PESCAN.IO — Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Executable header (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 3,17 MB
SHA-256 Hash: 6662C86C9BCD3C29BFC6E7A90927AE73310721A4FB1B591740125E5EDD38884A
SHA-1 Hash: 660C3D1CD5B26F1C207F5E425594133C0B242A27
MD5 Hash: ACA14342324DBBB6AA0B3EACB92112A0
Imphash: 2EC075B040104E9E1BA46C562F1A411A
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00338CB6
EntryPoint (rva): 20F64C
SizeOfHeaders: 400
SizeOfImage: 330000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 2D4250
IAT: 218000
Characteristics: 22
TimeDateStamp: 69839849
Date: 04/02/2026 19:04:41
File Type: EXE
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	60000020 (Code, Executable, Readable)	400	216400	1000	2163EB	6,4214	14915839,54
.rdata	40000040 (Initialized Data, Readable)	216800	C0C00	218000	C0B58	5,7471	22576407,63
.data	C0000040 (Initialized Data, Readable, Writeable)	2D7400	BE00	2D9000	FC80	4,3216	2308983,39
.pdata	40000040 (Initialized Data, Readable)	2E3200	1A000	2E9000	19F20	6,2547	1943556,73
.rsrc	40000040 (Initialized Data, Readable)	2FD200	26000	303000	25EB0	3,5100	9528783,06
.reloc	42000040 (Initialized Data, GP-Relative, Readable)	323200	6E00	329000	6DF8	5,4483	156109,22

Description

OriginalFilename: WorldOfWarships.exe
CompanyName: Wargaming.net
LegalCopyright: Copyright 2009-2026 Wargaming.net
ProductName: WorldOfWarships
FileVersion: 1.0.0.0
FileDescription: World of Warships
ProductVersion: FileVersion
Language: Russian (Russia) (ID=0x419)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 20EA4C
Code -> 4883EC28E89B0700004883C428E97AFEFFFFCCCC4883EC284D8B4138488BCA498BD1E80D000000B8010000004883C428C3CC
• SUB RSP, 0X28
• CALL 0X17A4
• ADD RSP, 0X28
• JMP 0XE8C
• INT3
• INT3
• SUB RSP, 0X28
• MOV R8, QWORD PTR [R9 + 0X38]
• MOV RCX, RDX
• MOV RDX, R9
• CALL 0X1034
• MOV EAX, 1
• ADD RSP, 0X28
• RET
• INT3

Signatures

Rich Signature Analyzer:
Code -> 19317FF95D5011AA5D5011AA5D5011AA542882AA4B5011AA122CECAA5A5011AA122C15AB575011AA122C12AB595011AA122C10AB5B5011AA122C14AB7F5011AAE02C10AB5F5011AA493B10AB4C5011AAE02C15ABF65211AA5D5010AAD25211AAC73914AB525011AAE02C18AB7C5011AAE02CEEAA5C5011AA5D5086AA5C5011AAE02C13AB5C5011AA526963685D5011AA
Footprint md5 Hash -> D183CC1F1C41F6E32887857AAE0CD5D3
• The Rich header apparently has not been modified
Certificate - Digital Signature:
• The file is signed and the signature is correct

Packer/Compiler

Compiler: Microsoft Visual Studio
Detect It Easy (die)
• PE+(64): compiler: Microsoft Visual C/C++(-)[-]
• PE+(64): linker: Microsoft Linker(14.34**)[-]
• PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7]
• Entropy: 6.434

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	GetModuleHandleA	Retrieves a handle to the specified module.
KERNEL32.DLL	CopyFileW	Copies an existing file to a new file.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryA	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	LoadLibraryW	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	CreateToolhelp32Snapshot	Creates a snapshot of the specified processes, heaps, threads, and modules.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.
KERNEL32.DLL	SleepEx	Pauses the execution of the current thread, optionally allowing the thread to be awakened by a kernel object or upon expiration of a timeout.
Ws2_32.DLL	socket	Create a communication endpoint for networking applications.
Ws2_32.DLL	connect	Establish a connection to a specified socket.
ADVAPI32.DLL	CryptDecrypt	Performs a cryptographic operation on data in a data block.
SHELL32.DLL	ShellExecuteExA	Performs a run operation on a specific file.

