PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 4,56 MB
SHA-256 Hash: 0B4A653F4C6677BBCD8A972D3BA33FC585FCEC54455F3C0608F4F6FFECC96352
SHA-1 Hash: 3ACA8B94183671EF7CC7287C70E97734AAB6D983
MD5 Hash: C857400E0328C52AD937F989D511BCD3
Imphash: B4A0497EED21451407092E930EEE3219
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 15F8B4
SizeOfHeaders: 400
SizeOfImage: 496000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 3E72C4
IAT: 165000
Characteristics: 22
TimeDateStamp: 69177425
Date: 14/11/2025 18:25:41
File Type: EXE
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: requireAdministrator
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60000020 (Code, Executable, Readable) 400 163400 1000 163247
6.4952
9669889.81
.rdata 40000040 (Initialized Data, Readable) 163800 286200 165000 2860C8
6.9936
9135614.62
.data C0000040 (Initialized Data, Readable, Writeable) 3E9A00 95000 3EC000 97920
7.7976
683766.23
.pdata 40000040 (Initialized Data, Readable) 47EA00 EA00 484000 E9E8
6.16
1142023.04
.rsrc 40000040 (Initialized Data, Readable) 48D400 200 493000 1E8
4.7603
8292
.reloc 42000040 (Initialized Data, GP-Relative, Readable) 48D600 1600 494000 145C
5.2917
46004.18
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 15ECB4
Code -> 4883EC28E83F0600004883C428E97AFEFFFFCCCC4883EC284D8B4138488BCA498BD1E80D000000B8010000004883C428C3CC
Assembler
|SUB RSP, 0X28
|CALL 0X1648
|ADD RSP, 0X28
|JMP 0XE8C
|INT3
|INT3
|SUB RSP, 0X28
|MOV R8, QWORD PTR [R9 + 0X38]
|MOV RCX, RDX
|MOV RDX, R9
|CALL 0X1034
|MOV EAX, 1
|ADD RSP, 0X28
|RET
|INT3
Signatures
Rich Signature Analyzer:
Code -> 550ADA33116BB460116BB460116BB46018132760096BB46096E24960186BB46096E2B761156BB46096E2B0611B6BB46096E2B161356BB46096E2B561176BB4609212B0610B6BB460971BB061786BB46065EAB5610B6BB460C3392860146BB460116BB5603669B46080E2BD61076BB46080E24B60106BB46080E2B661106BB46052696368116BB460
Footprint md5 Hash -> 2C30EADB99220CD7DE80DA3CBFD7EEB3
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual Studio
Detect It Easy (die)
PE+(64): compiler: Microsoft Visual C/C++(-)[-]
PE+(64): linker: Microsoft Linker(14.44**)[-]
Entropy: 7.20068
Suspicious Functions
Library Function Description
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL CreateToolhelp32Snapshot Creates a snapshot of the specified processes, heaps, threads, and modules.
KERNEL32.DLL CreateRemoteThread Creates a thread in the address space of another process.
KERNEL32.DLL WriteProcessMemory Writes data to an area of memory in a specified process.
KERNEL32.DLL ReadProcessMemory Reads data from an area of memory in a specified process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL CreateFileA Creates or opens a file or I/O device.
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
KERNEL32.DLL SleepEx Pauses the execution of the current thread, optionally allowing the thread to be awakened by a kernel object or upon expiration of a timeout.
USER32.DLL GetAsyncKeyState Retrieves the status of a virtual key asynchronously.
Ws2_32.DLL socket Create a communication endpoint for networking applications.
Ws2_32.DLL connect Establish a connection to a specified socket.
ADVAPI32.DLL CryptEncrypt Performs a cryptographic operation on data in a data block.
