.hpp • C:\fivem\vendor\msgpack-cpp\include\msgpack\v2\parse.hpp • C:\fivem\code\client\citicore\se\Security.h • C:\fivem\code\tests\server\TestServerCommand.cpp • C:\fivem\code\tests\server\TestServerEvent.cpp • C:\fivem\code\tests\server\TestServerEventComponent.cpp%(@ • C:\fivem\vendor\msgpack-cpp\include\msgpack\v1\sbuffer.hpp • C:\fivem\code\tests\server\TestStateBag.cppnet:1 • C:\fivem\code\tests\server\TestStatusOutOfBand.cpp • C:\fivem\code\tests\server\TestTimeSyncReq.cpp • Serialization of the server time sync response failed. Please report this error at https://github.com/citizenfx/fivem. • C:\fivem\code\components\citizen-server-impl\include\packethandlers\TimeSyncReqPacketHandler.h • C:\fivem\code\tests\shared\TestComponents.cpp • C:\fivem\code\tests\shared\TestFormData.cpp • C:\fivem\code\tests\shared\TestGameStateNAck.cpp • C:\fivem\code\tests\shared\TestMemoryScriptBufferPool.cpp • C:\fivem\code\tests\shared\TestMessageBuffer.cpp • C:\fivem\code\tests\shared\TestNetBuffer.cpp • C:\fivem\code\tests\shared\TestNetEvent.cpp • C:\fivem\code\tests\shared\TestObjectPool.cpp • C:\fivem\code\tests\shared\TestPrincipal.cpp • command.admins.ban • command.mods.kick.all • C:\fivem\code\tests\shared\TestArrayUpdate.cpp • ntdll.dll • C:\fivem\code\client\shared\Utils.cpp • C:\fivem\code\client\shared\Utils.Win32.cpp • C:\fivem\code\vendor\catch2\src\catch_amalgamated.cpp • <?xml-stylesheet type="text/xsl" href="<?xml version="1.0" encoding="UTF-8"?> • tbbmalloc.dll • Kernel32.dll • require!\lua\?.lua;!\lua\?\init.lua;!\?.lua;!\?\init.lua;!\..\share\lua\5.4\?.lua;!\..\share\lua\5.4\?\init.lua;.\?.lua;.\?\init.lua • unable to dump given function • dump • C:\fivem\code\bin\server\windows\release\dbg\CitiTest.pdb • .tls • .bss • CitiTest.exe?pUndumpHook@@3P6AHPEBD_K@ZEA • KERNEL32.dll • citizen-resources-core.dll • vfs-core.dll • MSVCP140.dll • VCRUNTIME140_1.dll • api-ms-win-crt-math-l1-1-0.dll • api-ms-win-crt-string-l1-1-0.dll • api-ms-win-crt-convert-l1-1-0.dll • api-ms-win-crt-time-l1-1-0.dll • api-ms-win-crt-locale-l1-1-0.dll • api-ms-win-crt-filesystem-l1-1-0.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 65D9 | N/A | .text | CALL QWORD PTR [RIP+0x278B49] |
| 65ED | N/A | .text | CALL QWORD PTR [RIP+0x278AAD] |
| 65F8 | N/A | .text | CALL QWORD PTR [RIP+0x278B2A] |
| 6611 | N/A | .text | JMP QWORD PTR [RIP+0x278A89] |
| 67F7 | N/A | .text | CALL QWORD PTR [RIP+0x27894B] |
| 684F | N/A | .text | CALL QWORD PTR [RIP+0x27882B] |
| 8123 | N/A | .text | JMP QWORD PTR [RIP+0x440FC78B] |
