PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 442,87 KB
SHA-256 Hash: 481EAE82AC4CD1A9CFADC026A628B18D7B4C54F50385D28C505FBCB3E999B8B0
SHA-1 Hash: 1F688B4872F8A740872B5CB6D58E2B9C7103143A
MD5 Hash: C211704777E168A5151DE79DC87FFAC7
Imphash: 26D58EAEAC9C216CAEFFDA5E383ABC8A
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00070F74
EntryPoint (rva): 14C0
SizeOfHeaders: 600
SizeOfImage: 7B000
ImageBase: 0000000000400000
Architecture: x64
ImportTable: 2C000
IAT: 2C250
Characteristics: 27
TimeDateStamp: 61464A46
Date: 18/09/2021 20:21:26
File Type: DLL
Number Of Sections: 18
ASLR: Disabled
Section Names (Optional Header): .text, .data, .rdata, .pdata, .xdata, .bss, .idata, .CRT, .tls, .rsrc, /4, /19, /31, /45, /57, /70, /81, /92
Number Of Executable Sections: 1
Subsystem: Windows GUI
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text
0x60500060
Code
Initialized Data
Executable
Readable
 600 D800 1000 D728
6.1979
513380.57
.data
0xC0500040
Initialized Data
Readable
Writeable
 DE00 200 F000 D0
0.8413
106366
.rdata
0x40600040
Initialized Data
Readable
 E000 2C00 10000 2A40
4.4593
514050.95
.pdata
0x40300040
Initialized Data
Readable
 10C00 1400 13000 12CC
4.8127
275810.7
.xdata
0x40300040
Initialized Data
Readable
 12000 1000 15000 F1C
3.8641
135193.13
.bss
0xC0600080
Uninitialized Data
Readable
Writeable
 0 0 16000 15828
N/A
N/A
.idata
0xC0300040
Initialized Data
Readable
Writeable
 13000 A00 2C000 920
4.0791
135746.6
.CRT
0xC0400040
Initialized Data
Readable
Writeable
 13A00 200 2D000 68
0.2709
123013
.tls
0xC0400040
Initialized Data
Readable
Writeable
 13C00 200 2E000 10
0
130560
.rsrc
0xC0300040
Initialized Data
Readable
Writeable
 13E00 400 2F000 228
3.4104
76438
/4
0x42100040
Initialized Data
GP-Relative
Readable
 14200 600 30000 480
1.3817
281568.33
/19
0x42100040
Initialized Data
GP-Relative
Readable
 14800 3BA00 31000 3B9A1
6.0113
1743075.38
/31
0x42100040
Initialized Data
GP-Relative
Readable
 50200 2800 6D000 272A
4.621
200272.9
/45
0x42100040
Initialized Data
GP-Relative
Readable
 52A00 3200 70000 3178
5.4208
145706.2
/57
0x42400040
Initialized Data
GP-Relative
Readable
 55C00 C00 74000 A28
3.7612
207284.5
/70
0x42100040
Initialized Data
GP-Relative
Readable
 56800 800 75000 73B
4.6132
30394.75
/81
0x42100040
Initialized Data
GP-Relative
Readable
 57000 3200 76000 3070
2.1749
1881102.48
/92
0x42100040
Initialized Data
GP-Relative
Readable
 5A200 600 7A000 4F0
1.3765
287080.33
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - AC0
Code -> 4883EC28488B05650E0100C70001000000E80ABB0000E8A5FCFFFF90904883C428C366662E0F1F8400000000000F1F004883
Assembler
|SUB RSP, 0X28
|MOV RAX, QWORD PTR [RIP + 0X10E65]
|MOV DWORD PTR [RAX], 1
|CALL 0XCB20
|CALL 0XCC0
|NOP
|NOP
|ADD RSP, 0X28
|RET
|NOP WORD PTR CS:[RAX + RAX]
|NOP DWORD PTR [RAX]
Signatures
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Detect It Easy (die)
PE+(64): compiler: Nim(-)[-]
PE+(64): linker: GNU linker ld (GNU Binutils)(2.34)[-]
Entropy: 5.98675
Suspicious Functions
Library Function Description
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
Ws2_32.DLL socket Create a communication endpoint for networking applications.
