PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 5,30 MB SHA-256 Hash: 4930F90EDA5D1E25F6E4DDE4D622F97FCF0BD7CF71018A3AABC1C8B6C4CE5504 SHA-1 Hash: 9D7916A02BF397F83C1028802B8D68E83085685D MD5 Hash: C2B1CF31D872A5A4919E6D0275C95106 Imphash: A6612812B689BCFFD8E69832FAA54E99 MajorOSVersion: 6 MinorOSVersion: 0 CheckSum: 0055803F EntryPoint (rva): 2DC870 SizeOfHeaders: 400 SizeOfImage: 558000 ImageBase: 0000000180000000 Architecture: x64 ExportTable: 50AC40 ImportTable: 50DFE4 IAT: 2DE000 Characteristics: 2022 TimeDateStamp: 6837FF63 Date: 29/05/2025 6:32:03 File Type: DLL Number Of Sections: 8 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, .didat, _RDATA, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 2DC200 | 1000 | 2DC17B |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
2DC600 | 236800 | 2DE000 | 2367E0 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
512E00 | 11A00 | 515000 | 192A8 |
|
|
| .pdata | 0x40000040 Initialized Data Readable |
524800 | 21C00 | 52F000 | 21BF4 |
|
|
| .didat | 0xC0000040 Initialized Data Readable Writeable |
546400 | 200 | 551000 | 10 |
|
|
| _RDATA | 0x40000040 Initialized Data Readable |
546600 | 200 | 552000 | 30 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
546800 | 600 | 553000 | 580 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
546E00 | 3200 | 554000 | 3124 |
|
|
| Description |
| OriginalFilename: Qt6Pdf.dll CompanyName: The Qt Company Ltd. LegalCopyright: Copyright (C) The Qt Company Ltd. and other contributors. ProductName: Qt6 FileVersion: 6.9.1.0 FileDescription: C++ Application Development Framework ProductVersion: 6.9.1.0 Language: English (United States) (ID=0x409) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) have the Entry Point Information -> EntryPoint (calculated) - 2DBC70 Code -> 48895C24084889742410574883EC20498BF88BDA488BF183FA017505E8270200004C8BC78BD3488BCE488B5C2430488B7424 Assembler |MOV QWORD PTR [RSP + 8], RBX |MOV QWORD PTR [RSP + 0X10], RSI |PUSH RDI |SUB RSP, 0X20 |MOV RDI, R8 |MOV EBX, EDX |MOV RSI, RCX |CMP EDX, 1 |JNE 0X1021 |CALL 0X1248 |MOV R8, RDI |MOV EDX, EBX |MOV RCX, RSI |MOV RBX, QWORD PTR [RSP + 0X30] |
| Signatures |
| Rich Signature Analyzer: Code -> 84CB3DCBC0AA5398C0AA5398C0AA5398C9D2C098D4AA5398022BAE98C1AA5398022B5799C8AA5398022B5099C9AA5398022B5699E1AA5398022B5299C8AA539830285299C6AA5398B22B5299CDAA5398C0AA5298D7A95398B22B5599C1AA5398302857995FAA5398C0AA5398DBAA53983028569942A9539830285399C1AA53983028AC98C1AA5398C0AAC498C1AA539830285199C1AA539852696368C0AA5398 Footprint md5 Hash -> 10361AFB003B87EB705DE44196C0CC83 • The Rich header apparently has not been modified Certificate - Digital Signature: • The file is signed and the signature is correct |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Detect It Easy (die) • PE+(64): compiler: Microsoft Visual C/C++(-)[-] • PE+(64): linker: Microsoft Linker(14.39**)[-] • PE+(64): Sign tool: Windows Authenticode(2.0)[PKCS 7] • Entropy: 6.93849 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | CreateMutexW | Create a named or unnamed mutex object for controlling access to a shared resource. |
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| ET Functions (carving) |
| Original Name -> Qt6Pdf.dll ??0QPdfBookmarkModel@@QEAA@PEAVQObject@@@Z ??0QPdfBookmarkModel@@QEAA@XZ ??0QPdfDocument@@QEAA@PEAVQObject@@@Z ??0QPdfDocument@@QEAA@XZ ??0QPdfDocumentPrivate@@QEAA@XZ ??0QPdfFile@@QEAA@PEAVQPdfDocument@@@Z ??0QPdfLink@@QEAA@$$QEAV0@@Z ??0QPdfLink@@QEAA@AEBV0@@Z ??0QPdfLink@@QEAA@XZ ??0QPdfLinkModel@@QEAA@PEAVQObject@@@Z ??0QPdfPageModel@@QEAA@PEAVQPdfDocument@@@Z ??0QPdfPageNavigator@@QEAA@PEAVQObject@@@Z ??0QPdfPageNavigator@@QEAA@XZ ??0QPdfPageRenderer@@QEAA@PEAVQObject@@@Z ??0QPdfPageRenderer@@QEAA@XZ ??0QPdfSearchModel@@QEAA@PEAVQObject@@@Z ??0QPdfSearchModel@@QEAA@XZ ??0QPdfSelection@@QEAA@$$QEAV0@@Z ??0QPdfSelection@@QEAA@AEBV0@@Z ??1QPdfBookmarkModel@@UEAA@XZ ??1QPdfDocument@@UEAA@XZ ??1QPdfDocumentPrivate@@QEAA@XZ ??1QPdfFile@@UEAA@XZ ??1QPdfLink@@QEAA@XZ ??1QPdfLinkModel@@UEAA@XZ ??1QPdfPageModel@@UEAA@XZ ??1QPdfPageNavigator@@UEAA@XZ ??1QPdfPageRenderer@@UEAA@XZ ??1QPdfSearchModel@@UEAA@XZ ??1QPdfSelection@@QEAA@XZ ??4QPdfLink@@QEAAAEAV0@AEBV0@@Z ??4QPdfSelection@@QEAAAEAV0@AEBV0@@Z ??6@YA?AVQDebug@@V0@AEBVQPdfLink@@@Z ??_7QPdfBookmarkModel@@6B@ ??_7QPdfDocument@@6B@ ??_7QPdfFile@@6B@ ??_7QPdfLinkModel@@6B@ ??_7QPdfPageModel@@6B@ ??_7QPdfPageNavigator@@6B@ ??_7QPdfPageRenderer@@6B@ ??_7QPdfSearchModel@@6B@ ??_FQPdfLinkModel@@QEAAXXZ ?_q_copyFromSequentialSourceDevice@QPdfDocumentPrivate@@QEAAXXZ ?