| 99F3 | N/A | .text | CALL QWORD PTR [RIP+0x27513F] |
| 9A08 | N/A | .text | CALL QWORD PTR [RIP+0x27512A] |
| F85E | N/A | .text | CALL QWORD PTR [RIP+0x26F5A4] |
| 122E5 | N/A | .text | CALL QWORD PTR [RIP+0x26CE85] |
| 1A91C | N/A | .text | CALL QWORD PTR [RIP+0x264216] |
| 1AC02 | N/A | .text | CALL QWORD PTR [RIP+0x263F30] |
| 1AC33 | N/A | .text | CALL QWORD PTR [RIP+0x263EFF] |
| 1C721 | N/A | .text | CALL QWORD PTR [RIP+0x262539] |
| 1C8D1 | N/A | .text | CALL QWORD PTR [RIP+0x262531] |
| 1CAD3 | N/A | .text | CALL QWORD PTR [RIP+0x2626E7] |
| 1CB0B | N/A | .text | CALL QWORD PTR [RIP+0x262097] |
| 1CB5C | N/A | .text | CALL QWORD PTR [RIP+0x261FD6] |
| 1CBAE | N/A | .text | CALL QWORD PTR [RIP+0x2620AC] |
| 1CBD7 | N/A | .text | CALL QWORD PTR [RIP+0x261FCB] |
| 1CD09 | N/A | .text | CALL QWORD PTR [RIP+0x2624D1] |
| 1CD16 | N/A | .text | CALL QWORD PTR [RIP+0x261F44] |
| 1CF36 | N/A | .text | CALL QWORD PTR [RIP+0x261BFC] |
| 1D3F2 | N/A | .text | CALL QWORD PTR [RIP+0x261DE8] |
| 1D3FE | N/A | .text | CALL QWORD PTR [RIP+0x26185C] |
| 1D617 | N/A | .text | CALL QWORD PTR [RIP+0x26151B] |
| 1D8E7 | N/A | .text | CALL QWORD PTR [RIP+0x26124B] |
| 1E822 | N/A | .text | CALL QWORD PTR [RIP+0x2605D0] |
| 206B4 | N/A | .text | CALL QWORD PTR [RIP+0x25E486] |
| 206CC | N/A | .text | CALL QWORD PTR [RIP+0x25E956] |
| 21E56 | N/A | .text | CALL QWORD PTR [RIP+0x25CCDC] |
| 21F38 | N/A | .text | CALL QWORD PTR [RIP+0x25CBFA] |
| 22A92 | N/A | .text | CALL QWORD PTR [RIP+0x25C708] |
| 22ACF | N/A | .text | CALL QWORD PTR [RIP+0x25C6CB] |
| 28B94 | N/A | .text | CALL QWORD PTR [RIP+0x255FE6] |
| 28BED | N/A | .text | CALL QWORD PTR [RIP+0x255F3D] |
| 28C5F | N/A | .text | JMP QWORD PTR [RIP+0x255ECB] |
| 28CE4 | N/A | .text | CALL QWORD PTR [RIP+0x255E96] |
| 28D24 | N/A | .text | CALL QWORD PTR [RIP+0x255E56] |
| 28D7F | N/A | .text | CALL QWORD PTR [RIP+0x2562FB] |
| 2A12A | N/A | .text | CALL QWORD PTR [RIP+0x254CC8] |
| 2A189 | N/A | .text | CALL QWORD PTR [RIP+0x254C69] |
| 2A1E3 | N/A | .text | CALL QWORD PTR [RIP+0x254C0F] |
| 2A245 | N/A | .text | CALL QWORD PTR [RIP+0x254BAD] |
| 2A2A4 | N/A | .text | CALL QWORD PTR [RIP+0x254B4E] |
| 2A2FE | N/A | .text | CALL QWORD PTR [RIP+0x254AF4] |
| 2A361 | N/A | .text | CALL QWORD PTR [RIP+0x254A91] |
| 2A3C0 | N/A | .text | CALL QWORD PTR [RIP+0x254A32] |
| 2A41A | N/A | .text | CALL QWORD PTR [RIP+0x2549D8] |
| 2A470 | N/A | .text | CALL QWORD PTR [RIP+0x254982] |
| 2A4CF | N/A | .text | CALL QWORD PTR [RIP+0x254923] |