Windows REG (UNICODE)
SOFTWARE\CitizenFX\FiveM
File Access
api-ms-win-crt-time-l1-1-0.dll
api-ms-win-crt-environment-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-locale-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
VCRUNTIME140.dll
VCRUNTIME140_1.dll
dwmapi.dll
D3DCOMPILER_47.dll
IMM32.dll
ntdll.dll
WLDAP32.dll
CRYPT32.dll
Normaliz.dll
WS2_32.dll
MSVCP140.dll
ADVAPI32.dll
USER32.dll
KERNEL32.dll
d3d11.dll
d3dx11_43.dll
d3dx9_43.dll
xinput1_1.dll
xinput1_2.dll
xinput1_4.dll
xinput9_1_0.dll
ixinput1_3.dll
secur32.dll
security.dll
failed to load WS2_32.DLL
iphlpapi.dll
.dat
@.dat
.txt
.pdf
Temp
Interest's Words
fuck - }:)
rcpt to:
Virus
BitCoin
Spam
smtp
Encrypt
Decrypt
Encryption
PassWord
exec
attrib
start
pause
cipher
hostname
wmic
shutdown
ping
expand
replace
URLs
https://curl.haxx.se/docs/http-cookies.html
https://f
https://f
https://f/
ftp://%s:%s@%s
IP Addresses
127.0.0.1
2.5.29.17
2.5.4.10
2.5.4.11
2.5.4.12
2.5.4.13
2.5.4.17
2.5.4.41
2.5.4.42
2.5.4.43
2.5.4.44
2.5.4.45
2.5.4.46
2.5.4.65
2.5.4.72
2.5.29.18
2.5.29.19
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Unicode escape - \u00 - (Common Unicode escape sequences)
Text Ascii WinAPI Sockets (bind)
Text Ascii WinAPI Sockets (accept)
Text Ascii WinAPI Sockets (connect)
Text Ascii WinAPI Sockets (recv)
Text Ascii WinAPI Sockets (send)
Text Ascii Registry (RegOpenKeyEx)
Text Ascii File (CreateFile)
Text Ascii File (ReadFile)
Text Ascii Service (OpenSCManager)
Text Ascii Encryption (Microsoft Unified Security Protocol Provider)
Text Ascii Encryption API (CryptAcquireContext)
Text Ascii Encryption API (CryptReleaseContext)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Text Ascii Anti-Analysis VM (CreateToolhelp32Snapshot)
Text Ascii Reconnaissance (FindFirstFileW)
Text Ascii Reconnaissance (FindClose)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (UnmapViewOfFile)
Text Ascii Stealth (MapViewOfFile)
Text Ascii Stealth (CreateFileMappingA)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Stealth (ReadProcessMemory)
Text Ascii Stealth (CreateRemoteThread)
Text Ascii Keyboard Key (Right Windows)
Text Ascii Keyboard Key (Right Shift)
Text Ascii Keyboard Key (Scroll)
Text Ascii Keyboard Key (DownArrow)
Text Ascii Keyboard Key (RightArrow)
Text Ascii Keyboard Key (UpArrow)
Text Ascii Keyboard Key (LeftArrow)
Text Ascii Keyboard Key (PageDown)
Text Ascii Keyboard Key (PageUp)
Text Ascii Keyboard Key (CapsLock)
Text Ascii Keyboard Key (Backspace)
Text Ascii Keyboard Key (Ctrl+S)
Text Ascii Information used for user authentication (Credential)
Text Ascii Unauthorized movement of funds or data (Transfer)
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Resources
Path DataRVA Size FileOffset CodeText
\24\1\1033 493060 188 48D460 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779<?xml version='1.0' encoding='UTF-8' standalone='y
Intelligent String
