PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 769,00 KB
SHA-256 Hash: D971E5600DA2247BB878A063A06F5924A2F26F20202A18DF345E5D7E4AADB3B0
SHA-1 Hash: 9069DA2A0BBC73CCC91ADEAF5F052288E1571B8F
MD5 Hash: AB95AE27E07E73645137EBF8BFCD03C1
Imphash: 9A0168C4A31BB4DA53790D6CDE81350F
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 000CFDF6
EntryPoint (rva): 11F0
SizeOfHeaders: 400
SizeOfImage: C7000
ImageBase: 000000039CC40000
Architecture: x64
ExportTable: C0000
ImportTable: C3000
IAT: C3398
Characteristics: 222E
TimeDateStamp: 6990E97B
Date: 14/02/2026 21:30:35
File Type: DLL
Number Of Sections: 11
ASLR: Disabled
Section Names (Optional Header): .text, .data, .rdata, .pdata, .xdata, .bss, .edata, .idata, .tls, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60000020 (Code, Executable, Readable) 400 9E400 1000 9E2206,44244248225,76
.data C0000040 (Initialized Data, Readable, Writeable) 9E800 3A00 A0000 38602,22722097744,83
.rdata 40000040 (Initialized Data, Readable) A2200 FA00 A4000 F8986,1192776489,27
.pdata 40000040 (Initialized Data, Readable) B1C00 4400 B4000 43085,9176403476,41
.xdata 40000040 (Initialized Data, Readable) B6000 5800 B9000 57744,5909320520,43
.bss C0000080 (Uninitialized Data, Readable, Writeable) 0 0 BF000 510N/AN/A
.edata 40000040 (Initialized Data, Readable) BB800 2400 C0000 230F5,2907127145,72
.idata 40000040 (Initialized Data, Readable) BDC00 1000 C3000 F044,3081197410,75
.tls C0000040 (Initialized Data, Readable, Writeable) BEC00 200 C4000 100,0000130560,00
.rsrc 40000040 (Initialized Data, Readable) BEE00 A00 C5000 9604,702568823,40
.reloc 42000040 (Initialized Data, GP-Relative, Readable) BF800 C00 C6000 A8C5,145933149,33
Description
OriginalFilename: sqlite
CompanyName: Reverb Resource Telecommunications
LegalCopyright: (C) 2021 Reverb Resource Telecommunications. All rights reserved.
ProductName: Volt Collector
FileVersion: 4.2.40.196
FileDescription: Face Storage Control Validator
ProductVersion: 4.2.40.196
Language: English (United States) (ID=0x409)
CodePage: Western European (Windows 1252) (0x4E4)
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 5F0
Code -> 5756534883EC304889CB4C89C683FA017476488B3D47220B00891785D20F85CD0000008B05FFDD0B0085C07E538954245831
PUSH RDI
PUSH RSI
PUSH RBX
SUB RSP, 0X30
MOV RBX, RCX
MOV RSI, R8
CMP EDX, 1
JE 0X1088
MOV RDI, QWORD PTR [RIP + 0XB2247]
MOV DWORD PTR [RDI], EDX
TEST EDX, EDX
JNE 0X10F0
MOV EAX, DWORD PTR [RIP + 0XBDDFF]
TEST EAX, EAX
JLE 0X1080
MOV DWORD PTR [RSP + 0X58], EDX
Signatures
CheckSum Integrity Problem:
Header: 851446
Calculated: 823054
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Detect It Easy (die)
Entropy: 6.51461
Suspicious Functions
Library Function Description
KERNEL32.DLL CreateMutexW Create a named or unnamed mutex object for controlling access to a shared resource.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL LoadLibraryW Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL CreateFileA Creates or opens a file or I/O device.
KERNEL32.DLL DeleteFileA Deletes an existing file.