Ws2_32.DLL connect Establish a connection to a specified socket.
File Access
@cmd.exe
USER32.dll
msvcrt.dll
KERNEL32.dll
@Ws2_32.dll
.dat
Temp
Interest's Words
exec
attrib
start
shutdown
perfmon
ping
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii WinAPI Sockets (accept)
Text Ascii WinAPI Sockets (connect)
Text Ascii WinAPI Sockets (recv)
Text Ascii WinAPI Sockets (send)
Text Ascii File (CreateFile)
Text Ascii File (WriteFile)
Text Ascii File (ReadFile)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Execution (CreateProcessW)
Text Ascii Keyboard Key (RBUTTON)
Text Ascii Keyboard Key (Scroll)
Text Ascii Malware that monitors and collects user data (Spy)
Text Ascii Unauthorized movement of funds or data (Transfer)
Text Ascii Malicious rerouting of traffic to an attacker-controlled site (Redirect)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Resources
Path DataRVA Size FileOffset CodeText
\24\1\1033 2F058 1CA 13E58 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279<?xml version="1.0" encoding="UTF-8" standalone="y
Intelligent String
• .bss
• .tls
• @0@.bss
• .CRT
• @Ws2_32.dll
• @\\.\pipe\stdin
• @\\.\pipe\stdout
• @cmd.exe /c
• KERNEL32.dll
• msvcrt.dll
• USER32.dll
• .rva
Flow Anomalies
Offset RVA Section Description
858 N/A .text CALL QWORD PTR [RIP+0x2B082]
A63 N/A .text CALL QWORD PTR [RIP+0x2AE1F]
16C4 N/A .text CALL QWORD PTR [RIP+0xCFA6]
16F9 N/A .text CALL QWORD PTR [RIP+0x2A209]
18E4 N/A .text CALL QWORD PTR [RIP+0x2A01E]
2486 N/A .text CALL QWORD PTR [RIP+0x29484]
3FFD N/A .text JMP QWORD PTR [RIP+0x27A3D]
4024 N/A .text JMP QWORD PTR [RIP+0x1E12E]
40FF N/A .text CALL QWORD PTR [RIP+0x2792B]
42A1 N/A .text CALL QWORD PTR [RIP+0x1EA71]
464A N/A .text CALL QWORD PTR [RIP+0xA020]
4785 N/A .text JMP QWORD PTR [RIP+0x27125]
485C N/A .text CALL QWORD PTR [RIP+0x271DE]
4E9E N/A .text CALL QWORD PTR [RIP+0x97CC]
6D3A N/A .text JMP QWORD PTR [RIP+0x24B70]
6D41 N/A .text JMP QWORD PTR [RIP+0x24B39]
6DB9 N/A .text CALL QWORD PTR [RIP+0x23019]
A0E2 N/A .text CALL QWORD PTR [RIP+0x20678]
A19E N/A .text CALL QWORD PTR [RIP+0x205CC]
C5C1 N/A .text JMP QWORD PTR [RIP+0x1F389]
C625 N/A .text CALL QWORD PTR [RIP+0x1F265]
C630 N/A .text CALL QWORD PTR [RIP+0x1F232]
C638 N/A .text CALL QWORD PTR [RIP+0x1F232]
C640 N/A .text CALL QWORD PTR [RIP+0x1F252]
C64E N/A .text CALL QWORD PTR [RIP+0x1F264]
C6D4 N/A .text CALL QWORD PTR [RIP+0x1F1EE]
C6EB N/A .text CALL QWORD PTR [RIP+0x1F1DF]
