PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 5,01 MB
SHA-256 Hash: C308360EF189136C2B1B4FAB167394CCE5D361A405F84F51C9714A6BF586F4B0
SHA-1 Hash: 45769CF5F838D6C123F2282FCE650802A8CD474B
MD5 Hash: CC3B2385E63A96227C970D8D5AE9A863
Imphash: 2057790AE7855765D51BDC4142E62F9C
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 0050C5A5
EntryPoint (rva): 33BE0
SizeOfHeaders: 400
SizeOfImage: 88000
ImageBase: 0000000140000000
Architecture: x64
ExportTable: 62130
ImportTable: 62164
IAT: 4E000
Characteristics: 22
TimeDateStamp: 69F48B4A
Date: 01/05/2026 11:15:22
File Type: EXE
Number Of Sections: 8
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .didat, .fptable, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	400	4C800	1000	4C68C	6.4875	1943703.63
.rdata	0x40000040 Initialized Data Readable	4CC00	15400	4E000	152CC	5.3693	3043987.3
.data	0xC0000040 Initialized Data Readable Writeable	62000	1C00	64000	E7EC	3.059	843444.07
.pdata	0x40000040 Initialized Data Readable	63C00	3400	73000	3354	5.6052	326196.73
.didat	0xC0000040 Initialized Data Readable Writeable	67000	400	77000	360	3.011	75864
.fptable	0xC0000040 Initialized Data Readable Writeable	67400	200	78000	100	0	130560
.rsrc	0x40000040 Initialized Data Readable	67600	D600	79000	D558	6.4729	966690.57
.reloc	0x42000040 Initialized Data GP-Relative Readable	74C00	A00	87000	998	5.3686	16790.2

Binder/Joiner/Crypter

Dropper code detected (EOF) - 4,48 MB

Entry Point

The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 32FE0
Code -> 4883EC28E8CB0500004883C428E97AFEFFFFCCCC48895C241048896C24184889742420574883EC1033C033C90FA281F16E74

Assembler

|SUB RSP, 0X28

|CALL 0X15D4

|ADD RSP, 0X28

|JMP 0XE8C

|INT3

|MOV QWORD PTR [RSP + 0X10], RBX

|MOV QWORD PTR [RSP + 0X18], RBP

|MOV QWORD PTR [RSP + 0X20], RSI

|PUSH RDI

|SUB RSP, 0X10

|XOR EAX, EAX

|XOR ECX, ECX

|CPUID

Signatures

Rich Signature Analyzer:
Code -> C157C0088536AE5B8536AE5B8536AE5BFCB7AB5A1836AE5B02BF535B8736AE5B02BFAD5A8D36AE5B02BFAA5A9536AE5B02BFAB5AB936AE5BFCB7AD5A8E36AE5BFCB7AA5A9236AE5BFCB7A85A8436AE5BFCB7AF5A8236AE5B8536AF5BAF37AE5B1CBFAB5AB636AE5B1CBFAE5A8436AE5B1CBF515B8436AE5B1CBFAC5A8436AE5B526963688536AE5B
Footprint md5 Hash -> 6C6DEB015FC518E93857BA04FB1C07E5
• The Rich header apparently has not been modified
Certificate - Digital Signature:
• The file is signed and the signature is correct

Packer/Compiler

Compiler: Microsoft Visual Studio
Detect It Easy (die)
• PE+(64): sfx: WinRAR(-)[-]
• PE+(64): compiler: Microsoft Visual C/C++(-)[-]
• PE+(64): linker: Microsoft Linker(14.44**)[-]
• PE+(64): overlay: RAR archive(-)[-]
• PE+(64): archive: RAR(5)[-]
• Entropy: 7.9664

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryW	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	IsDebuggerPresent	Determines if the calling process is being debugged by a user-mode debugger.
SHELL32.DLL	ShellExecuteExW	Performs a run operation on a specific file.

Windows REG (UNICODE)

Software\Microsoft\Windows\CurrentVersion
Software\WinRAR SFX

File Access

AdobeInstaller.exe
start /wait AdobeInstaller.exe
sfxrar.exe
gdiplus.dll
OLEAUT32.dll
KERNEL32.dll
COMCTL32.dll
SHLWAPI.dll
Fole32.dll
SHELL32.dll
ADVAPI32.dll
COMDLG32.dll
GDI32.dll
USER32.dll
run.bat
.dat
@.dat
Temp

