PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
| Information |
| Size: 1,04 MB SHA-256 Hash: F6F6BEAA023BF314616297196A2D1825A04E3911B7EB6D7E54852C10391F467B SHA-1 Hash: D1CFDE1EABA517D04A75BE74B079FA86A1584C14 MD5 Hash: D40E038941AA721067D61C109A7314A6 Imphash: 282C008B502153A732C62111B4886002 MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 0010C07B EntryPoint (rva): 13F0 SizeOfHeaders: 400 SizeOfImage: 112000 ImageBase: 0000000140000000 Architecture: x64 ImportTable: 10B000 IAT: 10B778 Characteristics: 22E TimeDateStamp: 693C3CBA Date: 12/12/2025 16:03:06 File Type: EXE Number Of Sections: 11 ASLR: Disabled Section Names (Optional Header): .text, .data, .rdata, .pdata, .xdata, .bss, .idata, .CRT, .tls, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows Console UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 60000060 (Code, Initialized Data, Executable, Readable) | 400 | D3000 | 1000 | D2ED8 | 6,1642 | 7437567,71 |
| .data | C0000040 (Initialized Data, Readable, Writeable) | D3400 | 3400 | D4000 | 3260 | 0,5014 | 3089452,88 |
| .rdata | 40000040 (Initialized Data, Readable) | D6800 | 12400 | D8000 | 12350 | 4,8986 | 2744971,16 |
| .pdata | 40000040 (Initialized Data, Readable) | E8C00 | C400 | EB000 | C204 | 5,9769 | 1007193,99 |
| .xdata | 40000040 (Initialized Data, Readable) | F5000 | 11600 | F8000 | 11524 | 4,9344 | 1521232,37 |
| .bss | C0000080 (Uninitialized Data, Readable, Writeable) | 0 | 0 | 10A000 | EA0 | N/A | N/A |
| .idata | C0000040 (Initialized Data, Readable, Writeable) | 106600 | 1E00 | 10B000 | 1D14 | 4,5367 | 336323,67 |
| .CRT | C0000040 (Initialized Data, Readable, Writeable) | 108400 | 200 | 10D000 | 68 | 0,3624 | 120067,00 |
| .tls | C0000040 (Initialized Data, Readable, Writeable) | 108600 | 200 | 10E000 | 10 | 0,0000 | 130560,00 |
| .rsrc | 40000040 (Initialized Data, Readable) | 108800 | 600 | 10F000 | 4E8 | 4,7849 | 29195,67 |
| .reloc | 42000040 (Initialized Data, GP-Relative, Readable) | 108E00 | 1800 | 110000 | 17B8 | 5,4401 | 34176,67 |
| Entry Point |
| The section number (1) have the Entry Point Information -> EntryPoint (calculated) - 7F0 Code -> 4883EC28488B0535D30D00C70000000000E87AFDFFFF90904883C428C30F1F004883EC28E8576901004883F80119C04883C4 • SUB RSP, 0X28 • MOV RAX, QWORD PTR [RIP + 0XDD335] • MOV DWORD PTR [RAX], 0 • CALL 0XD90 • NOP • NOP • ADD RSP, 0X28 • RET • NOP DWORD PTR [RAX] • SUB RSP, 0X28 • CALL 0X17980 • CMP RAX, 1 • SBB EAX, EAX |
| Signatures |
| CheckSum Integrity Problem: • Header: 1097851 • Calculated: 1111757 Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Detect It Easy (die) • Entropy: 6.19978 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | CopyFileA | Copies an existing file to a new file. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| Ws2_32.DLL | socket | Create a communication endpoint for networking applications. |
| Ws2_32.DLL | connect | Establish a connection to a specified socket. |
