PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 471,12 KB
SHA-256 Hash: 3BBFA917D2120572A5708BCD0F13962952696F690F4E927A8DE89E86F76D01E8
SHA-1 Hash: 1275C3406D9EBC49DF06C885CE061D7239E01BF5
MD5 Hash: B38BB53048BB6B0F7E971E75860190A6
Imphash: 8E8D05059E9701B9DB03C54BCF71E33D
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 0007F2A3
EntryPoint (rva): 10F6
SizeOfHeaders: 600
SizeOfImage: 5E000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 4D000
IAT: 4D5C0
Characteristics: 26
TimeDateStamp: 69DA3180
Date: 11/04/2026 11:33:20
File Type: DLL
Number Of Sections: 21
ASLR: Disabled
Section Names (Optional Header): .text, .data, .rdata, /4, .pdata, .xdata, .bss, .idata, .CRT, .tls, .rsrc, .reloc, /14, /29, /41, /55, /67, /80, /91, /107, /123
Number Of Executable Sections: 1
Subsystem: Windows GUI
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text
0x60000060
Code
Initialized Data
Executable
Readable
 600 35200 1000 351A8
6.2143
1698828.18
.data
0xC0000040
Initialized Data
Readable
Writeable
 35800 C00 37000 B70
1.8753
476306
.rdata
0x40000040
Initialized Data
Readable
 36400 9A00 38000 99A0
5.9528
939490.77
/4
0xC0000040
Initialized Data
Readable
Writeable
 3FE00 200 42000 4
0
130560
.pdata
0x40000040
Initialized Data
Readable
 40000 3400 43000 3354
5.5887
397036.65
.xdata
0x40000040
Initialized Data
Readable
 43400 3200 47000 3040
4.1954
290913.6
.bss
0xC0000080
Uninitialized Data
Readable
Writeable
 0 0 4B000 1150
N/A
N/A
.idata
0xC0000040
Initialized Data
Readable
Writeable
 46600 1800 4D000 1678
4.3174
300772.67
.CRT
0xC0000040
Initialized Data
Readable
Writeable
 47E00 200 4F000 68
0.4027
119092
.tls
0xC0000040
Initialized Data
Readable
Writeable
 48000 200 50000 10
0
130560
.rsrc
0x40000040
Initialized Data
Readable
 48200 400 51000 228
3.4104
76438
.reloc
0x42000040
Initialized Data
GP-Relative
Readable
 48600 400 52000 3D0
5.2422
8335
/14
0x42000040
Initialized Data
GP-Relative
Readable
 48A00 200 53000 90
0.5714
115208
/29
0x42000040
Initialized Data
GP-Relative
Readable
 48C00 2C00 54000 2B48
5.5661
114107.73
/41
0x42000040
Initialized Data
GP-Relative
Readable
 4B800 600 57000 442
3.985
71579.67
/55
0x42000040
Initialized Data
GP-Relative
Readable
 4BE00 600 58000 477
3.9605
60652.67
/67
0x42000040
Initialized Data
GP-Relative
Readable
 4C400 200 59000 190
3.3743
38604
/80
0x42000040
Initialized Data
GP-Relative
Readable
 4C600 200 5A000 89
2.0818
72060
/91
0x42000040
Initialized Data
GP-Relative
Readable
 4C800 400 5B000 300
4.202
26111
/107
0x42000040
Initialized Data
GP-Relative
Readable
 4CC00 400 5C000 3B1
4.1934
40021.5
/123
0x42000040
Initialized Data
GP-Relative
Readable
 4D000 200 5D000 AA
1.7333
79514
Binder/Joiner/Crypter
Dropper code detected (EOF) - 95,12 KB
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 6F6
Code -> 554889E54883EC30C745FCFF000000488B0594F30300C70001000000E83D0000008945FC90908B45FC4883C4305DC3554889
Assembler
|PUSH RBP
|MOV RBP, RSP
|SUB RSP, 0X30
|MOV DWORD PTR [RBP - 4], 0XFF
|MOV RAX, QWORD PTR [RIP + 0X3F394]
|MOV DWORD PTR [RAX], 1
|CALL 0X105E
|MOV DWORD PTR [RBP - 4], EAX
|NOP
|NOP
|MOV EAX, DWORD PTR [RBP - 4]
|ADD RSP, 0X30
|POP RBP
|RET
|PUSH RBP
Signatures
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Detect It Easy (die)
PE+(64): compiler: Nim(-)[-]
Entropy: 6.05365
Suspicious Functions
Library Function Description
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
Ws2_32.DLL socket Create a communication endpoint for networking applications.