ET Functions (carving)
Original Name -> sqlite.dll
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_autovacuum_pages
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_changes64
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_filename
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_window_function
sqlite3_data_count
sqlite3_data_directory
sqlite3_database_file_object
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_name
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_db_status64
sqlite3_declare_vtab
sqlite3_deserialize
sqlite3_drop_modules
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_error_offset
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_filename_database
sqlite3_filename_journal
sqlite3_filename_wal
sqlite3_finalize
sqlite3_free
sqlite3_free_filename
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_clientdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_hard_heap_limit64
sqlite3_initialize
sqlite3_interrupt
sqlite3_is_interrupted
sqlite3_keyword_check
sqlite3_keyword_count
sqlite3_keyword_name
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_serialize
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_clientdata
sqlite3_set_errmsg
sqlite3_set_last_insert_rowid
sqlite3_setlk_timeout
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_explain
sqlite3_stmt_isexplain
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_str_append
sqlite3_str_appendall
sqlite3_str_appendchar
sqlite3_str_appendf
sqlite3_str_errcode
sqlite3_str_finish
sqlite3_str_length
sqlite3_str_new
sqlite3_str_reset
sqlite3_str_value
sqlite3_str_vappendf
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_total_changes64
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_txn_state
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_key
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_encoding
sqlite3_value_free
sqlite3_value_frombind
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_distinct
sqlite3_vtab_in
sqlite3_vtab_in_first
sqlite3_vtab_in_next
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_vtab_rhs_value
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_set_directory16
sqlite3_win32_set_directory8
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug
File Access
cert80.dll
msvcrt.dll
KERNEL32.dll
sqlite.dll
.dat
Temp
SQL Queries
SELECT tbl,idx,stat FROM %Q.sqlite_stat1
SELECT sql FROM "%w".sqlite_schema WHERE type='table'AND name<>'sqlite_sequence' AND coalesce(rootpage,1)>0
SELECT sql FROM "%w".sqlite_schema WHERE type='index'
SELECT 1 FROM "%w".sqlite_master WHERE name NOT LIKE 'sqliteX_%%' ESCAPE 'X' AND sql NOT LIKE 'create virtual%%' AND sqlite_rename_test(%Q, sql, type, name, %d, %Q, %d)=NULL