Windows REG (UNICODE)

Software\Classes\.wowsreplay\shell\open\command\
Software\Classes\

File Access

WGCheck/WGCheck.exe
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
VCRUNTIME140.dll
VCRUNTIME140_1.dll
MSVCP140.dll
SHELL32.dll
USER32.dll
KERNEL32.dll
bcrypt.dll
ADVAPI32.dll
WS2_32.dll
platform64.dll
VERSION.dll
CRYPT32.dll
steam_api64.dll
Galaxy64.dll
EOSSDK-Win64-Shipping.dll
%s.dll
.dat
d.dat
@.dat
.txt
.pdf
Temp
AppData
UserProfile

File Access (UNICODE)

WorldOfWarships.exe
bin64\WorldOfWarships64.exe
bin32\WorldOfWarships32.exe
clientrunner_ui.dll
api-ms-win-core-synch-l1-2-0.dll
kernel32.dll
KERNEL32.DLL
iphlpapi.dll
clientrunner.log
currentrealm.txt
Temp

Interest's Words

rcpt to:
smtp
Encrypt
Decrypt
Encryption
PassWord
exec
attrib
start
pause
cipher
hostname
shutdown
systeminfo
certreq
ping
expand
replace
route

Interest's Words (UNICODE)

start

URLs

http://ocsp.digicert.com
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
http://crl3.digicert.com/DigiCertTrustedRootG4.crl
http://www.digicert.com/CPS0
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt
http://ocsp.sectigo.com
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
http://ocsp.usertrust.com
https://curl.se/docs/http-cookies.html
https://curl.se/docs/alt-svc.html
https://curl.se/docs/hsts.html
https://sectigo.com/CPS0

IP Addresses

127.0.0.1

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (bind)
Text	Ascii	WinAPI Sockets (listen)
Text	Ascii	WinAPI Sockets (accept)
Text	Ascii	WinAPI Sockets (connect)
Text	Ascii	WinAPI Sockets (recv)
Text	Ascii	WinAPI Sockets (send)
Text	Ascii	Registry (RegCreateKeyEx)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	Registry (RegSetValueEx)
Text	Ascii	File (CopyFile)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Unicode	Encryption (Microsoft Enhanced Cryptographic Provider v1.0)
Text	Unicode	Encryption (Microsoft Enhanced RSA and AES Cryptographic Provider)
Text	Ascii	Encryption API (CryptAcquireContext)
Text	Ascii	Encryption API (CryptDecrypt)
Text	Ascii	Encryption API (CryptReleaseContext)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Anti-Analysis VM (GetSystemInfo)
Text	Ascii	Anti-Analysis VM (CreateToolhelp32Snapshot)
Text	Ascii	Reconnaissance (FindFirstFileW)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (ReleaseSemaphore)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Execution (CreateProcessW)
Text	Ascii	Execution (ShellExecute)
Text	Ascii	Execution (CreateSemaphoreW)
Text	Ascii	Execution (CreateEventW)
Text	Ascii	Information used to authenticate a user's identity (Credential)
Text	Ascii	Information used for user authentication (Credential)
Text	Ascii	Unauthorized movement of funds or data (Transfer)
Text	Ascii	Malicious rerouting of traffic to an attacker-controlled site (Redirect)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\ICON\1\1033	303608	2E8	2FD808	2800000020000000400000000100040000000000800200000000000000000000100000000000000000000000C3790000CC8E	(... ...@....................................y....
\ICON\2\1033	3038F0	128	2FDAF0	2800000010000000200000000100040000000000C00000000000000000000000100000000000000000000000CC8D1100D19A	(....... .........................................
\ICON\3\1033	303A18	EA8	2FDC18	2800000030000000600000000100080000000000800A00000000000000000000000100000000000000000000B8610000BF70	(...0.......................................a...p
\ICON\4\1033	3048C0	8A8	2FEAC0	2800000020000000400000000100080000000000800400000000000000000000000100000000000000000000C0720000C175	(... ...@....................................r...u
\ICON\5\1033	305168	568	2FF368	2800000010000000200000000100080000000000400100000000000000000000000100000000000000000000C6800000C884	(....... ...........@.............................
\ICON\6\1033	3056D0	1C00	2FF8D0	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A86600001BC74944415478DAED9D797055559E	.PNG........IHDR.............\r.f....IDATx...ypUU.
\ICON\7\1033	3072D0	10828	3014D0	2800000080000000000100000100200000000000000801000000000000000000000000000000000000000000000000000000	(............. ...................................
\ICON\8\1033	317AF8	94A8	311CF8	2800000060000000C00000000100200000000000809400000000000000000000000000000000000000000000000000000000	(............ ...................................
\ICON\9\1033	320FA0	4228	31B1A0	2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000	(...@......... ......B............................
\ICON\10\1033	3251C8	25A8	31F3C8	2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000	(...0........ ......%............................
\ICON\11\1033	327770	10A8	321970	2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\12\1033	328818	468	322A18	2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000	(....... ..... .....@.............................
\GROUP_ICON\101\1033	328C80	AE	322E80	000001000C002020100001000400E8020000010010101000010004002801000002003030000001000800A80E000003002020	...... ....................(.....00............
\VERSION\1\1033	303340	2C4	2FD540	C40234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000	..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\1033	328D30	17D	322F30	3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779	<?xml version='1.0' encoding='UTF-8' standalone='y

