PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 963,00 KBSHA-256 Hash: F78F3BD2E8E230FB0070CF19FE6F0229244D28407CF1F9360ACEC39A43E7519D SHA-1 Hash: 7FF2DEB4A2ADA22B6C2A606F316771E341B7B485 MD5 Hash: D8ACA4683D2305227B874965C0D1CC0F Imphash: CC3045685B9784F10C9CCE3430A321CF MajorOSVersion: 5 MinorOSVersion: 1 CheckSum: 000F2154 EntryPoint (rva): 8A73E SizeOfHeaders: 400 SizeOfImage: F3000 ImageBase: 400000 Architecture: x86 ExportTable: BCED0 ImportTable: BB9B8 IAT: 92000 Characteristics: 102 TimeDateStamp: 637AE857 Date: 21/11/2022 2:54:15 File Type: EXE Number Of Sections: 5 ASLR: Enabled Section Names: .text, .rdata, .data, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 90C00 | 1000 | 90A92 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
91000 | 2B000 | 92000 | 2AF39 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
BC000 | 3600 | BD000 | 3E04 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
BF600 | 1CC00 | C1000 | 1CAD4 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
DC200 | 14A00 | DE000 | 1488E |
|
|
| Description |
| OriginalFilename: YBTool.exe CompanyName: YBTool Team LegalCopyright: Copyright (C) YBTool. ProductName: YBTool FileVersion: 1.0.0.1 FileDescription: YBTool ProductVersion: 1.0.0.1 Language: Chinese (People's Republic of China) (ID=0x804) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 89B3E Code -> E8A0040000E963FDFFFF6A1468D8604B00E8DC0100008365FC00FF4D10783A8B4D082B4D0C894D08FF5514EBED8B45EC8945 Assembler |CALL 0X14A5 |JMP 0XD6D |PUSH 0X14 |PUSH 0X4B60D8 |CALL 0X11F2 |AND DWORD PTR [EBP - 4], 0 |DEC DWORD PTR [EBP + 0X10] |JS 0X1059 |MOV ECX, DWORD PTR [EBP + 8] |SUB ECX, DWORD PTR [EBP + 0XC] |MOV DWORD PTR [EBP + 8], ECX |CALL DWORD PTR [EBP + 0X14] |JMP 0X101A |MOV EAX, DWORD PTR [EBP - 0X14] |
| Signatures |
| CheckSum Integrity Problem: • Header: 991572 • Calculated: 1035309 Rich Signature Analyzer: Code -> F05266D7B4330884B4330884B4330884BD4B9B84A0330884277D9084B6330884DB459684B1330884DB45A284A0330884DB45A384BC330884DB459484B3330884B4330984F4310884DB45A78454330884DB459384B5330884DB459284B5330884DB459584B533088452696368B4330884 Footprint md5 Hash -> 814F3E45CDF17EF2ECBB4D227F18301A • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Detect It Easy (die) • PE: compiler: EP:Microsoft Visual C/C++(2008-2010)[EXE32] • PE: compiler: Microsoft Visual C/C++(2010)[msvcrt] • PE: linker: Microsoft Linker(10.0)[-] • Entropy: 6.21898 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | CreateMutexA | Create a named or unnamed mutex object for controlling access to a shared resource. |
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| File Access |
| KToolDlg.exe MSVCP100.dll gdiplus.dll OLEAUT32.dll ole32.dll SHLWAPI.dll COMCTL32.dll SHELL32.dll ADVAPI32.dll GDI32.dll USER32.dll KERNEL32.dll MSVCR100.dll mfc100.dll KToolModuleParam.dll KToolLoadLayout.dll IDCreator.dll KToolHeadLayout.dll KToolCalbImage.dll KToolCalbTempImage.dll KToolCalbTemp.dll %s\SDMCS.dll DevDriver.dll DBGHELP.DLL @.dat Temp |
| File Access (UNICODE) |
| YBTool.exe |
| Interest's Words |
| PADDINGX Decrypt exec createobject start pause shutdown ping setx |
| Anti-VM/Sandbox/Debug Tricks |
| OllyDbg Libary - dbghelp.dll LabTools - taskmgr |
| URLs |
| http://schemas.microsoft.com/SMI/2005/WindowsSettings |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | File (CreateFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Execution (CreateEventA) |
| Text | Ascii | Privileges (SeDebugPrivilege) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ v7.0 |
| Entry Point | Hex Pattern | VC8 - Microsoft Corporation |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \AFX_DIALOG_LAYOUT\210\2052 | C22F4 | 2 | C08F4 | 0000 | .. |
| \BITMAP\132\2052 | C22F8 | 428 | C08F8 | 280000001000000010000000010020000000000000040000C40E0000C40E00000000000000000000000000000F15BF861117 | (............. ................................... |