SELECT 1 FROM temp.sqlite_master WHERE name NOT LIKE 'sqliteX_%%' ESCAPE 'X' AND sql NOT LIKE 'create virtual%%' AND sqlite_rename_test(%Q, sql, type, name, 1, %Q, %d)=NULL
SELECT CASE WHEN quick_check GLOB 'CHECK*' THEN raise(ABORT,'CHECK constraint failed') WHEN quick_check GLOB 'non-* value in*' THEN raise(ABORT,'type mismatch on DEFAULT') ELSE raise(ABORT,'NOT NULL constraint failed') END FROM pragma_quick_check(%Q,%Q) WHERE quick_check GLOB 'CHECK*' OR quick_check GLOB 'NULL*' OR quick_check GLOB 'non-* value in*'
SELECT raise(ABORT,%Q) FROM "%w"."%w"
INSERT INTO %s.'||quote(name)||' SELECT*FROM"%w".'||quote(name)FROM %s.sqlite_schema WHERE type='table'AND coalesce(rootpage,1)>0
INSERT INTO %s.sqlite_schema SELECT*FROM "%w".sqlite_schema WHERE type IN('view','trigger') OR(type='table'AND rootpage=0)
INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,%d,%Q);
INSERT into generated column "%s"
INSERT INTO %Q.sqlite_master VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')
CREATE TABLE x(type text,name text,tbl_name text,rootpage int,sql text)
CREATE TABLE x
CREATE TABLE x(key,value,type,atom,id,parent,fullkey,path,json HIDDEN,root HIDDEN)
CREATE TABLE %Q.sqlite_sequence(name,seq)
CREATE TABLE
CREATE TABLE %Q.%s(%s)
DROP TABLE to delete table %s
DELETE FROM %Q.%s WHERE %s=%Q
DELETE FROM %Q.sqlite_sequence WHERE name=%Q
DELETE FROM %Q.sqlite_master WHERE tbl_name=%Q and type!='trigger'
DELETE FROM %Q.sqlite_master WHERE name=%Q AND type='trigger'
DELETE FROM %Q.sqlite_master WHERE name=%Q AND type='index'
Interest's Words
exec
attrib
start
shutdown
systeminfo
ping
expand
replace
IP Addresses
4.2.40.196
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Unicode escape - \u00 - (Common Unicode escape sequences)
Text Ascii WinAPI Sockets (bind)
Text Ascii WinAPI Sockets (connect)
Text Ascii File (GetTempPath)
Text Ascii File (CreateFile)
Text Ascii File (WriteFile)
Text Ascii File (ReadFile)
Text Ascii Anti-Analysis VM (GetSystemInfo)
Text Ascii Anti-Analysis VM (GetVersion)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (UnmapViewOfFile)
Text Ascii Stealth (MapViewOfFile)
Text Ascii Stealth (CreateFileMappingA)
Text Ascii Stealth (CreateFileMappingW)
Text Ascii Stealth (VirtualProtect)
Resources
Path DataRVA Size FileOffset CodeText
\VERSION\1\1033 C50A0 370 BEEA0 700334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000200p.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\1033 C5410 54C BF210 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279<?xml version="1.0" encoding="UTF-8" standalone="y
Intelligent String
• 4.2.40.196
• @.bss
• @.tls
• %llu\"\u000b\u00\u0000