| 2C1DA | N/A | .text | CALL QWORD PTR [RIP+0x252F90] |
| 35F90 | N/A | .text | CALL QWORD PTR [RIP+0x249252] |
| 367EC | N/A | .text | CALL QWORD PTR [RIP+0x2487A6] |
| 36813 | N/A | .text | CALL QWORD PTR [RIP+0x24882F] |
| 368C4 | N/A | .text | CALL QWORD PTR [RIP+0x2486CE] |
| 368CF | N/A | .text | CALL QWORD PTR [RIP+0x2486C3] |
| 368E7 | N/A | .text | CALL QWORD PTR [RIP+0x24875B] |
| 37450 | N/A | .text | CALL QWORD PTR [RIP+0x247C42] |
| 37482 | N/A | .text | CALL QWORD PTR [RIP+0x247C40] |
| 374BD | N/A | .text | CALL QWORD PTR [RIP+0x247AD5] |
| 374C5 | N/A | .text | CALL QWORD PTR [RIP+0x247B7D] |
| 37616 | N/A | .text | CALL QWORD PTR [RIP+0x247B0C] |
| 37653 | N/A | .text | CALL QWORD PTR [RIP+0x247ABF] |
| 3769C | N/A | .text | CALL QWORD PTR [RIP+0x247A1E] |
| 376D1 | N/A | .text | CALL QWORD PTR [RIP+0x247A41] |
| 376E5 | N/A | .text | CALL QWORD PTR [RIP+0x247A2D] |
| 376FA | N/A | .text | CALL QWORD PTR [RIP+0x247A18] |
| 37731 | N/A | .text | CALL QWORD PTR [RIP+0x2479D1] |
| 37763 | N/A | .text | CALL QWORD PTR [RIP+0x2479AF] |
| 3779D | N/A | .text | CALL QWORD PTR [RIP+0x247975] |
| 377B5 | N/A | .text | CALL QWORD PTR [RIP+0x24795D] |
| 377CA | N/A | .text | CALL QWORD PTR [RIP+0x247948] |
| 378CC | N/A | .text | CALL QWORD PTR [RIP+0x247826] |
| 378DE | N/A | .text | CALL QWORD PTR [RIP+0x2477C4] |
| 38412 | N/A | .text | CALL QWORD PTR [RIP+0x246730] |
| 38495 | N/A | .text | CALL QWORD PTR [RIP+0x2466AD] |
| 3862C | N/A | .text | CALL QWORD PTR [RIP+0x246AF6] |
| 38644 | N/A | .text | CALL QWORD PTR [RIP+0x246A96] |
| 3864F | N/A | .text | CALL QWORD PTR [RIP+0x246AD3] |
| 38665 | N/A | .text | CALL QWORD PTR [RIP+0x246A75] |
| 386A5 | N/A | .text | CALL QWORD PTR [RIP+0x246A7D] |
| 386BD | N/A | .text | CALL QWORD PTR [RIP+0x246A1D] |
| 386C8 | N/A | .text | CALL QWORD PTR [RIP+0x246A5A] |
| 386D1 | N/A | .text | CALL QWORD PTR [RIP+0x246991] |
| 38C2B | N/A | .text | CALL QWORD PTR [RIP+0x2465AF] |
| 38C54 | N/A | .text | CALL QWORD PTR [RIP+0x24654E] |
| 38C63 | N/A | .text | CALL QWORD PTR [RIP+0x24654F] |
| 38C78 | N/A | .text | CALL QWORD PTR [RIP+0x24654A] |
| 38C99 | N/A | .text | CALL QWORD PTR [RIP+0x246509] |
| 38CAD | N/A | .text | CALL QWORD PTR [RIP+0x24652D] |
| 3C649 | N/A | .text | CALL QWORD PTR [RIP+0x2424E9] |
| 3C794 | N/A | .text | CALL QWORD PTR [RIP+0x24239E] |
| 3C7D6 | N/A | .text | CALL QWORD PTR [RIP+0x24235C] |
| 3C889 | N/A | .text | CALL QWORD PTR [RIP+0x2422A9] |
| 3C95B | N/A | .text | CALL QWORD PTR [RIP+0x2421D7] |