| \BITMAP\133\2052 | C2720 | 268 | C0D20 | 280000000C0000000C000000010020000000000040020000C40E0000C40E0000000000000000000003042A25121AFE960202 | (............. .....@.....................*%...... |
| \BITMAP\134\2052 | C2988 | 4B8 | C0F88 | 280000000C0000000C000000010008000000000090000000C40E0000C40E000000010000000000000000000000EFFF0000FA | (................................................. |
| \BITMAP\135\2052 | C2E40 | 2428 | C1440 | 28000000C0000000100000000100180000000000002400000000000000000000000000000000000004040404040404040404 | (....................$............................ |
| \BITMAP\137\2052 | C5268 | 328 | C3868 | 2800000010000000100000000100180000000000000300000000000000000000000000000000000004040404040404040404 | (................................................. |
| \BITMAP\138\2052 | C5590 | 328 | C3B90 | 2800000010000000100000000100180000000000000300000000000000000000000000000000000004040404040404040404 | (................................................. |
| \BITMAP\139\2052 | C58B8 | 328 | C3EB8 | 2800000010000000100000000100180000000000000300000000000000000000000000000000000004040404040404040404 | (................................................. |
| \BITMAP\140\2052 | C5BE0 | 328 | C41E0 | 2800000010000000100000000100180000000000000300000000000000000000000000000000000004040404040404040404 | (................................................. |
| \BITMAP\141\2052 | C5F08 | 328 | C4508 | 2800000010000000100000000100180000000000000300000000000000000000000000000000000004040404040404040404 | (................................................. |
| \BITMAP\142\2052 | C6230 | 328 | C4830 | 2800000010000000100000000100180000000000000300000000000000000000000000000000000004040404040404040404 | (................................................. |
| \ICON\1\2052 | C6558 | 668 | C4B58 | 2800000030000000600000000100040000000000800400000000000000000000000000000000000000000000000080000080 | (...0............................................ |
| \ICON\2\2052 | C6BC0 | 2E8 | C51C0 | 2800000020000000400000000100040000000000000200000000000000000000100000001000000000000000000080000080 | (... ...@......................................... |
| \ICON\3\2052 | C6EA8 | 1E8 | C54A8 | 2800000018000000300000000100040000000000200100000000000000000000000000000000000000000000000080000080 | (.......0........... ............................. |
| \ICON\4\2052 | C7090 | 128 | C5690 | 2800000010000000200000000100040000000000800000000000000000000000000000000000000000000000000080000080 | (....... ......................................... |
| \ICON\5\2052 | C71B8 | EA8 | C57B8 | 28000000300000006000000001000800000000000009000000000000000000000001000000010000000000007C3C06005136 | (...0......................................|<..Q6 |
| \ICON\6\2052 | C8060 | 8A8 | C6660 | 28000000200000004000000001000800000000000004000000000000000000000001000000010000000000007E3D0700442D | (... ...@...................................~=..D- |
| \ICON\7\2052 | C8908 | 6C8 | C6F08 | 28000000180000003000000001000800000000004002000000000000000000000001000000010000000000004A343A001C5F | (.......0...........@.......................J4:.._ |
| \ICON\8\2052 | C8FD0 | 568 | C75D0 | 280000001000000020000000010008000000000000010000000000000000000000010000000100000000000054392800135F | (....... ...................................T9(.._ |
| \ICON\9\2052 | C9538 | 154C | C7B38 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000151349444154789CEDDD696054559A | .PNG........IHDR.............\r.f....IDATx...iTU. |
| \ICON\10\2052 | D2904 | 25A8 | D0F04 | 28000000300000006000000001002000000000008025000000000000000000000000000000000000A75E16FFA75E16FFA75E | (...0........ ......%......................... |
