PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 1,39 MB
SHA-256 Hash: E512D22D2BD989F35EBACCB63615434870DC0642B0F60E6D4BDA0BB89ADEE27A
SHA-1 Hash: E27F4FEFFC1BA6BF4E35AEC4A5270FCCB636E5CF
MD5 Hash: AA72609186042F1D7D01CE070306A9F2
Imphash: D810A3536BF9ECA80E4F8D1D08537D0B
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 0016918D
EntryPoint (rva): 14D0
SizeOfHeaders: 400
SizeOfImage: 16A000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 163000
IAT: 163900
Characteristics: 22E
TimeDateStamp: 69A5E26D
Date: 02/03/2026 19:18:05
File Type: EXE
Number Of Sections: 10
ASLR: Disabled
Section Names (Optional Header): .text, .data, .rdata, .pdata, .xdata, .bss, .idata, .CRT, .tls, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60000060 (Code, Initialized Data, Executable, Readable) 400 11BE00 1000 11BCB0
6.2977
8889754.92
.data C0000040 (Initialized Data, Readable, Writeable) 11C200 7200 11D000 7060
1.0266
6124427.42
.rdata 40000040 (Initialized Data, Readable) 123400 1BA00 125000 1B840
6.0252
2595728.71
.pdata 40000040 (Initialized Data, Readable) 13EE00 D200 141000 D14C
5.9857
1030079.89
.xdata 40000040 (Initialized Data, Readable) 14C000 12A00 14F000 1299C
5.0181
1672861.36
.bss C0000080 (Uninitialized Data, Readable, Writeable) 0 0 162000 DF0
N/A
N/A
.idata C0000040 (Initialized Data, Readable, Writeable) 15EA00 2600 163000 2510
4.5379
397149.26
.CRT C0000040 (Initialized Data, Readable, Writeable) 161000 200 166000 68
0.4106
119083
.tls C0000040 (Initialized Data, Readable, Writeable) 161200 200 167000 10
0
130560
.reloc 42000040 (Initialized Data, GP-Relative, Readable) 161400 1800 168000 1720
5.4111
36379.75
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 8D0
Code -> 4883EC28488B05E55B1300C70000000000E89AFCFFFF90904883C428C30F1F004883EC28E8677B04004883F80119C04883C4
Assembler
|SUB RSP, 0X28
|MOV RAX, QWORD PTR [RIP + 0X135BE5]
|MOV DWORD PTR [RAX], 0
|CALL 0XCB0
|NOP
|NOP
|ADD RSP, 0X28
|RET
|NOP DWORD PTR [RAX]
|SUB RSP, 0X28
|CALL 0X48B90
|CMP RAX, 1
|SBB EAX, EAX
Signatures
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Detect It Easy (die)
PE+(64): linker: GNU linker ld (GNU Binutils)(2.40)[-]
Entropy: 6.32905
Suspicious Functions
Library Function Description
KERNEL32.DLL GetModuleFileNameA Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryW Loads the specified module into the address space of the calling process.
KERNEL32.DLL CreateToolhelp32Snapshot Creates a snapshot of the specified processes, heaps, threads, and modules.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL DeleteFileA Deletes an existing file.
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
ADVAPI32.DLL RegCreateKeyExA Creates a new registry key or opens an existing one.
ADVAPI32.DLL RegSetValueExA Sets the data and type of a specified value under a registry key.