• api-ms-win-crt-filesystem-l1-1-0.dll
• api-ms-win-crt-utility-l1-1-0.dll
• api-ms-win-crt-locale-l1-1-0.dll
• api-ms-win-crt-stdio-l1-1-0.dll
• api-ms-win-crt-math-l1-1-0.dll
• api-ms-win-crt-convert-l1-1-0.dll
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-runtime-l1-1-0.dll
• %s.%s.tmp
• https://curl.haxx.se/docs/http-cookies.html
• .gif
• .jpg
• .png
• .svg
• .txt
• .htm
• .pdf
• application/pdf.xml
• %s://%sfile
• iphlpapi.dll
• LOGIN %s %s
• failed to resume file:// transfer
• WS2_32.DLL
• file://%s%s%s
• machinelogin
• Couldn't read a file:// file
• Login denied
• security.dll
• secur32.dll
• 2.5.29.17
• 2.5.4.10
• 2.5.4.11
• 2.5.4.12
• 2.5.4.13
• 2.5.4.17
• 2.5.4.41
• 2.5.4.42
• 2.5.4.43
• 2.5.4.44
• 2.5.4.45
• 2.5.4.46
• 2.5.4.65
• 2.5.4.72
• 2.5.29.18
• 2.5.29.19
• LOGIN
• invalid string: control character U+0001 (SOH) must be escaped to \u0001
• invalid string: control character U+0000 (NUL) must be escaped to \u0000
• invalid string: control character U+0003 (ETX) must be escaped to \u0003
• invalid string: control character U+0002 (STX) must be escaped to \u0002
• invalid string: control character U+0005 (ENQ) must be escaped to \u0005
• invalid string: control character U+0004 (EOT) must be escaped to \u0004
• invalid string: control character U+0007 (BEL) must be escaped to \u0007
• invalid string: control character U+0006 (ACK) must be escaped to \u0006
• invalid string: control character U+0009 (HT) must be escaped to \u0009 or \t
• invalid string: control character U+0008 (BS) must be escaped to \u0008 or \b
• invalid string: control character U+000B (VT) must be escaped to \u000B
• invalid string: control character U+000A (LF) must be escaped to \u000A or \n
• invalid string: control character U+000D (CR) must be escaped to \u000D or \r
• invalid string: control character U+000C (FF) must be escaped to \u000C or \f
• invalid string: control character U+000F (SI) must be escaped to \u000F
• invalid string: control character U+000E (SO) must be escaped to \u000E
• invalid string: control character U+0011 (DC1) must be escaped to \u0011
• invalid string: control character U+0010 (DLE) must be escaped to \u0010
• invalid string: control character U+0013 (DC3) must be escaped to \u0013
• invalid string: control character U+0012 (DC2) must be escaped to \u0012
• invalid string: control character U+0015 (NAK) must be escaped to \u0015
• invalid string: control character U+0014 (DC4) must be escaped to \u0014
• invalid string: control character U+0017 (ETB) must be escaped to \u0017
• invalid string: control character U+0016 (SYN) must be escaped to \u0016
• invalid string: control character U+0019 (EM) must be escaped to \u0019
• invalid string: control character U+0018 (CAN) must be escaped to \u0018
• invalid string: control character U+001B (ESC) must be escaped to \u001B