| Windows REG |
| SOFTWARE\Microsoft\Cryptography |
| File Access |
| WS2_32.dll USER32.dll SHELL32.dll api-ms-win-crt-utility-l1-1-0.dll api-ms-win-crt-time-l1-1-0.dll api-ms-win-crt-string-l1-1-0.dll api-ms-win-crt-stdio-l1-1-0.dll api-ms-win-crt-runtime-l1-1-0.dll api-ms-win-crt-private-l1-1-0.dll api-ms-win-crt-math-l1-1-0.dll api-ms-win-crt-locale-l1-1-0.dll api-ms-win-crt-heap-l1-1-0.dll api-ms-win-crt-filesystem-l1-1-0.dll api-ms-win-crt-environment-l1-1-0.dll api-ms-win-crt-convert-l1-1-0.dll KERNEL32.dll ADVAPI32.dll .dat Temp |
| Interest's Words |
| exec start expand replace |
| URLs |
| https://H] https://HSHH |
| IP Addresses |
| 172.25.21.54 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (WSACleanup) |
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Ascii | WinAPI Sockets (recv) |
| Text | Ascii | WinAPI Sockets (send) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | File (CopyFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Stealth (GetThreadContext) |
| Text | Ascii | Stealth (SetThreadContext) |
| Text | Ascii | Stealth (ReleaseSemaphore) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Execution (CreateSemaphoreA) |
| Text | Ascii | Execution (CreateEventA) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 (DLL) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \24\1\0 | 10F058 | 48F | 108858 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • @.bss • .CRT • .tls • ADVAPI32.dll • KERNEL32.dll • api-ms-win-crt-convert-l1-1-0.dll • api-ms-win-crt-environment-l1-1-0.dll • api-ms-win-crt-filesystem-l1-1-0.dll • api-ms-win-crt-heap-l1-1-0.dll • api-ms-win-crt-locale-l1-1-0.dll • api-ms-win-crt-math-l1-1-0.dll • api-ms-win-crt-private-l1-1-0.dll • api-ms-win-crt-runtime-l1-1-0.dll • api-ms-win-crt-string-l1-1-0.dll • api-ms-win-crt-time-l1-1-0.dll • api-ms-win-crt-utility-l1-1-0.dll • USER32.dll • WS2_32.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 62F | N/A | .text | CALL QWORD PTR [RIP+0x10A6D3] |
| 1FA0 | N/A | .text | JMP QWORD PTR [RIP+0x1091D2] |
| 1FA8 | N/A | .text | JMP QWORD PTR [RIP+0x1091C2] |
| 1FB0 | N/A | .text | JMP QWORD PTR [RIP+0x1091B2] |
| 1FB8 | N/A | .text | JMP QWORD PTR [RIP+0x1091A2] |
| 1FC0 | N/A | .text | JMP QWORD PTR [RIP+0x109192] |
| 1FC8 | N/A | .text | JMP QWORD PTR [RIP+0x109182] |
| 1FD0 | N/A | .text | JMP QWORD PTR [RIP+0x109172] |
| 1FD8 | N/A | .text | JMP QWORD PTR [RIP+0x109162] |
| 1FE0 | N/A | .text | JMP QWORD PTR [RIP+0x109152] |
| 1FE8 | N/A | .text | JMP QWORD PTR [RIP+0x109142] |
| CE2B | N/A | .text | CALL QWORD PTR [RIP+0xFDF1F] |
| CE8E | N/A | .text | CALL QWORD PTR [RIP+0xFDEB4] |
| CE98 | N/A | .text | CALL QWORD PTR [RIP+0xFDD6A] |
| D474 | N/A | .text | CALL QWORD PTR [RIP+0xFD74E] |
| D4CA | N/A | .text | JMP QWORD PTR [RIP+0xFD798] |
| D517 | N/A | .text | CALL QWORD PTR [RIP+0xFD6AB] |
| D532 | N/A | .text | CALL QWORD PTR [RIP+0xFD730] |