_q_tryLoadingWithSizeFromContentHeader@QPdfDocumentPrivate@@QEAAXXZ ?back@QPdfPageNavigator@@QEAAXXZ ?backAvailable@QPdfPageNavigator@@QEBA_NXZ ?backAvailableChanged@QPdfPageNavigator@@QEAAX_N@Z ?boundingRectangle@QPdfSelection@@QEBA?AVQRectF@@XZ ?bounds@QPdfSelection@@QEBA?AV?$QList@VQPolygonF@@@@XZ ?checkComplete@QPdfDocumentPrivate@@QEAAXXZ ?checkPageComplete@QPdfDocumentPrivate@@QEAA_NH@Z ?clear@QPdfDocumentPrivate@@QEAAXXZ ?clear@QPdfPageNavigator@@QEAAXXZ ?close@QPdfDocument@@QEAAXXZ ?columnCount@QPdfBookmarkModel@@UEBAHAEBVQModelIndex@@@Z ?contextAfter@QPdfLink@@QEBA?AVQString@@XZ ?contextBefore@QPdfLink@@QEBA?AVQString@@XZ ?copyToClipboard@QPdfLink@@QEBAXW4Mode@QClipboard@@@Z ?copyToClipboard@QPdfSelection@@QEBAXW4Mode@QClipboard@@@Z ?count@QPdfSearchModel@@QEBAHXZ ?countChanged@QPdfSearchModel@@QEAAXXZ ?currentLink@QPdfPageNavigator@@IEBA?AVQPdfLink@@XZ ?currentLocation@QPdfPageNavigator@@QEBA?AVQPointF@@XZ ?currentLocationChanged@QPdfPageNavigator@@QEAAXVQPointF@@@Z ?currentPage@QPdfPageNavigator@@QEBAHXZ ?currentPageChanged@QPdfPageNavigator@@QEAAXH@Z ?currentZoom@QPdfPageNavigator@@QEBANXZ ?currentZoomChanged@QPdfPageNavigator@@QEAAXN@Z ?d_func@QPdfLinkModel@@AEAAPEAVQPdfLinkModelPrivate@@XZ ?d_func@QPdfLinkModel@@AEBAPEBVQPdfLinkModelPrivate@@XZ ?d_func@QPdfSearchModel@@AEAAPEAVQPdfSearchModelPrivate@@XZ ?d_func@QPdfSearchModel@@AEBAPEBVQPdfSearchModelPrivate@@XZ ?data@QPdfBookmarkModel@@UEBA?AVQVariant@@AEBVQModelIndex@@H@Z ?data@QPdfLinkModel@@UEBA?AVQVariant@@AEBVQModelIndex@@H@Z ?data@QPdfPageModel@@UEBA?AVQVariant@@AEBVQModelIndex@@H@Z ?data@QPdfSearchModel@@UEBA?AVQVariant@@AEBVQModelIndex@@H@Z ?document@QPdfBookmarkModel@@QEBAPEAVQPdfDocument@@XZ ?document@QPdfFile@@QEAAPEAVQPdfDocument@@XZ ?document@QPdfLinkModel@@QEBAPEAVQPdfDocument@@XZ ?document@QPdfPageModel@@AEBAPEAVQPdfDocument@@XZ ?document@QPdfPageRenderer@@QEBAPEAVQPdfDocument@@XZ ?document@QPdfSearchModel@@QEBAPEAVQPdfDocument@@XZ ?documentChanged@QPdfBookmarkModel@@QEAAXPEAVQPdfDocument@@@Z ?documentChanged@QPdfLinkModel@@QEAAXXZ ?documentChanged@QPdfPageRenderer@@QEAAXPEAVQPdfDocument@@@Z ?documentChanged@QPdfSearchModel@@QEAAXXZ ?endIndex@QPdfSelection@@QEBAHXZ ?error@QPdfDocument@@QEBA?AW4Error@1@XZ ?fileName@QPdfDocument@@AEBA?AVQString@@XZ ?forward@QPdfPageNavigator@@QEAAXXZ ?forwardAvailable@QPdfPageNavigator@@QEBA_NXZ ?forwardAvailableChanged@QPdfPageNavigator@@QEAAX_N@Z ?fpdf_AddSegment@QPdfDocumentPrivate@@SAXPEAU_FX_DOWNLOADHINTS@@_K1@Z ?fpdf_GetBlock@QPdfDocumentPrivate@@SAHPEAXKPEAEK@Z ?fpdf_IsDataAvail@QPdfDocumentPrivate@@SAHPEAU_FX_FILEAVAIL@@_K1@Z ?getAllText@QPdfDocument@@QEAA?AVQPdfSelection@@H@Z ?getCharBox@QPdfDocumentPrivate@@QEBA?AVQRectF@@PEAUfpdf_page_t__@@PEAUfpdf_textpage_t__@@H@Z ?getCharPosition@QPdfDocumentPrivate@@QEBA?AVQPointF@@PEAUfpdf_page_t__@@PEAUfpdf_textpage_t__@@H@Z ?getSelection@QPdfDocument@@QEAA?AVQPdfSelection@@HVQPointF@@0@Z ?getSelectionAtIndex@QPdfDocument@@QEAA?AVQPdfSelection@@HHH@Z ?getText@QPdfDocumentPrivate@@QEBA?AVQString@@PEAUfpdf_textpage_t__@@HH@Z ?hitTest@QPdfDocumentPrivate@@QEAA?AUTextPosition@1@HVQPointF@@@Z ?index@QPdfBookmarkModel@@UEBA?AVQModelIndex@@HHAEBV2@@Z ?initiateAsyncLoadWithTotalSizeKnown@QPdfDocumentPrivate@@QEAAX_K@Z ?isValid@QPdfLink@@QEBA_NXZ ?isValid@QPdfSelection@@QEBA_NXZ ?jump@QPdfPageNavigator@@QEAAXHAEBVQPointF@@N@Z ?jump@QPdfPageNavigator@@QEAAXVQPdfLink@@@Z ?jumped@QPdfPageNavigator@@QEAAXVQPdfLink@@@Z ?linkAt@QPdfLinkModel@@QEBA?AVQPdfLink@@VQPointF@@@Z ?load@QPdfDocument@@QEAA?AW4Error@1@AEBVQString@@@Z ?load@QPdfDocument@@QEAAXPEAVQIODevice@@@Z ?load@QPdfDocumentPrivate@@QEAAXPEAVQIODevice@@_N@Z ?location@QPdfLink@@QEBA?AVQPointF@@XZ ?mapPageToView@QPdfDocumentPrivate@@QEBA?AVQPointF@@PEAUfpdf_page_t__@@NN@Z ?mapPageToView@QPdfDocumentPrivate@@QEBA?AVQRectF@@PEAUfpdf_page_t__@@NNNN@Z ?mapViewToPage@QPdfDocumentPrivate@@QEBA?AVQPointF@@PEAUfpdf_page_t__@@V2@@Z ?metaData@QPdfDocument@@QEBA?AVQVariant@@W4MetaDataField@1@@Z ?metaObject@QPdfBookmarkModel@@UEBAPEBUQMetaObject@@XZ ?metaObject@QPdfDocument@@UEBAPEBUQMetaObject@@XZ ?metaObject@QPdfFile@@UEBAPEBUQMetaObject@@XZ ?metaObject@QPdfLinkModel@@UEBAPEBUQMetaObject@@XZ ?metaObject@QPdfPageModel@@UEBAPEBUQMetaObject@@XZ ?metaObject@QPdfPageNavigator@@UEBAPEBUQMetaObject@@XZ ?metaObject@QPdfPageRenderer@@UEBAPEBUQMetaObject@@XZ ?metaObject@QPdfSearchModel@@UEBAPEBUQMetaObject@@XZ ?onStatusChanged@QPdfLinkModel@@AEAAXW4Status@QPdfDocument@@@Z ?page@QPdfLink@@QEBAHXZ ?page@QPdfLinkModel@@QEBAHXZ ?pageChanged@QPdfLinkModel@@QEAAXH@Z ?pageCount@QPdfDocument@@QEBAHXZ ?pageCountChanged@QPdfDocument@@QEAAXH@Z ?pageIndexForLabel@QPdfDocument@@QEAAHAEBVQString@@@Z ?pageLabel@QPdfDocument@@QEAA?AVQString@@H@Z ?pageModel@QPdfDocument@@QEAAPEAVQAbstractListModel@@XZ ?pageModelChanged@QPdfDocument@@QEAAXXZ ?pagePointSize@QPdfDocument@@QEBA?AVQSizeF@@H@Z ?pageRendered@QPdfPageRenderer@@QEAAXHVQSize@@AEBVQImage@@VQPdfDocumentRenderOptions@@_K@Z ?pageThumbnail@QPdfPageModel@@AEBA?AVQPixmap@@H@Z ?parent@QPdfBookmarkModel@@UEBA?AVQModelIndex@@AEBV2@@Z ?password@QPdfDocument@@QEBA?AVQString@@XZ ?passwordChanged@QPdfDocument@@QEAAXXZ ?passwordRequired@QPdfDocument@@QEAAXXZ ?qt_metacall@QPdfBookmarkModel@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z ?qt_metacall@QPdfDocument@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z ?qt_metacall@QPdfFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z ?qt_metacall@QPdfLinkModel@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z ?qt_metacall@QPdfPageModel@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z ?qt_metacall@QPdfPageNavigator@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z ?qt_metacall@QPdfPageRenderer@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z ?qt_metacall@QPdfSearchModel@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z ?qt_metacast@QPdfBookmarkModel@@UEAAPEAXPEBD@Z ?qt_metacast@QPdfDocument@@UEAAPEAXPEBD@Z ?qt_metacast@QPdfFile@@UEAAPEAXPEBD@Z ?qt_metacast@QPdfLinkModel@@UEAAPEAXPEBD@Z ?qt_metacast@QPdfPageModel@@UEAAPEAXPEBD@Z ?qt_metacast@QPdfPageNavigator@@UEAAPEAXPEBD@Z ?qt_metacast@QPdfPageRenderer@@UEAAPEAXPEBD@Z ?qt_metacast@QPdfSearchModel@@UEAAPEAXPEBD@Z ?qt_static_metacall@QPdfBookmarkModel@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z ?qt_static_metacall@QPdfDocument@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z ?qt_static_metacall@QPdfFile@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z ?qt_static_metacall@QPdfLinkModel@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z ?qt_static_metacall@QPdfPageModel@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z ?qt_static_metacall@QPdfPageNavigator@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z ?qt_static_metacall@QPdfPageRenderer@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z ?qt_static_metacall@QPdfSearchModel@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z ?rectangles@QPdfLink@@QEBA?AV?$QList@VQRectF@@@@XZ ?render@QPdfDocument@@QEAA?AVQImage@@HVQSize@@VQPdfDocumentRenderOptions@@@Z ?renderMode@QPdfPageRenderer@@QEBA?AW4RenderMode@1@XZ ?renderModeChanged@QPdfPageRenderer@@QEAAXW4RenderMode@1@@Z ?requestPage@QPdfPageRenderer@@QEAA_KHVQSize@@VQPdfDocumentRenderOptions@@@Z ?resultAtIndex@QPdfSearchModel@@QEBA?AVQPdfLink@@H@Z ?resultsOnPage@QPdfSearchModel@@QEBA?AV?$QList@VQPdfLink@@@@H@Z ?roleNames@QPdfBookmarkModel@@UEBA?AV?$QHash@HVQByteArray@@@@XZ ?roleNames@QPdfLinkModel@@UEBA?AV?$QHash@HVQByteArray@@@@XZ ?roleNames@QPdfPageModel@@UEBA?AV?$QHash@HVQByteArray@@@@XZ ?roleNames@QPdfSearchModel@@UEBA?AV?$QHash@HVQByteArray@@@@XZ ?rowCount@QPdfBookmarkModel@@UEBAHAEBVQModelIndex@@@Z ?rowCount@QPdfLinkModel@@UEBAHAEBVQModelIndex@@@Z ?rowCount@QPdfPageModel@@UEBAHAEBVQModelIndex@@@Z ?rowCount@QPdfSearchModel@@UEBAHAEBVQModelIndex@@@Z ?searchString@QPdfSearchModel@@QEBA?AVQString@@XZ ?searchStringChanged@QPdfSearchModel@@QEAAXXZ ?setDocument@QPdfBookmarkModel@@QEAAXPEAVQPdfDocument@@@Z ?setDocument@QPdfLinkModel@@QEAAXPEAVQPdfDocument@@@Z ?setDocument@QPdfPageRenderer@@QEAAXPEAVQPdfDocument@@@Z ?setDocument@QPdfSearchModel@@QEAAXPEAVQPdfDocument@@@Z ?setPage@QPdfLinkModel@@QEAAXH@Z ?setPassword@QPdfDocument@@QEAAXAEBVQString@@@Z ?setRenderMode@QPdfPageRenderer@@QEAAXW4RenderMode@1@@Z ?setSearchString@QPdfSearchModel@@QEAAXAEBVQString@@@Z ?setStatus@QPdfDocumentPrivate@@QEAAXW4Status@QPdfDocument@@@Z ?startIndex@QPdfSelection@@QEBAHXZ ?staticMetaObject@QPdfBookmarkModel@@2UQMetaObject@@B ?staticMetaObject@QPdfDocument@@2UQMetaObject@@B ?staticMetaObject@QPdfFile@@2UQMetaObject@@B ?staticMetaObject@QPdfLink@@2UQMetaObject@@B ?staticMetaObject@QPdfLinkModel@@2UQMetaObject@@B ?staticMetaObject@QPdfPageModel@@2UQMetaObject@@B ?staticMetaObject@QPdfPageNavigator@@2UQMetaObject@@B ?staticMetaObject@QPdfPageRenderer@@2UQMetaObject@@B ?staticMetaObject@QPdfSearchModel@@2UQMetaObject@@B ?staticMetaObject@QPdfSelection@@2UQMetaObject@@B ?status@QPdfDocument@@QEBA?AW4Status@1@XZ ?statusChanged@QPdfDocument@@QEAAXW4Status@1@@Z ?text@QPdfSelection@@QEBA?AVQString@@XZ ?timerEvent@QPdfSearchModel@@MEAAXPEAVQTimerEvent@@@Z ?toFPDFRotation@QPdfDocumentPrivate@@SA?AW4QFPDFRotation@1@W4Rotation@QPdfDocumentRenderOptions@@@Z ?toString@QPdfLink@@QEBA?AVQString@@XZ ?tr@QPdfBookmarkModel@@SA?AVQString@@PEBD0H@Z ?tr@QPdfDocument@@SA?AVQString@@PEBD0H@Z ?tr@QPdfFile@@SA?AVQString@@PEBD0H@Z ?tr@QPdfLinkModel@@SA?AVQString@@PEBD0H@Z ?tr@QPdfPageModel@@SA?AVQString@@PEBD0H@Z ?tr@QPdfPageNavigator@@SA?AVQString@@PEBD0H@Z ?tr@QPdfPageRenderer@@SA?AVQString@@PEBD0H@Z ?tr@QPdfSearchModel@@SA?AVQString@@PEBD0H@Z ?tryLoadDocument@QPdfDocumentPrivate@@QEAAXXZ ?update@QPdfPageNavigator@@QEAAXHAEBVQPointF@@N@Z ?updateLastError@QPdfDocumentPrivate@@QEAAXXZ ?updatePage@QPdfSearchModel@@IEAAXH@Z ?url@QPdfLink@@QEBA?AVQUrl@@XZ ?zoom@QPdfLink@@QEBANXZ |