| \ICON\11\2052 | D4EAC | 10A8 | D34AC | 28000000200000004000000001002000000000008010000000000000000000000000000000000000A75E16FFA75E16FFA75E | (... ...@..... ................................ |
| \ICON\12\2052 | D5F54 | 988 | D4554 | 28000000180000003000000001002000000000006009000000000000000000000000000000000000A75E16FFA75E16FFA75E | (.......0..... ............................... |
| \ICON\13\2052 | D68DC | 468 | D4EDC | 28000000100000002000000001002000000000004004000000000000000000000000000000000000A75E16FFA75E16FFEDD3 | (....... ..... .....@........................... |
| \MENU\129\2052 | D6D44 | 3A2 | D5344 | 00000000100041006E006100000000000680590075006B006C000000000007804B0061007900640000000000000000008000 | ......A.n.a.......Y.u.k.l.......K.a.y.d........... |
| \DIALOG\102\2052 | D70E8 | 4E | D56E8 | 0100FFFF00000000000004004800CF90000000000000E0014B01FFFF8100000049007300167F918FE55D775100000900000000014D00530020005300680065006C006C00200044006C0067000000 | ............H...........K.......I.s......]wQ........M.S. .S.h.e.l.l. .D.l.g... |
| \DIALOG\103\2052 | D7138 | F0 | D5738 | 0100FFFF000000000000000048000840040000000000FE01D3000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\104\2052 | D7228 | 2BC | D5828 | 0100FFFF0000000000000000C800C880100000000000E800AC000000000045006B004C006F006A0047000000080000000000 | ..............................E.k.L.o.j.G......... |
| \DIALOG\130\2052 | D74E4 | 100 | D5AE4 | 0100FFFF000000000000000048000840050000000000BE01B7000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\131\2052 | D75E4 | 11A | D5BE4 | 0100FFFF0000000000000000480008400500000000009C01B7000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\132\2052 | D7700 | A2 | D5D00 | 0100FFFF0000000000000000480008400200000000007601B7000000000000000800900100014D0053002000530068006500 | ............H..@......v...............M.S. .S.h.e. |
| \DIALOG\133\2052 | D77A4 | F4 | D5DA4 | 0100FFFF0000000000000000480008400400000000003C01B7000000000000000800900100014D0053002000530068006500 | ............H..@......<...............M.S. .S.h.e. |
| \DIALOG\134\2052 | D7898 | CE | D5E98 | 0100FFFF0000000000000000480008400300000000003C01B7000000000000000800900100014D0053002000530068006500 | ............H..@......<...............M.S. .S.h.e. |
| \DIALOG\136\2052 | D7968 | 144 | D5F68 | 0100FFFF0000000000000000C800C880060000000000BF01F2000000000045006B0042006100730049000000080090010001 | ..............................E.k.B.a.s.I......... |
| \DIALOG\145\2052 | D7AAC | 244 | D60AC | 0100FFFF0000000000000000C800C8800E00000000008F00A600000000004700720070004F007A0020000000080090010001 | ..............................G.r.p.O.z. ......... |
| \DIALOG\153\2052 | D7CF0 | 40 | D62F0 | 0100FFFF0000000000000000480008400000000000003C01B7000000000000000800900100014D00530020005300680065006C006C00200044006C0067000000 | ............H..@......<...............M.S. .S.h.e.l.l. .D.l.g... |
| \DIALOG\156\2052 | D7D30 | 1E0 | D6330 | 0100FFFF0000000000000000C800C8800B0000000000AC00840000000000530062007400500000000800900100014D005300 | ..............................S.b.t.P.........M.S. |
| \DIALOG\157\2052 | D7F10 | 1E8 | D6510 | 0100FFFF0000000000000000C800C8800A00000000007B01F20000000000D17E9A5B47007200700049000000080090010001 | ......................{........~.[G.r.p.I......... |
| \DIALOG\158\2052 | D80F8 | 1B0 | D66F8 | 0100FFFF0000000000000000C800C8800A00000000008F00680000000000530067004F007A0000000800900100014D005300 | ........................h.....S.g.O.z.........M.S. |
| \DIALOG\160\2052 | D82A8 | DA | D68A8 | 0100FFFF0000000000000000C800C8800400000000003C011E000000000045006B004D006C0000000800900100014D005300 | ......................<.......E.k.M.l.........M.S. |
| \DIALOG\161\2052 | D8384 | 6A | D6984 | 0100FFFF0000000000000000480008400100000000003C01B7000000000000000800900100014D0053002000530068006500 | ............H..@......<...............M.S. .S.h.e. |