| D56A | N/A | .text | CALL QWORD PTR [RIP+0xFD658] |
| D5A6 | N/A | .text | CALL QWORD PTR [RIP+0xFD6BC] |
| D685 | N/A | .text | CALL QWORD PTR [RIP+0xFD52D] |
| D6B7 | N/A | .text | CALL QWORD PTR [RIP+0xFD593] |
| DB2B | N/A | .text | CALL QWORD PTR [RIP+0xFD16F] |
| DC1C | N/A | .text | CALL QWORD PTR [RIP+0xFD0A6] |
| DD2E | N/A | .text | CALL QWORD PTR [RIP+0xFCF6C] |
| DE4D | N/A | .text | CALL QWORD PTR [RIP+0xFCE7D] |
| DE73 | N/A | .text | CALL QWORD PTR [RIP+0xFCE57] |
| DEAB | N/A | .text | CALL QWORD PTR [RIP+0xFCDEF] |
| DF52 | N/A | .text | CALL QWORD PTR [RIP+0xFCD68] |
| DF8F | N/A | .text | CALL QWORD PTR [RIP+0xFCD3B] |
| E08F | N/A | .text | CALL QWORD PTR [RIP+0xFCC2B] |
| E726 | N/A | .text | CALL QWORD PTR [RIP+0xFC54C] |
| E79A | N/A | .text | CALL QWORD PTR [RIP+0xFC5C8] |
| E870 | N/A | .text | CALL QWORD PTR [RIP+0xFC36A] |
| E87E | N/A | .text | CALL QWORD PTR [RIP+0xFC49C] |
| E8C0 | N/A | .text | CALL QWORD PTR [RIP+0xFC31A] |
| E8CE | N/A | .text | CALL QWORD PTR [RIP+0xFC44C] |
| 13B59 | N/A | .text | JMP QWORD PTR [RIP+0xFFFFF] |
| 160EA | N/A | .text | JMP QWORD PTR [RIP+0xF4AD8] |
| 161B3 | N/A | .text | CALL QWORD PTR [RIP+0xF4AAF] |
| 162BD | N/A | .text | JMP QWORD PTR [RIP+0xF49A5] |
| 1642C | N/A | .text | CALL QWORD PTR [RIP+0xF4836] |
| 16652 | N/A | .text | CALL QWORD PTR [RIP+0xF4610] |
| 166DA | N/A | .text | CALL QWORD PTR [RIP+0xF4588] |
| 172A0 | N/A | .text | JMP QWORD PTR [RIP+0xF3E1A] |
| 172B0 | N/A | .text | JMP QWORD PTR [RIP+0xF3DD2] |
| 172B8 | N/A | .text | JMP QWORD PTR [RIP+0xF3DD2] |
| 172C0 | N/A | .text | JMP QWORD PTR [RIP+0xF3DD2] |
| 172C8 | N/A | .text | JMP QWORD PTR [RIP+0xF3DDA] |
| 172D0 | N/A | .text | JMP QWORD PTR [RIP+0xF3DDA] |
| 172E0 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 172E8 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 172F0 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 172F8 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 17300 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 17308 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 17310 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 17318 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 17320 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 17328 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 17330 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 17338 | N/A | .text | JMP QWORD PTR [RIP+0xF3D3A] |
| 17340 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17348 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17350 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17358 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17360 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17368 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17370 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17378 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17380 