Intelligent String

• 1.0.0.0
• api-ms-win-crt-filesystem-l1-1-0.dll
• api-ms-win-crt-stdio-l1-1-0.dll
• api-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-runtime-l1-1-0.dll
• WorldOfWarships.exe
• Couldn't read a file:// file
• Login denied
• Bad login part
• Bad file:// URLUnsupported number of slashes following scheme
• https://curl.se/docs/http-cookies.html
• .gif
• .jpg
• .png
• .svg
• .txt
• .htm
• .pdf
• application/pdf.xml
• %s://%sfile
• iphlpapi.dll
• Your alt-svc cache. https://curl.se/docs/alt-svc.html
• Your HSTS cache. https://curl.se/docs/hsts.html
• 127.0.0.1
• %s.%s.tmp
• D:\Source\Build\work\5980ae3da41bc8a9\library\lib\vtls\openssl.c
• LOGIN %s %s
• failed to resume file:// transfer
• file://%s%s%s
• machinelogin
• LOGIN
• compiler: cl /Z7 /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC
• value.bag
• D:\Source\Build\work\319f11c70610861d\library\precompiled_x64\lib\engines-1_1
• msSmartcardLogin
• Microsoft Smartcard Login
• [HEX DUMP]:00
• D:\Source\Build\work\319f11c70610861d\library\outx64
• D:\Source\Build\work\319f11c70610861d\library\outx64/certs
• D:\Source\Build\work\319f11c70610861d\library\outx64/cert.pem
• openssl.cnf
• d.crl
• d.ori
• do_dumpdo_tcreate
• CONF_dump_fp
• NCONF_dump_bio
• NCONF_dump_fp
• cmd not executable
• invalid cmd name
• invalid cmd number
• .cnf
• %s.dll
• KERNEL32.DLL
• D:\Source\Build\work\319f11c70610861d\library\ssl\packet_local.h
• invalid null cmd name
• unknown cmd name
• Galaxy64.dll
• kernel32.dll
• api-ms-win-core-synch-l1-2-0.dll
• res\engine_config.xml
• res\scripts_config.xml
• bin32\WorldOfWarships32.exe
• bin64\WorldOfWarships64.exe
• D:\Source\Build\SOURCE\WOWS_GIT_SPARSE\client\source\tools\clientrunner\client_runner.cpp
• Unable to Prelogin Epic Games Account
• Unable To Prelogin Epic Games Store Account
• Unable To PreLogin Epic Games Store Account
• app_type.xml
• currentrealm.txt
• preferences.xml
• WorldOfWarshipsWargaming.net
• clientrunner_ui.dll
• clientrunner.log
• D:\Source\Build\SOURCE\WOWS_GIT_SPARSE\client\source\tools\clientrunner\fs_utils.cpp
• D:\Source\Build\SOURCE\third_party\IVYCACHE\net.wargaming.third_party\wgCore\b0b5c03835dcd631ac0b8adc95b18ceab46095d7\package\wgCore\src\core\wg_types/string_builder.hpp
• -AUTH_LOGIN
• D:\Source\Build\SOURCE\WOWS_GIT_SPARSE\client\source\tools\clientrunner\main.cpp
• D:\Source\Build\SOURCE\WOWS_GIT_SPARSE\client\source\tools\clientrunner\system_utils.cpp
• WGCheck/WGCheck.exe
• D:\Source\Build\SOURCE\WOWS_GIT_SPARSE\client\source\tools\clientrunner\wgcheck.cpp
• GetWGCLoginSession
• IsLoginEnabled
• D:\Source\Build\SOURCE\WOWS_GIT_SPARSE\client\source\lib\platform\wgeos\wg_eos.cpp
• Developer login flow selected
• RefreshToken login flow selected
• D:\Source\Build\SOURCE\WOWS_GIT_SPARSE\client\source\lib\platform\wggog\wg_gog.cpp
• D:\Source\Build\SOURCE\third_party\IVYCACHE\net.wargaming.third_party\wgCore\b0b5c03835dcd631ac0b8adc95b18ceab46095d7\package\wgCore\src\core\wg_argparser\argparser.cpp
• D:\Source\Build\SOURCE\WOWS_GIT_SPARSE\client\game\bin\tools\clientrunner\WorldOfWarships.pdb
• .tls
• .bss
• EOS_Platform_CheckForLauncherAndRestartmEOS_Auth_Login
• platform64.dll
• WS2_32.dll
• MSVCP140.dll
• VCRUNTIME140.dll
• api-ms-win-crt-math-l1-1-0.dll
• api-ms-win-crt-time-l1-1-0.dll
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-convert-l1-1-0.dll
• api-ms-win-crt-utility-l1-1-0.dll
• api-ms-win-crt-environment-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll
• Wargaming.net
• 2009-2026 Wargaming.net