| 3C9CC | N/A | .text | CALL QWORD PTR [RIP+0x242166] |
| 3CA16 | N/A | .text | CALL QWORD PTR [RIP+0x24211C] |
| 3CA3B | N/A | .text | CALL QWORD PTR [RIP+0x2420F7] |
| 27FDE0 | 273FFC | .rdata | TLS Callback | Pointer to 140273FFC - 0x2733FC .text |
| 27FDE8 | 273D5C | .rdata | TLS Callback | Pointer to 140273D5C - 0x27315C .text |
| 301800 | 1000 | .pdata | ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata |
| 30180C | 1170 | .pdata | ExceptionHook | Pointer to 1170 - 0x570 .text + UnwindInfo: .rdata |
| 301818 | 1220 | .pdata | ExceptionHook | Pointer to 1220 - 0x620 .text + UnwindInfo: .rdata |
| 301824 | 12D0 | .pdata | ExceptionHook | Pointer to 12D0 - 0x6D0 .text + UnwindInfo: .rdata |
| 301830 | 1380 | .pdata | ExceptionHook | Pointer to 1380 - 0x780 .text + UnwindInfo: .rdata |
| 30183C | 1430 | .pdata | ExceptionHook | Pointer to 1430 - 0x830 .text + UnwindInfo: .rdata |
| 301848 | 15A0 | .pdata | ExceptionHook | Pointer to 15A0 - 0x9A0 .text + UnwindInfo: .rdata |
| 301854 | 1710 | .pdata | ExceptionHook | Pointer to 1710 - 0xB10 .text + UnwindInfo: .rdata |
| 301860 | 1740 | .pdata | ExceptionHook | Pointer to 1740 - 0xB40 .text + UnwindInfo: .rdata |
| 30186C | 1770 | .pdata | ExceptionHook | Pointer to 1770 - 0xB70 .text + UnwindInfo: .rdata |
| 301878 | 17A0 | .pdata | ExceptionHook | Pointer to 17A0 - 0xBA0 .text + UnwindInfo: .rdata |
| 301884 | 17D0 | .pdata | ExceptionHook | Pointer to 17D0 - 0xBD0 .text + UnwindInfo: .rdata |
| 301890 | 1800 | .pdata | ExceptionHook | Pointer to 1800 - 0xC00 .text + UnwindInfo: .rdata |
| 30189C | 1850 | .pdata | ExceptionHook | Pointer to 1850 - 0xC50 .text + UnwindInfo: .rdata |
| 3018A8 | 1880 | .pdata | ExceptionHook | Pointer to 1880 - 0xC80 .text + UnwindInfo: .rdata |
| 3018B4 | 18B0 | .pdata | ExceptionHook | Pointer to 18B0 - 0xCB0 .text + UnwindInfo: .rdata |
| 3018C0 | 18E0 | .pdata | ExceptionHook | Pointer to 18E0 - 0xCE0 .text + UnwindInfo: .rdata |
| 3018CC | 1910 | .pdata | ExceptionHook | Pointer to 1910 - 0xD10 .text + UnwindInfo: .rdata |
| 3018D8 | 1940 | .pdata | ExceptionHook | Pointer to 1940 - 0xD40 .text + UnwindInfo: .rdata |
| 3018E4 | 1970 | .pdata | ExceptionHook | Pointer to 1970 - 0xD70 .text + UnwindInfo: .rdata |
| 3018F0 | 19A0 | .pdata | ExceptionHook | Pointer to 19A0 - 0xDA0 .text + UnwindInfo: .rdata |
| 3018FC | 19D0 | .pdata | ExceptionHook | Pointer to 19D0 - 0xDD0 .text + UnwindInfo: .rdata |
| 301908 | 1A00 | .pdata | ExceptionHook | Pointer to 1A00 - 0xE00 .text + UnwindInfo: .rdata |