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17388 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17390 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17398 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173A0 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173A8 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173B0 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173B8 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173C0 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173C8 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173D0 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173D8 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173E0 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173E8 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173F0 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 173F8 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17400 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17408 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17410 | N/A | .text | JMP QWORD PTR [RIP+0xF3BF2] |
| 17420 | N/A | .text | JMP QWORD PTR [RIP+0xF3A5A] |
| 17428 | N/A | .text | JMP QWORD PTR [RIP+0xF3A5A] |
| 17430 | N/A | .text | JMP QWORD PTR [RIP+0xF3A5A] |
| 17438 | N/A | .text | JMP QWORD PTR [RIP+0xF3A5A] |
| 17440 | N/A | .text | JMP QWORD PTR [RIP+0xF3A62] |
| 17448 | N/A | .text | JMP QWORD PTR [RIP+0xF3A62] |
| 17450 | N/A | .text | JMP QWORD PTR [RIP+0xF3A62] |
| 17458 | N/A | .text | JMP QWORD PTR [RIP+0xF3A62] |
| 17460 | N/A | .text | JMP QWORD PTR [RIP+0xF3A62] |
| 17468 | N/A | .text | JMP QWORD PTR [RIP+0xF3A6A] |
| 17470 | N/A | .text | JMP QWORD PTR [RIP+0xF3A6A] |
| 108438 | D760 | .CRT | TLS Callback | Pointer to 14000D760 - 0xCB60 .text |
| 108440 | D730 | .CRT | TLS Callback | Pointer to 14000D730 - 0xCB30 .text |
| 108448 | 1AAF0 | .CRT | TLS Callback | Pointer to 14001AAF0 - 0x19EF0 .text |
| E8C00 | 1000 | .pdata | ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .xdata |
| E8C0C | 1010 | .pdata | ExceptionHook | Pointer to 1010 - 0x410 .text + UnwindInfo: .xdata |
| E8C18 | 1130 | .pdata | ExceptionHook | Pointer to 1130 - 0x530 .text + UnwindInfo: .xdata |
| E8C24 | 1180 | .pdata | ExceptionHook | Pointer to 1180 - 0x580 .text + UnwindInfo: .xdata |
| E8C30 | 13D0 | .pdata | ExceptionHook | Pointer to 13D0 - 0x7D0 .text + UnwindInfo: .xdata |
| E8C3C | 13F0 | .pdata | ExceptionHook | Pointer to 13F0 - 0x7F0 .text + UnwindInfo: .xdata |
| E8C48 | 1410 | .pdata | ExceptionHook | Pointer to 1410 - 0x810 .text + UnwindInfo: .xdata |
| E8C54 | 1430 | .pdata | ExceptionHook | Pointer to 1430 - 0x830 .text + UnwindInfo: .xdata |
| E8C60 | 1440 | .pdata | ExceptionHook | Pointer to 1440 - 0x840 .text + UnwindInfo: .xdata |
| E8C6C | 1450 | .pdata | ExceptionHook | Pointer to 1450 - 0x850 .text + UnwindInfo: .xdata |
| E8C78 | 1557 | .pdata | ExceptionHook | Pointer to 1557 - 0x957 .text + UnwindInfo: .xdata |