| File Access |
| api-ms-win-crt-filesystem-l1-1-0.dll api-ms-win-crt-environment-l1-1-0.dll api-ms-win-crt-utility-l1-1-0.dll api-ms-win-crt-convert-l1-1-0.dll api-ms-win-crt-time-l1-1-0.dll api-ms-win-crt-math-l1-1-0.dll api-ms-win-crt-string-l1-1-0.dll api-ms-win-crt-stdio-l1-1-0.dll api-ms-win-crt-runtime-l1-1-0.dll api-ms-win-crt-heap-l1-1-0.dll VCRUNTIME140_1.dll VCRUNTIME140.dll MSVCP140.dll KERNEL32.dll Qt6Core.dll Qt6Network.dll Qt6Gui.dll USER32.dll GDI32.dll Qt6Pdf.dll DWINMM.dll \GDIPLUS.DLL ntdll.dll .dat %d].dat @.dat qt.pdf Temp |
| File Access (UNICODE) |
| Qt6Pdf.dll bcryptprimitives.dll kernel32.dll skPaMPaGParadCo.log |
| Interest's Words |
| Encrypt PassWord exec start systeminfo ping replace |
| URLs |
| http://ns.adobe.com/AcrobatAdhocWorkflow/1.0/ http://www.entrust.net/rpa03 http://ocsp.entrust.net00 http://crl.entrust.net/g2ca.crl http://ocsp.entrust.net01 http://crl.entrust.net/csbr1.crl http://www.entrust.net/rpa0 http://ocsp.entrust.net02 http://aia.entrust.net/evcs2-chain.p7c01 http://crl.entrust.net/evcs2.crl http://crl.entrust.net/2048ca.crl http://ocsp.entrust.net03 http://aia.entrust.net/ts1-chain256.cer http://crl.entrust.net/ts1ca.crl https://www.entrust.net/rpa0 https://www.entrust.net/rpa0+ |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (bind) |
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GlobalMemoryStatusEx) |
| Text | Ascii | Reconnaissance (FindNextFileA) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (UnmapViewOfFile) |
| Text | Ascii | Stealth (MapViewOfFile) |
| Text | Ascii | Stealth (CreateFileMappingW) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Software that records user activity (Logger) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \VERSION\1\1033 | 5530A0 | 35C | 5468A0 | 5C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000900 | \.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\2\1033 | 553400 | 17D | 546C00 | 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779 | <?xml version='1.0' encoding='UTF-8' standalone='y |
| Intelligent String |
| • 6.9.1.0 • api-ms-win-crt-string-l1-1-0.dll • api-ms-win-crt-stdio-l1-1-0.dll • api-ms-win-crt-runtime-l1-1-0.dll • kernel32.dll • .dat • ntdll.dll • bcryptprimitives.dll • .ttf • .ttc • .otf • \GDIPLUS.DLL • www. • 'DWINMM.dll • C:\Users\qt\work\qt\qtwebengine_build\bin\Qt6Pdf.pdb • .tls • .bss • Qt6Gui.dll • ?executePendingOperations@QAbstractItemModelPrivate@@UEBAXXZ • KERNEL32.dll • VCRUNTIME140.dll • VCRUNTIME140_1.dll • 6_initterm7_initterm_eapi-ms-win-crt-heap-l1-1-0.dll • api-ms-win-crt-math-l1-1-0.dll • api-ms-win-crt-time-l1-1-0.dll • api-ms-win-crt-convert-l1-1-0.dll • api-ms-win-crt-utility-l1-1-0.dll • api-ms-win-crt-environment-l1-1-0.dll • api-ms-win-crt-filesystem-l1-1-0.dll • Qt6Pdf.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 1391B | N/A | .text | CALL QWORD PTR [RIP+0x2C9C27] |
| 1392B | N/A | .text | CALL QWORD PTR [RIP+0x2C9CAF] |
| 1396D | N/A | .text | JMP QWORD PTR [RIP+0x2CACBD] |
| 139D1 | N/A | .text | JMP QWORD PTR [RIP+0x2CA3D1] |
| 139FC | N/A | .text | JMP QWORD PTR [RIP+0x2CA3BE] |
| 13A11 | N/A | .text | JMP QWORD PTR [RIP+0x2CA399] |
| 13A62 | N/A | .text | JMP QWORD PTR [RIP+0x2CA350] |
| 13A8E | N/A | .text | CALL QWORD PTR [RIP+0x2CA334] |
| 13ABE | N/A | .text | CALL QWORD PTR [RIP+0x2CA304] |
| 13B26 | N/A | .text | CALL QWORD PTR [RIP+0x2CA19C] |
| 13BE4 | N/A | .text | CALL QWORD PTR [RIP+0x2CA0F6] |
| 13BF2 | N/A | .text | CALL QWORD PTR [RIP+0x2CA170] |
| 13C16 | N/A | .text | CALL QWORD PTR [RIP+0x2CA11C] |
| 13C24 | N/A | .text | CALL QWORD PTR [RIP+0x2CA0F6] |
| 13C2F | N/A | .text | CALL QWORD PTR [RIP+0x2CA0F3] |
| 13C48 | N/A | .text | CALL QWORD PTR [RIP+0x2CA052] |
| 13C83 | N/A | .text | CALL QWORD PTR [RIP+0x2CA08F] |
| 13CB6 | N/A | .text | CALL QWORD PTR [RIP+0x2C9FEC] |
| 13CC8 | N/A | .text | CALL QWORD PTR [RIP+0x2CA082] |
| 13D3F | N/A | .text | CALL QWORD PTR [RIP+0x2C9F23] |
| 13D4A | N/A | .text | CALL QWORD PTR [RIP+0x2C9F30] |
