PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 4,28 KB SHA-256 Hash: B438D6D11413CAAA3883C2810028780778396083E47ECFE3264A7E3E1E9AFAE1 SHA-1 Hash: 0B516400BD46BDD172C52D8275950F82898D5947 MD5 Hash: B1238C526F7C4031D0834C8789B3B52B Imphash: D41D8CD98F00B204E9800998ECF8427E MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 471B SizeOfHeaders: 400 SizeOfImage: 19000 ImageBase: 10000000 Architecture: x86 ImportTable: 5140 IAT: 5000 Characteristics: 210E TimeDateStamp: 42A81763 Date: 09/06/2005 10:18:11 File Type: DLL Number Of Sections: 4 ASLR: Disabled Section Names: .text, .rdata, .data, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 60000020 (Code, Executable, Readable) | 400 | 3800 | 1000 | 37C4 | 2,0987 | 22039,11 |
| .rdata | 40000040 (Initialized Data, Readable) | 3C00 | 800 | 5000 | 77A | 0,0000 | N/A |
| .data | C0000040 (Initialized Data, Readable, Writeable) | 4400 | 11600 | 6000 | 11B14 | 0,0000 | N/A |
| .reloc | 42000040 (Initialized Data, GP-Relative, Readable) | 15A00 | C00 | 18000 | AF6 | 0,0000 | N/A |
| Entry Point |
| The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 3B1B |
| Signatures |
| Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Detect It Easy (die) • Entropy: 5.59659 |
| File Access |
| @.dat |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 437 | 1000629C | .text | JMP [static] | Indirect jump to absolute memory address |
| 48C | 10006260 | .text | JMP [static] | Indirect jump to absolute memory address |
| 4D6 | 1000503C | .text | CALL [static] | Indirect call to absolute memory address |
| 4E9 | 10005110 | .text | CALL [static] | Indirect call to absolute memory address |
| 4F4 | 10006024 | .text | JMP [static] | Indirect jump to absolute memory address |
| 53C | 1000508C | .text | CALL [static] | Indirect call to absolute memory address |
| 545 | 10006194 | .text | JMP [static] | Indirect jump to absolute memory address |
| 599 | 100061A8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 5C0 | 100050DC | .text | CALL [static] | Indirect call to absolute memory address |
| 5ED | 100061E4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 5FF | 1001742C | .text | JMP [static] | Indirect jump to absolute memory address |
| 620 | 100062B0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 645 | 10005058 | .text | CALL [static] | Indirect call to absolute memory address |
| 68A | 100062A4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 6E4 | 10006200 | .text | JMP [static] | Indirect jump to absolute memory address |
| 77D | 10006084 | .text | JMP [static] | Indirect jump to absolute memory address |
| 79B | 10006128 | .text | JMP [static] | Indirect jump to absolute memory address |
| 7A7 | 10005000 | .text | CALL [static] | Indirect call to absolute memory address |
| 7B6 | 10006034 | .text | JMP [static] | Indirect jump to absolute memory address |
| 7FE | 100060C0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 871 | 10017414 | .text | JMP [static] | Indirect jump to absolute memory address |
| 91A | 100060F0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 92D | 10006144 | .text | JMP [static] | Indirect jump to absolute memory address |
| 95E | 1000616C | .text | JMP [static] | Indirect jump to absolute memory address |
| 96E | 100050B0 | .text | CALL [static] | Indirect call to absolute memory address |
| 97B | 10006284 | .text | JMP [static] | Indirect jump to absolute memory address |
| 990 | 10005108 | .text | CALL [static] | Indirect call to absolute memory address |
| 9A2 | 100061EC | .text | JMP [static] | Indirect jump to absolute memory address |
| 9E3 | 10006228 | .text | JMP [static] | Indirect jump to absolute memory address |
| A1B | 10006054 | .text | JMP [static] | Indirect jump to absolute memory address |
| A71 | 100062B4 | .text | JMP [static] | Indirect jump to absolute memory address |
| A83 | 10006150 | .text | JMP [static] | Indirect jump to absolute memory address |
| ACD | 1000626C | .text | JMP [static] | Indirect jump to absolute memory address |
| AF8 | 10006290 | .text | JMP [static] | Indirect jump to absolute memory address |
| B2C | 100060C4 | .text | JMP [static] | Indirect jump to absolute memory address |
| B5F | 10006254 | .text | JMP [static] | Indirect jump to absolute memory address |
| BA8 | 100061D0 | .text | JMP [static] | Indirect jump to absolute memory address |
| BC2 | 10005080 | .text | CALL [static] | Indirect call to absolute memory address |
| BF2 | 100050EC | .text | CALL [static] | Indirect call to absolute memory address |
| C02 | 10005100 | .text | CALL [static] | Indirect call to absolute memory address |
| C53 | 1001740C | .text | JMP [static] | Indirect jump to absolute memory address |
| C67 | 10006278 | .text | JMP [static] | Indirect jump to absolute memory address |
| C8E | 10006238 | .text | JMP [static] | Indirect jump to absolute memory address |
| CE7 | 10017438 | .text | JMP [static] | Indirect jump to absolute memory address |
| D29 | 1000502C | .text | CALL [static] | Indirect call to absolute memory address |
| D43 | 1000512C | .text | CALL [static] | Indirect call to absolute memory address |
| D51 | 10017428 | .text | JMP [static] | Indirect jump to absolute memory address |
| E25 | 10017440 | .text | JMP [static] | Indirect jump to absolute memory address |
| E3A | 10006258 | .text | JMP [static] | Indirect jump to absolute memory address |
| E69 | 100062E0 | .text | JMP [static] | Indirect jump to absolute memory address |
| EA7 | 100062E4 | .text | JMP [static] | Indirect jump to absolute memory address |
| ED4 | 100062D8 | .text | JMP [static] | Indirect jump to absolute memory address |
| EE1 | 100050B0 | .text | CALL [static] | Indirect call to absolute memory address |
| EEF | 1000511C | .text | CALL [static] | Indirect call to absolute memory address |
| F33 | 10006180 | .text | JMP [static] | Indirect jump to absolute memory address |
| F48 | 100061A0 | .text | JMP [static] | Indirect jump to absolute memory address |
| F84 | 100062EC | .text | JMP [static] | Indirect jump to absolute memory address |
| FAC | 1000503C | .text | CALL [static] | Indirect call to absolute memory address |
| FB2 | 10006050 | .text | JMP [static] | Indirect jump to absolute memory address |
| FBD | 1000504C | .text | CALL [static] | Indirect call to absolute memory address |
| FF9 | 10006080 | .text | JMP [static] | Indirect jump to absolute memory address |
| 101B | 100173E4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 104B | 1000505C | .text | CALL [static] | Indirect call to absolute memory address |
| 1056 | 100050EC | .text | CALL [static] | Indirect call to absolute memory address |
| 1071 | 100060A4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 10B6 | 100060B0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 10E5 | 10017430 | .text | JMP [static] | Indirect jump to absolute memory address |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 2183 | 49,8402% |
| Null Byte Code | 1190 | 27,1689% |
© 2026 All rights reserved.