• invalid string: control character U+001A (SUB) must be escaped to \u001A
• invalid string: control character U+001D (GS) must be escaped to \u001D
• invalid string: control character U+001C (FS) must be escaped to \u001C
• invalid string: control character U+001F (US) must be escaped to \u001F
• invalid string: control character U+001E (RS) must be escaped to \u001Etype must be boolean, but is
• http://id
• .Ojw
• *europe
• $.GGi
• ixinput1_3.dll
• xinput1_4.dll
• xinput1_2.dll
• xinput1_1.dll
• A:%0.3fH:%0.3fG:%0.3fB:%0.3fM:0.000M:000
• C:\Users\hak60\Documents\RELIKIA+WEXIZE\Stopped\x64\Release\Fuck poor niggas.pdb
• .tls
• .bss
• USER32.dll
• ADVAPI32.dll
• MSVCP140.dll
• WS2_32.dll
• Normaliz.dll
• D3DCOMPILER_47.dll
• dwmapi.dll
• VCRUNTIME140_1.dll
• VCRUNTIME140.dll
• I_openapi-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-environment-l1-1-0.dll
• api-ms-win-crt-time-l1-1-0.dll
Flow Anomalies
Offset RVA Section Description
6C4 N/A .text JMP QWORD PTR [RIP+0x45C76600]
8AD N/A .text CALL QWORD PTR [RIP+0x164AA5]
E74 N/A .text CALL QWORD PTR [RIP+0x163F16]
ECD N/A .text CALL QWORD PTR [RIP+0x163E6D]
F0F N/A .text JMP QWORD PTR [RIP+0x163E2B]
F94 N/A .text CALL QWORD PTR [RIP+0x163DF6]
FD4 N/A .text CALL QWORD PTR [RIP+0x163DB6]
106D N/A .text CALL QWORD PTR [RIP+0x163ACD]
1076 N/A .text CALL QWORD PTR [RIP+0x163A9C]
13E3 N/A .text CALL QWORD PTR [RIP+0x163F6F]
13F3 N/A .text CALL QWORD PTR [RIP+0x163F37]
1570 N/A .text CALL QWORD PTR [RIP+0x1635AA]
157F N/A .text CALL QWORD PTR [RIP+0x1635B3]
15A1 N/A .text CALL QWORD PTR [RIP+0x163591]
1702 N/A .text CALL QWORD PTR [RIP+0x163408]
1757 N/A .text CALL QWORD PTR [RIP+0x163BFB]
178D N/A .text CALL QWORD PTR [RIP+0x163BC5]
17B9 N/A .text CALL QWORD PTR [RIP+0x163B99]
17E8 N/A .text CALL QWORD PTR [RIP+0x163B6A]
1811 N/A .text CALL QWORD PTR [RIP+0x1632F9]
195D N/A .text CALL QWORD PTR [RIP+0x1639F5]
1A5F N/A .text CALL QWORD PTR [RIP+0x1638F3]
1DDE N/A .text CALL QWORD PTR [RIP+0x163574]
1E1B N/A .text CALL QWORD PTR [RIP+0x163537]
1E3B N/A .text CALL QWORD PTR [RIP+0x163517]
1E49 N/A .text CALL QWORD PTR [RIP+0x1634E9]
1E6D N/A .text CALL QWORD PTR [RIP+0x1634E5]
1EB8 N/A .text CALL QWORD PTR [RIP+0x16349A]
1EF5 N/A .text CALL QWORD PTR [RIP+0x16345D]
1F2C N/A .text CALL QWORD PTR [RIP+0x16342E]
1F56 N/A .text CALL QWORD PTR [RIP+0x163404]
1F80 N/A .text CALL QWORD PTR [RIP+0x1633DA]
1FC2 N/A .text CALL QWORD PTR [RIP+0x163370]
2008 N/A .text CALL QWORD PTR [RIP+0x163352]
203E N/A .text CALL QWORD PTR [RIP+0x16331C]
20FE N/A .text CALL QWORD PTR [RIP+0x163254]
2144 N/A .text CALL QWORD PTR [RIP+0x163216]
2178 N/A .text CALL QWORD PTR [RIP+0x1631E2]
224B N/A .text CALL QWORD PTR [RIP+0x162927]
225A N/A .text CALL QWORD PTR [RIP+0x162910]
22B1 N/A .text CALL QWORD PTR [RIP+0x1630A1]
22E2 N/A .text CALL QWORD PTR [RIP+0x163070]
232A N/A .text CALL QWORD PTR [RIP+0x163028]
235B N/A .text CALL QWORD PTR [RIP+0x162FF7]