| \DIALOG\162\2052 | D83F0 | 6E | D69F0 | 0100FFFF000000000000000048008880010000000000C2001D000000000000000800900100014D0053002000530068006500 | ............H.........................M.S. .S.h.e. |
| \DIALOG\164\2052 | D8460 | 19C | D6A60 | 0100FFFF0000000000000000480008400900000000005D02B7000000000000000800900100014D0053002000530068006500 | ............H..@......]...............M.S. .S.h.e. |
| \DIALOG\166\2052 | D85FC | 18C | D6BFC | 0100FFFF0000000000000000C800C8800800000000001801F2000000000050969A5B5300670000000800900100014D005300 | ..............................P..[S.g.........M.S. |
| \DIALOG\167\2052 | D8788 | 24E | D6D88 | 0100FFFF0000000000000000480008400D0000000000F501B0000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\168\2052 | D89D8 | 51A | D6FD8 | 0100FFFF0000000000000000C800C8802000000000007D013801000000004200610073006B0000000800900100014D005300 | ................ .....}.8.....B.a.s.k.........M.S. |
| \DIALOG\169\2052 | D8EF4 | 222 | D74F4 | 0100FFFF0000000000000000C800C8800D0000000000BE00940000000000420073004100790000000800900100014D005300 | ..............................B.s.A.y.........M.S. |
| \DIALOG\172\2052 | D9118 | BC | D7718 | 0100FFFF0000000000000000480008400300000000007601B7000000000000000800900100014D0053002000530068006500 | ............H..@......v...............M.S. .S.h.e. |
| \DIALOG\174\2052 | D91D4 | 17C | D77D4 | 0100FFFF0000000000000000C800C88008000000000005016600000000004800730058007F9F6E8FD46B167F017800000800 | ........................f.....H.s.X...n..k...x.... |
| \DIALOG\175\2052 | D9350 | 158 | D7950 | 0100FFFF000000000000000048000840060000000000A701B7000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\176\2052 | D94A8 | 314 | D7AA8 | 0100FFFF0000000000000000C800C8801300000000003C01A400000000004D006F006E0000000800900100014D0053002000 | ......................<.......M.o.n.........M.S. . |
| \DIALOG\177\2052 | D97BC | D8 | D7DBC | 0100FFFF0000000000000000480008400400000000003C01B7000000000000000800900100014D0053002000530068006500 | ............H..@......<...............M.S. .S.h.e. |
| \DIALOG\178\2052 | D9894 | FC | D7E94 | 0100FFFF0000000000000000C800C880050000000000EE005100000000004B0066004700700000000800900100014D005300 | ........................Q.....K.f.G.p.........M.S. |
| \DIALOG\179\2052 | D9990 | 18A | D7F90 | 0100FFFF0000000000000000480008400800000000003C01B7000000000000000800900100014D0053002000530068006500 | ............H..@......<...............M.S. .S.h.e. |
| \DIALOG\180\2052 | D9B1C | 360 | D811C | 0100FFFF0000000000000000480008401400000000008302B7000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\181\2052 | D9E7C | 100 | D847C | 0100FFFF0000000000000000C800C880050000000000EE004A000000000054006D007A004B00610066000000080090010001 | ........................J.....T.m.z.K.a.f......... |
| \DIALOG\182\2052 | D9F7C | 192 | D857C | 0100FFFF0000000000000000C800C880090000000000EE0079000000000054006D007A004D0000000800900100014D005300 | ........................y.....T.m.z.M.........M.S. |
| \DIALOG\183\2052 | DA110 | F4 | D8710 | 0100FFFF0000000000000000480008400400000000003C01B7000000000000000800900100014D0053002000530068006500 | ............H..@......<...............M.S. .S.h.e. |
| \DIALOG\184\2052 | DA204 | 194 | D8804 | 0100FFFF0000000000000000C800C880090000000000EE0075000000000049006E006B00450000000800900100014D005300 | ........................u.....I.n.k.E.........M.S. |
| \DIALOG\185\2052 | DA398 | 198 | D8998 | 0100FFFF0000000000000000C800C880090000000000EE00750000000000EA81A85254006D007A004D000000080090010001 | ........................u........RT.m.z.M......... |
| \DIALOG\186\2052 | DA530 | 102 | D8B30 | 0100FFFF0000000000000000480008400400000000003C01B7000000000000000800900100014D0053002000530068006500 | ............H..@......<...............M.S. .S.h.e. |