Flow Anomalies

Offset	RVA	Section	Description
656	N/A	.text	CALL QWORD PTR [RIP+0x217A5C]
65D	N/A	.text	CALL QWORD PTR [RIP+0x2179D5]
7FB	N/A	.text	CALL QWORD PTR [RIP+0x2178B7]
802	N/A	.text	CALL QWORD PTR [RIP+0x217830]
AD6	N/A	.text	CALL QWORD PTR [RIP+0x2175DC]
ADD	N/A	.text	CALL QWORD PTR [RIP+0x217555]
C7B	N/A	.text	CALL QWORD PTR [RIP+0x217437]
C82	N/A	.text	CALL QWORD PTR [RIP+0x2173B0]
EA6	N/A	.text	CALL QWORD PTR [RIP+0x21720C]
EAD	N/A	.text	CALL QWORD PTR [RIP+0x217185]
104B	N/A	.text	CALL QWORD PTR [RIP+0x217067]
1052	N/A	.text	CALL QWORD PTR [RIP+0x216FE0]
1276	N/A	.text	CALL QWORD PTR [RIP+0x216E3C]
127D	N/A	.text	CALL QWORD PTR [RIP+0x216DB5]
141B	N/A	.text	CALL QWORD PTR [RIP+0x216C97]
1422	N/A	.text	CALL QWORD PTR [RIP+0x216C10]
1621	N/A	.text	CALL QWORD PTR [RIP+0x216A91]
1628	N/A	.text	CALL QWORD PTR [RIP+0x216A0A]
1670	N/A	.text	CALL QWORD PTR [RIP+0x216A42]
1677	N/A	.text	CALL QWORD PTR [RIP+0x2169BB]
17AD	N/A	.text	CALL QWORD PTR [RIP+0x21665D]
17BB	N/A	.text	CALL QWORD PTR [RIP+0x216877]
17F4	N/A	.text	CALL QWORD PTR [RIP+0x21660E]
19F3	N/A	.text	CALL QWORD PTR [RIP+0x2166BF]
19FA	N/A	.text	CALL QWORD PTR [RIP+0x216638]
1A5B	N/A	.text	CALL QWORD PTR [RIP+0x2163A7]
1A98	N/A	.text	CALL QWORD PTR [RIP+0x21661A]
1A9F	N/A	.text	CALL QWORD PTR [RIP+0x216593]
1B5E	N/A	.text	CALL QWORD PTR [RIP+0x216554]
1B65	N/A	.text	CALL QWORD PTR [RIP+0x2164CD]
1B9F	N/A	.text	JMP QWORD PTR [RIP+0x21626B]
1C18	N/A	.text	CALL QWORD PTR [RIP+0x2161EA]
1C78	N/A	.text	CALL QWORD PTR [RIP+0x21618A]
1CCC	N/A	.text	CALL QWORD PTR [RIP+0x215C8E]
1CFE	N/A	.text	CALL QWORD PTR [RIP+0x216334]
1E83	N/A	.text	CALL QWORD PTR [RIP+0x215AE7]
207D	N/A	.text	CALL QWORD PTR [RIP+0x215FB5]
20B6	N/A	.text	CALL QWORD PTR [RIP+0x215FFC]
20BD	N/A	.text	CALL QWORD PTR [RIP+0x215F75]
2174	N/A	.text	CALL QWORD PTR [RIP+0x215C8E]
284A	N/A	.text	CALL QWORD PTR [RIP+0x2157E8]
2867	N/A	.text	CALL QWORD PTR [RIP+0x21584B]
29F6	N/A	.text	CALL QWORD PTR [RIP+0x2156BC]
29FD	N/A	.text	CALL QWORD PTR [RIP+0x215635]
2C9B	N/A	.text	CALL QWORD PTR [RIP+0x215417]
2CA2	N/A	.text	CALL QWORD PTR [RIP+0x215390]
2CE5	N/A	.text	CALL QWORD PTR [RIP+0x2153CD]
2CEC	N/A	.text	CALL QWORD PTR [RIP+0x215346]
2D68	N/A	.text	CALL QWORD PTR [RIP+0x2152CA]
2DB9	N/A	.text	CALL QWORD PTR [RIP+0x215279]
2E01	N/A	.text	CALL QWORD PTR [RIP+0x215231]
2E25	N/A	.text	CALL QWORD PTR [RIP+0x214FE5]
2E34	N/A	.text	CALL QWORD PTR [RIP+0x2151FE]
2E4D	N/A	.text	CALL QWORD PTR [RIP+0x215265]
2EA1	N/A	.text	CALL QWORD PTR [RIP+0x215191]
2EF2	N/A	.text	CALL QWORD PTR [RIP+0x215140]
2F3A	N/A	.text	CALL QWORD PTR [RIP+0x2150F8]
2F69	N/A	.text	JMP QWORD PTR [RIP+0x214EA1]
2F6F	N/A	.text	CALL QWORD PTR [RIP+0x215143]