238F N/A .text CALL QWORD PTR [RIP+0x162FC3]
23C5 N/A .text CALL QWORD PTR [RIP+0x162F8D]
23FC N/A .text CALL QWORD PTR [RIP+0x162F56]
2452 N/A .text CALL QWORD PTR [RIP+0x162F00]
248B N/A .text CALL QWORD PTR [RIP+0x162EC7]
24AE N/A .text CALL QWORD PTR [RIP+0x162EA4]
24FC N/A .text CALL QWORD PTR [RIP+0x162E56]
26E1 N/A .text CALL QWORD PTR [RIP+0x162C71]
272D N/A .text CALL QWORD PTR [RIP+0x162C25]
27B6 N/A .text CALL QWORD PTR [RIP+0x162904]
2A44 N/A .text JMP QWORD PTR [RIP+0x1620C6]
2A66 N/A .text CALL QWORD PTR [RIP+0x1620B4]
2A75 N/A .text CALL QWORD PTR [RIP+0x1620BD]
2A91 N/A .text CALL QWORD PTR [RIP+0x1620A1]
2C71 N/A .text CALL QWORD PTR [RIP+0x161EB1]
2F29 N/A .text CALL QWORD PTR [RIP+0x161BF9]
318D N/A .text CALL QWORD PTR [RIP+0x161F2D]
320C N/A .text CALL QWORD PTR [RIP+0x161EAE]
328B N/A .text CALL QWORD PTR [RIP+0x161E2F]
33EA N/A .text CALL QWORD PTR [RIP+0x161CD0]
34E9 N/A .text CALL QWORD PTR [RIP+0x161639]
36CF N/A .text CALL QWORD PTR [RIP+0x1619EB]
374A N/A .text CALL QWORD PTR [RIP+0x1613D8]
392E N/A .text CALL QWORD PTR [RIP+0x1611F4]
3ADB N/A .text CALL QWORD PTR [RIP+0x161047]
3C37 N/A .text CALL QWORD PTR [RIP+0x16171B]
3C73 N/A .text CALL QWORD PTR [RIP+0x1616DF]
3C88 N/A .text CALL QWORD PTR [RIP+0x16169A]
3D1B N/A .text CALL QWORD PTR [RIP+0x161637]
3D79 N/A .text CALL QWORD PTR [RIP+0x1615E1]
4759 N/A .text CALL QWORD PTR [RIP+0x160BF9]
478A N/A .text CALL QWORD PTR [RIP+0x160BC8]
47D4 N/A .text CALL QWORD PTR [RIP+0x160B7E]
4808 N/A .text CALL QWORD PTR [RIP+0x160B4A]
483F N/A .text CALL QWORD PTR [RIP+0x160B13]
487B N/A .text CALL QWORD PTR [RIP+0x160AD7]
48B8 N/A .text CALL QWORD PTR [RIP+0x160A9A]
4919 N/A .text CALL QWORD PTR [RIP+0x160A39]
4958 N/A .text CALL QWORD PTR [RIP+0x1609FA]
497E N/A .text CALL QWORD PTR [RIP+0x1609D4]
49E7 N/A .text CALL QWORD PTR [RIP+0x16096B]
6229 N/A .text CALL QWORD PTR [RIP+0x15F069]
625A N/A .text CALL QWORD PTR [RIP+0x15F028]
6424 N/A .text CALL QWORD PTR [RIP+0x15EE6E]
6455 N/A .text CALL QWORD PTR [RIP+0x15EE2D]
7573 N/A .text CALL QWORD PTR [RIP+0x15DD1F]
7594 N/A .text CALL QWORD PTR [RIP+0x15DCEE]
7B83 N/A .text CALL QWORD PTR [RIP+0x15D7CF]
839E N/A .text CALL QWORD PTR [RIP+0x15C7D4]
8408 N/A .text CALL QWORD PTR [RIP+0x15CF52]
86DE N/A .text CALL QWORD PTR [RIP+0x15C494]
8E11 N/A .text CALL QWORD PTR [RIP+0x15BD11]
910A N/A .text CALL QWORD PTR [RIP+0x15BA18]
9461 N/A .text CALL QWORD PTR [RIP+0x15BC59]
960F N/A .text CALL QWORD PTR [RIP+0x15BAAB]
964A N/A .text CALL QWORD PTR [RIP+0x15B4D8]
18545E-18546B N/A .rdata Potential obfuscated jump sequence detected, count: 7
4193AB-4193D1 N/A .data Unusual NOPS Space, count: 39
47EA00 1000 .pdata ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .rdata
47EA0C 1070 .pdata ExceptionHook | Pointer to 1070 - 0x470 .text + UnwindInfo: .rdata
47EA18 10F0 .pdata ExceptionHook | Pointer to 10F0 - 0x4F0 .text + UnwindInfo: .rdata