| \DIALOG\187\2052 | DA634 | 40 | D8C34 | 0100FFFF0000000000000000480008400000000000003C01B7000000000000000800900100014D00530020005300680065006C006C00200044006C0067000000 | ............H..@......<...............M.S. .S.h.e.l.l. .D.l.g... |
| \DIALOG\193\2052 | DA674 | 2A8 | D8C74 | 0100FFFF0000000000000000C800C880100000000000D300AE00000000004B0061006C0000000800900100014D0053002000 | ..............................K.a.l.........M.S. . |
| \DIALOG\194\2052 | DA91C | 2C0 | D8F1C | 0100FFFF0000000000000000480008400E00000000006E02CB000000000000000800900100014D0053002000530068006500 | ............H..@......n...............M.S. .S.h.e. |
| \DIALOG\195\2052 | DABDC | 214 | D91DC | 0100FFFF0000000000000000C800C8800C00000000007C014601000000004B006600460069007A0020000000080090010001 | ......................|.F.....K.f.F.i.z. ......... |
| \DIALOG\196\2052 | DADF0 | 1F2 | D93F0 | 0100FFFF0000000000000000C800C8800B0000000000F0008B00000000004B0066004C006F006A0020000000080090010001 | ..............................K.f.L.o.j. ......... |
| \DIALOG\198\2052 | DAFE4 | 238 | D95E4 | 0100FFFF0000000000000000C800C8800D0000000000EE0089000000000049006E0000000800900100014D00530020005300 | ..............................I.n.........M.S. .S. |
| \DIALOG\199\2052 | DB21C | 148 | D981C | 0100FFFF0000000000000000C800C880070000000000EE00680000000000470072007000490000000800900100014D005300 | ........................h.....G.r.p.I.........M.S. |
| \DIALOG\200\2052 | DB364 | 1A0 | D9964 | 0100FFFF0000000000000000480008400800000000003C01B7000000000000000800900100014D0053002000530068006500 | ............H..@......<...............M.S. .S.h.e. |
| \DIALOG\201\2052 | DB504 | 102 | D9B04 | 0100FFFF0000000000000000C800C880050000000000EE004E000000000045006B0043006F006B004D005400700000000800 | ........................N.....E.k.C.o.k.M.T.p..... |
| \DIALOG\202\2052 | DB608 | C8 | D9C08 | 0100FFFF0000000000000000C800C8800300000000001601B9000000000049006E005300650000000800900100014D005300 | ..............................I.n.S.e.........M.S. |
| \DIALOG\203\2052 | DB6D0 | 42 | D9CD0 | 0100FFFF000000000000040048000850000000000000E0014B01FFFF8100000000000900000000014D00530020005300680065006C006C00200044006C0067000000 | ............H..P........K...............M.S. .S.h.e.l.l. .D.l.g... |
| \DIALOG\204\2052 | DB714 | 42 | D9D14 | 0100FFFF000000000000040048000850000000000000E0014B01FFFF8100000000000900000000014D00530020005300680065006C006C00200044006C0067000000 | ............H..P........K...............M.S. .S.h.e.l.l. .D.l.g... |
| \DIALOG\205\2052 | DB758 | 17C | D9D58 | 0100FFFF000000000000000048000840070000000000FB01B7000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\206\2052 | DB8D4 | 174 | D9ED4 | 0100FFFF0000000000000000C800C880080000000000EE0066000000000048007A0000000800900100014D00530020005300 | ........................f.....H.z.........M.S. .S. |
| \DIALOG\207\2052 | DBA48 | E2 | DA048 | 0100FFFF0000000000000000C800C8800400000000003B01AC0000000000530065006300460069007A000000080090010001 | ......................;.......S.e.c.F.i.z......... |
| \DIALOG\208\2052 | DBB2C | 2C6 | DA12C | 0100FFFF0000000000000000C800C880110000000000D300C800000000004B0061006C00216A7F6700000800900100014D00 | ..............................K.a.l.!j.g........M. |
| \DIALOG\209\2052 | DBDF4 | 124 | DA3F4 | 0100FFFF0000000000000000480008400600000000004601B7000000000000000800900100014D0053002000530068006500 | ............H..@......F...............M.S. .S.h.e. |
| \DIALOG\210\2052 | DBF18 | 74E | DA518 | 0100FFFF0000000000000400480008502B000000000091024B01FFFF8100000000000900000000014D005300200053006800 | ............H..P+.......K...............M.S. .S.h. |
| \DIALOG\211\2052 | DC668 | CC | DAC68 | 0100FFFF0000000000000000C800C8800300000000001601B90000000000460069007A0059003A0020000000080090010001 | ..............................F.i.z.Y.:. ......... |