3016	N/A	.text	CALL QWORD PTR [RIP+0x214DEC]
33A9	N/A	.text	CALL QWORD PTR [RIP+0x214D09]
33B0	N/A	.text	CALL QWORD PTR [RIP+0x214C82]
35EE	N/A	.text	CALL QWORD PTR [RIP+0x214AC4]
35F5	N/A	.text	CALL QWORD PTR [RIP+0x214A3D]
36AB	N/A	.text	CALL QWORD PTR [RIP+0x214987]
3702	N/A	.text	CALL QWORD PTR [RIP+0x2149B0]
374B	N/A	.text	CALL QWORD PTR [RIP+0x2148E7]
3769	N/A	.text	CALL QWORD PTR [RIP+0x214949]
37C6	N/A	.text	CALL QWORD PTR [RIP+0x214864]
37D4	N/A	.text	CALL QWORD PTR [RIP+0x214176]
37EA	N/A	.text	CALL QWORD PTR [RIP+0x214840]
38A9	N/A	.text	CALL QWORD PTR [RIP+0x214809]
38B0	N/A	.text	CALL QWORD PTR [RIP+0x214782]
3A70	N/A	.text	CALL QWORD PTR [RIP+0x2145BA]
3ABA	N/A	.text	CALL QWORD PTR [RIP+0x214578]
3AF7	N/A	.text	CALL QWORD PTR [RIP+0x21453B]
3B61	N/A	.text	CALL QWORD PTR [RIP+0x2144D1]
3BA9	N/A	.text	CALL QWORD PTR [RIP+0x214489]
3C21	N/A	.text	CALL QWORD PTR [RIP+0x214409]
3C77	N/A	.text	CALL QWORD PTR [RIP+0x2143BB]
3CA6	N/A	.text	CALL QWORD PTR [RIP+0x21438C]
3D14	N/A	.text	CALL QWORD PTR [RIP+0x21431E]
423F	N/A	.text	CALL QWORD PTR [RIP+0x213DF3]
4288	N/A	.text	CALL QWORD PTR [RIP+0x213DAA]
42B5	N/A	.text	CALL QWORD PTR [RIP+0x213DFD]
42BC	N/A	.text	CALL QWORD PTR [RIP+0x213DF6]
44CB	N/A	.text	CALL QWORD PTR [RIP+0x213BE7]
44D2	N/A	.text	CALL QWORD PTR [RIP+0x213B60]
451C	N/A	.text	CALL QWORD PTR [RIP+0x213B96]
4523	N/A	.text	CALL QWORD PTR [RIP+0x213B0F]
478E	N/A	.text	CALL QWORD PTR [RIP+0x2138A4]
4800	N/A	.text	CALL QWORD PTR [RIP+0x2138B2]
4838	N/A	.text	CALL QWORD PTR [RIP+0x2137FA]
48BE	N/A	.text	CALL QWORD PTR [RIP+0x213774]
4978	N/A	.text	CALL QWORD PTR [RIP+0x2136BA]
4BC0	N/A	.text	CALL QWORD PTR [RIP+0x213472]
4BE0	N/A	.text	CALL QWORD PTR [RIP+0x2134D2]
4BFB	N/A	.text	CALL QWORD PTR [RIP+0x212D67]
4C45	N/A	.text	CALL QWORD PTR [RIP+0x2133ED]
4C64	N/A	.text	CALL QWORD PTR [RIP+0x21344E]
2E3200	1000	.pdata	ExceptionHook \| Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata
2E320C	1030	.pdata	ExceptionHook \| Pointer to 1030 - 0x430 .text + UnwindInfo: .rdata
2E3218	1060	.pdata	ExceptionHook \| Pointer to 1060 - 0x460 .text + UnwindInfo: .rdata
2E3224	1090	.pdata	ExceptionHook \| Pointer to 1090 - 0x490 .text + UnwindInfo: .rdata
2E3230	10C0	.pdata	ExceptionHook \| Pointer to 10C0 - 0x4C0 .text + UnwindInfo: .rdata
2E323C	1100	.pdata	ExceptionHook \| Pointer to 1100 - 0x500 .text + UnwindInfo: .rdata
2E3248	12A0	.pdata	ExceptionHook \| Pointer to 12A0 - 0x6A0 .text + UnwindInfo: .rdata
2E3254	1450	.pdata	ExceptionHook \| Pointer to 1450 - 0x850 .text + UnwindInfo: .rdata
2E3260	14C0	.pdata	ExceptionHook \| Pointer to 14C0 - 0x8C0 .text + UnwindInfo: .rdata
2E326C	1520	.pdata	ExceptionHook \| Pointer to 1520 - 0x920 .text + UnwindInfo: .rdata