| 301914 | 1A30 | .pdata | ExceptionHook | Pointer to 1A30 - 0xE30 .text + UnwindInfo: .rdata |
| 301920 | 1A60 | .pdata | ExceptionHook | Pointer to 1A60 - 0xE60 .text + UnwindInfo: .rdata |
| 30192C | 1AA0 | .pdata | ExceptionHook | Pointer to 1AA0 - 0xEA0 .text + UnwindInfo: .rdata |
| 301938 | 1AD0 | .pdata | ExceptionHook | Pointer to 1AD0 - 0xED0 .text + UnwindInfo: .rdata |
| 301944 | 1B00 | .pdata | ExceptionHook | Pointer to 1B00 - 0xF00 .text + UnwindInfo: .rdata |
| 301950 | 1B30 | .pdata | ExceptionHook | Pointer to 1B30 - 0xF30 .text + UnwindInfo: .rdata |
| 30195C | 1BE0 | .pdata | ExceptionHook | Pointer to 1BE0 - 0xFE0 .text + UnwindInfo: .rdata |
| 301968 | 1C10 | .pdata | ExceptionHook | Pointer to 1C10 - 0x1010 .text + UnwindInfo: .rdata |
| 301974 | 1C40 | .pdata | ExceptionHook | Pointer to 1C40 - 0x1040 .text + UnwindInfo: .rdata |
| 301980 | 1C70 | .pdata | ExceptionHook | Pointer to 1C70 - 0x1070 .text + UnwindInfo: .rdata |
| 30198C | 1CA0 | .pdata | ExceptionHook | Pointer to 1CA0 - 0x10A0 .text + UnwindInfo: .rdata |
| 301998 | 1CD0 | .pdata | ExceptionHook | Pointer to 1CD0 - 0x10D0 .text + UnwindInfo: .rdata |
| 3019A4 | 1D00 | .pdata | ExceptionHook | Pointer to 1D00 - 0x1100 .text + UnwindInfo: .rdata |
| 3019B0 | 1D30 | .pdata | ExceptionHook | Pointer to 1D30 - 0x1130 .text + UnwindInfo: .rdata |
| 3019BC | 1D60 | .pdata | ExceptionHook | Pointer to 1D60 - 0x1160 .text + UnwindInfo: .rdata |
| 3019C8 | 1D90 | .pdata | ExceptionHook | Pointer to 1D90 - 0x1190 .text + UnwindInfo: .rdata |
| 3019D4 | 1DC0 | .pdata | ExceptionHook | Pointer to 1DC0 - 0x11C0 .text + UnwindInfo: .rdata |
| 3019E0 | 1DF0 | .pdata | ExceptionHook | Pointer to 1DF0 - 0x11F0 .text + UnwindInfo: .rdata |
| 3019EC | 1E20 | .pdata | ExceptionHook | Pointer to 1E20 - 0x1220 .text + UnwindInfo: .rdata |
| 3019F8 | 1E50 | .pdata | ExceptionHook | Pointer to 1E50 - 0x1250 .text + UnwindInfo: .rdata |
| 301A04 | 1E80 | .pdata | ExceptionHook | Pointer to 1E80 - 0x1280 .text + UnwindInfo: .rdata |
| 301A10 | 1EB0 | .pdata | ExceptionHook | Pointer to 1EB0 - 0x12B0 .text + UnwindInfo: .rdata |
| 301A1C | 1EE0 | .pdata | ExceptionHook | Pointer to 1EE0 - 0x12E0 .text + UnwindInfo: .rdata |
| 301A28 | 1F10 | .pdata | ExceptionHook | Pointer to 1F10 - 0x1310 .text + UnwindInfo: .rdata |
| 301A34 | 1F40 | .pdata | ExceptionHook | Pointer to 1F40 - 0x1340 .text + UnwindInfo: .rdata |
| 301A40 | 1FE0 | .pdata | ExceptionHook | Pointer to 1FE0 - 0x13E0 .text + UnwindInfo: .rdata |