C72D N/A .text CALL QWORD PTR [RIP+0x1F1A5]
C771 N/A .text CALL QWORD PTR [RIP+0x1F169]
C77E N/A .text CALL QWORD PTR [RIP+0x1F17C]
C784 N/A .text CALL QWORD PTR [RIP+0x1F0D6]
C792 N/A .text CALL QWORD PTR [RIP+0x1F158]
CAB9 N/A .text CALL QWORD PTR [RIP+0x1EE61]
CB92 N/A .text CALL QWORD PTR [RIP+0x1ED80]
CBA0 N/A .text CALL QWORD PTR [RIP+0x1ECD2]
D21F N/A .text CALL QWORD PTR [RIP+0x1E69B]
D3F0 N/A .text CALL QWORD PTR [RIP+0x1E462]
D445 N/A .text JMP QWORD PTR [RIP+0x1E45D]
D494 N/A .text CALL QWORD PTR [RIP+0x1E3BE]
D4B3 N/A .text CALL QWORD PTR [RIP+0x1E3EF]
D4F7 N/A .text CALL QWORD PTR [RIP+0x1E35B]
D53A N/A .text CALL QWORD PTR [RIP+0x1E368]
D5B7 N/A .text CALL QWORD PTR [RIP+0x1E2E3]
D61D N/A .text CALL QWORD PTR [RIP+0x1E22D]
DA60 N/A .text JMP QWORD PTR [RIP+0x1DFCA]
DA68 N/A .text JMP QWORD PTR [RIP+0x1DFBA]
DA70 N/A .text JMP QWORD PTR [RIP+0x1DFAA]
DA78 N/A .text JMP QWORD PTR [RIP+0x1DF9A]
DA80 N/A .text JMP QWORD PTR [RIP+0x1DF8A]
DA88 N/A .text JMP QWORD PTR [RIP+0x1DF7A]
DA90 N/A .text JMP QWORD PTR [RIP+0x1DF6A]
DA98 N/A .text JMP QWORD PTR [RIP+0x1DF5A]
DAA0 N/A .text JMP QWORD PTR [RIP+0x1DF4A]
DAA8 N/A .text JMP QWORD PTR [RIP+0x1DF3A]
DAB0 N/A .text JMP QWORD PTR [RIP+0x1DF2A]
DAB8 N/A .text JMP QWORD PTR [RIP+0x1DF1A]
DAC0 N/A .text JMP QWORD PTR [RIP+0x1DF0A]
DAC8 N/A .text JMP QWORD PTR [RIP+0x1DEFA]
DAD0 N/A .text JMP QWORD PTR [RIP+0x1DEEA]
DAD8 N/A .text JMP QWORD PTR [RIP+0x1DEDA]
DAE0 N/A .text JMP QWORD PTR [RIP+0x1DECA]
DAE8 N/A .text JMP QWORD PTR [RIP+0x1DEBA]
DAF0 N/A .text JMP QWORD PTR [RIP+0x1DEAA]
DAF8 N/A .text JMP QWORD PTR [RIP+0x1DE9A]
DB00 N/A .text JMP QWORD PTR [RIP+0x1DE8A]
DB08 N/A .text JMP QWORD PTR [RIP+0x1DE72]
DB10 N/A .text JMP QWORD PTR [RIP+0x1DE62]
DB18 N/A .text JMP QWORD PTR [RIP+0x1DE52]
DB20 N/A .text JMP QWORD PTR [RIP+0x1DE3A]
DB28 N/A .text JMP QWORD PTR [RIP+0x1DE2A]
DB30 N/A .text JMP QWORD PTR [RIP+0x1DE1A]
DB38 N/A .text JMP QWORD PTR [RIP+0x1DDFA]
DB40 N/A .text JMP QWORD PTR [RIP+0x1DDEA]
DBB0 N/A .text JMP QWORD PTR [RIP+0x1DD92]
DBC0 N/A .text JMP QWORD PTR [RIP+0x1DE7A]
DBD0 N/A .text JMP QWORD PTR [RIP+0x1DD4A]
DBD8 N/A .text JMP QWORD PTR [RIP+0x1DD3A]
DBE0 N/A .text JMP QWORD PTR [RIP+0x1DD2A]
DBE8 N/A .text JMP QWORD PTR [RIP+0x1DD1A]
DBF0 N/A .text JMP QWORD PTR [RIP+0x1DD0A]
DBF8 N/A .text JMP QWORD PTR [RIP+0x1DCFA]
DC00 N/A .text JMP QWORD PTR [RIP+0x1DCEA]
DC08 N/A .text JMP QWORD PTR [RIP+0x1DCDA]