| \DIALOG\212\2052 | DC734 | 260 | DAD34 | 0100FFFF0000000000000000480008400C00000000001D02DA000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\213\2052 | DC994 | 78 | DAF94 | 0100FFFF0000000000000000480008400100000000001901DF000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\214\2052 | DCA0C | D4 | DB00C | 0100FFFF0000000000000000C800C880030000000000630176010000000041006C0043006B004D006F006400500072000000 | ......................c.v.....A.l.C.k.M.o.d.P.r... |
| \DIALOG\215\2052 | DCAE0 | 13C | DB0E0 | 0100FFFF0000000000000000480008400600000000009C01B7000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\216\2052 | DCC1C | 108 | DB21C | 0100FFFF00000000000000004800C880040000000000FF0076010000000053006F006C005300610067004B006E0000000800 | ............H...........v.....S.o.l.S.a.g.K.n..... |
| \DIALOG\217\2052 | DCD24 | 104 | DB324 | 0100FFFF0000000000000000C800C88004000000000007014E00000000004B006C00470065006E006C000000080090010001 | ........................N.....K.l.G.e.n.l......... |
| \DIALOG\218\2052 | DCE28 | E4 | DB428 | 0100FFFF0000000000000000480008400400000000008302B7000000000000000800900100014D0053002000530068006500 | ............H..@......................M.S. .S.h.e. |
| \DIALOG\220\2052 | DCF0C | 150 | DB50C | 0100FFFF0000000000000000C800C880070000000000EE0068000000000044004900490073006C0033004400750072002000 | ........................h.....D.I.I.s.l.3.D.u.r. . |
| \DIALOG\221\2052 | DD05C | 27A | DB65C | 0100FFFF0000000000000000C800C8800F0000000000D300B200000000004B0061006C00216A7F6700000800900100014D00 | ..............................K.a.l.!j.g........M. |
| \STRING\7\2052 | DD2D8 | 42 | DB8D8 | 00000000000000000000100073518E4E200049007300167F918FE55D775128002600410029002E002E002E0001004100000000000000000000000000000000000000 | ............sQ.N .I.s......]wQ(.&.A.).........A................... |
| \GROUP_ICON\128\2052 | DD31C | BC | DB91C | 000001000D0030301000010004006806000001002020100001000400E802000002001818100001000400E801000003001010 | ......00......h..... ............................ |
| \VERSION\1\2052 | DD3D8 | 2C0 | DB9D8 | C00234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\1033 | DD698 | 25F | DBC98 | 3C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" |
| \240\133\2052 | DD8F8 | 1A7 | DBEF8 | 22047C039D0100003C4D464350726F7065727479477269645F4865616465724374726C3E545255453C2F4D464350726F7065 | ".|.....<MFCPropertyGrid_HeaderCtrl>TRUE</MFCPrope |
| \240\168\2052 | DDAA0 | 32 | DC0A0 | 3A04030405000000C6F4D3C3003A04030405000000BDFBD3C3003C040304030000004820003C040304030000004520000000 | :............:............<.......H .<.......E ... |
| Intelligent String |
| • YBTool.exe • 1.0.0.1 • I%s%s.%04d%02d%02d%02d%02d%02d.dmp • dbghelp.dll • Failed to save the mini-dump file to '%s' (error %d) • This file cannot be parsed in the current version. Please use version V%d.%d.%d.%d.%d or above!%s\SDMCS.dll • C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\atlmfc\include\afxwin1.inl • IDCreator.dll • (*.waf)|*.waf||.waf • ExtBoardEyleCmd • D:\SVN\5765\Code\KTool\Release\KToolDlg.pdb • mfc100.dll • MSVCR100.dll • COMCTL32.dll • <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><ms_windowsSettings:dpiAware xmlns:ms_windowsSettings="http://schemas.microsoft.com/SMI/2005/WindowsSettings" xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</ms_windowsSettings:dpiAware></windowsSettings></application></assembly>P"| |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 437 | 492050 | .text | CALL [static] | Indirect call to absolute memory address |
| 472 | 4921B0 | .text | CALL [static] | Indirect call to absolute memory address |
| 4B9 | 492000 | .text | CALL [static] | Indirect call to absolute memory address |