Ws2_32.DLL connect Establish a connection to a specified socket.
File Access
@cmd.exe
USER32.dll
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-private-l1-1-0.dll
api-ms-win-crt-multibyte-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
KERNEL32.dll
@Ws2_32.dll
libgcc_s_dw2-1.dll
@melt.bat
.dat
t.dat
Temp
Interest's Words
Melt.bat
exec
start
whoami
ping
expand
replace
URLs
http://192.168.1.6:8080/api/v4/report
http://192.168.1.6:8080/api/v4/checkin
IP Addresses
192.168.1.6
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Unicode escape - \u00 - (Common Unicode escape sequences)
Text Ascii WinAPI Sockets (accept)
Text Ascii WinAPI Sockets (connect)
Text Ascii WinAPI Sockets (recv)
Text Ascii WinAPI Sockets (send)
Text Ascii File (CreateFile)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Text Ascii Reconnaissance (FindFirstFileW)
Text Ascii Reconnaissance (FindClose)
Text Ascii Stealth (GetThreadContext)
Text Ascii Stealth (SetThreadContext)
Text Ascii Stealth (ReleaseSemaphore)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Execution (CreateProcessW)
Text Ascii Execution (ResumeThread)
Text Ascii Execution (CreateSemaphoreA)
Text Ascii Execution (CreateEventA)
Text Ascii Malicious code executed after exploiting a vulnerability (Payload)
Text Ascii Unauthorized movement of funds or data (Transfer)
Resources
Path DataRVA Size FileOffset CodeText
\24\1\1033 51058 1CA 48258 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279<?xml version="1.0" encoding="UTF-8" standalone="y
Intelligent String
• .bss
• .tls
• @.bss
• .CRT
• @Ws2_32.dll
• @\u00
• @\u000
• @\u000b
• @\\.\pipe\stdin
• @\\.\pipe\stdout
• http://192.168.1.6:8080/api/v4/report
• @cmd.exe
• @melt.bat
• http://192.168.1.6:8080/api/v4/checkin
• KERNEL32.dll
• api-ms-win-crt-convert-l1-1-0.dll
• api-ms-win-crt-environment-l1-1-0.dll
• api-ms-win-crt-filesystem-l1-1-0.dll
• api-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll
• api-ms-win-crt-math-l1-1-0.dll
• api-ms-win-crt-private-l1-1-0.dll
• api-ms-win-crt-runtime-l1-1-0.dll
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-time-l1-1-0.dll
• USER32.dll
• R:\winlibs_staging_ucrt64\gcc-14.2.0\build_mingw\x86_64-w64-mingw32\libgccGNU AS 2.43__mutexsize
• @pstrutils.nim
• @phttpcore.nim
Flow Anomalies
Offset RVA Section Description
BF7 N/A .text CALL QWORD PTR [RIP+0x4C02B]
C08 N/A .text CALL QWORD PTR [RIP+0x4C072]
CBF N/A .text JMP QWORD PTR [RIP+0x4BF2B]
2761 N/A .text CALL QWORD PTR [RIP+0x47F59]
27D4 N/A .text CALL QWORD PTR [RIP+0x4A796]
2968 N/A .text CALL QWORD PTR [RIP+0x4A5DA]
2992 N/A .text CALL QWORD PTR [RIP+0x4A5B8]