File Access
sc.exe
$com.Document.ActiveView.Exe
WS2_32.dll
USER32.dll
PSAPI.DLL
NETAPI32.dll
msvcrt.dll
MPR.dll
KERNEL32.dll
IPHLPAPI.DLL
GDI32.dll
ADVAPI32.dll
.dat
1. Find !!!_READ_ME_!!!.txt
.txt
+] Check !!!_READ_ME_!!!.txt
Temp
File Access (UNICODE)
httpdebugger.exe
fiddler.exe
ResourceHacker.exe
joeboxserver.exe
joeboxcontrol.exe
sniff_hit.exe
sysAnalyzer.exe
proc_analyzer.exe
SysInspector.exe
LordPE.exe
PETools.exe
hookexplorer.exe
dumpcap.exe
wireshark.exe
regmon.exe
filemon.exe
autorunsc.exe
autoruns.exe
procmon64.exe
procmon.exe
procexp64.exe
procexp.exe
processhacker.exe
reshacker.exe
MegaDumper.exe
IMMUNITYDEBUGGER.EXE
ImportREC.exe
immunitydebugger.exe
x96dbg.exe
protection_id.exe
scylla_x86.exe
scylla_x64.exe
scylla.exe
idaq64.exe
idaq.exe
idaw64.exe
idaw.exe
idag64.exe
idag.exe
ida64.exe
ida.exe
windbg.exe
x32dbg.exe
x64dbg.exe
construction from null is not validollydbg.exe
rand_sadvapi32.dll
msvcrt.dll
boot.ini
Interest's Words
Encrypt
exec
schtasks
netsh
attrib
start
hostname
systeminfo
schtask
expand
replace
sc.exe
Interest's Words (UNICODE)
bootsect
sc.exe
Anti-VM/Sandbox/Debug Tricks (UNICODE)
LabTools - wireshark
LabTools - filemon
LabTools - procexp
LabTools - procmon
LabTools - regmon
LabTools - idag
LabTools - immunitydebugger
LabTools - petools
OllyDbg EXE - ollydbg.exe
URLs
https://H]
https://H$
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Registry (RegCreateKeyEx)
Text Ascii Registry (RegOpenKeyEx)
Text Ascii Registry (RegSetValueEx)
Text Ascii File (GetTempPath)
Text Ascii File (CreateFile)
Text Ascii File (WriteFile)
Text Ascii File (ReadFile)
Text Ascii Service (OpenSCManager)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Text Ascii Anti-Analysis VM (GetSystemInfo)
Text Ascii Anti-Analysis VM (GlobalMemoryStatusEx)
Text Ascii Anti-Analysis VM (CreateToolhelp32Snapshot)
Text Ascii Reconnaissance (FindFirstFileA)
Text Ascii Reconnaissance (FindNextFileA)
Text Ascii Reconnaissance (FindFirstFileW)
Text Ascii Reconnaissance (FindNextFileW)
Text Ascii Reconnaissance (FindClose)
Text Ascii Stealth (GetThreadContext)
Text Ascii Stealth (SetThreadContext)
Text Ascii Stealth (ReleaseSemaphore)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Execution (CreateProcessA)
Text Ascii Execution (ResumeThread)
Text Ascii Execution (CreateSemaphoreA)
Text Ascii Execution (CreateEventA)
Text Ascii Information used for user authentication (Credential)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Intelligent String
• @.bss
• .CRT
• .tls
• .exe
• .dll
• .sys
• bootmgr.efi
• bootmgfw.efi
• bootsect.bak
• boot.ini
• bootfont.bin
