PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 780,50 KBSHA-256 Hash: 69B7214C69B4ED308C1EB3245DE33409254C1C16BDB985B0CF83B4E796F9B9D6 SHA-1 Hash: 1447D025DF79A3C95DAE935ADF83CCB101E57BF3 MD5 Hash: B43684B4052930317D4F3BAD1C28AD9B Imphash: 9F8163526DC78273FA28F52E31CBBB88 MajorOSVersion: 6 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 88C4C SizeOfHeaders: 400 SizeOfImage: C9000 ImageBase: 0000000140000000 Architecture: x64 ImportTable: B1850 IAT: 8A000 Characteristics: 23 TimeDateStamp: 69DDB72F Date: 14/04/2026 3:40:31 File Type: EXE Number Of Sections: 5 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc Number Of Executable Sections: 1 Subsystem: Windows GUI |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 88C00 | 1000 | 88AA8 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
89000 | 29000 | 8A000 | 28FB8 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
B2000 | 8400 | B3000 | BA60 |
|
|
| .pdata | 0x40000040 Initialized Data Readable |
BA400 | 4400 | BF000 | 4230 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
BE800 | 4A00 | C4000 | 4938 |
|
|
| Description |
| CompanyName: My Custom Company LegalCopyright: (c) 2026 My Custom Company ProductName: My Custom App FileVersion: 1.0.0.0 FileDescription: My Custom Application ProductVersion: 1.0.0.0 Language: English (United States) (ID=0x409) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) have the Entry Point Information -> EntryPoint (calculated) - 8804C Code -> 4883EC28E8C30600004883C428E97AFEFFFFCCCCE98F080000CCCCCC40534883EC20488BD9488BC2488D0D1D1F00000F57C0 Assembler |SUB RSP, 0X28 |CALL 0X16CC |ADD RSP, 0X28 |JMP 0XE8C |INT3 |INT3 |JMP 0X18A8 |INT3 |INT3 |INT3 |PUSH RBX |SUB RSP, 0X20 |MOV RBX, RCX |MOV RAX, RDX |LEA RCX, [RIP + 0X1F1D] |XORPS XMM0, XMM0 |
| Signatures |
| Rich Signature Analyzer: Code -> 074EB5F7432FDBA4432FDBA4432FDBA44A5748A4512FDBA4C4A6DAA5472FDBA4C4A6D8A5402FDBA4C4A6DFA54A2FDBA4C4A6DEA55C2FDBA43AAEDFA5442FDBA43AAEDEA5422FDBA43AAEDDA5422FDBA43AAEDAA5402FDBA4432FDAA4572DDBA4DAA6D8A5412FDBA4DAA6D2A5012FDBA4DAA624A4422FDBA4DAA6D9A5422FDBA452696368432FDBA4 Footprint md5 Hash -> A6A4A96274B9410823A99041A1054ABF • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Detect It Easy (die) • PE+(64): compiler: Microsoft Visual C/C++(-)[-] • PE+(64): linker: Microsoft Linker(14.44**)[-] • Entropy: 6.32399 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | CreateMutexW | Create a named or unnamed mutex object for controlling access to a shared resource. |
| KERNEL32.DLL | CopyFileW | Copies an existing file to a new file. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| USER32.DLL | GetAsyncKeyState | Retrieves the status of a virtual key asynchronously. |
| SHELL32.DLL | ShellExecuteExW | Performs a run operation on a specific file. |
| Windows REG (UNICODE) |
| SOFTWARE\AutoHotkey SYSTEM\CurrentControlSet\Control\Keyboard Layouts\ |
| File Access |
| api-ms-win-crt-locale-l1-1-0.dll api-ms-win-crt-filesystem-l1-1-0.dll api-ms-win-crt-math-l1-1-0.dll api-ms-win-crt-utility-l1-1-0.dll api-ms-win-crt-convert-l1-1-0.dll api-ms-win-crt-stdio-l1-1-0.dll api-ms-win-crt-heap-l1-1-0.dll api-ms-win-crt-runtime-l1-1-0.dll api-ms-win-crt-string-l1-1-0.dll VCRUNTIME140.dll VCRUNTIME140_1.dll KERNEL32.dll OLEAUT32.dll Fole32.dll SHELL32.dll ADVAPI32.dll GDI32.dll USER32.dll dwmapi.dll UxTheme.dll SHLWAPI.dll WININET.dll COMCTL32.dll VERSION.dll WINMM.dll WSOCK32.dll .dat @.dat Temp |