| 13D55 | N/A | .text | CALL QWORD PTR [RIP+0x2C9F25] |
| 13D67 | N/A | .text | JMP QWORD PTR [RIP+0x2C9F43] |
| 13D81 | N/A | .text | CALL QWORD PTR [RIP+0x2C9F31] |
| 13DC4 | N/A | .text | CALL QWORD PTR [RIP+0x2C9F16] |
| 13DD2 | N/A | .text | CALL QWORD PTR [RIP+0x2C9F90] |
| 13DF7 | N/A | .text | CALL QWORD PTR [RIP+0x2C9F3B] |
| 13E05 | N/A | .text | CALL QWORD PTR [RIP+0x2C9F15] |
| 13E15 | N/A | .text | CALL QWORD PTR [RIP+0x2C9F05] |
| 13E25 | N/A | .text | CALL QWORD PTR [RIP+0x2C9EF5] |
| 13E3E | N/A | .text | CALL QWORD PTR [RIP+0x2C9E5C] |
| 13E75 | N/A | .text | CALL QWORD PTR [RIP+0x2C9E9D] |
| 13EA8 | N/A | .text | CALL QWORD PTR [RIP+0x2C9DFA] |
| 13EBA | N/A | .text | CALL QWORD PTR [RIP+0x2C9E90] |
| 13FC3 | N/A | .text | CALL QWORD PTR [RIP+0x2CA54F] |
| 1422F | N/A | .text | CALL QWORD PTR [RIP+0x2C9B23] |
| 1428C | N/A | .text | CALL QWORD PTR [RIP+0x2C9AB6] |
| 142CB | N/A | .text | CALL QWORD PTR [RIP+0x2C9A77] |
| 142D8 | N/A | .text | CALL QWORD PTR [RIP+0x2C9A62] |
| 142E3 | N/A | .text | CALL QWORD PTR [RIP+0x2C9A67] |
| 142F6 | N/A | .text | CALL QWORD PTR [RIP+0x2C9A54] |
| 143D3 | N/A | .text | CALL QWORD PTR [RIP+0x2C990F] |
| 144D7 | N/A | .text | CALL QWORD PTR [RIP+0x2C987B] |
| 14516 | N/A | .text | CALL QWORD PTR [RIP+0x2C983C] |
| 14523 | N/A | .text | CALL QWORD PTR [RIP+0x2C9817] |
| 1452E | N/A | .text | CALL QWORD PTR [RIP+0x2C981C] |
| 147FC | N/A | .text | CALL QWORD PTR [RIP+0x2C94FE] |
| 14823 | N/A | .text | CALL QWORD PTR [RIP+0x2C9547] |
| 14A5B | N/A | .text | CALL QWORD PTR [RIP+0x2C92F7] |
| 14ACF | N/A | .text | CALL QWORD PTR [RIP+0x2C9633] |
| 14B0F | N/A | .text | CALL QWORD PTR [RIP+0x2C91FB] |
| 14B47 | N/A | .text | CALL QWORD PTR [RIP+0x2C95A3] |
| 14BD7 | N/A | .text | CALL QWORD PTR [RIP+0x2C91E3] |
| 14BEF | N/A | .text | CALL QWORD PTR [RIP+0x2C91CB] |
| 14C02 | N/A | .text | CALL QWORD PTR [RIP+0x2C90D0] |
| 14C13 | N/A | .text | CALL QWORD PTR [RIP+0x2C90B7] |
| 14C2C | N/A | .text | CALL QWORD PTR [RIP+0x2C947E] |
| 14C41 | N/A | .text | CALL QWORD PTR [RIP+0x2C9119] |
| 14C4F | N/A | .text | CALL QWORD PTR [RIP+0x2C90DB] |
| 14C7A | N/A | .text | CALL QWORD PTR [RIP+0x2C90D0] |
| 14C85 | N/A | .text | CALL QWORD PTR [RIP+0x2C90C5] |
| 14EF2 | N/A | .text | CALL QWORD PTR [RIP+0x2C9738] |
| 14F6F | N/A | .text | CALL QWORD PTR [RIP+0x2C95A3] |
| 1503A | N/A | .text | CALL QWORD PTR [RIP+0x2C8CC0] |
| 1505C | N/A | .text | CALL QWORD PTR [RIP+0x2C8D0E] |
| 150B5 | N/A | .text | JMP QWORD PTR [RIP+0x2C9045] |
| 15143 | N/A | .text | CALL QWORD PTR [RIP+0x2C8FB7] |
| 1519F | N/A | .text | CALL QWORD PTR [RIP+0x2C8F5B] |
| 15264 | N/A | .text | CALL QWORD PTR [RIP+0x2C8AE6] |
| 154F4 | N/A | .text | CALL QWORD PTR [RIP+0x2C888E] |
| 15658 | N/A | .text | CALL QWORD PTR [RIP+0x2C8722] |
| 15790 | N/A | .text | CALL QWORD PTR [RIP+0x2C857A] |
| 157FD | N/A | .text | CALL QWORD PTR [RIP+0x2C857D] |
| 1595E | N/A | .text | CALL QWORD PTR [RIP+0x2C8754] |
| 15980 | N/A | .text | CALL QWORD PTR [RIP+0x2C8412] |
| 1598D | N/A | .text | CALL QWORD PTR [RIP+0x2C83FD] |
| 1599D | N/A | .text | CALL QWORD PTR [RIP+0x2C82CD] |
| 159AC | N/A | .text | CALL QWORD PTR [RIP+0x2C82C6] |
| 159BB | N/A | .text | CALL QWORD PTR [RIP+0x2C82B7] |
| 159CA | N/A | .text | CALL QWORD PTR [RIP+0x2C82A8] |
| 159D4 | N/A | .text | CALL QWORD PTR [RIP+0x2C82A6] |
| 15A0D | N/A | .text | CALL QWORD PTR [RIP+0x2C82DD] |
| 15A1A | N/A | .text | CALL QWORD PTR [RIP+0x2C82D8] |
| 15A24 | N/A | .text | CALL QWORD PTR [RIP+0x2C82D6] |
| 15A7D | N/A | .text | CALL QWORD PTR [RIP+0x2C82ED] |
| 15AF2 | N/A | .text | CALL QWORD PTR [RIP+0x2C85D0] |
| 15B77 | N/A | .text | CALL QWORD PTR [RIP+0x2C820B] |
| 15BB9 | N/A | .text | JMP QWORD PTR [RIP+0x2C81B1] |
| 15C14 | N/A | .text | CALL QWORD PTR [RIP+0x2C80E6] |
| 15C38 | N/A | .text | CALL QWORD PTR [RIP+0x2C8132] |
| 15CB3 | N/A | .text | CALL QWORD PTR [RIP+0x2C80CF] |
| 15CF2 | N/A | .text | JMP QWORD PTR [RIP+0x2C8078] |
| 15D72 | N/A | .text | CALL QWORD PTR [RIP+0x2C7F90] |
| 15D80 | N/A | .text | CALL QWORD PTR [RIP+0x2C83A2] |
| 15D8B | N/A | .text | CALL QWORD PTR [RIP+0x2C7F6F] |
| 15DA2 | N/A | .text | CALL QWORD PTR [RIP+0x2C8390] |
| 15DC2 | N/A | .text | CALL QWORD PTR [RIP+0x2C8358] |
| 15DD7 | N/A | .text | CALL QWORD PTR [RIP+0x2C7E23] |
| 15DEC | N/A | .text | CALL QWORD PTR [RIP+0x2C7E0E] |
| 15DFE | N/A | .text | CALL QWORD PTR [RIP+0x2C7E5C] |
| 31BB2E-31BB3B | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 41F301-41F39E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 79 |