File Access (UNICODE)

mscoree.dll
KERNEL32.DLL
riched20.dll
uxtheme.dll
peerdist.dll
dsrole.dll
aclui.dll
RpcRtRemote.dll
cryptsp.dll
linkinfo.dll
XmlLite.dll
dhcpcsvc.dll
dhcpcsvc6.dll
rasadhlp.dll
browcli.dll
dfscli.dll
wkscli.dll
samlib.dll
samcli.dll
mlang.dll
propsys.dll
devrtl.dll
mpr.dll
netutils.dll
WINNSI.DLL
iphlpapi.DLL
dnsapi.DLL
imageres.dll
slc.dll
cscapi.dll
srvcli.dll
WindowsCodecs.dll
profapi.dll
ntmarta.dll
oleaccrc.dll
cabinet.dll
secur32.dll
shell32.dll
wintrust.dll
cryptui.dll
msasn1.dll
crypt32.dll
shdocvw.dll
netapi32.dll
userenv.dll
apphelp.dll
setupapi.dll
atl.dll
ntshrui.dll
ieframe.dll
psapi.dll
ws2help.dll
ws2_32.dll
comres.dll
clbcatq.dll
usp10.dll
lpk.dll
cryptbase.dll
dwmapi.dll
UXTheme.dll
rsaenh.dll
SSPICLI.DLL
sfc_os.dll
DXGIDebug.dll
version.dll
Crypt32.dll
Temp
ProgramFiles

Interest's Words

PassWord
exec
attrib
start
pause
shutdown
systeminfo
ping
expand
replace

Interest's Words (UNICODE)

Encrypt
Encryption
PassWord
<html
<head
<meta
start
pause
ping
replace

URLs

http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://crl.comodoca.com/AAACertificateServices.crl
http://ocsp.comodoca.com
http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl
http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0
http://ocsp.sectigo.com
http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl
http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt
http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl
http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt
http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl
http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0
http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl
http://ocsp.usertrust.com
https://sectigo.com/CPS0