• 0KERNEL32.dll
• (0cert80.dll
Flow Anomalies
Offset RVA Section Description
7D3 N/A .text CALL QWORD PTR [RIP+0x9F7B7]
802 N/A .text CALL QWORD PTR [RIP+0x9F798]
81C N/A .text JMP QWORD PTR [RIP+0x9F76E]
829 N/A .text JMP QWORD PTR [RIP+0x9F771]
88E N/A .text CALL QWORD PTR [RIP+0x9F6FC]
94F N/A .text CALL QWORD PTR [RIP+0x9F693]
95E N/A .text CALL QWORD PTR [RIP+0x9F5E4]
B7B N/A .text CALL QWORD PTR [RIP+0x9F3CF]
BAC N/A .text CALL QWORD PTR [RIP+0x9F396]
BC5 N/A .text CALL QWORD PTR [RIP+0x9F37D]
BE7 N/A .text CALL QWORD PTR [RIP+0x9F35B]
C00 N/A .text CALL QWORD PTR [RIP+0x9F342]
D3F N/A .text CALL QWORD PTR [RIP+0x9F25B]
DE8 N/A .text CALL QWORD PTR [RIP+0x9F15A]
1006 N/A .text CALL QWORD PTR [RIP+0x9EF74]
1017 N/A .text CALL QWORD PTR [RIP+0x9EF73]
105D N/A .text CALL QWORD PTR [RIP+0x9EF3D]
10AB N/A .text CALL QWORD PTR [RIP+0x9EECF]
10BC N/A .text CALL QWORD PTR [RIP+0x9EECE]
1128 N/A .text CALL QWORD PTR [RIP+0x9EE52]
1142 N/A .text CALL QWORD PTR [RIP+0x9EE38]
11B0 N/A .text CALL QWORD PTR [RIP+0x9EDA2]
11DA N/A .text CALL QWORD PTR [RIP+0x9EDC0]
11F5 N/A .text CALL QWORD PTR [RIP+0x9ED95]
1329 N/A .text CALL QWORD PTR [RIP+0x9EC71]
1336 N/A .text CALL QWORD PTR [RIP+0x9EC54]
135C N/A .text CALL QWORD PTR [RIP+0x9EC26]
1374 N/A .text CALL QWORD PTR [RIP+0x9EC26]
13B0 N/A .text CALL QWORD PTR [RIP+0x9EBCA]
13C1 N/A .text CALL QWORD PTR [RIP+0x9EBC9]
1410 N/A .text CALL QWORD PTR [RIP+0x9EB8A]
1488 N/A .text CALL QWORD PTR [RIP+0x9EAF2]
1499 N/A .text CALL QWORD PTR [RIP+0x9EAF1]
14AA N/A .text CALL QWORD PTR [RIP+0x9EAF0]
14F0 N/A .text JMP QWORD PTR [RIP+0x9EA8A]
15CD N/A .text CALL QWORD PTR [RIP+0x9E99D]
15E3 N/A .text JMP QWORD PTR [RIP+0x9E99F]
15F0 N/A .text JMP QWORD PTR [RIP+0x9E9A2]
1628 N/A .text CALL QWORD PTR [RIP+0x9E962]
1687 N/A .text CALL QWORD PTR [RIP+0x9E913]
169C N/A .text CALL QWORD PTR [RIP+0x9E8EE]
16B3 N/A .text CALL QWORD PTR [RIP+0x9E8E7]
16D8 N/A .text CALL QWORD PTR [RIP+0x9E8B2]
16E8 N/A .text CALL QWORD PTR [RIP+0x9E8B2]
1732 N/A .text CALL QWORD PTR [RIP+0x9E858]
1775 N/A .text CALL QWORD PTR [RIP+0x9E825]
179D N/A .text CALL QWORD PTR [RIP+0x9E7ED]
17C4 N/A .text CALL QWORD PTR [RIP+0x9E7D6]
1837 N/A .text CALL QWORD PTR [RIP+0x9E753]
183F N/A .text CALL QWORD PTR [RIP+0x9E70B]
1887 N/A .text JMP QWORD PTR [RIP+0x9E6A3]
18A3 N/A .text CALL QWORD PTR [RIP+0x9E6F7]
18B5 N/A .text CALL QWORD PTR [RIP+0x9E6D5]
18D5 N/A .text CALL QWORD PTR [RIP+0x9E655]
18E6 N/A .text CALL QWORD PTR [RIP+0x9E65C]
193E N/A .text CALL QWORD PTR [RIP+0x9E65C]
1996 N/A .text CALL QWORD PTR [RIP+0x9E5F4]
199F N/A .text CALL QWORD PTR [RIP+0x9E5A3]
19B8 N/A .text CALL QWORD PTR [RIP+0x9E57A]