2B8C N/A .text JMP QWORD PTR [RIP+0x4A3CE]
2BAF N/A .text CALL QWORD PTR [RIP+0x4A38B]
2BC2 N/A .text CALL QWORD PTR [RIP+0x4A378]
2C03 N/A .text CALL QWORD PTR [RIP+0x4A337]
2C24 N/A .text JMP QWORD PTR [RIP+0x4A32E]
2CFC N/A .text CALL QWORD PTR [RIP+0x479B6]
2D2D N/A .text CALL QWORD PTR [RIP+0x4797D]
2D61 N/A .text CALL QWORD PTR [RIP+0x47941]
2DA1 N/A .text CALL QWORD PTR [RIP+0x478F9]
30A1 N/A .text CALL QWORD PTR [RIP+0x49E01]
30AC N/A .text CALL QWORD PTR [RIP+0x49DF6]
3720 N/A .text JMP QWORD PTR [RIP+0x494B2]
374D N/A .text CALL QWORD PTR [RIP+0x497B5]
37AC N/A .text CALL QWORD PTR [RIP+0x49756]
37E1 N/A .text CALL QWORD PTR [RIP+0x49541]
380A N/A .text JMP QWORD PTR [RIP+0x49518]
39F4 N/A .text CALL QWORD PTR [RIP+0x4932E]
3EFD N/A .text CALL QWORD PTR [RIP+0x48E2D]
5EEB N/A .text JMP QWORD PTR [RIP+0x4714F]
5F21 N/A .text CALL QWORD PTR [RIP+0x447E9]
6188 N/A .text CALL QWORD PTR [RIP+0x4457A]
62F4 N/A .text JMP QWORD PTR [RIP+0x46986]
634E N/A .text CALL QWORD PTR [RIP+0x468CC]
63F5 N/A .text CALL QWORD PTR [RIP+0x46C45]
69A8 N/A .text CALL QWORD PTR [RIP+0x4623A]
69FC N/A .text JMP QWORD PTR [RIP+0x46276]
7F4C N/A .text CALL QWORD PTR [RIP+0x44D16]
AACB N/A .text CALL QWORD PTR [RIP+0x3FC87]
AB4E N/A .text CALL QWORD PTR [RIP+0x3FC04]
BD69 N/A .text JMP QWORD PTR [RIP+0x40F11]
BD70 N/A .text JMP QWORD PTR [RIP+0x40EBA]
BDAC N/A .text CALL QWORD PTR [RIP+0x3EAB6]
CAA8 N/A .text CALL QWORD PTR [RIP+0x402DA]
D820 N/A .text CALL QWORD PTR [RIP+0x3D282]
D832 N/A .text CALL QWORD PTR [RIP+0x3D268]
11F2A N/A .text CALL QWORD PTR [RIP+0x3AD38]
29A60 N/A .text JMP QWORD PTR [RIP+0x235B2]
29A68 N/A .text JMP QWORD PTR [RIP+0x235B2]
29A70 N/A .text JMP QWORD PTR [RIP+0x235B2]
29A80 N/A .text JMP QWORD PTR [RIP+0x2356A]
29A88 N/A .text JMP QWORD PTR [RIP+0x2356A]
29A90 N/A .text JMP QWORD PTR [RIP+0x2356A]
29A98 N/A .text JMP QWORD PTR [RIP+0x2356A]
29AA0 N/A .text JMP QWORD PTR [RIP+0x23462]
29AA8 N/A .text JMP QWORD PTR [RIP+0x23462]
29AB0 N/A .text JMP QWORD PTR [RIP+0x23462]
29AB8 N/A .text JMP QWORD PTR [RIP+0x23462]
29AC0 N/A .text JMP QWORD PTR [RIP+0x23462]
29AC8 N/A .text JMP QWORD PTR [RIP+0x23472]
29AD0 N/A .text JMP QWORD PTR [RIP+0x23472]
29AD8 N/A .text JMP QWORD PTR [RIP+0x23472]
29AE0 N/A .text JMP QWORD PTR [RIP+0x23472]
29AE8 N/A .text JMP QWORD PTR [RIP+0x23472]
29AF0 N/A .text JMP QWORD PTR [RIP+0x23472]
29AF8 N/A .text JMP QWORD PTR [RIP+0x23472]
29B00 N/A .text JMP QWORD PTR [RIP+0x23472]
29B08 N/A .text JMP QWORD PTR [RIP+0x23472]
29B10 N/A .text JMP QWORD PTR [RIP+0x23472]
29B18 N/A .text JMP QWORD PTR [RIP+0x23472]
29B20 N/A .text JMP QWORD PTR [RIP+0x23472]