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (connect)
Text	Ascii	Registry (RegCreateKeyEx)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	Registry (RegSetValueEx)
Text	Ascii	File (GetTempPath)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (IsDebuggerPresent)
Text	Ascii	Anti-Analysis VM (GetSystemInfo)
Text	Ascii	Anti-Analysis VM (GlobalMemoryStatusEx)
Text	Ascii	Anti-Analysis VM (GetVersion)
Text	Ascii	Reconnaissance (FindFirstFileW)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (ReleaseSemaphore)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Execution (ShellExecute)
Text	Ascii	Execution (CreateSemaphoreW)
Text	Ascii	Execution (CreateEventW)
Text	Ascii	Antivirus Software (comodo)
Text	Unicode	Privileges (SeCreateSymbolicLinkPrivilege)
Text	Unicode	Privileges (SeRestorePrivilege)
Text	Unicode	Privileges (SeSecurityPrivilege)
Text	Ascii	Stealer malware focused on obtaining CVV codes to conduct unauthorized transactions (CVV)
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 (DLL)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\PNG\101\1033	79680	966	67C80	89504E470D0A1A0A0000000D494844520000005D0000012E080200000063D2894F0000092D494441547801EC9BC5D69B2118	.PNG........IHDR...].........c..O...-IDATx......!.
\PNG\102\1033	79FE8	123F	685E8	89504E470D0A1A0A0000000D49484452000000BA0000025C0802000000C1EE291000001206494441547801ECDD8572EB4614	.PNG........IHDR.......\.......).....IDATx....r.F.
\ICON\1\1033	7B228	568	69828	280000001000000020000000010008000000000000010000120B0000120B000000010000000100000000000024349B002735	(....... ...................................$4..'5
\ICON\2\1033	7B790	8A8	69D90	280000002000000040000000010008000000000000040000120B0000120B00000001000000010000000000003F110F000A06	(... ...@...................................?.....
\ICON\3\1033	7C038	EA8	6A638	280000003000000060000000010008000000000000090000120B0000120B0000000100000001000000000000103E05000D07	(...0.......................................>....
\ICON\4\1033	7CEE0	468	6B4E0	280000001000000020000000010020000000000000040000120B0000120B0000000000000000000000000000000000000000	(....... ..... ...................................
\ICON\5\1033	7D348	10A8	6B948	280000002000000040000000010020000000000000100000120B0000120B0000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\6\1033	7E3F0	25A8	6C9F0	280000003000000060000000010020000000000000240000120B0000120B0000000000000000000000000000000000000000	(...0........ ......$............................
\ICON\7\1033	80998	34B3	6EF98	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000347A494441547801ECC18100000000	.PNG........IHDR.............\r.f..4zIDATx........
\DIALOG\ASKNEXTVOL\1033	847A8	286	72DA8	C000C8900000000007003B004B00C2008B00000000004E00650078007400200076006F006C0075006D006500200069007300	..........;.K.........N.e.x.t. .v.o.l.u.m.e. .i.s.
\DIALOG\GETPASSWORD1\1033	84578	13A	72B78	C008C89000000000050026002E00B70043000000000045006E007400650072002000700061007300730077006F0072006400	..........&.....C.....E.n.t.e.r. .p.a.s.s.w.o.r.d.
\DIALOG\LICENSEDLG\1033	846B8	EC	72CB8	C008CA900000000005001B002F005B01E000000000004C006900630065006E0073006500000008004D005300200053006800	............/.[.......L.i.c.e.n.s.e.....M.S. .S.h.
\DIALOG\RENAMEDLG\1033	84448	12E	72A48	C000C890000000000700600052009E005D0000000000520065006E0061006D006500000008004D0053002000530068006500	...........R...].....R.e.n.a.m.e.....M.S. .S.h.e.
\DIALOG\REPLACEFILEDLG\1033	84110	338	72710	C000C8900000000011006E003500DE00AD000000000043006F006E006600690072006D002000660069006C00650020007200	..........n.5.........C.o.n.f.i.r.m. .f.i.l.e. .r.
\DIALOG\STARTDLG\1033	83EB8	252	724B8	C008CA90000000000B001B002F005B01E00000000000570069006E005200410052002000730065006C0066002D0065007800	............/.[.......W.i.n.R.A.R. .s.e.l.f.-.e.x.
\STRING\7\1033	85188	1EA	73788	00000000000000001D00530065006C0065006300740020007400680065002000640065007300740069006E00610074006900	..........S.e.l.e.c.t. .t.h.e. .d.e.s.t.i.n.a.t.i.
\STRING\8\1033	85378	1CC	73978	11004E006F007400200065006E006F0075006700680020006D0065006D006F0072007900140055006E006B006E006F007700	..N.o.t. .e.n.o.u.g.h. .m.e.m.o.r.y...U.n.k.n.o.w.
\STRING\9\1033	85548	1B8	73B48	0000000000001A005700720069007400650020006500720072006F007200200069006E002000740068006500200066006900	........W.r.i.t.e. .e.r.r.o.r. .i.n. .t.h.e. .f.i.
\STRING\10\1033	85700	146	73D00	050043006C006F00730065000000000000000000000005004500720072006F00720061004500720072006F00720073002000	..C.l.o.s.e.............E.r.r.o.r.a.E.r.r.o.r.s. .
\STRING\11\1033	85848	46C	73E48	200053006F006D0065002000660069006C0065007300200063006F0075006C00640020006E006F0074002000620065002000	.S.o.m.e. .f.i.l.e.s. .c.o.u.l.d. .n.o.t. .b.e. .
\STRING\12\1033	85CB8	166	742B8	3200630072006500610074006500640020006100750074006F006D00610074006900630061006C006C007900200062006500	2.c.r.e.a.t.e.d. .a.u.t.o.m.a.t.i.c.a.l.l.y. .b.e.
\STRING\13\1033	85E20	152	74420	0000000000003D0054006F00740061006C0020007000610074006800200061006E0064002000660069006C00650020006E00	......=.T.o.t.a.l. .p.a.t.h. .a.n.d. .f.i.l.e. .n.
\STRING\14\1033	85F78	10A	74578	000000001500430061006E006E006F007400200063006F0070007900200025007300200074006F002000250073002E000000	......C.a.n.n.o.t. .c.o.p.y. .%.s. .t.o. .%.s.....
\STRING\15\1033	86088	BC	74688	0000410059006F00750020006D006100790020006E00650065006400200074006F002000720075006E002000740068006900	..A.Y.o.u. .m.a.y. .n.e.e.d. .t.o. .r.u.n. .t.h.i.
\STRING\16\1033	86148	1C0	74748	10005300650063007500720069007400790020007700610072006E0069006E0067004B0050006C0065006100730065002000	..S.e.c.u.r.i.t.y. .w.a.r.n.i.n.g.K.P.l.e.a.s.e. .
\STRING\17\1033	86308	250	74908	000000000000000007005700610072006E0069006E006700AD00540068006900730020006100720063006800690076006500	..........W.a.r.n.i.n.g...T.h.i.s. .a.r.c.h.i.v.e.
\GROUP_ICON\100\1033	83E50	68	72450	00000100070010100000010008006805000001002020000001000800A808000002003030000001000800A80E000003001010	..............h..... ............00..............
\24\1\1033	84A30	753	73030	3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279	<?xml version="1.0" encoding="UTF-8" standalone="y