| 41F62B-41F6EC | N/A | .rdata | Potential obfuscated jump sequence detected, count: 97 |
| 42072D-4207C2 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 75 |
| 4209CB-420A4C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 65 |
| 421230-421240 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 4217CA-42183E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 57 |
| 421ABB-421B7E | N/A | .rdata | Potential obfuscated jump sequence detected, count: 98 |
| 421E25-421F56 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 153 |
| 422D51-422E22 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 105 |
| 423737-423788 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 41 |
| 423B51-423C48 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 124 |
| 423F27-423FD4 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 87 |
| 454D5F-454DB0 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 41 |
| 455127-4551A6 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 64 |
| 4551D1-45521C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 38 |
| 455841-4558CC | N/A | .rdata | Potential obfuscated jump sequence detected, count: 70 |
| 4596E5-45AA3C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 2476 |
| 465E00-465E0F | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 46BDF0-46BDFF | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 473E2A-473E39 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 47ADF6-47AE05 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 8 |
| 48CE61-48CE74 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 48EE7D-48EFC2 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 163 |
| 48F0D1-48F1B2 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 113 |
| 49358D-4937A6 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 269 |
| 4A1655-4A1662 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 4A20E7-4A20FA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 10 |
| 4A235D-4A237A | N/A | .rdata | Potential obfuscated jump sequence detected, count: 15 |
| 4A34C6-4A34DA | N/A | .rdata | Potential obfuscated jump sequence detected, count: 9 |
| 4DA6FF-4DA70C | N/A | .rdata | Potential obfuscated jump sequence detected, count: 7 |
| 4DA799-4DA7CC | N/A | .rdata | Potential obfuscated jump sequence detected, count: 26 |
| 4DA7F7-4DA838 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 33 |
| 4DA933-4DA996 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 50 |
| 4DA9C2-4DA9DE | N/A | .rdata | Potential obfuscated jump sequence detected, count: 13 |
| 4961-497F | N/A | .text | Unusual NOPS Space, count: 31 |
| 4C81-4C9F | N/A | .text | Unusual NOPS Space, count: 31 |
| 5281-529F | N/A | .text | Unusual NOPS Space, count: 31 |
| 10581-1059F | N/A | .text | Unusual NOPS Space, count: 31 |
| 109A1-109BF | N/A | .text | Unusual NOPS Space, count: 31 |
| 2DD8A8 | 2DBF40 | .rdata | TLS Callback | Pointer to 1802DBF40 - 0x2DB340 .text |
| 2DD8B0 | 2DC4A0 | .rdata | TLS Callback | Pointer to 1802DC4A0 - 0x2DB8A0 .text |
| 2DD8B8 | 166350 | .rdata | TLS Callback | Pointer to 180166350 - 0x165750 .text |
| 524800 | 14510 | .pdata | ExceptionHook | Pointer to 14510 - 0x13910 .text + UnwindInfo: .rdata |
| 52480C | 145A0 | .pdata | ExceptionHook | Pointer to 145A0 - 0x139A0 .text + UnwindInfo: .rdata |
| 524818 | 14670 | .pdata | ExceptionHook | Pointer to 14670 - 0x13A70 .text + UnwindInfo: .rdata |
| 524824 | 146A0 | .pdata | ExceptionHook | Pointer to 146A0 - 0x13AA0 .text + UnwindInfo: .rdata |
| 524830 | 146D0 | .pdata | ExceptionHook | Pointer to 146D0 - 0x13AD0 .text + UnwindInfo: .rdata |
| 52483C | 147C0 | .pdata | ExceptionHook | Pointer to 147C0 - 0x13BC0 .text + UnwindInfo: .rdata |
| 524848 | 147D3 | .pdata | ExceptionHook | Pointer to 147D3 - 0x13BD3 .text + UnwindInfo: .rdata |
| 524854 | 14898 | .pdata | ExceptionHook | Pointer to 14898 - 0x13C98 .text + UnwindInfo: .rdata |
| 524860 | 148D8 | .pdata | ExceptionHook | Pointer to 148D8 - 0x13CD8 .text + UnwindInfo: .rdata |
| 52486C | 14910 | .pdata | ExceptionHook | Pointer to 14910 - 0x13D10 .text + UnwindInfo: .rdata |
| 524878 | 14970 | .pdata | ExceptionHook | Pointer to 14970 - 0x13D70 .text + UnwindInfo: .rdata |
| 524884 | 149A0 | .pdata | ExceptionHook | Pointer to 149A0 - 0x13DA0 .text + UnwindInfo: .rdata |
| 524890 | 149B3 | .pdata | ExceptionHook | Pointer to 149B3 - 0x13DB3 .text + UnwindInfo: .rdata |
| 52489C | 14A8A | .pdata | ExceptionHook | Pointer to 14A8A - 0x13E8A .text + UnwindInfo: .rdata |
| 5248A8 | 14ACA | .pdata | ExceptionHook | Pointer to 14ACA - 0x13ECA .text + UnwindInfo: .rdata |