| 301A4C | 2010 | .pdata | ExceptionHook | Pointer to 2010 - 0x1410 .text + UnwindInfo: .rdata |
| 301A58 | 2040 | .pdata | ExceptionHook | Pointer to 2040 - 0x1440 .text + UnwindInfo: .rdata |
| 301A64 | 2070 | .pdata | ExceptionHook | Pointer to 2070 - 0x1470 .text + UnwindInfo: .rdata |
| 301A70 | 20A0 | .pdata | ExceptionHook | Pointer to 20A0 - 0x14A0 .text + UnwindInfo: .rdata |
| 301A7C | 20D0 | .pdata | ExceptionHook | Pointer to 20D0 - 0x14D0 .text + UnwindInfo: .rdata |
| 301A88 | 2100 | .pdata | ExceptionHook | Pointer to 2100 - 0x1500 .text + UnwindInfo: .rdata |
| 301A94 | 2130 | .pdata | ExceptionHook | Pointer to 2130 - 0x1530 .text + UnwindInfo: .rdata |
| 301AA0 | 2160 | .pdata | ExceptionHook | Pointer to 2160 - 0x1560 .text + UnwindInfo: .rdata |
| 301AAC | 2190 | .pdata | ExceptionHook | Pointer to 2190 - 0x1590 .text + UnwindInfo: .rdata |
| 301AB8 | 21C0 | .pdata | ExceptionHook | Pointer to 21C0 - 0x15C0 .text + UnwindInfo: .rdata |
| 301AC4 | 2260 | .pdata | ExceptionHook | Pointer to 2260 - 0x1660 .text + UnwindInfo: .rdata |
| 301AD0 | 2300 | .pdata | ExceptionHook | Pointer to 2300 - 0x1700 .text + UnwindInfo: .rdata |
| 301ADC | 2330 | .pdata | ExceptionHook | Pointer to 2330 - 0x1730 .text + UnwindInfo: .rdata |
| 301AE8 | 2360 | .pdata | ExceptionHook | Pointer to 2360 - 0x1760 .text + UnwindInfo: .rdata |
| 301AF4 | 2390 | .pdata | ExceptionHook | Pointer to 2390 - 0x1790 .text + UnwindInfo: .rdata |
| 301B00 | 23C0 | .pdata | ExceptionHook | Pointer to 23C0 - 0x17C0 .text + UnwindInfo: .rdata |
| 301B0C | 23F0 | .pdata | ExceptionHook | Pointer to 23F0 - 0x17F0 .text + UnwindInfo: .rdata |
| 301B18 | 2420 | .pdata | ExceptionHook | Pointer to 2420 - 0x1820 .text + UnwindInfo: .rdata |
| 301B24 | 2450 | .pdata | ExceptionHook | Pointer to 2450 - 0x1850 .text + UnwindInfo: .rdata |
| 301B30 | 24F0 | .pdata | ExceptionHook | Pointer to 24F0 - 0x18F0 .text + UnwindInfo: .rdata |
| 301B3C | 2520 | .pdata | ExceptionHook | Pointer to 2520 - 0x1920 .text + UnwindInfo: .rdata |
| 301B48 | 2550 | .pdata | ExceptionHook | Pointer to 2550 - 0x1950 .text + UnwindInfo: .rdata |
| 301B54 | 2580 | .pdata | ExceptionHook | Pointer to 2580 - 0x1980 .text + UnwindInfo: .rdata |
| 301B60 | 25B0 | .pdata | ExceptionHook | Pointer to 25B0 - 0x19B0 .text + UnwindInfo: .rdata |
| 301B6C | 25E0 | .pdata | ExceptionHook | Pointer to 25E0 - 0x19E0 .text + UnwindInfo: .rdata |
| 301B78 | 2610 | .pdata | ExceptionHook | Pointer to 2610 - 0x1A10 .text + UnwindInfo: .rdata |