Intelligent String

• 3AdobeInstaller.exe
• .rar
• Crypt32.dll
• version.dll
• sfc_os.dll
• SSPICLI.DLL
• rsaenh.dll
• UXTheme.dll
• dwmapi.dll
• cryptbase.dll
• lpk.dll
• usp10.dll
• clbcatq.dll
• comres.dll
• ws2_32.dll
• ws2help.dll
• psapi.dll
• ieframe.dll
• ntshrui.dll
• atl.dll
• setupapi.dll
• apphelp.dll
• userenv.dll
• netapi32.dll
• shdocvw.dll
• crypt32.dll
• msasn1.dll
• cryptui.dll
• wintrust.dll
• shell32.dll
• secur32.dll
• cabinet.dll
• oleaccrc.dll
• ntmarta.dll
• profapi.dll
• WindowsCodecs.dll
• srvcli.dll
• cscapi.dll
• slc.dll
• imageres.dll
• WINNSI.DLL
• netutils.dll
• mpr.dll
• devrtl.dll
• propsys.dll
• mlang.dll
• samcli.dll
• samlib.dll
• wkscli.dll
• dfscli.dll
• browcli.dll
• rasadhlp.dll
• dhcpcsvc6.dll
• dhcpcsvc.dll
• XmlLite.dll
• linkinfo.dll
• cryptsp.dll
• RpcRtRemote.dll
• aclui.dll
• dsrole.dll
• peerdist.dll
• uxtheme.dll
• riched20.dll
• runas
• .tmp
• .lnk
• .inf
• .exe
• USER32.dll
• GDI32.dll
• COMDLG32.dll
• ADVAPI32.dll
• SHELL32.dll
• Fole32.dll
• KERNEL32.DLL
• COMCTL32.dll
• mscoree.dll
• D:\Projects\WinRAR\SFX\build\sfxrar64\Release\sfxrar.pdb
• .tls
• .bss
• sfxrar.exe
• KERNEL32.dll
• OLEAUT32.dll
• <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
• Setup=run.bat
• 0.Cwy
• run.bat
• +0U 00U 0g0KUD0B0@><:http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0{+o0m0F+0:http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0+0http://ocsp.sectigo.com0*H_6rZ-9JZBJ