29B28 N/A .text JMP QWORD PTR [RIP+0x23472]
29B30 N/A .text JMP QWORD PTR [RIP+0x2347A]
29B38 N/A .text JMP QWORD PTR [RIP+0x2347A]
29B40 N/A .text JMP QWORD PTR [RIP+0x2347A]
29B48 N/A .text JMP QWORD PTR [RIP+0x23482]
29B50 N/A .text JMP QWORD PTR [RIP+0x23482]
29B60 N/A .text JMP QWORD PTR [RIP+0x232EA]
29B68 N/A .text JMP QWORD PTR [RIP+0x232EA]
29B70 N/A .text JMP QWORD PTR [RIP+0x232EA]
29B78 N/A .text JMP QWORD PTR [RIP+0x232EA]
29B80 N/A .text JMP QWORD PTR [RIP+0x232F2]
29B88 N/A .text JMP QWORD PTR [RIP+0x232F2]
29B90 N/A .text JMP QWORD PTR [RIP+0x232F2]
29B98 N/A .text JMP QWORD PTR [RIP+0x232F2]
29BA0 N/A .text JMP QWORD PTR [RIP+0x232F2]
29BA8 N/A .text JMP QWORD PTR [RIP+0x232FA]
29BB0 N/A .text JMP QWORD PTR [RIP+0x232FA]
29BB8 N/A .text JMP QWORD PTR [RIP+0x232FA]
29BC0 N/A .text JMP QWORD PTR [RIP+0x232FA]
29BC8 N/A .text JMP QWORD PTR [RIP+0x232FA]
29BD0 N/A .text JMP QWORD PTR [RIP+0x232FA]
29BD8 N/A .text JMP QWORD PTR [RIP+0x232FA]
29BE0 N/A .text JMP QWORD PTR [RIP+0x232FA]
29BE8 N/A .text JMP QWORD PTR [RIP+0x232FA]
29BF0 N/A .text JMP QWORD PTR [RIP+0x232FA]
29BF8 N/A .text JMP QWORD PTR [RIP+0x232FA]
29C00 N/A .text JMP QWORD PTR [RIP+0x2320A]
29C08 N/A .text JMP QWORD PTR [RIP+0x2321A]
29C10 N/A .text JMP QWORD PTR [RIP+0x2321A]
29C18 N/A .text JMP QWORD PTR [RIP+0x2321A]
29C20 N/A .text JMP QWORD PTR [RIP+0x2321A]
29C30 N/A .text JMP QWORD PTR [RIP+0x231CA]
29C40 N/A .text JMP QWORD PTR [RIP+0x231AA]
47E38 1F190 .CRT TLS Callback | Pointer to 14001F190 - 0x1E790 .text
47E40 1F250 .CRT TLS Callback | Pointer to 14001F250 - 0x1E850 .text
47E48 2BA85 .CRT TLS Callback | Pointer to 14002BA85 - 0x2B085 .text
40000 1000 .pdata ExceptionHook | Pointer to 1000 - 0x600 .text + UnwindInfo: .xdata
4000C 1017 .pdata ExceptionHook | Pointer to 1017 - 0x617 .text + UnwindInfo: .xdata
40018 109A .pdata ExceptionHook | Pointer to 109A - 0x69A .text + UnwindInfo: .xdata
40024 10F6 .pdata ExceptionHook | Pointer to 10F6 - 0x6F6 .text + UnwindInfo: .xdata
40030 1125 .pdata ExceptionHook | Pointer to 1125 - 0x725 .text + UnwindInfo: .xdata
4003C 1154 .pdata ExceptionHook | Pointer to 1154 - 0x754 .text + UnwindInfo: .xdata
40048 1378 .pdata ExceptionHook | Pointer to 1378 - 0x978 .text + UnwindInfo: .xdata
40054 147C .pdata ExceptionHook | Pointer to 147C - 0xA7C .text + UnwindInfo: .xdata
40060 1583 .pdata ExceptionHook | Pointer to 1583 - 0xB83 .text + UnwindInfo: .xdata
4006C 15C0 .pdata ExceptionHook | Pointer to 15C0 - 0xBC0 .text + UnwindInfo: .xdata
40078 15D0 .pdata ExceptionHook | Pointer to 15D0 - 0xBD0 .text + UnwindInfo: .xdata