• Windows.old
• $Recycle.Bin
• $RECYCLE.BIN
• $recycle.bin
• C:\ProgramData\$name"
• C:\ProgramData\$name"} -EA Stop
• C:\ProgramData\$name" -EA Stop
• C:\ProgramData\$name",$null,$null,'7')
• schtasks /create /s $pc /u $u /p $p /tn $tn /tr "C:\ProgramData\$name" /sc once /st 00:00 /ru SYSTEM /f 2>$null
• schtasks /run /s $pc /u $u /p $p /tn $tn 2>$null
• schtasks /delete /s $pc /u $u /p $p /tn $tn /f 2>$null
• C:\ProgramData\$using:name"} -EA Stop
• sc.exe \\$pc create $svc binPath= "C:\ProgramData\$name" type= own start= auto 2>$null
• sc.exe \\$pc start $svc 2>$null
• sc.exe \\$pc delete $svc 2>$null
• basic_string: construction from null is not validollydbg.exe
• x64dbg.exe
• x32dbg.exe
• windbg.exe
• ida.exe
• ida64.exe
• idag.exe
• idag64.exe
• idaw.exe
• idaw64.exe
• idaq.exe
• idaq64.exe
• scylla.exe
• scylla_x64.exe
• scylla_x86.exe
• protection_id.exe
• x96dbg.exe
• immunitydebugger.exe
• ImportREC.exe
• IMMUNITYDEBUGGER.EXE
• MegaDumper.exe
• reshacker.exe
• processhacker.exe
• procexp.exe
• procexp64.exe
• procmon.exe
• procmon64.exe
• autoruns.exe
• autorunsc.exe
• filemon.exe
• regmon.exe
• wireshark.exe
• dumpcap.exe
• hookexplorer.exe
• PETools.exe
• LordPE.exe
• SysInspector.exe
• proc_analyzer.exe
• sysAnalyzer.exe
• sniff_hit.exe
• joeboxcontrol.exe
• joeboxserver.exe
• ResourceHacker.exe
• fiddler.exe
• httpdebugger.exe
• msvcrt.dll
• advapi32.dll
• kernel32.dll
• 0ADVAPI32.dll
• (0IPHLPAPI.DLL
• 0PSAPI.DLL
• 0USER32.dll
• 0WS2_32.dll
Flow Anomalies
Offset RVA Section Description
658 N/A .text CALL QWORD PTR [RIP+0x162A6A]
853 N/A .text CALL QWORD PTR [RIP+0x1626F7]
3033 N/A .text CALL QWORD PTR [RIP+0x15FE0F]
3062 N/A .text CALL QWORD PTR [RIP+0x15FF60]
3065 N/A .text CALL QWORD PTR [RIP+0x2B800]
3098 N/A .text CALL QWORD PTR [RIP+0x16015A]
3118 N/A .text CALL QWORD PTR [RIP+0x15FEC2]
3150 N/A .text CALL QWORD PTR [RIP+0x15FE8A]
315E N/A .text CALL QWORD PTR [RIP+0x1600BC]
319F N/A .text CALL QWORD PTR [RIP+0x15FE3B]
31B0 N/A .text CALL QWORD PTR [RIP+0x16006A]
3236 N/A .text CALL QWORD PTR [RIP+0x15FDA4]
3248 N/A .text CALL QWORD PTR [RIP+0x15FFD2]
324B N/A .text CALL QWORD PTR [RIP+0x100C700]
3681 N/A .text CALL QWORD PTR [RIP+0x15F8D9]
36C4 N/A .text CALL QWORD PTR [RIP+0x15FA56]
3708 N/A .text CALL QWORD PTR [RIP+0x15FA2A]
3786 N/A .text CALL QWORD PTR [RIP+0x15F984]
37E1 N/A .text CALL QWORD PTR [RIP+0x15F939]
3870 N/A .text CALL QWORD PTR [RIP+0x15F9AA]
389A N/A .text CALL QWORD PTR [RIP+0x15F958]
38CC N/A .text CALL QWORD PTR [RIP+0x15F94E]
392F N/A .text CALL QWORD PTR [RIP+0x15F7F3]
3B75 N/A .text CALL QWORD PTR [RIP+0x15F5BD]