Flow Anomalies

Offset	RVA	Section	Description
10F9	N/A	.text	CALL QWORD PTR [RIP+0x753A1]
1101	N/A	.text	CALL QWORD PTR [RIP+0x753A1]
110D	N/A	.text	CALL QWORD PTR [RIP+0x7539D]
1128	N/A	.text	CALL QWORD PTR [RIP+0x75372]
1130	N/A	.text	CALL QWORD PTR [RIP+0x75372]
121B	N/A	.text	CALL QWORD PTR [RIP+0x75327]
1261	N/A	.text	CALL QWORD PTR [RIP+0x752D1]
128B	N/A	.text	CALL QWORD PTR [RIP+0x4C69F]
170A	N/A	.text	CALL QWORD PTR [RIP+0x74FF0]
171B	N/A	.text	JMP QWORD PTR [RIP+0x74FCF]
175C	N/A	.text	CALL QWORD PTR [RIP+0x74F66]
17FC	N/A	.text	CALL QWORD PTR [RIP+0x74EFE]
195E	N/A	.text	CALL QWORD PTR [RIP+0x74D74]
198B	N/A	.text	CALL QWORD PTR [RIP+0x74D4F]
1A2B	N/A	.text	JMP QWORD PTR [RIP+0x74CC7]
1A3F	N/A	.text	JMP QWORD PTR [RIP+0x74CA3]
1A56	N/A	.text	CALL QWORD PTR [RIP+0x74CA4]
1A67	N/A	.text	JMP QWORD PTR [RIP+0x74C9B]
1AC0	N/A	.text	CALL QWORD PTR [RIP+0x74C0A]
1AD3	N/A	.text	CALL QWORD PTR [RIP+0x74C27]
1AEF	N/A	.text	CALL QWORD PTR [RIP+0x74BF3]
20F9	N/A	.text	CALL QWORD PTR [RIP+0x4B331]
2103	N/A	.text	CALL QWORD PTR [RIP+0x4B30F]
216B	N/A	.text	CALL QWORD PTR [RIP+0x4B2EF]
21C9	N/A	.text	CALL QWORD PTR [RIP+0x4B271]
221C	N/A	.text	CALL QWORD PTR [RIP+0x4B1FE]
222F	N/A	.text	CALL QWORD PTR [RIP+0x4B223]
2247	N/A	.text	CALL QWORD PTR [RIP+0x4B203]
22E2	N/A	.text	CALL QWORD PTR [RIP+0x4B118]
22F2	N/A	.text	CALL QWORD PTR [RIP+0x4B128]
2312	N/A	.text	CALL QWORD PTR [RIP+0x4B130]
238B	N/A	.text	CALL QWORD PTR [RIP+0x4B0A7]
23B9	N/A	.text	CALL QWORD PTR [RIP+0x4B049]
2420	N/A	.text	CALL QWORD PTR [RIP+0x4AFEA]
2463	N/A	.text	CALL QWORD PTR [RIP+0x4AFBF]
2473	N/A	.text	CALL QWORD PTR [RIP+0x4AFA7]
24AB	N/A	.text	CALL QWORD PTR [RIP+0x4AF5F]
24E1	N/A	.text	CALL QWORD PTR [RIP+0x4AF21]
2F7A	N/A	.text	CALL QWORD PTR [RIP+0x4A9B0]
2FB1	N/A	.text	CALL QWORD PTR [RIP+0x4A979]
3055	N/A	.text	CALL QWORD PTR [RIP+0x4A8D5]
307C	N/A	.text	CALL QWORD PTR [RIP+0x4A8AE]
30E2	N/A	.text	CALL QWORD PTR [RIP+0x4A848]
311E	N/A	.text	CALL QWORD PTR [RIP+0x4A80C]
3134	N/A	.text	CALL QWORD PTR [RIP+0x4A7F6]
3183	N/A	.text	CALL QWORD PTR [RIP+0x4A7A7]
319C	N/A	.text	CALL QWORD PTR [RIP+0x4A78E]
322C	N/A	.text	CALL QWORD PTR [RIP+0x4A6FE]
3252	N/A	.text	CALL QWORD PTR [RIP+0x4A6D8]
32CC	N/A	.text	CALL QWORD PTR [RIP+0x4A65E]
32FE	N/A	.text	CALL QWORD PTR [RIP+0x4A62C]
33AF	N/A	.text	CALL QWORD PTR [RIP+0x4A57B]
3417	N/A	.text	CALL QWORD PTR [RIP+0x4A513]
346E	N/A	.text	CALL QWORD PTR [RIP+0x4A4BC]
36EE	N/A	.text	JMP QWORD PTR [RIP+0x4A23C]
37E0	N/A	.text	CALL QWORD PTR [RIP+0x4A14A]
4F1C	N/A	.text	CALL QWORD PTR [RIP+0x48A0E]
59CD	N/A	.text	CALL QWORD PTR [RIP+0x47F5D]
5D65	N/A	.text	CALL QWORD PTR [RIP+0x47BC5]
5F84	N/A	.text	CALL QWORD PTR [RIP+0x479A6]
A1DD	N/A	.text	CALL QWORD PTR [RIP+0x4323D]
A21B	N/A	.text	CALL QWORD PTR [RIP+0x43257]
A237	N/A	.text	CALL QWORD PTR [RIP+0x43233]
B27E	N/A	.text	CALL QWORD PTR [RIP+0x4217C]
B3D0	N/A	.text	CALL QWORD PTR [RIP+0x42042]
B5BC	N/A	.text	CALL QWORD PTR [RIP+0x41E3E]
B652	N/A	.text	CALL QWORD PTR [RIP+0x41E40]
B663	N/A	.text	CALL QWORD PTR [RIP+0x41DAF]
B67E	N/A	.text	CALL QWORD PTR [RIP+0x41D9C]
B6CC	N/A	.text	CALL QWORD PTR [RIP+0x41DB6]
B6D7	N/A	.text	CALL QWORD PTR [RIP+0x41DA3]
B6F8	N/A	.text	CALL QWORD PTR [RIP+0x42232]
B9CE	N/A	.text	CALL QWORD PTR [RIP+0x6AA44]
BA1A	N/A	.text	CALL QWORD PTR [RIP+0x6A9F8]
BA75	N/A	.text	CALL QWORD PTR [RIP+0x419A5]