2E3278	1580	.pdata	ExceptionHook \| Pointer to 1580 - 0x980 .text + UnwindInfo: .rdata
2E3284	1720	.pdata	ExceptionHook \| Pointer to 1720 - 0xB20 .text + UnwindInfo: .rdata
2E3290	18D0	.pdata	ExceptionHook \| Pointer to 18D0 - 0xCD0 .text + UnwindInfo: .rdata
2E329C	1950	.pdata	ExceptionHook \| Pointer to 1950 - 0xD50 .text + UnwindInfo: .rdata
2E32A8	1AF0	.pdata	ExceptionHook \| Pointer to 1AF0 - 0xEF0 .text + UnwindInfo: .rdata
2E32B4	1CA0	.pdata	ExceptionHook \| Pointer to 1CA0 - 0x10A0 .text + UnwindInfo: .rdata
2E32C0	1D20	.pdata	ExceptionHook \| Pointer to 1D20 - 0x1120 .text + UnwindInfo: .rdata
2E32CC	1EC0	.pdata	ExceptionHook \| Pointer to 1EC0 - 0x12C0 .text + UnwindInfo: .rdata
2E32D8	2070	.pdata	ExceptionHook \| Pointer to 2070 - 0x1470 .text + UnwindInfo: .rdata
2E32E4	22D0	.pdata	ExceptionHook \| Pointer to 22D0 - 0x16D0 .text + UnwindInfo: .rdata
2E32F0	2330	.pdata	ExceptionHook \| Pointer to 2330 - 0x1730 .text + UnwindInfo: .rdata
2E32FC	2390	.pdata	ExceptionHook \| Pointer to 2390 - 0x1790 .text + UnwindInfo: .rdata
2E3308	23D0	.pdata	ExceptionHook \| Pointer to 23D0 - 0x17D0 .text + UnwindInfo: .rdata
2E3314	2420	.pdata	ExceptionHook \| Pointer to 2420 - 0x1820 .text + UnwindInfo: .rdata
2E3320	24A0	.pdata	ExceptionHook \| Pointer to 24A0 - 0x18A0 .text + UnwindInfo: .rdata
2E332C	26E0	.pdata	ExceptionHook \| Pointer to 26E0 - 0x1AE0 .text + UnwindInfo: .rdata
2E3338	27B0	.pdata	ExceptionHook \| Pointer to 27B0 - 0x1BB0 .text + UnwindInfo: .rdata
2E3344	27F0	.pdata	ExceptionHook \| Pointer to 27F0 - 0x1BF0 .text + UnwindInfo: .rdata
2E3350	2850	.pdata	ExceptionHook \| Pointer to 2850 - 0x1C50 .text + UnwindInfo: .rdata
2E335C	28C0	.pdata	ExceptionHook \| Pointer to 28C0 - 0x1CC0 .text + UnwindInfo: .rdata
2E3368	28F0	.pdata	ExceptionHook \| Pointer to 28F0 - 0x1CF0 .text + UnwindInfo: .rdata
2E3374	2920	.pdata	ExceptionHook \| Pointer to 2920 - 0x1D20 .text + UnwindInfo: .rdata
2E3380	2A50	.pdata	ExceptionHook \| Pointer to 2A50 - 0x1E50 .text + UnwindInfo: .rdata
2E338C	2AD0	.pdata	ExceptionHook \| Pointer to 2AD0 - 0x1ED0 .text + UnwindInfo: .rdata
2E3398	2B00	.pdata	ExceptionHook \| Pointer to 2B00 - 0x1F00 .text + UnwindInfo: .rdata
2E33A4	2D00	.pdata	ExceptionHook \| Pointer to 2D00 - 0x2100 .text + UnwindInfo: .rdata
2E33B0	2D50	.pdata	ExceptionHook \| Pointer to 2D50 - 0x2150 .text + UnwindInfo: .rdata
2E33BC	2DB0	.pdata	ExceptionHook \| Pointer to 2DB0 - 0x21B0 .text + UnwindInfo: .rdata
2E33C8	2DF0	.pdata	ExceptionHook \| Pointer to 2DF0 - 0x21F0 .text + UnwindInfo: .rdata
2E33D4	3080	.pdata	ExceptionHook \| Pointer to 3080 - 0x2480 .text + UnwindInfo: .rdata
2E33E0	33C0	.pdata	ExceptionHook \| Pointer to 33C0 - 0x27C0 .text + UnwindInfo: .rdata