3B8E N/A .text JMP QWORD PTR [RIP+0x15F584]
3BE7 N/A .text CALL QWORD PTR [RIP+0x15F53B]
3C37 N/A .text CALL QWORD PTR [RIP+0x15F4EB]
3C87 N/A .text CALL QWORD PTR [RIP+0x15F49B]
F6D6 N/A .text CALL QWORD PTR [RIP+0x153B1C]
FA88 N/A .text CALL QWORD PTR [RIP+0x10D0D2]
1C818 N/A .text CALL QWORD PTR [RIP+0x1003C2]
1CC82 N/A .text CALL QWORD PTR [RIP+0xFFF58]
1CD12 N/A .text CALL QWORD PTR [RIP+0xFFEC8]
1CE00 N/A .text CALL QWORD PTR [RIP+0x1463F2]
1CF0D N/A .text CALL QWORD PTR [RIP+0xFFCCD]
1D105 N/A .text CALL QWORD PTR [RIP+0xFFAD5]
2E0D1 N/A .text CALL QWORD PTR [RIP+0x48F80148]
2E760 N/A .text CALL QWORD PTR [RIP+0x9F8D48]
2E914 N/A .text CALL QWORD PTR [RIP+0xD1D86949]
2E933 N/A .text CALL QWORD PTR [RIP+0x246C8948]
2F99F N/A .text CALL QWORD PTR [RIP+0x48FD8948]
2FF5D N/A .text CALL QWORD PTR [RIP+0x241C8948]
3010F N/A .text CALL QWORD PTR [RIP+0xD1D96949]
3012E N/A .text CALL QWORD PTR [RIP+0x242C8948]
3107D N/A .text CALL QWORD PTR [RIP+0x9F8D48]
3118B N/A .text CALL QWORD PTR [RIP+0x38348D4F]
3119D N/A .text CALL QWORD PTR [RIP+0x49F9014C]
3124D N/A .text CALL QWORD PTR [RIP+0x49F0014D]
31261 N/A .text CALL QWORD PTR [RIP+0x246C8948]
34A60 N/A .text JMP QWORD PTR [RIP+0x12E36A]
34A68 N/A .text JMP QWORD PTR [RIP+0x12E2EA]
34A70 N/A .text JMP QWORD PTR [RIP+0x12EA3A]
34A78 N/A .text JMP QWORD PTR [RIP+0x12EA2A]
34A80 N/A .text JMP QWORD PTR [RIP+0x12EA1A]
34A88 N/A .text JMP QWORD PTR [RIP+0x12E712]
34A90 N/A .text JMP QWORD PTR [RIP+0x12E702]
34A98 N/A .text JMP QWORD PTR [RIP+0x12E6F2]
34AA0 N/A .text JMP QWORD PTR [RIP+0x12E6E2]
34AA8 N/A .text JMP QWORD PTR [RIP+0x12E6D2]
34AB0 N/A .text JMP QWORD PTR [RIP+0x12E6C2]
34AB8 N/A .text JMP QWORD PTR [RIP+0x12E6B2]
34AC0 N/A .text JMP QWORD PTR [RIP+0x12E9FA]
34AC8 N/A .text JMP QWORD PTR [RIP+0x12E692]
34AD0 N/A .text JMP QWORD PTR [RIP+0x12E54A]
34AD8 N/A .text JMP QWORD PTR [RIP+0x12E53A]
34AE0 N/A .text JMP QWORD PTR [RIP+0x12E342]
3DFAB N/A .text CALL QWORD PTR [RIP+0x12517F]
3E00E N/A .text CALL QWORD PTR [RIP+0x125114]
3E018 N/A .text CALL QWORD PTR [RIP+0x124EE2]
3E5D4 N/A .text CALL QWORD PTR [RIP+0x12486E]
3E62A N/A .text JMP QWORD PTR [RIP+0x1249B0]
3E677 N/A .text CALL QWORD PTR [RIP+0x1247CB]
3E692 N/A .text CALL QWORD PTR [RIP+0x124948]
3E6CA N/A .text CALL QWORD PTR [RIP+0x124778]
3E706 N/A .text CALL QWORD PTR [RIP+0x1248D4]
3E7E5 N/A .text CALL QWORD PTR [RIP+0x124645]
3E817 N/A .text CALL QWORD PTR [RIP+0x1247AB]
3EC8B N/A .text CALL QWORD PTR [RIP+0x1243A7]
3ED7C N/A .text CALL QWORD PTR [RIP+0x1242EE]
3EE8E N/A .text CALL QWORD PTR [RIP+0x1241A4]
3EFAD N/A .text CALL QWORD PTR [RIP+0x1240C5]