BBB3	N/A	.text	CALL QWORD PTR [RIP+0x418E7]
BEFE	N/A	.text	CALL QWORD PTR [RIP+0x4158C]
E6BB	N/A	.text	CALL QWORD PTR [RIP+0x3F26F]
F273	N/A	.text	CALL QWORD PTR [RIP+0x3E6B7]
FAC8	N/A	.text	CALL QWORD PTR [RIP+0x3DE62]
FE61	N/A	.text	CALL QWORD PTR [RIP+0x3DAC9]
FE7B	N/A	.text	CALL QWORD PTR [RIP+0x3DAAF]
10423	N/A	.text	CALL QWORD PTR [RIP+0x3D07F]
1046D	N/A	.text	CALL QWORD PTR [RIP+0x3D035]
10497	N/A	.text	CALL QWORD PTR [RIP+0x3D013]
104E2	N/A	.text	CALL QWORD PTR [RIP+0x3CFC8]
10743	N/A	.text	CALL QWORD PTR [RIP+0x3CD6F]
107A5	N/A	.text	CALL QWORD PTR [RIP+0x3CD0D]
109B6	N/A	.text	CALL QWORD PTR [RIP+0x3CA5C]
10A98	N/A	.text	CALL QWORD PTR [RIP+0x3C962]
10B04	N/A	.text	CALL QWORD PTR [RIP+0x3C8F6]
10BC1	N/A	.text	CALL QWORD PTR [RIP+0x3CD69]
10C13	N/A	.text	CALL QWORD PTR [RIP+0x3C8A7]
10C3E	N/A	.text	CALL QWORD PTR [RIP+0x3C7C4]
10C71	N/A	.text	CALL QWORD PTR [RIP+0x3C7A9]
10C90	N/A	.text	CALL QWORD PTR [RIP+0x3C78A]
10CE9	N/A	.text	CALL QWORD PTR [RIP+0x3CC41]
10D02	N/A	.text	CALL QWORD PTR [RIP+0x3CC28]
10D12	N/A	.text	CALL QWORD PTR [RIP+0x3CC18]
10D2B	N/A	.text	CALL QWORD PTR [RIP+0x3CBFF]
63C00	1020	.pdata	ExceptionHook \| Pointer to 1020 - 0x420 .text + UnwindInfo: .rdata
63C0C	1050	.pdata	ExceptionHook \| Pointer to 1050 - 0x450 .text + UnwindInfo: .rdata
63C18	10A0	.pdata	ExceptionHook \| Pointer to 10A0 - 0x4A0 .text + UnwindInfo: .rdata
63C24	10F0	.pdata	ExceptionHook \| Pointer to 10F0 - 0x4F0 .text + UnwindInfo: .rdata
63C30	1140	.pdata	ExceptionHook \| Pointer to 1140 - 0x540 .text + UnwindInfo: .rdata
63C3C	1160	.pdata	ExceptionHook \| Pointer to 1160 - 0x560 .text + UnwindInfo: .rdata
63C48	11DC	.pdata	ExceptionHook \| Pointer to 11DC - 0x5DC .text + UnwindInfo: .rdata
63C54	1278	.pdata	ExceptionHook \| Pointer to 1278 - 0x678 .text + UnwindInfo: .rdata
63C60	12C8	.pdata	ExceptionHook \| Pointer to 12C8 - 0x6C8 .text + UnwindInfo: .rdata
63C6C	13CC	.pdata	ExceptionHook \| Pointer to 13CC - 0x7CC .text + UnwindInfo: .rdata
63C78	1454	.pdata	ExceptionHook \| Pointer to 1454 - 0x854 .text + UnwindInfo: .rdata
63C84	1484	.pdata	ExceptionHook \| Pointer to 1484 - 0x884 .text + UnwindInfo: .rdata
63C90	15D0	.pdata	ExceptionHook \| Pointer to 15D0 - 0x9D0 .text + UnwindInfo: .rdata
63C9C	1768	.pdata	ExceptionHook \| Pointer to 1768 - 0xB68 .text + UnwindInfo: .rdata
63CA8	18DC	.pdata	ExceptionHook \| Pointer to 18DC - 0xCDC .text + UnwindInfo: .rdata
63CB4	1918	.pdata	ExceptionHook \| Pointer to 1918 - 0xD18 .text + UnwindInfo: .rdata
63CC0	1978	.pdata	ExceptionHook \| Pointer to 1978 - 0xD78 .text + UnwindInfo: .rdata
63CCC	19D0	.pdata	ExceptionHook \| Pointer to 19D0 - 0xDD0 .text + UnwindInfo: .rdata
63CD8	1A14	.pdata	ExceptionHook \| Pointer to 1A14 - 0xE14 .text + UnwindInfo: .rdata
63CE4	1DF0	.pdata	ExceptionHook \| Pointer to 1DF0 - 0x11F0 .text + UnwindInfo: .rdata
63CF0	1EB4	.pdata	ExceptionHook \| Pointer to 1EB4 - 0x12B4 .text + UnwindInfo: .rdata
63CFC	1ED4	.pdata	ExceptionHook \| Pointer to 1ED4 - 0x12D4 .text + UnwindInfo: .rdata
63D08	1F50	.pdata	ExceptionHook \| Pointer to 1F50 - 0x1350 .text + UnwindInfo: .rdata
63D14	1FC4	.pdata	ExceptionHook \| Pointer to 1FC4 - 0x13C4 .text + UnwindInfo: .rdata
63D20	1FD8	.pdata	ExceptionHook \| Pointer to 1FD8 - 0x13D8 .text + UnwindInfo: .rdata
63D2C	1FF0	.pdata	ExceptionHook \| Pointer to 1FF0 - 0x13F0 .text + UnwindInfo: .rdata