2E33EC	3410	.pdata	ExceptionHook \| Pointer to 3410 - 0x2810 .text + UnwindInfo: .rdata
2E33F8	3470	.pdata	ExceptionHook \| Pointer to 3470 - 0x2870 .text + UnwindInfo: .rdata
2E3404	34F0	.pdata	ExceptionHook \| Pointer to 34F0 - 0x28F0 .text + UnwindInfo: .rdata
2E3410	3620	.pdata	ExceptionHook \| Pointer to 3620 - 0x2A20 .text + UnwindInfo: .rdata
2E341C	3700	.pdata	ExceptionHook \| Pointer to 3700 - 0x2B00 .text + UnwindInfo: .rdata
2E3428	3920	.pdata	ExceptionHook \| Pointer to 3920 - 0x2D20 .text + UnwindInfo: .rdata
2E3434	3A60	.pdata	ExceptionHook \| Pointer to 3A60 - 0x2E60 .text + UnwindInfo: .rdata
2E3440	3B80	.pdata	ExceptionHook \| Pointer to 3B80 - 0x2F80 .text + UnwindInfo: .rdata
2E344C	3BE0	.pdata	ExceptionHook \| Pointer to 3BE0 - 0x2FE0 .text + UnwindInfo: .rdata
2E3458	3D20	.pdata	ExceptionHook \| Pointer to 3D20 - 0x3120 .text + UnwindInfo: .rdata
2E3464	3D80	.pdata	ExceptionHook \| Pointer to 3D80 - 0x3180 .text + UnwindInfo: .rdata
2E3470	3DF0	.pdata	ExceptionHook \| Pointer to 3DF0 - 0x31F0 .text + UnwindInfo: .rdata
2E347C	3ED0	.pdata	ExceptionHook \| Pointer to 3ED0 - 0x32D0 .text + UnwindInfo: .rdata
2E3488	4090	.pdata	ExceptionHook \| Pointer to 4090 - 0x3490 .text + UnwindInfo: .rdata
2E3494	4220	.pdata	ExceptionHook \| Pointer to 4220 - 0x3620 .text + UnwindInfo: .rdata
2E34A0	4310	.pdata	ExceptionHook \| Pointer to 4310 - 0x3710 .text + UnwindInfo: .rdata
2E34AC	4370	.pdata	ExceptionHook \| Pointer to 4370 - 0x3770 .text + UnwindInfo: .rdata
2E34B8	4550	.pdata	ExceptionHook \| Pointer to 4550 - 0x3950 .text + UnwindInfo: .rdata
2E34C4	455F	.pdata	ExceptionHook \| Pointer to 455F - 0x395F .text + UnwindInfo: .rdata
2E34D0	4595	.pdata	ExceptionHook \| Pointer to 4595 - 0x3995 .text + UnwindInfo: .rdata
2E34DC	45A0	.pdata	ExceptionHook \| Pointer to 45A0 - 0x39A0 .text + UnwindInfo: .rdata
2E34E8	45BF	.pdata	ExceptionHook \| Pointer to 45BF - 0x39BF .text + UnwindInfo: .rdata
2E34F4	4603	.pdata	ExceptionHook \| Pointer to 4603 - 0x3A03 .text + UnwindInfo: .rdata
2E3500	4620	.pdata	ExceptionHook \| Pointer to 4620 - 0x3A20 .text + UnwindInfo: .rdata
2E350C	466B	.pdata	ExceptionHook \| Pointer to 466B - 0x3A6B .text + UnwindInfo: .rdata
2E3518	4699	.pdata	ExceptionHook \| Pointer to 4699 - 0x3A99 .text + UnwindInfo: .rdata
2E3524	46CE	.pdata	ExceptionHook \| Pointer to 46CE - 0x3ACE .text + UnwindInfo: .rdata
2E3530	470E	.pdata	ExceptionHook \| Pointer to 470E - 0x3B0E .text + UnwindInfo: .rdata
2E353C	477A	.pdata	ExceptionHook \| Pointer to 477A - 0x3B7A .text + UnwindInfo: .rdata
2E3548	47D0	.pdata	ExceptionHook \| Pointer to 47D0 - 0x3BD0 .text + UnwindInfo: .rdata
2E3554	481C	.pdata	ExceptionHook \| Pointer to 481C - 0x3C1C .text + UnwindInfo: .rdata