DC10 N/A .text JMP QWORD PTR [RIP+0x1DCCA]
DC18 N/A .text JMP QWORD PTR [RIP+0x1DCBA]
DC20 N/A .text JMP QWORD PTR [RIP+0x1DCAA]
DC28 N/A .text JMP QWORD PTR [RIP+0x1DC9A]
DC30 N/A .text JMP QWORD PTR [RIP+0x1DC8A]
DC38 N/A .text JMP QWORD PTR [RIP+0x1DC7A]
DC40 N/A .text JMP QWORD PTR [RIP+0x1DC6A]
DC48 N/A .text JMP QWORD PTR [RIP+0x1DC5A]
DC50 N/A .text JMP QWORD PTR [RIP+0x1DC4A]
DC58 N/A .text JMP QWORD PTR [RIP+0x1DC3A]
DC60 N/A .text JMP QWORD PTR [RIP+0x1DC2A]
DC68 N/A .text JMP QWORD PTR [RIP+0x1DC1A]
DC70 N/A .text JMP QWORD PTR [RIP+0x1DC0A]
DC78 N/A .text JMP QWORD PTR [RIP+0x1DBFA]
DC80 N/A .text JMP QWORD PTR [RIP+0x1DBEA]
DC88 N/A .text JMP QWORD PTR [RIP+0x1DBDA]
DC90 N/A .text JMP QWORD PTR [RIP+0x1DBCA]
13A40 D1F0 .CRT TLS Callback | Pointer to 40D1F0 - 0xC7F0 .text
13A48 D1C0 .CRT TLS Callback | Pointer to 40D1C0 - 0xC7C0 .text
10C00 1000 .pdata ExceptionHook | Pointer to 1000 - 0x600 .text + UnwindInfo: .xdata
10C0C 1010 .pdata ExceptionHook | Pointer to 1010 - 0x610 .text + UnwindInfo: .xdata
10C18 1130 .pdata ExceptionHook | Pointer to 1130 - 0x730 .text + UnwindInfo: .xdata
10C24 1180 .pdata ExceptionHook | Pointer to 1180 - 0x780 .text + UnwindInfo: .xdata
10C30 14C0 .pdata ExceptionHook | Pointer to 14C0 - 0xAC0 .text + UnwindInfo: .xdata
10C3C 14F0 .pdata ExceptionHook | Pointer to 14F0 - 0xAF0 .text + UnwindInfo: .xdata
10C48 1520 .pdata ExceptionHook | Pointer to 1520 - 0xB20 .text + UnwindInfo: .xdata
10C54 1540 .pdata ExceptionHook | Pointer to 1540 - 0xB40 .text + UnwindInfo: .xdata
10C60 1550 .pdata ExceptionHook | Pointer to 1550 - 0xB50 .text + UnwindInfo: .xdata
10C6C 1560 .pdata ExceptionHook | Pointer to 1560 - 0xB60 .text + UnwindInfo: .xdata
10C78 15FB .pdata ExceptionHook | Pointer to 15FB - 0xBFB .text + UnwindInfo: .xdata
10C84 1610 .pdata ExceptionHook | Pointer to 1610 - 0xC10 .text + UnwindInfo: .xdata
10C90 1611 .pdata ExceptionHook | Pointer to 1611 - 0xC11 .text + UnwindInfo: .xdata
10C9C 1634 .pdata ExceptionHook | Pointer to 1634 - 0xC34 .text + UnwindInfo: .xdata
10CA8 1659 .pdata ExceptionHook | Pointer to 1659 - 0xC59 .text + UnwindInfo: .xdata
10CB4 1679 .pdata ExceptionHook | Pointer to 1679 - 0xC79 .text + UnwindInfo: .xdata
10CC0 167D .pdata ExceptionHook | Pointer to 167D - 0xC7D .text + UnwindInfo: .xdata
10CCC 1896 .pdata ExceptionHook | Pointer to 1896 - 0xE96 .text + UnwindInfo: .xdata