19D0 N/A .text JMP QWORD PTR [RIP+0x9E5CA]
19E6 N/A .text JMP QWORD PTR [RIP+0x9E54C]
1A52 N/A .text CALL QWORD PTR [RIP+0x9E4F0]
1A5D N/A .text CALL QWORD PTR [RIP+0x9E4ED]
1A88 N/A .text CALL QWORD PTR [RIP+0x9E502]
1AC7 N/A .text CALL QWORD PTR [RIP+0x9E473]
1AD8 N/A .text CALL QWORD PTR [RIP+0x9E46A]
1B0C N/A .text CALL QWORD PTR [RIP+0x9E48E]
1B6E N/A .text CALL QWORD PTR [RIP+0x9E42C]
1B80 N/A .text CALL QWORD PTR [RIP+0x9E40A]
1BAE N/A .text CALL QWORD PTR [RIP+0x9E3EC]
3737 N/A .text CALL QWORD PTR [RIP+0x9C80B]
3AF8 N/A .text CALL QWORD PTR [RIP+0x9C44A]
3F2F N/A .text CALL QWORD PTR [RIP+0x9C04B]
3F40 N/A .text CALL QWORD PTR [RIP+0x9C04A]
437B N/A .text JMP QWORD PTR [RIP+0x9BC1F]
4481 N/A .text CALL QWORD PTR [RIP+0x9B651]
44A1 N/A .text JMP QWORD PTR [RIP+0x9B631]
44A8 N/A .text JMP QWORD PTR [RIP+0x9B492]
44D2 N/A .text CALL QWORD PTR [RIP+0x9B270]
4564 N/A .text CALL QWORD PTR [RIP+0x9B35E]
45AC N/A .text CALL QWORD PTR [RIP+0x9B316]
4628 N/A .text CALL QWORD PTR [RIP+0x9B38A]
4673 N/A .text CALL QWORD PTR [RIP+0x9B33F]
46AB N/A .text CALL QWORD PTR [RIP+0x9AD67]
46F6 N/A .text CALL QWORD PTR [RIP+0x9B1CC]
473D N/A .text CALL QWORD PTR [RIP+0x9B185]
47B4 N/A .text CALL QWORD PTR [RIP+0x9AC5E]
4814 N/A .text CALL QWORD PTR [RIP+0x9B19E]
485D N/A .text CALL QWORD PTR [RIP+0x9B155]
48E6 N/A .text CALL QWORD PTR [RIP+0x9B694]
48F4 N/A .text CALL QWORD PTR [RIP+0x9B696]
4962 N/A .text CALL QWORD PTR [RIP+0x9B618]
4974 N/A .text CALL QWORD PTR [RIP+0x9B626]
4A04 N/A .text CALL QWORD PTR [RIP+0x9ACAE]
4A55 N/A .text CALL QWORD PTR [RIP+0x9B525]
4BCF N/A .text CALL QWORD PTR [RIP+0x9AB73]
4C20 N/A .text CALL QWORD PTR [RIP+0x9A86A]
4CB2 N/A .text CALL QWORD PTR [RIP+0x9A7C0]
4F1D N/A .text CALL QWORD PTR [RIP+0x9A825]
4F59 N/A .text CALL QWORD PTR [RIP+0x9A6B1]
B1A70 9E040 .rdata TLS Callback | Pointer to 39CCDE040 - 0x9D440 .text
B1A78 9E020 .rdata TLS Callback | Pointer to 39CCDE020 - 0x9D420 .text
B1C00 1000 .pdata ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .xdata
B1C0C 11F0 .pdata ExceptionHook | Pointer to 11F0 - 0x5F0 .text + UnwindInfo: .xdata
B1C18 1330 .pdata ExceptionHook | Pointer to 1330 - 0x730 .text + UnwindInfo: .xdata
B1C24 1340 .pdata ExceptionHook | Pointer to 1340 - 0x740 .text + UnwindInfo: .xdata
B1C30 1350 .pdata ExceptionHook | Pointer to 1350 - 0x750 .text + UnwindInfo: .xdata
B1C3C 1360 .pdata ExceptionHook | Pointer to 1360 - 0x760 .text + UnwindInfo: .xdata
B1C48 1430 .pdata ExceptionHook | Pointer to 1430 - 0x830 .text + UnwindInfo: .xdata
B1C54 146A .pdata ExceptionHook | Pointer to 146A - 0x86A .text + UnwindInfo: .xdata
B1C60 19DF .pdata ExceptionHook | Pointer to 19DF - 0xDDF .text + UnwindInfo: .xdata