3EFD3 N/A .text CALL QWORD PTR [RIP+0x12409F]
3F00B N/A .text CALL QWORD PTR [RIP+0x124027]
3F09E N/A .text CALL QWORD PTR [RIP+0x123FC4]
3F0BC N/A .text CALL QWORD PTR [RIP+0x123FB6]
3F1CA N/A .text CALL QWORD PTR [RIP+0x123E98]
3F826 N/A .text CALL QWORD PTR [RIP+0x1237D4]
3F89A N/A .text CALL QWORD PTR [RIP+0x1238B0]
46DF9 N/A .text JMP QWORD PTR [RIP+0x11C049]
46EC3 N/A .text CALL QWORD PTR [RIP+0x11C117]
46FCD N/A .text JMP QWORD PTR [RIP+0x11C00D]
4713C N/A .text CALL QWORD PTR [RIP+0x11BE9E]
47362 N/A .text CALL QWORD PTR [RIP+0x11BC78]
473EA N/A .text CALL QWORD PTR [RIP+0x11BBF0]
47D3D N/A .text JMP QWORD PTR [RIP+0x11B105]
47DAD N/A .text JMP QWORD PTR [RIP+0x11B22D]
47E30 N/A .text CALL QWORD PTR [RIP+0x11B0F2]
47E6F N/A .text CALL QWORD PTR [RIP+0x11B173]
47F42 N/A .text CALL QWORD PTR [RIP+0x11B208]
4810A N/A .text CALL QWORD PTR [RIP+0x11AEC0]
6DD8A-6DDC1 N/A .text Potential obfuscated jump sequence detected, count: 28
EDBE3-EDC08 N/A .text Potential obfuscated jump sequence detected, count: 10
EE393-EE3B8 N/A .text Potential obfuscated jump sequence detected, count: 10
161038 3E8E0 .CRT TLS Callback | Pointer to 14003E8E0 - 0x3DCE0 .text
161040 3E8B0 .CRT TLS Callback | Pointer to 14003E8B0 - 0x3DCB0 .text
161048 4B8F0 .CRT TLS Callback | Pointer to 14004B8F0 - 0x4ACF0 .text
13EE00 1000 .pdata ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .xdata
13EE0C 1010 .pdata ExceptionHook | Pointer to 1010 - 0x410 .text + UnwindInfo: .xdata
13EE18 1130 .pdata ExceptionHook | Pointer to 1130 - 0x530 .text + UnwindInfo: .xdata
13EE24 1180 .pdata ExceptionHook | Pointer to 1180 - 0x580 .text + UnwindInfo: .xdata
13EE30 14B0 .pdata ExceptionHook | Pointer to 14B0 - 0x8B0 .text + UnwindInfo: .xdata
13EE3C 14D0 .pdata ExceptionHook | Pointer to 14D0 - 0x8D0 .text + UnwindInfo: .xdata
13EE48 14F0 .pdata ExceptionHook | Pointer to 14F0 - 0x8F0 .text + UnwindInfo: .xdata
13EE54 1510 .pdata ExceptionHook | Pointer to 1510 - 0x910 .text + UnwindInfo: .xdata
13EE60 1520 .pdata ExceptionHook | Pointer to 1520 - 0x920 .text + UnwindInfo: .xdata
13EE6C 356F0 .pdata ExceptionHook | Pointer to 356F0 - 0x34AF0 .text + UnwindInfo: .xdata
13EE78 357F0 .pdata ExceptionHook | Pointer to 357F0 - 0x34BF0 .text + UnwindInfo: .xdata
13EE84 35850 .pdata ExceptionHook | Pointer to 35850 - 0x34C50 .text + UnwindInfo: .xdata
13EE90 35910 .pdata ExceptionHook | Pointer to 35910 - 0x34D10 .text + UnwindInfo: .xdata
13EE9C 35990 .pdata ExceptionHook | Pointer to 35990 - 0x34D90 .text + UnwindInfo: .xdata
13EEA8 359F0 .pdata ExceptionHook | Pointer to 359F0 - 0x34DF0 .text + UnwindInfo: .xdata