63D38	206C	.pdata	ExceptionHook \| Pointer to 206C - 0x146C .text + UnwindInfo: .rdata
63D44	2104	.pdata	ExceptionHook \| Pointer to 2104 - 0x1504 .text + UnwindInfo: .rdata
63D50	2178	.pdata	ExceptionHook \| Pointer to 2178 - 0x1578 .text + UnwindInfo: .rdata
63D5C	226C	.pdata	ExceptionHook \| Pointer to 226C - 0x166C .text + UnwindInfo: .rdata
63D68	2300	.pdata	ExceptionHook \| Pointer to 2300 - 0x1700 .text + UnwindInfo: .rdata
63D74	2324	.pdata	ExceptionHook \| Pointer to 2324 - 0x1724 .text + UnwindInfo: .rdata
63D80	23C4	.pdata	ExceptionHook \| Pointer to 23C4 - 0x17C4 .text + UnwindInfo: .rdata
63D8C	251C	.pdata	ExceptionHook \| Pointer to 251C - 0x191C .text + UnwindInfo: .rdata
63D98	2648	.pdata	ExceptionHook \| Pointer to 2648 - 0x1A48 .text + UnwindInfo: .rdata
63DA4	2670	.pdata	ExceptionHook \| Pointer to 2670 - 0x1A70 .text + UnwindInfo: .rdata
63DB0	2714	.pdata	ExceptionHook \| Pointer to 2714 - 0x1B14 .text + UnwindInfo: .rdata
63DBC	27B0	.pdata	ExceptionHook \| Pointer to 27B0 - 0x1BB0 .text + UnwindInfo: .rdata
63DC8	28E4	.pdata	ExceptionHook \| Pointer to 28E4 - 0x1CE4 .text + UnwindInfo: .rdata
63DD4	2964	.pdata	ExceptionHook \| Pointer to 2964 - 0x1D64 .text + UnwindInfo: .rdata
63DE0	2994	.pdata	ExceptionHook \| Pointer to 2994 - 0x1D94 .text + UnwindInfo: .rdata
63DEC	2B70	.pdata	ExceptionHook \| Pointer to 2B70 - 0x1F70 .text + UnwindInfo: .rdata
63DF8	2BA4	.pdata	ExceptionHook \| Pointer to 2BA4 - 0x1FA4 .text + UnwindInfo: .rdata
63E04	2CE0	.pdata	ExceptionHook \| Pointer to 2CE0 - 0x20E0 .text + UnwindInfo: .rdata
63E10	2D24	.pdata	ExceptionHook \| Pointer to 2D24 - 0x2124 .text + UnwindInfo: .rdata
63E1C	2E04	.pdata	ExceptionHook \| Pointer to 2E04 - 0x2204 .text + UnwindInfo: .rdata
63E28	2E68	.pdata	ExceptionHook \| Pointer to 2E68 - 0x2268 .text + UnwindInfo: .rdata
63E34	3030	.pdata	ExceptionHook \| Pointer to 3030 - 0x2430 .text + UnwindInfo: .rdata
63E40	312C	.pdata	ExceptionHook \| Pointer to 312C - 0x252C .text + UnwindInfo: .rdata
63E4C	31C4	.pdata	ExceptionHook \| Pointer to 31C4 - 0x25C4 .text + UnwindInfo: .rdata
63E58	32A4	.pdata	ExceptionHook \| Pointer to 32A4 - 0x26A4 .text + UnwindInfo: .rdata
63E64	33A4	.pdata	ExceptionHook \| Pointer to 33A4 - 0x27A4 .text + UnwindInfo: .rdata
63E70	3454	.pdata	ExceptionHook \| Pointer to 3454 - 0x2854 .text + UnwindInfo: .rdata
63E7C	3714	.pdata	ExceptionHook \| Pointer to 3714 - 0x2B14 .text + UnwindInfo: .rdata
63E88	3824	.pdata	ExceptionHook \| Pointer to 3824 - 0x2C24 .text + UnwindInfo: .rdata
63E94	390C	.pdata	ExceptionHook \| Pointer to 390C - 0x2D0C .text + UnwindInfo: .rdata
63EA0	3960	.pdata	ExceptionHook \| Pointer to 3960 - 0x2D60 .text + UnwindInfo: .rdata
63EAC	3990	.pdata	ExceptionHook \| Pointer to 3990 - 0x2D90 .text + UnwindInfo: .rdata
63EB8	39E0	.pdata	ExceptionHook \| Pointer to 39E0 - 0x2DE0 .text + UnwindInfo: .rdata
63EC4	3A58	.pdata	ExceptionHook \| Pointer to 3A58 - 0x2E58 .text + UnwindInfo: .rdata
63ED0	3AD0	.pdata	ExceptionHook \| Pointer to 3AD0 - 0x2ED0 .text + UnwindInfo: .rdata
63EDC	3B04	.pdata	ExceptionHook \| Pointer to 3B04 - 0x2F04 .text + UnwindInfo: .rdata
63EE8	3B44	.pdata	ExceptionHook \| Pointer to 3B44 - 0x2F44 .text + UnwindInfo: .rdata
63EF4	3C2C	.pdata	ExceptionHook \| Pointer to 3C2C - 0x302C .text + UnwindInfo: .rdata
63F00	3C98	.pdata	ExceptionHook \| Pointer to 3C98 - 0x3098 .text + UnwindInfo: .rdata