47EA24 1170 .pdata ExceptionHook | Pointer to 1170 - 0x570 .text + UnwindInfo: .rdata
47EA30 1200 .pdata ExceptionHook | Pointer to 1200 - 0x600 .text + UnwindInfo: .rdata
47EA3C 1290 .pdata ExceptionHook | Pointer to 1290 - 0x690 .text + UnwindInfo: .rdata
47EA48 1330 .pdata ExceptionHook | Pointer to 1330 - 0x730 .text + UnwindInfo: .rdata
47EA54 1430 .pdata ExceptionHook | Pointer to 1430 - 0x830 .text + UnwindInfo: .rdata
47EA60 1450 .pdata ExceptionHook | Pointer to 1450 - 0x850 .text + UnwindInfo: .rdata
47EA6C 14E0 .pdata ExceptionHook | Pointer to 14E0 - 0x8E0 .text + UnwindInfo: .rdata
47EA78 1A50 .pdata ExceptionHook | Pointer to 1A50 - 0xE50 .text + UnwindInfo: .rdata
47EA84 1AB0 .pdata ExceptionHook | Pointer to 1AB0 - 0xEB0 .text + UnwindInfo: .rdata
47EA90 1B50 .pdata ExceptionHook | Pointer to 1B50 - 0xF50 .text + UnwindInfo: .rdata
47EA9C 1B70 .pdata ExceptionHook | Pointer to 1B70 - 0xF70 .text + UnwindInfo: .rdata
47EAA8 1BB0 .pdata ExceptionHook | Pointer to 1BB0 - 0xFB0 .text + UnwindInfo: .rdata
47EAB4 1C60 .pdata ExceptionHook | Pointer to 1C60 - 0x1060 .text + UnwindInfo: .rdata
47EAC0 1F90 .pdata ExceptionHook | Pointer to 1F90 - 0x1390 .text + UnwindInfo: .rdata
47EACC 2130 .pdata ExceptionHook | Pointer to 2130 - 0x1530 .text + UnwindInfo: .rdata
47EAD8 2490 .pdata ExceptionHook | Pointer to 2490 - 0x1890 .text + UnwindInfo: .rdata
47EAE4 24B0 .pdata ExceptionHook | Pointer to 24B0 - 0x18B0 .text + UnwindInfo: .rdata
47EAF0 26B0 .pdata ExceptionHook | Pointer to 26B0 - 0x1AB0 .text + UnwindInfo: .rdata
47EAFC 27B0 .pdata ExceptionHook | Pointer to 27B0 - 0x1BB0 .text + UnwindInfo: .rdata
47EB08 27F0 .pdata ExceptionHook | Pointer to 27F0 - 0x1BF0 .text + UnwindInfo: .rdata
47EB14 2820 .pdata ExceptionHook | Pointer to 2820 - 0x1C20 .text + UnwindInfo: .rdata
47EB20 2860 .pdata ExceptionHook | Pointer to 2860 - 0x1C60 .text + UnwindInfo: .rdata
47EB2C 2966 .pdata ExceptionHook | Pointer to 2966 - 0x1D66 .text + UnwindInfo: .rdata
47EB38 2990 .pdata ExceptionHook | Pointer to 2990 - 0x1D90 .text + UnwindInfo: .rdata
47EB44 29FC .pdata ExceptionHook | Pointer to 29FC - 0x1DFC .text + UnwindInfo: .rdata
47EB50 2ADD .pdata ExceptionHook | Pointer to 2ADD - 0x1EDD .text + UnwindInfo: .rdata
47EB5C 2B8E .pdata ExceptionHook | Pointer to 2B8E - 0x1F8E .text + UnwindInfo: .rdata
47EB68 2C53 .pdata ExceptionHook | Pointer to 2C53 - 0x2053 .text + UnwindInfo: .rdata
47EB74 2DA0 .pdata ExceptionHook | Pointer to 2DA0 - 0x21A0 .text + UnwindInfo: .rdata
47EB80 2DB0 .pdata ExceptionHook | Pointer to 2DB0 - 0x21B0 .text + UnwindInfo: .rdata
47EB8C 2DD0 .pdata ExceptionHook | Pointer to 2DD0 - 0x21D0 .text + UnwindInfo: .rdata
47EB98 32B0 .pdata ExceptionHook | Pointer to 32B0 - 0x26B0 .text + UnwindInfo: .rdata
47EBA4 3300 .pdata ExceptionHook | Pointer to 3300 - 0x2700 .text + UnwindInfo: .rdata