| File Access (UNICODE) |
| \AutoHotkey.exe ntdll.dll user32.dll msftedit.dll KERNEL32.DLL cmd,.hta exe,.bat Temp WinDir ProgramFiles AppData |
| Interest's Words |
| exec attrib start shutdown systeminfo expand replace |
| Interest's Words (UNICODE) |
| PassWord exec attrib start pause comspec shutdown dism expand replace |
| URLs |
| http://schemas.microsoft.com/SMI/2005/WindowsSettings http://schemas.microsoft.com/SMI/2016/WindowsSettings |
| URLs (UNICODE) |
| https://example.com https://example.com in default browser. |
| IP Addresses |
| 2.0.00.00 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Unicode | WinAPI Sockets (accept) |
| Text | Ascii | Registry (RegCreateKeyEx) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | Registry (RegDeleteKeyEx) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (CopyFile) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Service (OpenSCManager) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Unicode | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Unicode | Privileges (SeShutdownPrivilege) |
| Text | Unicode | Keyboard Key ([F5]) |
| Text | Unicode | Keyboard Key (ALTDOWN) |
| Text | Unicode | Keyboard Key (ALTUP) |
| Text | Unicode | Keyboard Key (SHIFTDOWN) |
| Text | Unicode | Keyboard Key (SHIFTUP) |
| Text | Unicode | Keyboard Key (CTRLDOWN) |
| Text | Unicode | Keyboard Key (CONTROLDOWN) |
| Text | Unicode | Keyboard Key (CTRLUP) |
| Text | Unicode | Keyboard Key (CONTROLUP) |
| Text | Unicode | Keyboard Key (LWINDOWN) |
| Text | Unicode | Keyboard Key (LWINUP) |
| Text | Unicode | Keyboard Key (RWINDOWN) |
| Text | Unicode | Keyboard Key (RWINUP) |
| Text | Ascii | Keyboard Key (Scroll) |
| Text | Unicode | Keyboard Key (Scroll) |
| Text | Unicode | Keyboard Key (UpArrow) |
| Text | Unicode | Keyboard Key (CapsLock) |
| Text | Unicode | Keyboard Key (Backspace) |
| Text | Unicode | Malware that monitors and collects user data (Spy) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 (DLL) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \ICON\1\1033 | C4F78 | 244 | BF778 | 89504E470D0A1A0A0000000D4948445200000020000000200806000000737A7AF40000000774494D4507E6070C00221AAEEF | .PNG........IHDR... ... .....szz.....tIME....."... |
| \ICON\2\1033 | C51C0 | 197 | BF9C0 | 89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF610000000774494D4507E6070C00221AAEEF | .PNG........IHDR................a....tIME....."... |
| \ICON\3\1033 | C5358 | 1D1 | BFB58 | 89504E470D0A1A0A0000000D49484452000000140000001408060000008D891D0D0000000774494D4507E6070C00221AAEEF | .PNG........IHDR.....................tIME....."... |
| \ICON\4\1033 | C5530 | 229 | BFD30 | 89504E470D0A1A0A0000000D4948445200000018000000180806000000E0773DF80000000774494D4507E6070C00221AAEEF | .PNG........IHDR..............w=.....tIME....."... |
| \ICON\5\1033 | C5760 | 26F | BFF60 | 89504E470D0A1A0A0000000D494844520000001C0000001C0806000000720DDF940000000774494D4507E6070C00221AAEEF | .PNG........IHDR.............r.......tIME....."... |
