PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 360,50 KB SHA-256 Hash: 018EF9D0888A225CE6EFBD7EB7E2482D3BC98C6F1C6D1132B9C7CC2FD99A0253 SHA-1 Hash: 921C8D0567982CD5B249B5A9DAB21B52CC7DA2FA MD5 Hash: A731EF28560FF9035E25641A21736071 Imphash: DAE02F32A21E03CE65412F6E56942DAA MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 5B75A SizeOfHeaders: 200 SizeOfImage: 60000 ImageBase: 10000000 Architecture: x86 ImportTable: 5B708 IAT: 2000 Characteristics: 2022 TimeDateStamp: F8182B0D Date: 25/11/2101 3:44:13 File Type: DLL Number Of Sections: 3 ASLR: Disabled Section Names: .text, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows Console |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 60000020 (Code, Executable, Readable) | 200 | 59A00 | 2000 | 59828 | 6,7854 | 4092453,18 |
| .rsrc | 40000040 (Initialized Data, Readable) | 59C00 | 400 | 5C000 | 378 | 2,8050 | 111917,50 |
| .reloc | 42000040 (Initialized Data, GP-Relative, Readable) | 5A000 | 200 | 5E000 | C | 0,1019 | 128015,00 |
| Description |
| OriginalFilename: iiMenuCopys.dll LegalCopyright: Copyright 2024 ProductName: iiMenu FileVersion: 1.0.0.0 FileDescription: iiMenu ProductVersion: 1.0.0.0 Language: Unknown (ID=0x0) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
| The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 5995A Code -> FF25002000100000003F0000C03F0000004000002041000000400000F0400000104100004843040000000300000005000000 • JMP DWORD PTR [0X10002000] • ADD BYTE PTR [EAX], AL • ADD BYTE PTR [EDI], BH • ADD BYTE PTR [EAX], AL • SAR BYTE PTR [EDI], 0 • ADD BYTE PTR [EAX], AL • INC EAX • ADD BYTE PTR [EAX], AL • AND BYTE PTR [ECX], AL • ADD BYTE PTR [EAX], AL • INC EAX • ADD BYTE PTR [EAX], AL |
| Signatures |
| Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual .NET - (You can use a decompiler for this...) • AnyCPU: True • Version: v4.0 Detect It Easy (die) • PE: library: .NET(v4.0.30319)[-] • PE: linker: Microsoft Linker(48.0)[-] • Entropy: 6.76779 |
| File Access |
| mscoree.dll Assembly-CSharp.dll iiMenuCopys.dll Temp |
| File Access (UNICODE) |
| iiMenuCopys.dll ;iisStupidMenu/iiMenu_Font.txt iisStupidMenu/iiMenu_Theme.txt CiisStupidMenu/iiMenu_PageType.txt KiisStupidMenu/iiMenu_FavoriteMods.txt IiisStupidMenu/iiMenu_EnabledMods.txt + - Anti Moderator.txt UiisStupidMenu/iiMenu_CustomSoundOnJoin.txt Temp |
| Interest's Words |
| Spam exec attrib start pause replace |
| Interest's Words (UNICODE) |
| Spam start ping |
| URLs (UNICODE) |
| https://discord.gg/PeTVxBVvaj https://pastebin.com/raw/GuegUaUS https://pastebin.com/raw/VtG3cNRX https://pastebin.com/raw/VVGz1pTD https://pastebin.com/raw/yApU6qHZ https://pastebin.com/raw/fxcK9stm |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Unicode | WinAPI Sockets (connect) |
| Text | Ascii | Malware that injects malicious code into a process (Injector) |
| Text | Ascii | Signal sent from infected system to a command and control server (Beacon) |
| Text | Unicode | Signal sent from infected system to a command and control server (Beacon) |
| Text | Ascii | Software that records user activity (Logger) |
| Text | Ascii | Technique used to insert malicious code into legitimate processes (Inject) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \VERSION\1\0 | 5C058 | 31C | 59C58 | 1C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| Intelligent String |
| • 1.0.0.0 • iiMenuCopys.dll • UiisStupidMenu/iiMenu_CustomSoundOnJoin.txt • https://discord.gg/PeTVxBVvaj • + - Anti Moderator.txt • IiisStupidMenu/iiMenu_EnabledMods.txt • KiisStupidMenu/iiMenu_FavoriteMods.txt • CiisStupidMenu/iiMenu_PageType.txt • =iisStupidMenu/iiMenu_Theme.txt • ;iisStupidMenu/iiMenu_Font.txt • https://pastebin.com/raw/GuegUaUS • https://pastebin.com/raw/VtG3cNRX • https://pastebin.com/raw/VVGz1pTD • https://pastebin.com/raw/yApU6qHZ • https://pastebin.com/raw/fxcK9stm • AiiMenuCopys.Resources.return.png • Arial.ttf • Assembly-CSharp.dll • _CorDllMainmscoree.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 3B1CB | 5C058 | .text | CALL [static] | Indirect call to absolute memory address |
| 4820F | 149D4D9E | .text | CALL [static] | Indirect call to absolute memory address |
| 4AA31 | 18AAACDA | .text | JMP [static] | Indirect jump to absolute memory address |
| 4CB9E | 98D83AB | .text | JMP [static] | Indirect jump to absolute memory address |
| 4CC40 | 18039616 | .text | JMP [static] | Indirect jump to absolute memory address |
| 55C8F | 18039616 | .text | CALL [static] | Indirect call to absolute memory address |
| 5995A | 10002000 | .text | JMP [static] | Indirect jump to absolute memory address |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 223677 | 60,5921% |
| Null Byte Code | 77480 | 20,9886% |
© 2026 All rights reserved.