47EBB0 3350 .pdata ExceptionHook | Pointer to 3350 - 0x2750 .text + UnwindInfo: .rdata
47EBBC 33C0 .pdata ExceptionHook | Pointer to 33C0 - 0x27C0 .text + UnwindInfo: .rdata
47EBC8 33E3 .pdata ExceptionHook | Pointer to 33E3 - 0x27E3 .text + UnwindInfo: .rdata
47EBD4 341F .pdata ExceptionHook | Pointer to 341F - 0x281F .text + UnwindInfo: .rdata
47EBE0 3440 .pdata ExceptionHook | Pointer to 3440 - 0x2840 .text + UnwindInfo: .rdata
47EBEC 345F .pdata ExceptionHook | Pointer to 345F - 0x285F .text + UnwindInfo: .rdata
47EBF8 348A .pdata ExceptionHook | Pointer to 348A - 0x288A .text + UnwindInfo: .rdata
47EC04 34B0 .pdata ExceptionHook | Pointer to 34B0 - 0x28B0 .text + UnwindInfo: .rdata
47EC10 34CF .pdata ExceptionHook | Pointer to 34CF - 0x28CF .text + UnwindInfo: .rdata
47EC1C 34FA .pdata ExceptionHook | Pointer to 34FA - 0x28FA .text + UnwindInfo: .rdata
47EC28 3510 .pdata ExceptionHook | Pointer to 3510 - 0x2910 .text + UnwindInfo: .rdata
47EC34 35C0 .pdata ExceptionHook | Pointer to 35C0 - 0x29C0 .text + UnwindInfo: .rdata
47EC40 3650 .pdata ExceptionHook | Pointer to 3650 - 0x2A50 .text + UnwindInfo: .rdata
47EC4C 36D0 .pdata ExceptionHook | Pointer to 36D0 - 0x2AD0 .text + UnwindInfo: .rdata
47EC58 3770 .pdata ExceptionHook | Pointer to 3770 - 0x2B70 .text + UnwindInfo: .rdata
47EC64 3A60 .pdata ExceptionHook | Pointer to 3A60 - 0x2E60 .text + UnwindInfo: .rdata
47EC70 3CD0 .pdata ExceptionHook | Pointer to 3CD0 - 0x30D0 .text + UnwindInfo: .rdata
47EC7C 3CE9 .pdata ExceptionHook | Pointer to 3CE9 - 0x30E9 .text + UnwindInfo: .rdata
47EC88 3D44 .pdata ExceptionHook | Pointer to 3D44 - 0x3144 .text + UnwindInfo: .rdata
47EC94 3DA0 .pdata ExceptionHook | Pointer to 3DA0 - 0x31A0 .text + UnwindInfo: .rdata
47ECA0 3E20 .pdata ExceptionHook | Pointer to 3E20 - 0x3220 .text + UnwindInfo: .rdata
47ECAC 3EC0 .pdata ExceptionHook | Pointer to 3EC0 - 0x32C0 .text + UnwindInfo: .rdata
47ECB8 3F10 .pdata ExceptionHook | Pointer to 3F10 - 0x3310 .text + UnwindInfo: .rdata
47ECC4 3F4E .pdata ExceptionHook | Pointer to 3F4E - 0x334E .text + UnwindInfo: .rdata
47ECD0 3FD1 .pdata ExceptionHook | Pointer to 3FD1 - 0x33D1 .text + UnwindInfo: .rdata
47ECDC 3FD9 .pdata ExceptionHook | Pointer to 3FD9 - 0x33D9 .text + UnwindInfo: .rdata
47ECE8 3FF1 .pdata ExceptionHook | Pointer to 3FF1 - 0x33F1 .text + UnwindInfo: .rdata
47ECF4 4020 .pdata ExceptionHook | Pointer to 4020 - 0x3420 .text + UnwindInfo: .rdata
47ED00 4290 .pdata ExceptionHook | Pointer to 4290 - 0x3690 .text + UnwindInfo: .rdata
47ED0C 4320 .pdata ExceptionHook | Pointer to 4320 - 0x3720 .text + UnwindInfo: .rdata
47ED18 43A8 .pdata ExceptionHook | Pointer to 43A8 - 0x37A8 .text + UnwindInfo: .rdata
47ED24 44F2 .pdata ExceptionHook | Pointer to 44F2 - 0x38F2 .text + UnwindInfo: .rdata
47ED30 4500 .pdata ExceptionHook | Pointer to 4500 - 0x3900 .text + UnwindInfo: .rdata