| 301B84 | 2640 | .pdata | ExceptionHook | Pointer to 2640 - 0x1A40 .text + UnwindInfo: .rdata |
| 301B90 | 26E0 | .pdata | ExceptionHook | Pointer to 26E0 - 0x1AE0 .text + UnwindInfo: .rdata |
| 301B9C | 2710 | .pdata | ExceptionHook | Pointer to 2710 - 0x1B10 .text + UnwindInfo: .rdata |
| 301BA8 | 2740 | .pdata | ExceptionHook | Pointer to 2740 - 0x1B40 .text + UnwindInfo: .rdata |
| 301BB4 | 2770 | .pdata | ExceptionHook | Pointer to 2770 - 0x1B70 .text + UnwindInfo: .rdata |
| 301BC0 | 27A0 | .pdata | ExceptionHook | Pointer to 27A0 - 0x1BA0 .text + UnwindInfo: .rdata |
| 301BCC | 27D0 | .pdata | ExceptionHook | Pointer to 27D0 - 0x1BD0 .text + UnwindInfo: .rdata |
| 301BD8 | 2800 | .pdata | ExceptionHook | Pointer to 2800 - 0x1C00 .text + UnwindInfo: .rdata |
| 301BE4 | 2830 | .pdata | ExceptionHook | Pointer to 2830 - 0x1C30 .text + UnwindInfo: .rdata |
| 301BF0 | 28D0 | .pdata | ExceptionHook | Pointer to 28D0 - 0x1CD0 .text + UnwindInfo: .rdata |
| 301BFC | 2900 | .pdata | ExceptionHook | Pointer to 2900 - 0x1D00 .text + UnwindInfo: .rdata |
| 301C08 | 2930 | .pdata | ExceptionHook | Pointer to 2930 - 0x1D30 .text + UnwindInfo: .rdata |
| 301C14 | 2960 | .pdata | ExceptionHook | Pointer to 2960 - 0x1D60 .text + UnwindInfo: .rdata |
| 301C20 | 2990 | .pdata | ExceptionHook | Pointer to 2990 - 0x1D90 .text + UnwindInfo: .rdata |
| 301C2C | 29C0 | .pdata | ExceptionHook | Pointer to 29C0 - 0x1DC0 .text + UnwindInfo: .rdata |
| 301C38 | 29F0 | .pdata | ExceptionHook | Pointer to 29F0 - 0x1DF0 .text + UnwindInfo: .rdata |
| 301C44 | 2A90 | .pdata | ExceptionHook | Pointer to 2A90 - 0x1E90 .text + UnwindInfo: .rdata |
| 301C50 | 2AC0 | .pdata | ExceptionHook | Pointer to 2AC0 - 0x1EC0 .text + UnwindInfo: .rdata |
| 301C5C | 2AF0 | .pdata | ExceptionHook | Pointer to 2AF0 - 0x1EF0 .text + UnwindInfo: .rdata |
| 301C68 | 2B20 | .pdata | ExceptionHook | Pointer to 2B20 - 0x1F20 .text + UnwindInfo: .rdata |
| 301C74 | 2B50 | .pdata | ExceptionHook | Pointer to 2B50 - 0x1F50 .text + UnwindInfo: .rdata |
| 301C80 | 2B80 | .pdata | ExceptionHook | Pointer to 2B80 - 0x1F80 .text + UnwindInfo: .rdata |
| 301C8C | 2BB0 | .pdata | ExceptionHook | Pointer to 2BB0 - 0x1FB0 .text + UnwindInfo: .rdata |
| 301C98 | 2C50 | .pdata | ExceptionHook | Pointer to 2C50 - 0x2050 .text + UnwindInfo: .rdata |
| 301CA4 | 2C80 | .pdata | ExceptionHook | Pointer to 2C80 - 0x2080 .text + UnwindInfo: .rdata |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 2147338 | 65,6752% |
| Null Byte Code | 473574 | 14,484% |
© 2026 All rights reserved.