| 5248B4 | 14AD0 | .pdata | ExceptionHook | Pointer to 14AD0 - 0x13ED0 .text + UnwindInfo: .rdata |
| 5248C0 | 14B10 | .pdata | ExceptionHook | Pointer to 14B10 - 0x13F10 .text + UnwindInfo: .rdata |
| 5248CC | 14B65 | .pdata | ExceptionHook | Pointer to 14B65 - 0x13F65 .text + UnwindInfo: .rdata |
| 5248D8 | 14BFD | .pdata | ExceptionHook | Pointer to 14BFD - 0x13FFD .text + UnwindInfo: .rdata |
| 5248E4 | 14C19 | .pdata | ExceptionHook | Pointer to 14C19 - 0x14019 .text + UnwindInfo: .rdata |
| 5248F0 | 14C20 | .pdata | ExceptionHook | Pointer to 14C20 - 0x14020 .text + UnwindInfo: .rdata |
| 5248FC | 14DE0 | .pdata | ExceptionHook | Pointer to 14DE0 - 0x141E0 .text + UnwindInfo: .rdata |
| 524908 | 14F38 | .pdata | ExceptionHook | Pointer to 14F38 - 0x14338 .text + UnwindInfo: .rdata |
| 524914 | 15021 | .pdata | ExceptionHook | Pointer to 15021 - 0x14421 .text + UnwindInfo: .rdata |
| 524920 | 15070 | .pdata | ExceptionHook | Pointer to 15070 - 0x14470 .text + UnwindInfo: .rdata |
| 52492C | 15150 | .pdata | ExceptionHook | Pointer to 15150 - 0x14550 .text + UnwindInfo: .rdata |
| 524938 | 151D1 | .pdata | ExceptionHook | Pointer to 151D1 - 0x145D1 .text + UnwindInfo: .rdata |
| 524944 | 1526F | .pdata | ExceptionHook | Pointer to 1526F - 0x1466F .text + UnwindInfo: .rdata |
| 524950 | 15280 | .pdata | ExceptionHook | Pointer to 15280 - 0x14680 .text + UnwindInfo: .rdata |
| 52495C | 153C0 | .pdata | ExceptionHook | Pointer to 153C0 - 0x147C0 .text + UnwindInfo: .rdata |
| 524968 | 153DB | .pdata | ExceptionHook | Pointer to 153DB - 0x147DB .text + UnwindInfo: .rdata |
| 524974 | 15444 | .pdata | ExceptionHook | Pointer to 15444 - 0x14844 .text + UnwindInfo: .rdata |
| 524980 | 15450 | .pdata | ExceptionHook | Pointer to 15450 - 0x14850 .text + UnwindInfo: .rdata |
| 52498C | 154CC | .pdata | ExceptionHook | Pointer to 154CC - 0x148CC .text + UnwindInfo: .rdata |
| 524998 | 156AD | .pdata | ExceptionHook | Pointer to 156AD - 0x14AAD .text + UnwindInfo: .rdata |
| 5249A4 | 156C0 | .pdata | ExceptionHook | Pointer to 156C0 - 0x14AC0 .text + UnwindInfo: .rdata |
| 5249B0 | 158B0 | .pdata | ExceptionHook | Pointer to 158B0 - 0x14CB0 .text + UnwindInfo: .rdata |
| 5249BC | 158E0 | .pdata | ExceptionHook | Pointer to 158E0 - 0x14CE0 .text + UnwindInfo: .rdata |
| 5249C8 | 15930 | .pdata | ExceptionHook | Pointer to 15930 - 0x14D30 .text + UnwindInfo: .rdata |
| 5249D4 | 15970 | .pdata | ExceptionHook | Pointer to 15970 - 0x14D70 .text + UnwindInfo: .rdata |
| 5249E0 | 159E0 | .pdata | ExceptionHook | Pointer to 159E0 - 0x14DE0 .text + UnwindInfo: .rdata |
| 5249EC | 15A20 | .pdata | ExceptionHook | Pointer to 15A20 - 0x14E20 .text + UnwindInfo: .rdata |
| 5249F8 | 15A60 | .pdata | ExceptionHook | Pointer to 15A60 - 0x14E60 .text + UnwindInfo: .rdata |
| 524A04 | 15AC0 | .pdata | ExceptionHook | Pointer to 15AC0 - 0x14EC0 .text + UnwindInfo: .rdata |
| 524A10 | 15BB0 | .pdata | ExceptionHook | Pointer to 15BB0 - 0x14FB0 .text + UnwindInfo: .rdata |
| 524A1C | 15BC6 | .pdata | ExceptionHook | Pointer to 15BC6 - 0x14FC6 .text + UnwindInfo: .rdata |
| 524A28 | 15C86 | .pdata | ExceptionHook | Pointer to 15C86 - 0x15086 .text + UnwindInfo: .rdata |
| 524A34 | 15C90 | .pdata | ExceptionHook | Pointer to 15C90 - 0x15090 .text + UnwindInfo: .rdata |
| 524A40 | 15CE0 | .pdata | ExceptionHook | Pointer to 15CE0 - 0x150E0 .text + UnwindInfo: .rdata |
| 524A4C | 15CFD | .pdata | ExceptionHook | Pointer to 15CFD - 0x150FD .text + UnwindInfo: .rdata |
| 524A58 | 15D5A | .pdata | ExceptionHook | Pointer to 15D5A - 0x1515A .text + UnwindInfo: .rdata |
| 524A64 | 15D89 | .pdata | ExceptionHook | Pointer to 15D89 - 0x15189 .text + UnwindInfo: .rdata |
| 524A70 | 15DD0 | .pdata | ExceptionHook | Pointer to 15DD0 - 0x151D0 .text + UnwindInfo: .rdata |
| 524A7C | 15DDF | .pdata | ExceptionHook | Pointer to 15DDF - 0x151DF .text + UnwindInfo: .rdata |
| 524A88 | 15DEF | .pdata | ExceptionHook | Pointer to 15DEF - 0x151EF .text + UnwindInfo: .rdata |
| 524A94 | 15E13 | .pdata | ExceptionHook | Pointer to 15E13 - 0x15213 .text + UnwindInfo: .rdata |
| 524AA0 | 15E91 | .pdata | ExceptionHook | Pointer to 15E91 - 0x15291 .text + UnwindInfo: .rdata |
| 524AAC | 15EB7 | .pdata | ExceptionHook | Pointer to 15EB7 - 0x152B7 .text + UnwindInfo: .rdata |
| 524AB8 | 15EC2 | .pdata | ExceptionHook | Pointer to 15EC2 - 0x152C2 .text + UnwindInfo: .rdata |
| 524AC4 | 15EE0 | .pdata | ExceptionHook | Pointer to 15EE0 - 0x152E0 .text + UnwindInfo: .rdata |
| 524AD0 | 15F10 | .pdata | ExceptionHook | Pointer to 15F10 - 0x15310 .text + UnwindInfo: .rdata |