47ED3C 4539 .pdata ExceptionHook | Pointer to 4539 - 0x3939 .text + UnwindInfo: .rdata
47ED48 4582 .pdata ExceptionHook | Pointer to 4582 - 0x3982 .text + UnwindInfo: .rdata
47ED54 4674 .pdata ExceptionHook | Pointer to 4674 - 0x3A74 .text + UnwindInfo: .rdata
47ED60 4685 .pdata ExceptionHook | Pointer to 4685 - 0x3A85 .text + UnwindInfo: .rdata
47ED6C 46D0 .pdata ExceptionHook | Pointer to 46D0 - 0x3AD0 .text + UnwindInfo: .rdata
47ED78 46F0 .pdata ExceptionHook | Pointer to 46F0 - 0x3AF0 .text + UnwindInfo: .rdata
47ED84 47E0 .pdata ExceptionHook | Pointer to 47E0 - 0x3BE0 .text + UnwindInfo: .rdata
47ED90 48E0 .pdata ExceptionHook | Pointer to 48E0 - 0x3CE0 .text + UnwindInfo: .rdata
47ED9C 4930 .pdata ExceptionHook | Pointer to 4930 - 0x3D30 .text + UnwindInfo: .rdata
47EDA8 49A0 .pdata ExceptionHook | Pointer to 49A0 - 0x3DA0 .text + UnwindInfo: .rdata
47EDB4 80F0 .pdata ExceptionHook | Pointer to 80F0 - 0x74F0 .text + UnwindInfo: .rdata
47EDC0 81C0 .pdata ExceptionHook | Pointer to 81C0 - 0x75C0 .text + UnwindInfo: .rdata
47EDCC 82CA .pdata ExceptionHook | Pointer to 82CA - 0x76CA .text + UnwindInfo: .rdata
47EDD8 83D0 .pdata ExceptionHook | Pointer to 83D0 - 0x77D0 .text + UnwindInfo: .rdata
47EDE4 85C0 .pdata ExceptionHook | Pointer to 85C0 - 0x79C0 .text + UnwindInfo: .rdata
47EDF0 9650 .pdata ExceptionHook | Pointer to 9650 - 0x8A50 .text + UnwindInfo: .rdata
47EDFC 96D0 .pdata ExceptionHook | Pointer to 96D0 - 0x8AD0 .text + UnwindInfo: .rdata
47EE08 96EF .pdata ExceptionHook | Pointer to 96EF - 0x8AEF .text + UnwindInfo: .rdata
47EE14 971A .pdata ExceptionHook | Pointer to 971A - 0x8B1A .text + UnwindInfo: .rdata
47EE20 9730 .pdata ExceptionHook | Pointer to 9730 - 0x8B30 .text + UnwindInfo: .rdata
47EE2C 9760 .pdata ExceptionHook | Pointer to 9760 - 0x8B60 .text + UnwindInfo: .rdata
47EE38 97A0 .pdata ExceptionHook | Pointer to 97A0 - 0x8BA0 .text + UnwindInfo: .rdata
47EE44 9860 .pdata ExceptionHook | Pointer to 9860 - 0x8C60 .text + UnwindInfo: .rdata
47EE50 98AA .pdata ExceptionHook | Pointer to 98AA - 0x8CAA .text + UnwindInfo: .rdata
47EE5C 98FF .pdata ExceptionHook | Pointer to 98FF - 0x8CFF .text + UnwindInfo: .rdata
47EE68 9910 .pdata ExceptionHook | Pointer to 9910 - 0x8D10 .text + UnwindInfo: .rdata
47EE74 9C00 .pdata ExceptionHook | Pointer to 9C00 - 0x9000 .text + UnwindInfo: .rdata
47EE80 9EE0 .pdata ExceptionHook | Pointer to 9EE0 - 0x92E0 .text + UnwindInfo: .rdata
47EE8C 9F03 .pdata ExceptionHook | Pointer to 9F03 - 0x9303 .text + UnwindInfo: .rdata
47EE98 9F42 .pdata ExceptionHook | Pointer to 9F42 - 0x9342 .text + UnwindInfo: .rdata
47EEA4 9F60 .pdata ExceptionHook | Pointer to 9F60 - 0x9360 .text + UnwindInfo: .rdata
Extra Analysis
Metric Value Percentage
Ascii Code 2931468 61,3405%
Null Byte Code 428494 8,9662%
NOP Cave Found 0x9090909090 Block Count: 7 | Total: 0,0004%
© 2026 All rights reserved.