| \ICON\6\1033 | C59D0 | 322 | C01D0 | 89504E470D0A1A0A0000000D49484452000000280000002808060000008CFEB86D0000000774494D4507E6070C00221AAEEF | .PNG........IHDR...(...(........m....tIME....."... |
| \ICON\7\1033 | C5CF8 | 3AB | C04F8 | 89504E470D0A1A0A0000000D49484452000000300000003008060000005702F9870000000774494D4507E6070C00221AAEEF | .PNG........IHDR...0...0.....W.......tIME....."... |
| \ICON\8\1033 | C60A8 | 413 | C08A8 | 89504E470D0A1A0A0000000D4948445200000040000000400806000000AA6971DE0000000774494D4507E6070C00221AAEEF | .PNG........IHDR...@...@......iq.....tIME....."... |
| \ICON\9\1033 | C6538 | 26B | C0D38 | 89504E470D0A1A0A0000000D4948445200000020000000200806000000737A7AF40000000774494D4507E6070C020E2EB5EE | .PNG........IHDR... ... .....szz.....tIME......... |
| \ICON\10\1033 | C67A8 | 19B | C0FA8 | 89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF610000000774494D4507E6070C020E2EB5EE | .PNG........IHDR................a....tIME......... |
| \ICON\11\1033 | C6948 | 1D8 | C1148 | 89504E470D0A1A0A0000000D49484452000000140000001408060000008D891D0D0000000774494D4507E6070C020E2EB5EE | .PNG........IHDR.....................tIME......... |
| \ICON\12\1033 | C6B20 | 22A | C1320 | 89504E470D0A1A0A0000000D4948445200000018000000180806000000E0773DF80000000774494D4507E6070C020E2EB5EE | .PNG........IHDR..............w=.....tIME......... |
| \ICON\13\1033 | C6D50 | 252 | C1550 | 89504E470D0A1A0A0000000D494844520000001C0000001C0806000000720DDF940000000774494D4507E6070C020E2EB5EE | .PNG........IHDR.............r.......tIME......... |
| \ICON\14\1033 | C6FF8 | 16E | C17F8 | 89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF610000000774494D4507E6070C020B2FBF9E | .PNG........IHDR................a....tIME....../.. |
| \ICON\15\1033 | C7168 | 1B0 | C1968 | 89504E470D0A1A0A0000000D49484452000000140000001408060000008D891D0D0000000774494D4507E6070C020B2FBF9E | .PNG........IHDR.....................tIME....../.. |
| \ICON\16\1033 | C7318 | 1ED | C1B18 | 89504E470D0A1A0A0000000D4948445200000018000000180806000000E0773DF80000000774494D4507E6070C020B2FBF9E | .PNG........IHDR..............w=.....tIME....../.. |
| \ICON\17\1033 | C7508 | 22A | C1D08 | 89504E470D0A1A0A0000000D494844520000001C0000001C0806000000720DDF940000000774494D4507E6070C020B2FBF9E | .PNG........IHDR.............r.......tIME....../.. |
| \ICON\18\1033 | C7738 | 203 | C1F38 | 89504E470D0A1A0A0000000D4948445200000020000000200806000000737A7AF40000000774494D4507E6070C020B2FBF9E | .PNG........IHDR... ... .....szz.....tIME....../.. |
| \ICON\19\1033 | C7990 | 163 | C2190 | 89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF610000000774494D4507E6070C020C03C207 | .PNG........IHDR................a....tIME......... |
| \ICON\20\1033 | C7AF8 | 19F | C22F8 | 89504E470D0A1A0A0000000D49484452000000140000001408060000008D891D0D0000000774494D4507E6070C020C03C207 | .PNG........IHDR.....................tIME......... |
| \ICON\21\1033 | C7C98 | 1D6 | C2498 | 89504E470D0A1A0A0000000D4948445200000018000000180806000000E0773DF80000000774494D4507E6070C020C03C207 | .PNG........IHDR..............w=.....tIME......... |