B1C6C 19F9 .pdata ExceptionHook | Pointer to 19F9 - 0xDF9 .text + UnwindInfo: .xdata
B1C78 1A8C .pdata ExceptionHook | Pointer to 1A8C - 0xE8C .text + UnwindInfo: .xdata
B1C84 1B93 .pdata ExceptionHook | Pointer to 1B93 - 0xF93 .text + UnwindInfo: .xdata
B1C90 1BDD .pdata ExceptionHook | Pointer to 1BDD - 0xFDD .text + UnwindInfo: .xdata
B1C9C 1C6F .pdata ExceptionHook | Pointer to 1C6F - 0x106F .text + UnwindInfo: .xdata
B1CA8 1F85 .pdata ExceptionHook | Pointer to 1F85 - 0x1385 .text + UnwindInfo: .xdata
B1CB4 2065 .pdata ExceptionHook | Pointer to 2065 - 0x1465 .text + UnwindInfo: .xdata
B1CC0 20C4 .pdata ExceptionHook | Pointer to 20C4 - 0x14C4 .text + UnwindInfo: .xdata
B1CCC 20F6 .pdata ExceptionHook | Pointer to 20F6 - 0x14F6 .text + UnwindInfo: .xdata
B1CD8 21FF .pdata ExceptionHook | Pointer to 21FF - 0x15FF .text + UnwindInfo: .xdata
B1CE4 22C3 .pdata ExceptionHook | Pointer to 22C3 - 0x16C3 .text + UnwindInfo: .xdata
B1CF0 230D .pdata ExceptionHook | Pointer to 230D - 0x170D .text + UnwindInfo: .xdata
B1CFC 2385 .pdata ExceptionHook | Pointer to 2385 - 0x1785 .text + UnwindInfo: .xdata
B1D08 23D5 .pdata ExceptionHook | Pointer to 23D5 - 0x17D5 .text + UnwindInfo: .xdata
B1D14 2403 .pdata ExceptionHook | Pointer to 2403 - 0x1803 .text + UnwindInfo: .xdata
B1D20 254E .pdata ExceptionHook | Pointer to 254E - 0x194E .text + UnwindInfo: .xdata
B1D2C 2574 .pdata ExceptionHook | Pointer to 2574 - 0x1974 .text + UnwindInfo: .xdata
B1D38 25EC .pdata ExceptionHook | Pointer to 25EC - 0x19EC .text + UnwindInfo: .xdata
B1D44 261E .pdata ExceptionHook | Pointer to 261E - 0x1A1E .text + UnwindInfo: .xdata
B1D50 27B9 .pdata ExceptionHook | Pointer to 27B9 - 0x1BB9 .text + UnwindInfo: .xdata
B1D5C 27E8 .pdata ExceptionHook | Pointer to 27E8 - 0x1BE8 .text + UnwindInfo: .xdata
B1D68 44C6 .pdata ExceptionHook | Pointer to 44C6 - 0x38C6 .text + UnwindInfo: .xdata
B1D74 45AF .pdata ExceptionHook | Pointer to 45AF - 0x39AF .text + UnwindInfo: .xdata
B1D80 4606 .pdata ExceptionHook | Pointer to 4606 - 0x3A06 .text + UnwindInfo: .xdata
B1D8C 473A .pdata ExceptionHook | Pointer to 473A - 0x3B3A .text + UnwindInfo: .xdata
B1D98 4773 .pdata ExceptionHook | Pointer to 4773 - 0x3B73 .text + UnwindInfo: .xdata
B1DA4 47A0 .pdata ExceptionHook | Pointer to 47A0 - 0x3BA0 .text + UnwindInfo: .xdata
B1DB0 47D8 .pdata ExceptionHook | Pointer to 47D8 - 0x3BD8 .text + UnwindInfo: .xdata
B1DBC 4877 .pdata ExceptionHook | Pointer to 4877 - 0x3C77 .text + UnwindInfo: .xdata
B1DC8 48B5 .pdata ExceptionHook | Pointer to 48B5 - 0x3CB5 .text + UnwindInfo: .xdata
B1DD4 4913 .pdata ExceptionHook | Pointer to 4913 - 0x3D13 .text + UnwindInfo: .xdata