| E8C84 | 15CB | .pdata | ExceptionHook | Pointer to 15CB - 0x9CB .text + UnwindInfo: .xdata |
| E8C90 | 166F | .pdata | ExceptionHook | Pointer to 166F - 0xA6F .text + UnwindInfo: .xdata |
| E8C9C | 178D | .pdata | ExceptionHook | Pointer to 178D - 0xB8D .text + UnwindInfo: .xdata |
| E8CA8 | 181D | .pdata | ExceptionHook | Pointer to 181D - 0xC1D .text + UnwindInfo: .xdata |
| E8CB4 | 19FA | .pdata | ExceptionHook | Pointer to 19FA - 0xDFA .text + UnwindInfo: .xdata |
| E8CC0 | 1F4D | .pdata | ExceptionHook | Pointer to 1F4D - 0x134D .text + UnwindInfo: .xdata |
| E8CCC | 24AA | .pdata | ExceptionHook | Pointer to 24AA - 0x18AA .text + UnwindInfo: .xdata |
| E8CD8 | 265A | .pdata | ExceptionHook | Pointer to 265A - 0x1A5A .text + UnwindInfo: .xdata |
| E8CE4 | 26AA | .pdata | ExceptionHook | Pointer to 26AA - 0x1AAA .text + UnwindInfo: .xdata |
| E8CF0 | 26CC | .pdata | ExceptionHook | Pointer to 26CC - 0x1ACC .text + UnwindInfo: .xdata |
| E8CFC | 289B | .pdata | ExceptionHook | Pointer to 289B - 0x1C9B .text + UnwindInfo: .xdata |
| E8D08 | 2A76 | .pdata | ExceptionHook | Pointer to 2A76 - 0x1E76 .text + UnwindInfo: .xdata |
| E8D14 | 2A94 | .pdata | ExceptionHook | Pointer to 2A94 - 0x1E94 .text + UnwindInfo: .xdata |
| E8D20 | 2AB2 | .pdata | ExceptionHook | Pointer to 2AB2 - 0x1EB2 .text + UnwindInfo: .xdata |
| E8D2C | 2AD0 | .pdata | ExceptionHook | Pointer to 2AD0 - 0x1ED0 .text + UnwindInfo: .xdata |
| E8D38 | 2B82 | .pdata | ExceptionHook | Pointer to 2B82 - 0x1F82 .text + UnwindInfo: .xdata |
| E8D44 | 2BF0 | .pdata | ExceptionHook | Pointer to 2BF0 - 0x1FF0 .text + UnwindInfo: .xdata |
| E8D50 | 2D00 | .pdata | ExceptionHook | Pointer to 2D00 - 0x2100 .text + UnwindInfo: .xdata |
| E8D5C | 2D60 | .pdata | ExceptionHook | Pointer to 2D60 - 0x2160 .text + UnwindInfo: .xdata |
| E8D68 | 2E20 | .pdata | ExceptionHook | Pointer to 2E20 - 0x2220 .text + UnwindInfo: .xdata |
| E8D74 | 2EA0 | .pdata | ExceptionHook | Pointer to 2EA0 - 0x22A0 .text + UnwindInfo: .xdata |
| E8D80 | 2F00 | .pdata | ExceptionHook | Pointer to 2F00 - 0x2300 .text + UnwindInfo: .xdata |
| E8D8C | 2F80 | .pdata | ExceptionHook | Pointer to 2F80 - 0x2380 .text + UnwindInfo: .xdata |
| E8D98 | 30C0 | .pdata | ExceptionHook | Pointer to 30C0 - 0x24C0 .text + UnwindInfo: .xdata |
| E8DA4 | 30F0 | .pdata | ExceptionHook | Pointer to 30F0 - 0x24F0 .text + UnwindInfo: .xdata |
| E8DB0 | 3130 | .pdata | ExceptionHook | Pointer to 3130 - 0x2530 .text + UnwindInfo: .xdata |
| E8DBC | 3200 | .pdata | ExceptionHook | Pointer to 3200 - 0x2600 .text + UnwindInfo: .xdata |
| E8DC8 | 3240 | .pdata | ExceptionHook | Pointer to 3240 - 0x2640 .text + UnwindInfo: .xdata |
| E8DD4 | 32A0 | .pdata | ExceptionHook | Pointer to 32A0 - 0x26A0 .text + UnwindInfo: .xdata |
| E8DE0 | 3310 | .pdata | ExceptionHook | Pointer to 3310 - 0x2710 .text + UnwindInfo: .xdata |