| \ICON\22\1033 | C7E70 | 20F | C2670 | 89504E470D0A1A0A0000000D494844520000001C0000001C0806000000720DDF940000000774494D4507E6070C020C03C207 | .PNG........IHDR.............r.......tIME......... |
| \ICON\23\1033 | C8080 | 1F0 | C2880 | 89504E470D0A1A0A0000000D4948445200000020000000200806000000737A7AF40000000774494D4507E6070C020C03C207 | .PNG........IHDR... ... .....szz.....tIME......... |
| \ICON\24\1033 | C82C0 | 128 | C2AC0 | 2800000010000000200000000100040000000000C000000000000000000000000000000000000000593872006D4E7F00C48E | (....... ...............................Y8r.mN.... |
| \MENU\211\1033 | C4CB0 | 2C8 | BF4B0 | 0000000010002600460069006C0065000000000078FF2600520065006C006F00610064002000530063007200690070007400 | ......&.F.i.l.e.....x.&.R.e.l.o.a.d. .S.c.r.i.p.t. |
| \DIALOG\205\1033 | C8400 | E0 | C2C00 | 0100FFFF0000000000000000480ACC80040000000000D2005300000000004400690061006C006F00670000000A0090010000 | ............H...........S.....D.i.a.l.o.g......... |
| \DIALOG\500\1033 | C84E0 | 162 | C2CE0 | 0100FFFF0000000000000400C00AC8900600000000007C01B000000000004500720072006F00720000000800900100005300 | ......................|.......E.r.r.o.r.........S. |
| \ACCELERATOR\212\1033 | C8648 | 48 | C2E48 | 0300700083FF00000B00480080FF00000B004B0081FF00000B004C007EFF00000300740082FF00000B0056007FFF0000030013007BFF00000B00450079FF00008B00520078FF0000 | ..p.......H.......K.......L.~.....t.......V.........{.....E.y.....R.x... |
| \RCDATA\1\1033 | C8900 | 32 | C3100 | 235265717569726573204175746F486F746B65792076322E300D0A0D0A4D7367426F78282248656C6C6F20576F726C642229 | Requires AutoHotkey v2.0....MsgBox("Hello World") |
| \GROUP_ICON\159\1033 | C64C0 | 76 | C0CC0 | 000001000800202000000100200044020000010010100000010020009701000002001414000001002000D101000003001818 | ...... .... .D........... ............. ......... |
| \GROUP_ICON\160\1033 | C83E8 | 14 | C2BE8 | 0000010001001010100001000400280100001800 | ..............(..... |
| \GROUP_ICON\206\1033 | C6FA8 | 4C | C17A8 | 00000100050020200000010020006B020000090010100000010020009B0100000A001414000001002000D80100000B0018180000010020002A0200000C001C1C000001002000520200000D00 | ...... .... .k........... ............. ............. .*........... .R..... |
| \GROUP_ICON\207\1033 | C7940 | 4C | C2140 | 00000100050010100000010020006E0100000E001414000001002000B00100000F001818000001002000ED01000010001C1C0000010020002A02000011002020000001002000030200001200 | ............ .n........... ............. ............. .*..... .... ....... |
| \GROUP_ICON\208\1033 | C8270 | 4C | C2A70 | 000001000500101000000100200063010000130014140000010020009F01000014001818000001002000D601000015001C1C0000010020000F02000016002020000001002000F00100001700 | ............ .c........... ............. ............. ....... .... ....... |
| \VERSION\1\1033 | C8690 | 270 | C2E90 | 700234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | p.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\1033 | C4790 | 519 | BEF90 | 3C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" |
| Intelligent String |