63F0C	40FC	.pdata	ExceptionHook \| Pointer to 40FC - 0x34FC .text + UnwindInfo: .rdata
63F18	42F4	.pdata	ExceptionHook \| Pointer to 42F4 - 0x36F4 .text + UnwindInfo: .rdata
63F24	43A4	.pdata	ExceptionHook \| Pointer to 43A4 - 0x37A4 .text + UnwindInfo: .rdata
63F30	43F0	.pdata	ExceptionHook \| Pointer to 43F0 - 0x37F0 .text + UnwindInfo: .rdata
63F3C	4464	.pdata	ExceptionHook \| Pointer to 4464 - 0x3864 .text + UnwindInfo: .rdata
63F48	44DC	.pdata	ExceptionHook \| Pointer to 44DC - 0x38DC .text + UnwindInfo: .rdata
63F54	4550	.pdata	ExceptionHook \| Pointer to 4550 - 0x3950 .text + UnwindInfo: .rdata
63F60	45D0	.pdata	ExceptionHook \| Pointer to 45D0 - 0x39D0 .text + UnwindInfo: .rdata
63F6C	463C	.pdata	ExceptionHook \| Pointer to 463C - 0x3A3C .text + UnwindInfo: .rdata
63F78	471C	.pdata	ExceptionHook \| Pointer to 471C - 0x3B1C .text + UnwindInfo: .rdata
63F84	47A4	.pdata	ExceptionHook \| Pointer to 47A4 - 0x3BA4 .text + UnwindInfo: .rdata
63F90	491C	.pdata	ExceptionHook \| Pointer to 491C - 0x3D1C .text + UnwindInfo: .rdata
63F9C	4A94	.pdata	ExceptionHook \| Pointer to 4A94 - 0x3E94 .text + UnwindInfo: .rdata
63FA8	4B04	.pdata	ExceptionHook \| Pointer to 4B04 - 0x3F04 .text + UnwindInfo: .rdata
63FB4	4C10	.pdata	ExceptionHook \| Pointer to 4C10 - 0x4010 .text + UnwindInfo: .rdata
63FC0	4C98	.pdata	ExceptionHook \| Pointer to 4C98 - 0x4098 .text + UnwindInfo: .rdata
63FCC	4D4C	.pdata	ExceptionHook \| Pointer to 4D4C - 0x414C .text + UnwindInfo: .rdata
63FD8	4E58	.pdata	ExceptionHook \| Pointer to 4E58 - 0x4258 .text + UnwindInfo: .rdata
63FE4	4E80	.pdata	ExceptionHook \| Pointer to 4E80 - 0x4280 .text + UnwindInfo: .rdata
63FF0	4F08	.pdata	ExceptionHook \| Pointer to 4F08 - 0x4308 .text + UnwindInfo: .rdata
63FFC	4F8C	.pdata	ExceptionHook \| Pointer to 4F8C - 0x438C .text + UnwindInfo: .rdata
64008	5000	.pdata	ExceptionHook \| Pointer to 5000 - 0x4400 .text + UnwindInfo: .rdata
64014	5040	.pdata	ExceptionHook \| Pointer to 5040 - 0x4440 .text + UnwindInfo: .rdata
64020	50E0	.pdata	ExceptionHook \| Pointer to 50E0 - 0x44E0 .text + UnwindInfo: .rdata
6402C	5194	.pdata	ExceptionHook \| Pointer to 5194 - 0x4594 .text + UnwindInfo: .rdata
64038	51E0	.pdata	ExceptionHook \| Pointer to 51E0 - 0x45E0 .text + UnwindInfo: .rdata
64044	5A78	.pdata	ExceptionHook \| Pointer to 5A78 - 0x4E78 .text + UnwindInfo: .rdata
64050	65B0	.pdata	ExceptionHook \| Pointer to 65B0 - 0x59B0 .text + UnwindInfo: .rdata
6405C	661C	.pdata	ExceptionHook \| Pointer to 661C - 0x5A1C .text + UnwindInfo: .rdata
64068	6928	.pdata	ExceptionHook \| Pointer to 6928 - 0x5D28 .text + UnwindInfo: .rdata
64074	6998	.pdata	ExceptionHook \| Pointer to 6998 - 0x5D98 .text + UnwindInfo: .rdata
64080	6A28	.pdata	ExceptionHook \| Pointer to 6A28 - 0x5E28 .text + UnwindInfo: .rdata
6408C	6ADC	.pdata	ExceptionHook \| Pointer to 6ADC - 0x5EDC .text + UnwindInfo: .rdata
64098	6B70	.pdata	ExceptionHook \| Pointer to 6B70 - 0x5F70 .text + UnwindInfo: .rdata
640A4	6BF0	.pdata	ExceptionHook \| Pointer to 6BF0 - 0x5FF0 .text + UnwindInfo: .rdata
75600	N/A	Overlay	526172211A070100670DDB6E0C01050800070101 \| Rar!....g..n........

Extra Analysis

Metric	Value	Percentage
Ascii Code	3562765	67,8213%
Null Byte Code	106332	2,0241%
NOP Cave Found	0x9090909090	Block Count: 1 \| Total: 0%

PESCAN.IO - Analysis Report Basic