2E3560	4882	.pdata	ExceptionHook \| Pointer to 4882 - 0x3C82 .text + UnwindInfo: .rdata
2E356C	491F	.pdata	ExceptionHook \| Pointer to 491F - 0x3D1F .text + UnwindInfo: .rdata
2E3578	4924	.pdata	ExceptionHook \| Pointer to 4924 - 0x3D24 .text + UnwindInfo: .rdata
2E3584	4950	.pdata	ExceptionHook \| Pointer to 4950 - 0x3D50 .text + UnwindInfo: .rdata
2E3590	5280	.pdata	ExceptionHook \| Pointer to 5280 - 0x4680 .text + UnwindInfo: .rdata
2E359C	5420	.pdata	ExceptionHook \| Pointer to 5420 - 0x4820 .text + UnwindInfo: .rdata
2E35A8	5450	.pdata	ExceptionHook \| Pointer to 5450 - 0x4850 .text + UnwindInfo: .rdata
2E35B4	5456	.pdata	ExceptionHook \| Pointer to 5456 - 0x4856 .text + UnwindInfo: .rdata
2E35C0	5478	.pdata	ExceptionHook \| Pointer to 5478 - 0x4878 .text + UnwindInfo: .rdata
2E35CC	54A1	.pdata	ExceptionHook \| Pointer to 54A1 - 0x48A1 .text + UnwindInfo: .rdata
2E35D8	54BB	.pdata	ExceptionHook \| Pointer to 54BB - 0x48BB .text + UnwindInfo: .rdata
2E35E4	54D0	.pdata	ExceptionHook \| Pointer to 54D0 - 0x48D0 .text + UnwindInfo: .rdata
2E35F0	54D6	.pdata	ExceptionHook \| Pointer to 54D6 - 0x48D6 .text + UnwindInfo: .rdata
2E35FC	54F8	.pdata	ExceptionHook \| Pointer to 54F8 - 0x48F8 .text + UnwindInfo: .rdata
2E3608	555B	.pdata	ExceptionHook \| Pointer to 555B - 0x495B .text + UnwindInfo: .rdata
2E3614	5575	.pdata	ExceptionHook \| Pointer to 5575 - 0x4975 .text + UnwindInfo: .rdata
2E3620	5590	.pdata	ExceptionHook \| Pointer to 5590 - 0x4990 .text + UnwindInfo: .rdata
2E362C	55A8	.pdata	ExceptionHook \| Pointer to 55A8 - 0x49A8 .text + UnwindInfo: .rdata
2E3638	566F	.pdata	ExceptionHook \| Pointer to 566F - 0x4A6F .text + UnwindInfo: .rdata
2E3644	5670	.pdata	ExceptionHook \| Pointer to 5670 - 0x4A70 .text + UnwindInfo: .rdata
2E3650	5739	.pdata	ExceptionHook \| Pointer to 5739 - 0x4B39 .text + UnwindInfo: .rdata
2E365C	5787	.pdata	ExceptionHook \| Pointer to 5787 - 0x4B87 .text + UnwindInfo: .rdata
2E3668	57F0	.pdata	ExceptionHook \| Pointer to 57F0 - 0x4BF0 .text + UnwindInfo: .rdata
2E3674	5810	.pdata	ExceptionHook \| Pointer to 5810 - 0x4C10 .text + UnwindInfo: .rdata
2E3680	5870	.pdata	ExceptionHook \| Pointer to 5870 - 0x4C70 .text + UnwindInfo: .rdata
2E368C	5970	.pdata	ExceptionHook \| Pointer to 5970 - 0x4D70 .text + UnwindInfo: .rdata
2E3698	5EF0	.pdata	ExceptionHook \| Pointer to 5EF0 - 0x52F0 .text + UnwindInfo: .rdata
2E36A4	5F90	.pdata	ExceptionHook \| Pointer to 5F90 - 0x5390 .text + UnwindInfo: .rdata
32A000	N/A	Overlay	F82A00000002020030822AEA06092A864886F70D \| .......0....*.H...

Extra Analysis

Metric	Value	Percentage
Ascii Code	1938427	58,2327%
Null Byte Code	614026	18,4461%

PESCAN.IO - Analysis Report Basic