40084 15E0 .pdata ExceptionHook | Pointer to 15E0 - 0xBE0 .text + UnwindInfo: .xdata
40090 1690 .pdata ExceptionHook | Pointer to 1690 - 0xC90 .text + UnwindInfo: .xdata
4009C 16D0 .pdata ExceptionHook | Pointer to 16D0 - 0xCD0 .text + UnwindInfo: .xdata
400A8 170F .pdata ExceptionHook | Pointer to 170F - 0xD0F .text + UnwindInfo: .xdata
400B4 1760 .pdata ExceptionHook | Pointer to 1760 - 0xD60 .text + UnwindInfo: .xdata
400C0 1786 .pdata ExceptionHook | Pointer to 1786 - 0xD86 .text + UnwindInfo: .xdata
400CC 1788 .pdata ExceptionHook | Pointer to 1788 - 0xD88 .text + UnwindInfo: .xdata
400D8 178A .pdata ExceptionHook | Pointer to 178A - 0xD8A .text + UnwindInfo: .xdata
400E4 178C .pdata ExceptionHook | Pointer to 178C - 0xD8C .text + UnwindInfo: .xdata
400F0 178E .pdata ExceptionHook | Pointer to 178E - 0xD8E .text + UnwindInfo: .xdata
400FC 1790 .pdata ExceptionHook | Pointer to 1790 - 0xD90 .text + UnwindInfo: .xdata
40108 1792 .pdata ExceptionHook | Pointer to 1792 - 0xD92 .text + UnwindInfo: .xdata
40114 1794 .pdata ExceptionHook | Pointer to 1794 - 0xD94 .text + UnwindInfo: .xdata
40120 17BD .pdata ExceptionHook | Pointer to 17BD - 0xDBD .text + UnwindInfo: .xdata
4012C 17BF .pdata ExceptionHook | Pointer to 17BF - 0xDBF .text + UnwindInfo: .xdata
40138 17C1 .pdata ExceptionHook | Pointer to 17C1 - 0xDC1 .text + UnwindInfo: .xdata
40144 1827 .pdata ExceptionHook | Pointer to 1827 - 0xE27 .text + UnwindInfo: .xdata
40150 1829 .pdata ExceptionHook | Pointer to 1829 - 0xE29 .text + UnwindInfo: .xdata
4015C 188F .pdata ExceptionHook | Pointer to 188F - 0xE8F .text + UnwindInfo: .xdata
40168 1891 .pdata ExceptionHook | Pointer to 1891 - 0xE91 .text + UnwindInfo: .xdata
40174 18F7 .pdata ExceptionHook | Pointer to 18F7 - 0xEF7 .text + UnwindInfo: .xdata
40180 18F9 .pdata ExceptionHook | Pointer to 18F9 - 0xEF9 .text + UnwindInfo: .xdata
4018C 195F .pdata ExceptionHook | Pointer to 195F - 0xF5F .text + UnwindInfo: .xdata
40198 1961 .pdata ExceptionHook | Pointer to 1961 - 0xF61 .text + UnwindInfo: .xdata
401A4 19C7 .pdata ExceptionHook | Pointer to 19C7 - 0xFC7 .text + UnwindInfo: .xdata
401B0 19C9 .pdata ExceptionHook | Pointer to 19C9 - 0xFC9 .text + UnwindInfo: .xdata
401BC 1A2F .pdata ExceptionHook | Pointer to 1A2F - 0x102F .text + UnwindInfo: .xdata
401C8 1A31 .pdata ExceptionHook | Pointer to 1A31 - 0x1031 .text + UnwindInfo: .xdata
401D4 1A97 .pdata ExceptionHook | Pointer to 1A97 - 0x1097 .text + UnwindInfo: .xdata
401E0 1A99 .pdata ExceptionHook | Pointer to 1A99 - 0x1099 .text + UnwindInfo: .xdata
401EC 1AFF .pdata ExceptionHook | Pointer to 1AFF - 0x10FF .text + UnwindInfo: .xdata