B1DE0 4982 .pdata ExceptionHook | Pointer to 4982 - 0x3D82 .text + UnwindInfo: .xdata
B1DEC 49BF .pdata ExceptionHook | Pointer to 49BF - 0x3DBF .text + UnwindInfo: .xdata
B1DF8 4A06 .pdata ExceptionHook | Pointer to 4A06 - 0x3E06 .text + UnwindInfo: .xdata
B1E04 4A5C .pdata ExceptionHook | Pointer to 4A5C - 0x3E5C .text + UnwindInfo: .xdata
B1E10 4AEC .pdata ExceptionHook | Pointer to 4AEC - 0x3EEC .text + UnwindInfo: .xdata
B1E1C 5032 .pdata ExceptionHook | Pointer to 5032 - 0x4432 .text + UnwindInfo: .xdata
B1E28 50AE .pdata ExceptionHook | Pointer to 50AE - 0x44AE .text + UnwindInfo: .xdata
B1E34 510F .pdata ExceptionHook | Pointer to 510F - 0x450F .text + UnwindInfo: .xdata
B1E40 5135 .pdata ExceptionHook | Pointer to 5135 - 0x4535 .text + UnwindInfo: .xdata
B1E4C 51CD .pdata ExceptionHook | Pointer to 51CD - 0x45CD .text + UnwindInfo: .xdata
B1E58 51F3 .pdata ExceptionHook | Pointer to 51F3 - 0x45F3 .text + UnwindInfo: .xdata
B1E64 5292 .pdata ExceptionHook | Pointer to 5292 - 0x4692 .text + UnwindInfo: .xdata
B1E70 52C0 .pdata ExceptionHook | Pointer to 52C0 - 0x46C0 .text + UnwindInfo: .xdata
B1E7C 536E .pdata ExceptionHook | Pointer to 536E - 0x476E .text + UnwindInfo: .xdata
B1E88 539B .pdata ExceptionHook | Pointer to 539B - 0x479B .text + UnwindInfo: .xdata
B1E94 53C9 .pdata ExceptionHook | Pointer to 53C9 - 0x47C9 .text + UnwindInfo: .xdata
B1EA0 548A .pdata ExceptionHook | Pointer to 548A - 0x488A .text + UnwindInfo: .xdata
B1EAC 54B7 .pdata ExceptionHook | Pointer to 54B7 - 0x48B7 .text + UnwindInfo: .xdata
B1EB8 557F .pdata ExceptionHook | Pointer to 557F - 0x497F .text + UnwindInfo: .xdata
B1EC4 55E0 .pdata ExceptionHook | Pointer to 55E0 - 0x49E0 .text + UnwindInfo: .xdata
B1ED0 566D .pdata ExceptionHook | Pointer to 566D - 0x4A6D .text + UnwindInfo: .xdata
B1EDC 5AC9 .pdata ExceptionHook | Pointer to 5AC9 - 0x4EC9 .text + UnwindInfo: .xdata
B1EE8 5C5E .pdata ExceptionHook | Pointer to 5C5E - 0x505E .text + UnwindInfo: .xdata
B1EF4 5E71 .pdata ExceptionHook | Pointer to 5E71 - 0x5271 .text + UnwindInfo: .xdata
B1F00 61E4 .pdata ExceptionHook | Pointer to 61E4 - 0x55E4 .text + UnwindInfo: .xdata
B1F0C 628D .pdata ExceptionHook | Pointer to 628D - 0x568D .text + UnwindInfo: .xdata
B1F18 62CA .pdata ExceptionHook | Pointer to 62CA - 0x56CA .text + UnwindInfo: .xdata
B1F24 63A3 .pdata ExceptionHook | Pointer to 63A3 - 0x57A3 .text + UnwindInfo: .xdata
B1F30 63D9 .pdata ExceptionHook | Pointer to 63D9 - 0x57D9 .text + UnwindInfo: .xdata
B1F3C 6428 .pdata ExceptionHook | Pointer to 6428 - 0x5828 .text + UnwindInfo: .xdata
B1F48 6456 .pdata ExceptionHook | Pointer to 6456 - 0x5856 .text + UnwindInfo: .xdata