13EEB4 35A70 .pdata ExceptionHook | Pointer to 35A70 - 0x34E70 .text + UnwindInfo: .xdata
13EEC0 35B40 .pdata ExceptionHook | Pointer to 35B40 - 0x34F40 .text + UnwindInfo: .xdata
13EECC 35B70 .pdata ExceptionHook | Pointer to 35B70 - 0x34F70 .text + UnwindInfo: .xdata
13EED8 35C40 .pdata ExceptionHook | Pointer to 35C40 - 0x35040 .text + UnwindInfo: .xdata
13EEE4 35C70 .pdata ExceptionHook | Pointer to 35C70 - 0x35070 .text + UnwindInfo: .xdata
13EEF0 35CC0 .pdata ExceptionHook | Pointer to 35CC0 - 0x350C0 .text + UnwindInfo: .xdata
13EEFC 35D30 .pdata ExceptionHook | Pointer to 35D30 - 0x35130 .text + UnwindInfo: .xdata
13EF08 35D90 .pdata ExceptionHook | Pointer to 35D90 - 0x35190 .text + UnwindInfo: .xdata
13EF14 35E30 .pdata ExceptionHook | Pointer to 35E30 - 0x35230 .text + UnwindInfo: .xdata
13EF20 35F30 .pdata ExceptionHook | Pointer to 35F30 - 0x35330 .text + UnwindInfo: .xdata
13EF2C 35FC0 .pdata ExceptionHook | Pointer to 35FC0 - 0x353C0 .text + UnwindInfo: .xdata
13EF38 36070 .pdata ExceptionHook | Pointer to 36070 - 0x35470 .text + UnwindInfo: .xdata
13EF44 36170 .pdata ExceptionHook | Pointer to 36170 - 0x35570 .text + UnwindInfo: .xdata
13EF50 363C0 .pdata ExceptionHook | Pointer to 363C0 - 0x357C0 .text + UnwindInfo: .xdata
13EF5C 36E90 .pdata ExceptionHook | Pointer to 36E90 - 0x36290 .text + UnwindInfo: .xdata
13EF68 36F70 .pdata ExceptionHook | Pointer to 36F70 - 0x36370 .text + UnwindInfo: .xdata
13EF74 36FF0 .pdata ExceptionHook | Pointer to 36FF0 - 0x363F0 .text + UnwindInfo: .xdata
13EF80 370A0 .pdata ExceptionHook | Pointer to 370A0 - 0x364A0 .text + UnwindInfo: .xdata
13EF8C 37240 .pdata ExceptionHook | Pointer to 37240 - 0x36640 .text + UnwindInfo: .xdata
13EF98 37750 .pdata ExceptionHook | Pointer to 37750 - 0x36B50 .text + UnwindInfo: .xdata
13EFA4 37930 .pdata ExceptionHook | Pointer to 37930 - 0x36D30 .text + UnwindInfo: .xdata
13EFB0 379D0 .pdata ExceptionHook | Pointer to 379D0 - 0x36DD0 .text + UnwindInfo: .xdata
13EFBC 37A80 .pdata ExceptionHook | Pointer to 37A80 - 0x36E80 .text + UnwindInfo: .xdata
13EFC8 37C60 .pdata ExceptionHook | Pointer to 37C60 - 0x37060 .text + UnwindInfo: .xdata
13EFD4 38440 .pdata ExceptionHook | Pointer to 38440 - 0x37840 .text + UnwindInfo: .xdata
13EFE0 384F0 .pdata ExceptionHook | Pointer to 384F0 - 0x378F0 .text + UnwindInfo: .xdata
13EFEC 38730 .pdata ExceptionHook | Pointer to 38730 - 0x37B30 .text + UnwindInfo: .xdata
13EFF8 38D30 .pdata ExceptionHook | Pointer to 38D30 - 0x38130 .text + UnwindInfo: .xdata
13F004 391A0 .pdata ExceptionHook | Pointer to 391A0 - 0x385A0 .text + UnwindInfo: .xdata