401F8 1B01 .pdata ExceptionHook | Pointer to 1B01 - 0x1101 .text + UnwindInfo: .xdata
40204 1B67 .pdata ExceptionHook | Pointer to 1B67 - 0x1167 .text + UnwindInfo: .xdata
40210 1B69 .pdata ExceptionHook | Pointer to 1B69 - 0x1169 .text + UnwindInfo: .xdata
4021C 1BCF .pdata ExceptionHook | Pointer to 1BCF - 0x11CF .text + UnwindInfo: .xdata
40228 1BD1 .pdata ExceptionHook | Pointer to 1BD1 - 0x11D1 .text + UnwindInfo: .xdata
40234 1C37 .pdata ExceptionHook | Pointer to 1C37 - 0x1237 .text + UnwindInfo: .xdata
40240 1C40 .pdata ExceptionHook | Pointer to 1C40 - 0x1240 .text + UnwindInfo: .xdata
4024C 1CE9 .pdata ExceptionHook | Pointer to 1CE9 - 0x12E9 .text + UnwindInfo: .xdata
40258 1CEE .pdata ExceptionHook | Pointer to 1CEE - 0x12EE .text + UnwindInfo: .xdata
40264 1D50 .pdata ExceptionHook | Pointer to 1D50 - 0x1350 .text + UnwindInfo: .xdata
40270 1DDA .pdata ExceptionHook | Pointer to 1DDA - 0x13DA .text + UnwindInfo: .xdata
4027C 1E00 .pdata ExceptionHook | Pointer to 1E00 - 0x1400 .text + UnwindInfo: .xdata
40288 1E0E .pdata ExceptionHook | Pointer to 1E0E - 0x140E .text + UnwindInfo: .xdata
40294 1E14 .pdata ExceptionHook | Pointer to 1E14 - 0x1414 .text + UnwindInfo: .xdata
402A0 1E21 .pdata ExceptionHook | Pointer to 1E21 - 0x1421 .text + UnwindInfo: .xdata
402AC 1E30 .pdata ExceptionHook | Pointer to 1E30 - 0x1430 .text + UnwindInfo: .xdata
402B8 1E52 .pdata ExceptionHook | Pointer to 1E52 - 0x1452 .text + UnwindInfo: .xdata
402C4 1ED5 .pdata ExceptionHook | Pointer to 1ED5 - 0x14D5 .text + UnwindInfo: .xdata
402D0 1F2B .pdata ExceptionHook | Pointer to 1F2B - 0x152B .text + UnwindInfo: .xdata
402DC 1F51 .pdata ExceptionHook | Pointer to 1F51 - 0x1551 .text + UnwindInfo: .xdata
402E8 2948 .pdata ExceptionHook | Pointer to 2948 - 0x1F48 .text + UnwindInfo: .xdata
402F4 2980 .pdata ExceptionHook | Pointer to 2980 - 0x1F80 .text + UnwindInfo: .xdata
40300 29D0 .pdata ExceptionHook | Pointer to 29D0 - 0x1FD0 .text + UnwindInfo: .xdata
4030C 2A06 .pdata ExceptionHook | Pointer to 2A06 - 0x2006 .text + UnwindInfo: .xdata
40318 2A1C .pdata ExceptionHook | Pointer to 2A1C - 0x201C .text + UnwindInfo: .xdata
40324 2A55 .pdata ExceptionHook | Pointer to 2A55 - 0x2055 .text + UnwindInfo: .xdata
40330 2A90 .pdata ExceptionHook | Pointer to 2A90 - 0x2090 .text + UnwindInfo: .xdata
4033C 2ACA .pdata ExceptionHook | Pointer to 2ACA - 0x20CA .text + UnwindInfo: .xdata
40348 2ACE .pdata ExceptionHook | Pointer to 2ACE - 0x20CE .text + UnwindInfo: .xdata
40354 2D00 .pdata ExceptionHook | Pointer to 2D00 - 0x2300 .text + UnwindInfo: .xdata
40360 2D38 .pdata ExceptionHook | Pointer to 2D38 - 0x2338 .text + UnwindInfo: .xdata