B1F54 6497 .pdata ExceptionHook | Pointer to 6497 - 0x5897 .text + UnwindInfo: .xdata
B1F60 652E .pdata ExceptionHook | Pointer to 652E - 0x592E .text + UnwindInfo: .xdata
B1F6C 6579 .pdata ExceptionHook | Pointer to 6579 - 0x5979 .text + UnwindInfo: .xdata
B1F78 6603 .pdata ExceptionHook | Pointer to 6603 - 0x5A03 .text + UnwindInfo: .xdata
B1F84 6886 .pdata ExceptionHook | Pointer to 6886 - 0x5C86 .text + UnwindInfo: .xdata
B1F90 68F8 .pdata ExceptionHook | Pointer to 68F8 - 0x5CF8 .text + UnwindInfo: .xdata
B1F9C 69A8 .pdata ExceptionHook | Pointer to 69A8 - 0x5DA8 .text + UnwindInfo: .xdata
B1FA8 69D5 .pdata ExceptionHook | Pointer to 69D5 - 0x5DD5 .text + UnwindInfo: .xdata
B1FB4 76E0 .pdata ExceptionHook | Pointer to 76E0 - 0x6AE0 .text + UnwindInfo: .xdata
B1FC0 770B .pdata ExceptionHook | Pointer to 770B - 0x6B0B .text + UnwindInfo: .xdata
B1FCC 77AE .pdata ExceptionHook | Pointer to 77AE - 0x6BAE .text + UnwindInfo: .xdata
B1FD8 7B3C .pdata ExceptionHook | Pointer to 7B3C - 0x6F3C .text + UnwindInfo: .xdata
B1FE4 7B66 .pdata ExceptionHook | Pointer to 7B66 - 0x6F66 .text + UnwindInfo: .xdata
B1FF0 7C23 .pdata ExceptionHook | Pointer to 7C23 - 0x7023 .text + UnwindInfo: .xdata
B1FFC 7DD8 .pdata ExceptionHook | Pointer to 7DD8 - 0x71D8 .text + UnwindInfo: .xdata
B2008 7F17 .pdata ExceptionHook | Pointer to 7F17 - 0x7317 .text + UnwindInfo: .xdata
B2014 8017 .pdata ExceptionHook | Pointer to 8017 - 0x7417 .text + UnwindInfo: .xdata
B2020 8138 .pdata ExceptionHook | Pointer to 8138 - 0x7538 .text + UnwindInfo: .xdata
B202C 874C .pdata ExceptionHook | Pointer to 874C - 0x7B4C .text + UnwindInfo: .xdata
B2038 8894 .pdata ExceptionHook | Pointer to 8894 - 0x7C94 .text + UnwindInfo: .xdata
B2044 8911 .pdata ExceptionHook | Pointer to 8911 - 0x7D11 .text + UnwindInfo: .xdata
B2050 89BE .pdata ExceptionHook | Pointer to 89BE - 0x7DBE .text + UnwindInfo: .xdata
B205C 8AA0 .pdata ExceptionHook | Pointer to 8AA0 - 0x7EA0 .text + UnwindInfo: .xdata
B2068 8C5D .pdata ExceptionHook | Pointer to 8C5D - 0x805D .text + UnwindInfo: .xdata
B2074 8CAE .pdata ExceptionHook | Pointer to 8CAE - 0x80AE .text + UnwindInfo: .xdata
B2080 8DF8 .pdata ExceptionHook | Pointer to 8DF8 - 0x81F8 .text + UnwindInfo: .xdata
B208C 90FA .pdata ExceptionHook | Pointer to 90FA - 0x84FA .text + UnwindInfo: .xdata
B2098 920B .pdata ExceptionHook | Pointer to 920B - 0x860B .text + UnwindInfo: .xdata
B20A4 92FB .pdata ExceptionHook | Pointer to 92FB - 0x86FB .text + UnwindInfo: .xdata
Extra Analysis
Metric Value Percentage
Ascii Code 501394 63,6726%
Null Byte Code 116156 14,7508%
NOP Cave Found 0x9090909090 Block Count: 16 | Total: 0,0051%
© 2026 All rights reserved.