| E8DEC | 3370 | .pdata | ExceptionHook | Pointer to 3370 - 0x2770 .text + UnwindInfo: .xdata |
| E8DF8 | 3410 | .pdata | ExceptionHook | Pointer to 3410 - 0x2810 .text + UnwindInfo: .xdata |
| E8E04 | 3510 | .pdata | ExceptionHook | Pointer to 3510 - 0x2910 .text + UnwindInfo: .xdata |
| E8E10 | 35A0 | .pdata | ExceptionHook | Pointer to 35A0 - 0x29A0 .text + UnwindInfo: .xdata |
| E8E1C | 36A0 | .pdata | ExceptionHook | Pointer to 36A0 - 0x2AA0 .text + UnwindInfo: .xdata |
| E8E28 | 3880 | .pdata | ExceptionHook | Pointer to 3880 - 0x2C80 .text + UnwindInfo: .xdata |
| E8E34 | 3970 | .pdata | ExceptionHook | Pointer to 3970 - 0x2D70 .text + UnwindInfo: .xdata |
| E8E40 | 3BC0 | .pdata | ExceptionHook | Pointer to 3BC0 - 0x2FC0 .text + UnwindInfo: .xdata |
| E8E4C | 3C60 | .pdata | ExceptionHook | Pointer to 3C60 - 0x3060 .text + UnwindInfo: .xdata |
| E8E58 | 4760 | .pdata | ExceptionHook | Pointer to 4760 - 0x3B60 .text + UnwindInfo: .xdata |
| E8E64 | 4860 | .pdata | ExceptionHook | Pointer to 4860 - 0x3C60 .text + UnwindInfo: .xdata |
| E8E70 | 48E0 | .pdata | ExceptionHook | Pointer to 48E0 - 0x3CE0 .text + UnwindInfo: .xdata |
| E8E7C | 4990 | .pdata | ExceptionHook | Pointer to 4990 - 0x3D90 .text + UnwindInfo: .xdata |
| E8E88 | 4A80 | .pdata | ExceptionHook | Pointer to 4A80 - 0x3E80 .text + UnwindInfo: .xdata |
| E8E94 | 4B20 | .pdata | ExceptionHook | Pointer to 4B20 - 0x3F20 .text + UnwindInfo: .xdata |
| E8EA0 | 4CC0 | .pdata | ExceptionHook | Pointer to 4CC0 - 0x40C0 .text + UnwindInfo: .xdata |
| E8EAC | 52B0 | .pdata | ExceptionHook | Pointer to 52B0 - 0x46B0 .text + UnwindInfo: .xdata |
| E8EB8 | 5A70 | .pdata | ExceptionHook | Pointer to 5A70 - 0x4E70 .text + UnwindInfo: .xdata |
| E8EC4 | 5B60 | .pdata | ExceptionHook | Pointer to 5B60 - 0x4F60 .text + UnwindInfo: .xdata |
| E8ED0 | 5D90 | .pdata | ExceptionHook | Pointer to 5D90 - 0x5190 .text + UnwindInfo: .xdata |
| E8EDC | 6220 | .pdata | ExceptionHook | Pointer to 6220 - 0x5620 .text + UnwindInfo: .xdata |
| E8EE8 | 63B0 | .pdata | ExceptionHook | Pointer to 63B0 - 0x57B0 .text + UnwindInfo: .xdata |
| E8EF4 | 6B20 | .pdata | ExceptionHook | Pointer to 6B20 - 0x5F20 .text + UnwindInfo: .xdata |
| E8F00 | 6D00 | .pdata | ExceptionHook | Pointer to 6D00 - 0x6100 .text + UnwindInfo: .xdata |
| E8F0C | 6DA0 | .pdata | ExceptionHook | Pointer to 6DA0 - 0x61A0 .text + UnwindInfo: .xdata |
| E8F18 | 6E80 | .pdata | ExceptionHook | Pointer to 6E80 - 0x6280 .text + UnwindInfo: .xdata |
| E8F24 | 7000 | .pdata | ExceptionHook | Pointer to 7000 - 0x6400 .text + UnwindInfo: .xdata |
| E8F30 | B250 | .pdata | ExceptionHook | Pointer to B250 - 0xA650 .text + UnwindInfo: .xdata |
| E8F3C | B310 | .pdata | ExceptionHook | Pointer to B310 - 0xA710 .text + UnwindInfo: .xdata |
| E8F48 | BC00 | .pdata | ExceptionHook | Pointer to BC00 - 0xB000 .text + UnwindInfo: .xdata |
| E8F54 | BF30 | .pdata | ExceptionHook | Pointer to BF30 - 0xB330 .text + UnwindInfo: .xdata |