13F010 39360 .pdata ExceptionHook | Pointer to 39360 - 0x38760 .text + UnwindInfo: .xdata
13F01C 3C470 .pdata ExceptionHook | Pointer to 3C470 - 0x3B870 .text + UnwindInfo: .xdata
13F028 3C510 .pdata ExceptionHook | Pointer to 3C510 - 0x3B910 .text + UnwindInfo: .xdata
13F034 3CE00 .pdata ExceptionHook | Pointer to 3CE00 - 0x3C200 .text + UnwindInfo: .xdata
13F040 3D120 .pdata ExceptionHook | Pointer to 3D120 - 0x3C520 .text + UnwindInfo: .xdata
13F04C 3D4A0 .pdata ExceptionHook | Pointer to 3D4A0 - 0x3C8A0 .text + UnwindInfo: .xdata
13F058 3D770 .pdata ExceptionHook | Pointer to 3D770 - 0x3CB70 .text + UnwindInfo: .xdata
13F064 3D830 .pdata ExceptionHook | Pointer to 3D830 - 0x3CC30 .text + UnwindInfo: .xdata
13F070 3DE00 .pdata ExceptionHook | Pointer to 3DE00 - 0x3D200 .text + UnwindInfo: .xdata
13F07C 3DFB0 .pdata ExceptionHook | Pointer to 3DFB0 - 0x3D3B0 .text + UnwindInfo: .xdata
13F088 3E340 .pdata ExceptionHook | Pointer to 3E340 - 0x3D740 .text + UnwindInfo: .xdata
13F094 3E640 .pdata ExceptionHook | Pointer to 3E640 - 0x3DA40 .text + UnwindInfo: .xdata
13F0A0 3E7A0 .pdata ExceptionHook | Pointer to 3E7A0 - 0x3DBA0 .text + UnwindInfo: .xdata
13F0AC 3E7D0 .pdata ExceptionHook | Pointer to 3E7D0 - 0x3DBD0 .text + UnwindInfo: .xdata
13F0B8 3E810 .pdata ExceptionHook | Pointer to 3E810 - 0x3DC10 .text + UnwindInfo: .xdata
13F0C4 3E880 .pdata ExceptionHook | Pointer to 3E880 - 0x3DC80 .text + UnwindInfo: .xdata
13F0D0 3E8A0 .pdata ExceptionHook | Pointer to 3E8A0 - 0x3DCA0 .text + UnwindInfo: .xdata
13F0DC 3E8B0 .pdata ExceptionHook | Pointer to 3E8B0 - 0x3DCB0 .text + UnwindInfo: .xdata
13F0E8 3E8E0 .pdata ExceptionHook | Pointer to 3E8E0 - 0x3DCE0 .text + UnwindInfo: .xdata
13F0F4 3E970 .pdata ExceptionHook | Pointer to 3E970 - 0x3DD70 .text + UnwindInfo: .xdata
13F100 3E980 .pdata ExceptionHook | Pointer to 3E980 - 0x3DD80 .text + UnwindInfo: .xdata
13F10C 3EA80 .pdata ExceptionHook | Pointer to 3EA80 - 0x3DE80 .text + UnwindInfo: .xdata
13F118 3EA90 .pdata ExceptionHook | Pointer to 3EA90 - 0x3DE90 .text + UnwindInfo: .xdata
13F124 3EB00 .pdata ExceptionHook | Pointer to 3EB00 - 0x3DF00 .text + UnwindInfo: .xdata
13F130 3EC70 .pdata ExceptionHook | Pointer to 3EC70 - 0x3E070 .text + UnwindInfo: .xdata
13F13C 3EFD0 .pdata ExceptionHook | Pointer to 3EFD0 - 0x3E3D0 .text + UnwindInfo: .xdata
13F148 3F010 .pdata ExceptionHook | Pointer to 3F010 - 0x3E410 .text + UnwindInfo: .xdata
13F154 3F020 .pdata ExceptionHook | Pointer to 3F020 - 0x3E420 .text + UnwindInfo: .xdata
13F160 3F1C0 .pdata ExceptionHook | Pointer to 3F1C0 - 0x3E5C0 .text + UnwindInfo: .xdata