10CD8 18A6 .pdata ExceptionHook | Pointer to 18A6 - 0xEA6 .text + UnwindInfo: .xdata
10CE4 1B88 .pdata ExceptionHook | Pointer to 1B88 - 0x1188 .text + UnwindInfo: .xdata
10CF0 1BAA .pdata ExceptionHook | Pointer to 1BAA - 0x11AA .text + UnwindInfo: .xdata
10CFC 1BD2 .pdata ExceptionHook | Pointer to 1BD2 - 0x11D2 .text + UnwindInfo: .xdata
10D08 1C30 .pdata ExceptionHook | Pointer to 1C30 - 0x1230 .text + UnwindInfo: .xdata
10D14 1C53 .pdata ExceptionHook | Pointer to 1C53 - 0x1253 .text + UnwindInfo: .xdata
10D20 1D2A .pdata ExceptionHook | Pointer to 1D2A - 0x132A .text + UnwindInfo: .xdata
10D2C 1E2F .pdata ExceptionHook | Pointer to 1E2F - 0x142F .text + UnwindInfo: .xdata
10D38 1EC8 .pdata ExceptionHook | Pointer to 1EC8 - 0x14C8 .text + UnwindInfo: .xdata
10D44 1F2B .pdata ExceptionHook | Pointer to 1F2B - 0x152B .text + UnwindInfo: .xdata
10D50 1F50 .pdata ExceptionHook | Pointer to 1F50 - 0x1550 .text + UnwindInfo: .xdata
10D5C 1F8E .pdata ExceptionHook | Pointer to 1F8E - 0x158E .text + UnwindInfo: .xdata
10D68 1F8F .pdata ExceptionHook | Pointer to 1F8F - 0x158F .text + UnwindInfo: .xdata
10D74 1FB0 .pdata ExceptionHook | Pointer to 1FB0 - 0x15B0 .text + UnwindInfo: .xdata
10D80 1FC7 .pdata ExceptionHook | Pointer to 1FC7 - 0x15C7 .text + UnwindInfo: .xdata
10D8C 200D .pdata ExceptionHook | Pointer to 200D - 0x160D .text + UnwindInfo: .xdata
10D98 201A .pdata ExceptionHook | Pointer to 201A - 0x161A .text + UnwindInfo: .xdata
10DA4 2064 .pdata ExceptionHook | Pointer to 2064 - 0x1664 .text + UnwindInfo: .xdata
10DB0 208A .pdata ExceptionHook | Pointer to 208A - 0x168A .text + UnwindInfo: .xdata
10DBC 208B .pdata ExceptionHook | Pointer to 208B - 0x168B .text + UnwindInfo: .xdata
10DC8 208C .pdata ExceptionHook | Pointer to 208C - 0x168C .text + UnwindInfo: .xdata
10DD4 208D .pdata ExceptionHook | Pointer to 208D - 0x168D .text + UnwindInfo: .xdata
10DE0 20AD .pdata ExceptionHook | Pointer to 20AD - 0x16AD .text + UnwindInfo: .xdata
10DEC 20E4 .pdata ExceptionHook | Pointer to 20E4 - 0x16E4 .text + UnwindInfo: .xdata
10DF8 210E .pdata ExceptionHook | Pointer to 210E - 0x170E .text + UnwindInfo: .xdata
10E04 218C .pdata ExceptionHook | Pointer to 218C - 0x178C .text + UnwindInfo: .xdata
10E10 220B .pdata ExceptionHook | Pointer to 220B - 0x180B .text + UnwindInfo: .xdata
10E1C 2223 .pdata ExceptionHook | Pointer to 2223 - 0x1823 .text + UnwindInfo: .xdata
10E28 225D .pdata ExceptionHook | Pointer to 225D - 0x185D .text + UnwindInfo: .xdata