| • 1.0.0.0 • api-ms-win-crt-heap-l1-1-0.dll • api-ms-win-crt-runtime-l1-1-0.dll • WSOCK32.dll • WINMM.dll • VERSION.dll • COMCTL32.dll • WININET.dll • SHLWAPI.dll • UxTheme.dll • dwmapi.dll • USER32.dll • GDI32.dll • ADVAPI32.dll • SHELL32.dll • Fole32.dll • OLEAUT32.dll • KERNEL32.DLL • RunAs • .Get • .Set • msftedit.dll • user32.dll • \AutoHotkey.exe • ComSpec • ntdll.dll • System verbs unsupported with RunAs. • .exe,.bat,.com,.cmd,.hta • WindowSpy.ahk • AutoHotkey.chm • https://example.com • Could not open URL https://example.com in default browser. • .bss • GetClassInfoExWkCreateDialogIndirectParamW • KERNEL32.dll • VCRUNTIME140.dll • gterminateapi-ms-win-crt-string-l1-1-0.dll • api-ms-win-crt-stdio-l1-1-0.dll • api-ms-win-crt-convert-l1-1-0.dll • api-ms-win-crt-utility-l1-1-0.dll • api-ms-win-crt-math-l1-1-0.dll • api-ms-win-crt-filesystem-l1-1-0.dll • api-ms-win-crt-locale-l1-1-0.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 404 | N/A | .text | CALL QWORD PTR [RIP+0x8905E] |
| 424 | N/A | .text | CALL QWORD PTR [RIP+0xB9FDE] |
| 435 | N/A | .text | CALL QWORD PTR [RIP+0xB9A5D] |
| 442 | N/A | .text | CALL QWORD PTR [RIP+0xB9FC8] |
| 498 | N/A | .text | CALL QWORD PTR [RIP+0x8902A] |
| 4A8 | N/A | .text | CALL QWORD PTR [RIP+0x88FFA] |
| 4DA | N/A | .text | CALL QWORD PTR [RIP+0x89178] |
| 5D4 | N/A | .text | CALL QWORD PTR [RIP+0x88E2E] |
| 5EC | N/A | .text | CALL QWORD PTR [RIP+0x88E16] |
| 660 | N/A | .text | CALL QWORD PTR [RIP+0x8925A] |
| 944 | N/A | .text | CALL QWORD PTR [RIP+0x88DB6] |
| 986 | N/A | .text | CALL QWORD PTR [RIP+0xB9BA4] |
| 9A8 | N/A | .text | CALL QWORD PTR [RIP+0xB9BE2] |
| A6D | N/A | .text | CALL QWORD PTR [RIP+0x88995] |
| AD6 | N/A | .text | CALL QWORD PTR [RIP+0xB9A44] |
| B58 | N/A | .text | CALL QWORD PTR [RIP+0xB997A] |
| B79 | N/A | .text | CALL QWORD PTR [RIP+0xB99C9] |
| B90 | N/A | .text | CALL QWORD PTR [RIP+0xB993A] |
| BBA | N/A | .text | CALL QWORD PTR [RIP+0xB99B0] |
| BCE | N/A | .text | CALL QWORD PTR [RIP+0x88F14] |
| BD8 | N/A | .text | CALL QWORD PTR [RIP+0xB990A] |
| BF7 | N/A | .text | CALL QWORD PTR [RIP+0xB9973] |
| C0B | N/A | .text | CALL QWORD PTR [RIP+0x88EDF] |
| C23 | N/A | .text | CALL QWORD PTR [RIP+0x88EC7] |
| C5A | N/A | .text | CALL QWORD PTR [RIP+0xB98D8] |
| C7E | N/A | .text | CALL QWORD PTR [RIP+0xB98B4] |
| C9F | N/A | .text | CALL QWORD PTR [RIP+0xB9893] |
| CCE | N/A | .text | CALL QWORD PTR [RIP+0xB9864] |
| D02 | N/A | .text | CALL QWORD PTR [RIP+0xB9830] |
| D19 | N/A | .text | CALL QWORD PTR [RIP+0x886E1] |
| D4B | N/A | .text | CALL QWORD PTR [RIP+0x886AF] |
| D76 | N/A | .text | CALL QWORD PTR [RIP+0x88684] |
| E25 | N/A | .text | CALL QWORD PTR [RIP+0xB972D] |
| EED | N/A | .text | CALL QWORD PTR [RIP+0xB95ED] |
| F15 | N/A | .text | CALL QWORD PTR [RIP+0xB95AD] |
| F54 | N/A | .text | CALL QWORD PTR [RIP+0xB95F6] |
| F73 | N/A | .text | CALL QWORD PTR [RIP+0xB9567] |
| FE9 | N/A | .text | CALL QWORD PTR [RIP+0xB94F1] |
| FFB | N/A | .text | CALL QWORD PTR [RIP+0xB94DF] |
| 1050 | N/A | .text | CALL QWORD PTR [RIP+0xB9472] |
| 1084 | N/A | .text | CALL QWORD PTR [RIP+0xB946E] |
| 10BC | N/A | .text | CALL QWORD PTR [RIP+0xB93F6] |
| 113D | N/A | .text | CALL QWORD PTR [RIP+0xB93E5] |
| 1314 | N/A | .text | CALL QWORD PTR [RIP+0xB926E] |
| 1361 | N/A | .text | CALL QWORD PTR [RIP+0xB91A1] |
| 1482 | N/A | .text | CALL QWORD PTR [RIP+0x87F80] |