| 524ADC | 15F60 | .pdata | ExceptionHook | Pointer to 15F60 - 0x15360 .text + UnwindInfo: .rdata |
| 524AE8 | 15FB0 | .pdata | ExceptionHook | Pointer to 15FB0 - 0x153B0 .text + UnwindInfo: .rdata |
| 524AF4 | 15FD0 | .pdata | ExceptionHook | Pointer to 15FD0 - 0x153D0 .text + UnwindInfo: .rdata |
| 524B00 | 16010 | .pdata | ExceptionHook | Pointer to 16010 - 0x15410 .text + UnwindInfo: .rdata |
| 524B0C | 16030 | .pdata | ExceptionHook | Pointer to 16030 - 0x15430 .text + UnwindInfo: .rdata |
| 524B18 | 161A0 | .pdata | ExceptionHook | Pointer to 161A0 - 0x155A0 .text + UnwindInfo: .rdata |
| 524B24 | 16300 | .pdata | ExceptionHook | Pointer to 16300 - 0x15700 .text + UnwindInfo: .rdata |
| 524B30 | 1633A | .pdata | ExceptionHook | Pointer to 1633A - 0x1573A .text + UnwindInfo: .rdata |
| 524B3C | 166BA | .pdata | ExceptionHook | Pointer to 166BA - 0x15ABA .text + UnwindInfo: .rdata |
| 524B48 | 166C8 | .pdata | ExceptionHook | Pointer to 166C8 - 0x15AC8 .text + UnwindInfo: .rdata |
| 524B54 | 16720 | .pdata | ExceptionHook | Pointer to 16720 - 0x15B20 .text + UnwindInfo: .rdata |
| 524B60 | 167D0 | .pdata | ExceptionHook | Pointer to 167D0 - 0x15BD0 .text + UnwindInfo: .rdata |
| 524B6C | 167DF | .pdata | ExceptionHook | Pointer to 167DF - 0x15BDF .text + UnwindInfo: .rdata |
| 524B78 | 167FB | .pdata | ExceptionHook | Pointer to 167FB - 0x15BFB .text + UnwindInfo: .rdata |
| 524B84 | 16859 | .pdata | ExceptionHook | Pointer to 16859 - 0x15C59 .text + UnwindInfo: .rdata |
| 524B90 | 1686E | .pdata | ExceptionHook | Pointer to 1686E - 0x15C6E .text + UnwindInfo: .rdata |
| 524B9C | 16910 | .pdata | ExceptionHook | Pointer to 16910 - 0x15D10 .text + UnwindInfo: .rdata |
| 524BA8 | 16A40 | .pdata | ExceptionHook | Pointer to 16A40 - 0x15E40 .text + UnwindInfo: .rdata |
| 524BB4 | 16AA0 | .pdata | ExceptionHook | Pointer to 16AA0 - 0x15EA0 .text + UnwindInfo: .rdata |
| 524BC0 | 16AF0 | .pdata | ExceptionHook | Pointer to 16AF0 - 0x15EF0 .text + UnwindInfo: .rdata |
| 524BCC | 16BB0 | .pdata | ExceptionHook | Pointer to 16BB0 - 0x15FB0 .text + UnwindInfo: .rdata |
| 524BD8 | 16BD4 | .pdata | ExceptionHook | Pointer to 16BD4 - 0x15FD4 .text + UnwindInfo: .rdata |
| 524BE4 | 16C84 | .pdata | ExceptionHook | Pointer to 16C84 - 0x16084 .text + UnwindInfo: .rdata |
| 524BF0 | 16CE0 | .pdata | ExceptionHook | Pointer to 16CE0 - 0x160E0 .text + UnwindInfo: .rdata |
| 524BFC | 16D60 | .pdata | ExceptionHook | Pointer to 16D60 - 0x16160 .text + UnwindInfo: .rdata |
| 524C08 | 16E30 | .pdata | ExceptionHook | Pointer to 16E30 - 0x16230 .text + UnwindInfo: .rdata |
| 524C14 | 16F20 | .pdata | ExceptionHook | Pointer to 16F20 - 0x16320 .text + UnwindInfo: .rdata |
| 524C20 | 16FC7 | .pdata | ExceptionHook | Pointer to 16FC7 - 0x163C7 .text + UnwindInfo: .rdata |
| 524C2C | 170A4 | .pdata | ExceptionHook | Pointer to 170A4 - 0x164A4 .text + UnwindInfo: .rdata |
| 524C38 | 170F0 | .pdata | ExceptionHook | Pointer to 170F0 - 0x164F0 .text + UnwindInfo: .rdata |
| 524C44 | 17196 | .pdata | ExceptionHook | Pointer to 17196 - 0x16596 .text + UnwindInfo: .rdata |
| 524C50 | 1726F | .pdata | ExceptionHook | Pointer to 1726F - 0x1666F .text + UnwindInfo: .rdata |
| 524C5C | 172C0 | .pdata | ExceptionHook | Pointer to 172C0 - 0x166C0 .text + UnwindInfo: .rdata |
| 524C68 | 173F0 | .pdata | ExceptionHook | Pointer to 173F0 - 0x167F0 .text + UnwindInfo: .rdata |
| 524C74 | 174DD | .pdata | ExceptionHook | Pointer to 174DD - 0x168DD .text + UnwindInfo: .rdata |
| 524C80 | 1778C | .pdata | ExceptionHook | Pointer to 1778C - 0x16B8C .text + UnwindInfo: .rdata |
| 524C8C | 17890 | .pdata | ExceptionHook | Pointer to 17890 - 0x16C90 .text + UnwindInfo: .rdata |
| 524C98 | 178C6 | .pdata | ExceptionHook | Pointer to 178C6 - 0x16CC6 .text + UnwindInfo: .rdata |
| 524CA4 | 17949 | .pdata | ExceptionHook | Pointer to 17949 - 0x16D49 .text + UnwindInfo: .rdata |
| 45C428 | N/A | .rdata | Injected Junk Code | HitsBL=104/200 - UniqueHits=20 - Ratio=0,52 |
| 45E750 | N/A | .rdata | Injected Junk Code | HitsBL=108/200 - UniqueHits=19 - Ratio=0,54 |
| 45EB38 | N/A | .rdata | Injected Junk Code | HitsBL=119/200 - UniqueHits=19 - Ratio=0,60 |
| 45FBA0 | N/A | .rdata | Injected Junk Code | HitsBL=115/200 - UniqueHits=15 - Ratio=0,58 |
| 54A000 | N/A | *Overlay* | 88300000000202003082307B06092A864886F70D | .0......0.0{..*.H... |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 3482414 | 62,6513% |
| Null Byte Code | 736176 | 13,2444% |
| NOP Cave Found | 0x9090909090 | Block Count: 247 | Total: 0,0111% |
© 2026 All rights reserved.