10E34 23CD .pdata ExceptionHook | Pointer to 23CD - 0x19CD .text + UnwindInfo: .xdata
10E40 2414 .pdata ExceptionHook | Pointer to 2414 - 0x1A14 .text + UnwindInfo: .xdata
10E4C 244B .pdata ExceptionHook | Pointer to 244B - 0x1A4B .text + UnwindInfo: .xdata
10E58 24D5 .pdata ExceptionHook | Pointer to 24D5 - 0x1AD5 .text + UnwindInfo: .xdata
10E64 2552 .pdata ExceptionHook | Pointer to 2552 - 0x1B52 .text + UnwindInfo: .xdata
10E70 2571 .pdata ExceptionHook | Pointer to 2571 - 0x1B71 .text + UnwindInfo: .xdata
10E7C 25E4 .pdata ExceptionHook | Pointer to 25E4 - 0x1BE4 .text + UnwindInfo: .xdata
10E88 273A .pdata ExceptionHook | Pointer to 273A - 0x1D3A .text + UnwindInfo: .xdata
10E94 2744 .pdata ExceptionHook | Pointer to 2744 - 0x1D44 .text + UnwindInfo: .xdata
10EA0 27A3 .pdata ExceptionHook | Pointer to 27A3 - 0x1DA3 .text + UnwindInfo: .xdata
10EAC 27C3 .pdata ExceptionHook | Pointer to 27C3 - 0x1DC3 .text + UnwindInfo: .xdata
10EB8 2824 .pdata ExceptionHook | Pointer to 2824 - 0x1E24 .text + UnwindInfo: .xdata
10EC4 2846 .pdata ExceptionHook | Pointer to 2846 - 0x1E46 .text + UnwindInfo: .xdata
10ED0 2873 .pdata ExceptionHook | Pointer to 2873 - 0x1E73 .text + UnwindInfo: .xdata
10EDC 28C5 .pdata ExceptionHook | Pointer to 28C5 - 0x1EC5 .text + UnwindInfo: .xdata
10EE8 2A2D .pdata ExceptionHook | Pointer to 2A2D - 0x202D .text + UnwindInfo: .xdata
10EF4 2A4B .pdata ExceptionHook | Pointer to 2A4B - 0x204B .text + UnwindInfo: .xdata
10F00 2A75 .pdata ExceptionHook | Pointer to 2A75 - 0x2075 .text + UnwindInfo: .xdata
10F0C 2A81 .pdata ExceptionHook | Pointer to 2A81 - 0x2081 .text + UnwindInfo: .xdata
10F18 2AAB .pdata ExceptionHook | Pointer to 2AAB - 0x20AB .text + UnwindInfo: .xdata
10F24 2ADE .pdata ExceptionHook | Pointer to 2ADE - 0x20DE .text + UnwindInfo: .xdata
10F30 2AED .pdata ExceptionHook | Pointer to 2AED - 0x20ED .text + UnwindInfo: .xdata
10F3C 2B98 .pdata ExceptionHook | Pointer to 2B98 - 0x2198 .text + UnwindInfo: .xdata
10F48 2BD2 .pdata ExceptionHook | Pointer to 2BD2 - 0x21D2 .text + UnwindInfo: .xdata
10F54 2D1F .pdata ExceptionHook | Pointer to 2D1F - 0x231F .text + UnwindInfo: .xdata
10F60 2E33 .pdata ExceptionHook | Pointer to 2E33 - 0x2433 .text + UnwindInfo: .xdata
10F6C 2EAC .pdata ExceptionHook | Pointer to 2EAC - 0x24AC .text + UnwindInfo: .xdata
10F78 2FE8 .pdata ExceptionHook | Pointer to 2FE8 - 0x25E8 .text + UnwindInfo: .xdata