| E8F60 | C300 | .pdata | ExceptionHook | Pointer to C300 - 0xB700 .text + UnwindInfo: .xdata |
| E8F6C | C5D0 | .pdata | ExceptionHook | Pointer to C5D0 - 0xB9D0 .text + UnwindInfo: .xdata |
| E8F78 | C690 | .pdata | ExceptionHook | Pointer to C690 - 0xBA90 .text + UnwindInfo: .xdata |
| E8F84 | CC80 | .pdata | ExceptionHook | Pointer to CC80 - 0xC080 .text + UnwindInfo: .xdata |
| E8F90 | CE50 | .pdata | ExceptionHook | Pointer to CE50 - 0xC250 .text + UnwindInfo: .xdata |
| E8F9C | D1E0 | .pdata | ExceptionHook | Pointer to D1E0 - 0xC5E0 .text + UnwindInfo: .xdata |
| E8FA8 | D4B0 | .pdata | ExceptionHook | Pointer to D4B0 - 0xC8B0 .text + UnwindInfo: .xdata |
| E8FB4 | D620 | .pdata | ExceptionHook | Pointer to D620 - 0xCA20 .text + UnwindInfo: .xdata |
| E8FC0 | D650 | .pdata | ExceptionHook | Pointer to D650 - 0xCA50 .text + UnwindInfo: .xdata |
| E8FCC | D690 | .pdata | ExceptionHook | Pointer to D690 - 0xCA90 .text + UnwindInfo: .xdata |
| E8FD8 | D700 | .pdata | ExceptionHook | Pointer to D700 - 0xCB00 .text + UnwindInfo: .xdata |
| E8FE4 | D720 | .pdata | ExceptionHook | Pointer to D720 - 0xCB20 .text + UnwindInfo: .xdata |
| E8FF0 | D730 | .pdata | ExceptionHook | Pointer to D730 - 0xCB30 .text + UnwindInfo: .xdata |
| E8FFC | D760 | .pdata | ExceptionHook | Pointer to D760 - 0xCB60 .text + UnwindInfo: .xdata |
| E9008 | D7F0 | .pdata | ExceptionHook | Pointer to D7F0 - 0xCBF0 .text + UnwindInfo: .xdata |
| E9014 | D800 | .pdata | ExceptionHook | Pointer to D800 - 0xCC00 .text + UnwindInfo: .xdata |
| E9020 | D900 | .pdata | ExceptionHook | Pointer to D900 - 0xCD00 .text + UnwindInfo: .xdata |
| E902C | D910 | .pdata | ExceptionHook | Pointer to D910 - 0xCD10 .text + UnwindInfo: .xdata |
| E9038 | D980 | .pdata | ExceptionHook | Pointer to D980 - 0xCD80 .text + UnwindInfo: .xdata |
| E9044 | DAF0 | .pdata | ExceptionHook | Pointer to DAF0 - 0xCEF0 .text + UnwindInfo: .xdata |
| E9050 | DE50 | .pdata | ExceptionHook | Pointer to DE50 - 0xD250 .text + UnwindInfo: .xdata |
| E905C | DE90 | .pdata | ExceptionHook | Pointer to DE90 - 0xD290 .text + UnwindInfo: .xdata |
| E9068 | DEA0 | .pdata | ExceptionHook | Pointer to DEA0 - 0xD2A0 .text + UnwindInfo: .xdata |
| E9074 | E060 | .pdata | ExceptionHook | Pointer to E060 - 0xD460 .text + UnwindInfo: .xdata |
| E9080 | E0D0 | .pdata | ExceptionHook | Pointer to E0D0 - 0xD4D0 .text + UnwindInfo: .xdata |
| E908C | E140 | .pdata | ExceptionHook | Pointer to E140 - 0xD540 .text + UnwindInfo: .xdata |
| E9098 | E1D0 | .pdata | ExceptionHook | Pointer to E1D0 - 0xD5D0 .text + UnwindInfo: .xdata |
| E90A4 | E2D0 | .pdata | ExceptionHook | Pointer to E2D0 - 0xD6D0 .text + UnwindInfo: .xdata |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 630157 | 57,7558% |
| Null Byte Code | 189332 | 17,3528% |
| NOP Cave Found | 0x9090909090 | Block Count: 4811 | Total: 1,1024% |
© 2025 All rights reserved.