| 168A | N/A | .text | CALL QWORD PTR [RIP+0xB8978] |
| 16ED | N/A | .text | CALL QWORD PTR [RIP+0xB890D] |
| 173B | N/A | .text | CALL QWORD PTR [RIP+0xB8E07] |
| 1752 | N/A | .text | CALL QWORD PTR [RIP+0xB8D78] |
| 1770 | N/A | .text | CALL QWORD PTR [RIP+0xB8DFA] |
| 1784 | N/A | .text | CALL QWORD PTR [RIP+0x8835E] |
| 17AC | N/A | .text | CALL QWORD PTR [RIP+0xB8D76] |
| 17F8 | N/A | .text | CALL QWORD PTR [RIP+0xB8D5A] |
| 181D | N/A | .text | CALL QWORD PTR [RIP+0xB8D45] |
| 1828 | N/A | .text | CALL QWORD PTR [RIP+0xB8CEA] |
| 194F | N/A | .text | CALL QWORD PTR [RIP+0xB86AB] |
| 19F6 | N/A | .text | CALL QWORD PTR [RIP+0x87A0C] |
| 1A19 | N/A | .text | CALL QWORD PTR [RIP+0x879E9] |
| 1C27 | N/A | .text | CALL QWORD PTR [RIP+0xB8913] |
| 1C36 | N/A | .text | CALL QWORD PTR [RIP+0xB8944] |
| 1C43 | N/A | .text | CALL QWORD PTR [RIP+0xB8937] |
| 1D3A | N/A | .text | CALL QWORD PTR [RIP+0xB87B8] |
| 1E83 | N/A | .text | CALL QWORD PTR [RIP+0xB866F] |
| 1EBC | N/A | .text | CALL QWORD PTR [RIP+0xB8636] |
| 1EDF | N/A | .text | CALL QWORD PTR [RIP+0xB8613] |
| 1EF3 | N/A | .text | CALL QWORD PTR [RIP+0xB85FF] |
| 1F0F | N/A | .text | CALL QWORD PTR [RIP+0xB85E3] |
| 1F2C | N/A | .text | CALL QWORD PTR [RIP+0xB84E6] |
| 1F40 | N/A | .text | CALL QWORD PTR [RIP+0xB8502] |
| 1F95 | N/A | .text | CALL QWORD PTR [RIP+0xB855D] |
| 1FAC | N/A | .text | CALL QWORD PTR [RIP+0xB853E] |
| 1FDF | N/A | .text | CALL QWORD PTR [RIP+0xB8513] |
| 2000 | N/A | .text | CALL QWORD PTR [RIP+0xB84F2] |
| 2016 | N/A | .text | CALL QWORD PTR [RIP+0xB84D4] |
| 2107 | N/A | .text | CALL QWORD PTR [RIP+0x87303] |
| 2146 | N/A | .text | CALL QWORD PTR [RIP+0x872C4] |
| 2174 | N/A | .text | CALL QWORD PTR [RIP+0xB8376] |
| 2185 | N/A | .text | CALL QWORD PTR [RIP+0xB833D] |
| 2197 | N/A | .text | CALL QWORD PTR [RIP+0xB83DB] |
| 2217 | N/A | .text | CALL QWORD PTR [RIP+0x871F3] |
| 2254 | N/A | .text | CALL QWORD PTR [RIP+0x871B6] |
| 226B | N/A | .text | CALL QWORD PTR [RIP+0xB7D8F] |
| 2365 | N/A | .text | CALL QWORD PTR [RIP+0xB815D] |
| 2377 | N/A | .text | CALL QWORD PTR [RIP+0xB81FB] |
| 2526 | N/A | .text | CALL QWORD PTR [RIP+0x86EDC] |
| 25EE | N/A | .text | CALL QWORD PTR [RIP+0x86E14] |
| 274D | N/A | .text | CALL QWORD PTR [RIP+0xB7EDD] |
| 27B2 | N/A | .text | CALL QWORD PTR [RIP+0xB7D00] |
| 28FB | N/A | .text | CALL QWORD PTR [RIP+0x86B07] |
| 2A57 | N/A | .text | CALL QWORD PTR [RIP+0x86DCB] |
| 2A6D | N/A | .text | CALL QWORD PTR [RIP+0x86DAD] |
| 2AE1 | N/A | .text | CALL QWORD PTR [RIP+0x86921] |
| 2BD8 | N/A | .text | CALL QWORD PTR [RIP+0x8682A] |
| 2C2C | N/A | .text | CALL QWORD PTR [RIP+0xB78DE] |
| 2C40 | N/A | .text | CALL QWORD PTR [RIP+0xB78BA] |
| 2C4C | N/A | .text | CALL QWORD PTR [RIP+0xB7936] |
| 2CCD | N/A | .text | CALL QWORD PTR [RIP+0xB77E5] |
| 2D09 | N/A | .text | CALL QWORD PTR [RIP+0xB7811] |
| 2D30 | N/A | .text | CALL QWORD PTR [RIP+0xB7852] |
| 8D1B2-8D1F9 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 36 |
| 93760-937A7 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 36 |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 453617 | 56,7566% |
| Null Byte Code | 161824 | 20,2474% |
© 2026 All rights reserved.