10F84 2FF1 .pdata ExceptionHook | Pointer to 2FF1 - 0x25F1 .text + UnwindInfo: .xdata
10F90 2FFD .pdata ExceptionHook | Pointer to 2FFD - 0x25FD .text + UnwindInfo: .xdata
10F9C 3076 .pdata ExceptionHook | Pointer to 3076 - 0x2676 .text + UnwindInfo: .xdata
10FA8 308A .pdata ExceptionHook | Pointer to 308A - 0x268A .text + UnwindInfo: .xdata
10FB4 30A7 .pdata ExceptionHook | Pointer to 30A7 - 0x26A7 .text + UnwindInfo: .xdata
10FC0 30D8 .pdata ExceptionHook | Pointer to 30D8 - 0x26D8 .text + UnwindInfo: .xdata
10FCC 30DE .pdata ExceptionHook | Pointer to 30DE - 0x26DE .text + UnwindInfo: .xdata
10FD8 3103 .pdata ExceptionHook | Pointer to 3103 - 0x2703 .text + UnwindInfo: .xdata
10FE4 3162 .pdata ExceptionHook | Pointer to 3162 - 0x2762 .text + UnwindInfo: .xdata
10FF0 3213 .pdata ExceptionHook | Pointer to 3213 - 0x2813 .text + UnwindInfo: .xdata
10FFC 324E .pdata ExceptionHook | Pointer to 324E - 0x284E .text + UnwindInfo: .xdata
11008 329B .pdata ExceptionHook | Pointer to 329B - 0x289B .text + UnwindInfo: .xdata
11014 32C3 .pdata ExceptionHook | Pointer to 32C3 - 0x28C3 .text + UnwindInfo: .xdata
11020 32F0 .pdata ExceptionHook | Pointer to 32F0 - 0x28F0 .text + UnwindInfo: .xdata
1102C 3357 .pdata ExceptionHook | Pointer to 3357 - 0x2957 .text + UnwindInfo: .xdata
11038 3393 .pdata ExceptionHook | Pointer to 3393 - 0x2993 .text + UnwindInfo: .xdata
11044 3442 .pdata ExceptionHook | Pointer to 3442 - 0x2A42 .text + UnwindInfo: .xdata
11050 3526 .pdata ExceptionHook | Pointer to 3526 - 0x2B26 .text + UnwindInfo: .xdata
1105C 35C7 .pdata ExceptionHook | Pointer to 35C7 - 0x2BC7 .text + UnwindInfo: .xdata
11068 3623 .pdata ExceptionHook | Pointer to 3623 - 0x2C23 .text + UnwindInfo: .xdata
11074 3631 .pdata ExceptionHook | Pointer to 3631 - 0x2C31 .text + UnwindInfo: .xdata
11080 3676 .pdata ExceptionHook | Pointer to 3676 - 0x2C76 .text + UnwindInfo: .xdata
1108C 36BB .pdata ExceptionHook | Pointer to 36BB - 0x2CBB .text + UnwindInfo: .xdata
11098 3700 .pdata ExceptionHook | Pointer to 3700 - 0x2D00 .text + UnwindInfo: .xdata
110A4 3745 .pdata ExceptionHook | Pointer to 3745 - 0x2D45 .text + UnwindInfo: .xdata
5A800 N/A *Overlay* 2E66696C650000005F000000FEFF000067016372 | .file..._.......g.cr
Extra Analysis
Metric Value Percentage
Ascii Code 299916 66,1339%
Null Byte Code 102867 22,683%
NOP Cave Found 0x9090909090 Block Count: 52 | Total: 0,0287%
© 2026 All rights reserved.