13F16C 3F230 .pdata ExceptionHook | Pointer to 3F230 - 0x3E630 .text + UnwindInfo: .xdata
13F178 3F2A0 .pdata ExceptionHook | Pointer to 3F2A0 - 0x3E6A0 .text + UnwindInfo: .xdata
13F184 3F330 .pdata ExceptionHook | Pointer to 3F330 - 0x3E730 .text + UnwindInfo: .xdata
13F190 3F430 .pdata ExceptionHook | Pointer to 3F430 - 0x3E830 .text + UnwindInfo: .xdata
13F19C 3F460 .pdata ExceptionHook | Pointer to 3F460 - 0x3E860 .text + UnwindInfo: .xdata
13F1A8 3F4B0 .pdata ExceptionHook | Pointer to 3F4B0 - 0x3E8B0 .text + UnwindInfo: .xdata
13F1B4 3F550 .pdata ExceptionHook | Pointer to 3F550 - 0x3E950 .text + UnwindInfo: .xdata
13F1C0 3F5D0 .pdata ExceptionHook | Pointer to 3F5D0 - 0x3E9D0 .text + UnwindInfo: .xdata
13F1CC 3F610 .pdata ExceptionHook | Pointer to 3F610 - 0x3EA10 .text + UnwindInfo: .xdata
13F1D8 3F690 .pdata ExceptionHook | Pointer to 3F690 - 0x3EA90 .text + UnwindInfo: .xdata
13F1E4 3F6D0 .pdata ExceptionHook | Pointer to 3F6D0 - 0x3EAD0 .text + UnwindInfo: .xdata
13F1F0 3F760 .pdata ExceptionHook | Pointer to 3F760 - 0x3EB60 .text + UnwindInfo: .xdata
13F1FC 3F870 .pdata ExceptionHook | Pointer to 3F870 - 0x3EC70 .text + UnwindInfo: .xdata
13F208 3F8D0 .pdata ExceptionHook | Pointer to 3F8D0 - 0x3ECD0 .text + UnwindInfo: .xdata
13F214 3F8F0 .pdata ExceptionHook | Pointer to 3F8F0 - 0x3ECF0 .text + UnwindInfo: .xdata
13F220 3F910 .pdata ExceptionHook | Pointer to 3F910 - 0x3ED10 .text + UnwindInfo: .xdata
13F22C 3F920 .pdata ExceptionHook | Pointer to 3F920 - 0x3ED20 .text + UnwindInfo: .xdata
13F238 3F930 .pdata ExceptionHook | Pointer to 3F930 - 0x3ED30 .text + UnwindInfo: .xdata
13F244 3F940 .pdata ExceptionHook | Pointer to 3F940 - 0x3ED40 .text + UnwindInfo: .xdata
13F250 3F950 .pdata ExceptionHook | Pointer to 3F950 - 0x3ED50 .text + UnwindInfo: .xdata
13F25C 3F960 .pdata ExceptionHook | Pointer to 3F960 - 0x3ED60 .text + UnwindInfo: .xdata
13F268 3F970 .pdata ExceptionHook | Pointer to 3F970 - 0x3ED70 .text + UnwindInfo: .xdata
13F274 3F9A0 .pdata ExceptionHook | Pointer to 3F9A0 - 0x3EDA0 .text + UnwindInfo: .xdata
13F280 3F9B0 .pdata ExceptionHook | Pointer to 3F9B0 - 0x3EDB0 .text + UnwindInfo: .xdata
13F28C 3F9C0 .pdata ExceptionHook | Pointer to 3F9C0 - 0x3EDC0 .text + UnwindInfo: .xdata
13F298 3FBE0 .pdata ExceptionHook | Pointer to 3FBE0 - 0x3EFE0 .text + UnwindInfo: .xdata
13F2A4 3FC20 .pdata ExceptionHook | Pointer to 3FC20 - 0x3F020 .text + UnwindInfo: .xdata
Extra Analysis
Metric Value Percentage
Ascii Code 859781 59,1705%
Null Byte Code 244296 16,8126%
NOP Cave Found 0x9090909090 Block Count: 5720 | Total: 0,9841%
© 2026 All rights reserved.