PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Size: 469,50 KB
SHA-256 Hash: F2DDF7E4AC6D18FF9382D786A5F26F82D764C427F85A4E51AE97D009F74CDAC6
SHA-1 Hash: 0B501097E356AB64D66AD78D73903B368BF913EA
MD5 Hash: BAD7478A6104090E9C77E9A70AA85320
Imphash: DAE02F32A21E03CE65412F6E56942DAA
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 768CE
SizeOfHeaders: 400
SizeOfImage: 7E000
ImageBase: 0000000180000000
Architecture: x64
ExportTable: 78058
ImportTable: 76870
IAT: 2000
Characteristics: 2022
TimeDateStamp: 6895FB11
Date: 08/08/2025 13:26:41
File Type: DLL
Number Of Sections: 4
ASLR: Enabled
Section Names (Optional Header): .text, .sdata, .rsrc, .reloc
Number Of Executable Sections: 0
Subsystem: Windows Console

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	400	74A00	2000	748DA	6.004	8728228.44
.sdata	0xC0000040 Initialized Data Readable Writeable	74E00	200	78000	184	3.7282	31428
.rsrc	0x40000040 Initialized Data Readable	75000	400	7A000	3C0	3.0858	99654
.reloc	0x42000040 Initialized Data GP-Relative Readable	75400	200	7C000	20	0.4797	117154

Description

OriginalFilename: CSVLint.dll
CompanyName: Bas de Reuver
LegalCopyright: Copyright 2019-2025 by Bas de Reuver
ProductName: CSVLintNppPlugin
FileVersion: 0.4.7.0
FileDescription: CSV Lint
ProductVersion: 0.4.7.0
Language: Unknown (ID=0x0)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 74CCE
Code -> 48A10020008001000000FFE00000000000000000000000000000000000000000000000000000000000000000000000000000

Assembler

|MOVABS RAX, QWORD PTR [0X180002000]

|JMP RAX

|ADD BYTE PTR [RAX], AL

Signatures

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
• AnyCPU: False
• Version: v4.0
Detect It Easy (die)
• PE+(64): library: .NET(v4.0.30319)[-]
• PE+(64): linker: Microsoft Linker(11.0)[-]
• Entropy: 5.98774

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	RtlMoveMemory	Moves a block of memory to another location.

File Access

\CSVLint.dll
mscoree.dll
NppPlugin.Dll
Shlwapi.dll
kernel32.dll
CSVLint.dll
CSVLintNppPlugin.Forms.Dat
Temp
AppData

File Access (UNICODE)

output.txt
as.Dat
CSVLint.dll
Error in schema.ini
schema.ini
/Error saving schema.ini
CSV Lint.ini

SQL Queries

INSERT INTO {0} (
CREATE TABLE {0} (
CREATE TABLE statement instead of using MODIFY COLUMN.
ALTER TABLE {0}

Interest's Words

ToolBar
<head
<meta
<header
exec
powershell
attrib
start
shutdown
ping
expand
openfiles
replace
setx

Interest's Words (UNICODE)

exec
powershell
start
expand
replace

URLs (UNICODE)

https://github.com/BdR76/CSVLint/tree/master/docscsv-lint-plug-in-documentationselect columns
https://github.com/BdR76/CSVLint/tree/master/docs
https://www.paypal.com/donate/?hosted_button_id=T8QZSFBNAPERL
https://github.com/BdR76/CSVLint/

Emails

bdr1976@gmail.com

IP Addresses

17.0.0.0

Known IP/Domains (UNICODE)

gmail.com

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	Unicode escape - \u00 - (Common Unicode escape sequences)
Text	Unicode	WinAPI Sockets (bind)
Text	Ascii	WinAPI Sockets (accept)
Text	Ascii	WinAPI Sockets (send)
Text	Ascii	Anti-Analysis VM (GetVersion)
Text	Unicode	Antivirus Software (panda)
Text	Ascii	Antivirus Software (Panda Antivirus/Firewall)
Text	Ascii	Keyboard Key (LBUTTON)
Text	Unicode	Keyboard Key ({Tab})
Text	Ascii	Keyboard Key (Scroll)
Text	Ascii	Keyboard Key (PageDown)
Text	Ascii	Keyboard Key (PageUp)
Text	Unicode	Process of gathering information about network resources (Enumeration)
Entry Point	Hex Pattern	Microsoft Visual C++ 8
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\VERSION\1\0	7A058	364	75058	640334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000400	d.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............

Intelligent String

• 0.4.7.0
• .poo
• r8.poo
• rv.poo
• CSV Lint.ini
• hh\:mm\:ss\.fff
• iApply changes and save column metadata to schema.ini
• CSVLint.xml
• 1Error saving CSVLint.xml
• /Error saving schema.ini
• https://github.com/BdR76/CSVLint/tree/master/docscsv-lint-plug-in-documentation
• https://github.com/BdR76/CSVLint/tree/master/docs
• )yyyy-M-d H:mm:ss.fff
• )d-M-yyyy H:mm:ss.fff
• )M/d/yyyy H:mm:ss.fff
• https://www.paypal.com/donate/?hosted_button_id=T8QZSFBNAPERL
• schema.ini
• .fff
• 'Error in schema.ini
• d:\n")
• \schema.ini
• Preferred characters when automatically detecting the separator character. For special characters like tab, use \t or hexadecimal escape sequence \u0009 or \x09.
• _CorDllMainmscoree.dll
• CreateLexerGetLexerCountGetLexerFactoryGetLexerNameGetLexerStatusTextbeNotifiedgetFuncsArraygetNameisUnicodemessageProcsetInfo\CSVLint.dll

Flow Anomalies

Offset	RVA	Section	Description
21406	N/A	.text	JMP QWORD PTR [RIP+0x1ECB0000]
6EC73	N/A	.text	JMP QWORD PTR [RIP+0x3BFE58C4]

Extra Analysis

Metric	Value	Percentage
Ascii Code	291310	60,5926%
Null Byte Code	127497	26,5194%

PESCAN.IO - Analysis Report Basic