4036C 2D70 .pdata ExceptionHook | Pointer to 2D70 - 0x2370 .text + UnwindInfo: .xdata
40378 2FDD .pdata ExceptionHook | Pointer to 2FDD - 0x25DD .text + UnwindInfo: .xdata
40384 3027 .pdata ExceptionHook | Pointer to 3027 - 0x2627 .text + UnwindInfo: .xdata
40390 3036 .pdata ExceptionHook | Pointer to 3036 - 0x2636 .text + UnwindInfo: .xdata
4039C 3066 .pdata ExceptionHook | Pointer to 3066 - 0x2666 .text + UnwindInfo: .xdata
403A8 30A4 .pdata ExceptionHook | Pointer to 30A4 - 0x26A4 .text + UnwindInfo: .xdata
403B4 30B3 .pdata ExceptionHook | Pointer to 30B3 - 0x26B3 .text + UnwindInfo: .xdata
403C0 30F0 .pdata ExceptionHook | Pointer to 30F0 - 0x26F0 .text + UnwindInfo: .xdata
403CC 312B .pdata ExceptionHook | Pointer to 312B - 0x272B .text + UnwindInfo: .xdata
403D8 3154 .pdata ExceptionHook | Pointer to 3154 - 0x2754 .text + UnwindInfo: .xdata
403E4 3171 .pdata ExceptionHook | Pointer to 3171 - 0x2771 .text + UnwindInfo: .xdata
403F0 3218 .pdata ExceptionHook | Pointer to 3218 - 0x2818 .text + UnwindInfo: .xdata
403FC 329F .pdata ExceptionHook | Pointer to 329F - 0x289F .text + UnwindInfo: .xdata
40408 32AA .pdata ExceptionHook | Pointer to 32AA - 0x28AA .text + UnwindInfo: .xdata
40414 32D0 .pdata ExceptionHook | Pointer to 32D0 - 0x28D0 .text + UnwindInfo: .xdata
40420 3360 .pdata ExceptionHook | Pointer to 3360 - 0x2960 .text + UnwindInfo: .xdata
4042C 338E .pdata ExceptionHook | Pointer to 338E - 0x298E .text + UnwindInfo: .xdata
40438 33C2 .pdata ExceptionHook | Pointer to 33C2 - 0x29C2 .text + UnwindInfo: .xdata
40444 3537 .pdata ExceptionHook | Pointer to 3537 - 0x2B37 .text + UnwindInfo: .xdata
40450 3571 .pdata ExceptionHook | Pointer to 3571 - 0x2B71 .text + UnwindInfo: .xdata
4045C 35AB .pdata ExceptionHook | Pointer to 35AB - 0x2BAB .text + UnwindInfo: .xdata
40468 35BC .pdata ExceptionHook | Pointer to 35BC - 0x2BBC .text + UnwindInfo: .xdata
40474 35FE .pdata ExceptionHook | Pointer to 35FE - 0x2BFE .text + UnwindInfo: .xdata
40480 3632 .pdata ExceptionHook | Pointer to 3632 - 0x2C32 .text + UnwindInfo: .xdata
4048C 3C0D .pdata ExceptionHook | Pointer to 3C0D - 0x320D .text + UnwindInfo: .xdata
40498 3C3D .pdata ExceptionHook | Pointer to 3C3D - 0x323D .text + UnwindInfo: .xdata
404A4 3C42 .pdata ExceptionHook | Pointer to 3C42 - 0x3242 .text + UnwindInfo: .xdata
4D200 N/A *Overlay* 2E66696C6500000054000000FEFF000067016372 | .file...T.......g.cr
Extra Analysis
Metric Value Percentage
Ascii Code 287511 59,5964%
Null Byte Code 119160 24,7%
NOP Cave Found 0x9090909090 Block Count: 99 | Total: 0,0513%
© 2026 All rights reserved.