| 4D8 | 49200C | .text | CALL [static] | Indirect call to absolute memory address |
| 4E2 | 492048 | .text | CALL [static] | Indirect call to absolute memory address |
| 569 | 49204C | .text | CALL [static] | Indirect call to absolute memory address |
| 570 | 492008 | .text | CALL [static] | Indirect call to absolute memory address |
| 57A | 492048 | .text | CALL [static] | Indirect call to absolute memory address |
| 58E | 492044 | .text | CALL [static] | Indirect call to absolute memory address |
| 595 | 492004 | .text | CALL [static] | Indirect call to absolute memory address |
| 5C6 | 492040 | .text | CALL [static] | Indirect call to absolute memory address |
| 5D3 | 4921AC | .text | CALL [static] | Indirect call to absolute memory address |
| 630 | 49203C | .text | CALL [static] | Indirect call to absolute memory address |
| 63F | 49203C | .text | CALL [static] | Indirect call to absolute memory address |
| 653 | 492038 | .text | CALL [static] | Indirect call to absolute memory address |
| 69B | 4920C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 6AE | 4920BC | .text | CALL [static] | Indirect call to absolute memory address |
| 6DE | 4920B8 | .text | CALL [static] | Indirect call to absolute memory address |
| 6F4 | 4920B4 | .text | CALL [static] | Indirect call to absolute memory address |
| 6FB | 492044 | .text | CALL [static] | Indirect call to absolute memory address |
| 70F | 4920B0 | .text | CALL [static] | Indirect call to absolute memory address |
| 72B | 49200C | .text | CALL [static] | Indirect call to absolute memory address |
| 735 | 492048 | .text | CALL [static] | Indirect call to absolute memory address |
| 74C | 4920AC | .text | CALL [static] | Indirect call to absolute memory address |
| 754 | 492048 | .text | CALL [static] | Indirect call to absolute memory address |
| 769 | 4921B0 | .text | CALL [static] | Indirect call to absolute memory address |
| 777 | 4920AC | .text | CALL [static] | Indirect call to absolute memory address |
| 77F | 492048 | .text | CALL [static] | Indirect call to absolute memory address |
| 79B | 492044 | .text | CALL [static] | Indirect call to absolute memory address |
| 7A2 | 4920A8 | .text | CALL [static] | Indirect call to absolute memory address |
| 87B | 4928E4 | .text | CALL [static] | Indirect call to absolute memory address |
| 8F2 | 4928DC | .text | CALL [static] | Indirect call to absolute memory address |
| 909 | 492878 | .text | CALL [static] | Indirect call to absolute memory address |
| 920 | 492884 | .text | CALL [static] | Indirect call to absolute memory address |
| 931 | 4928D8 | .text | CALL [static] | Indirect call to absolute memory address |
| 941 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| 9F0 | 4921A8 | .text | CALL [static] | Indirect call to absolute memory address |
| A04 | 492888 | .text | CALL [static] | Indirect call to absolute memory address |
| A10 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| A5A | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| ACB | 4928E4 | .text | CALL [static] | Indirect call to absolute memory address |
| B42 | 4928DC | .text | CALL [static] | Indirect call to absolute memory address |
| B59 | 492878 | .text | CALL [static] | Indirect call to absolute memory address |
| B70 | 492884 | .text | CALL [static] | Indirect call to absolute memory address |
| B81 | 4928D8 | .text | CALL [static] | Indirect call to absolute memory address |
| B91 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| C44 | 4921A8 | .text | CALL [static] | Indirect call to absolute memory address |
| C58 | 492888 | .text | CALL [static] | Indirect call to absolute memory address |
| C64 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| CAE | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| D71 | 4928E4 | .text | CALL [static] | Indirect call to absolute memory address |
| D84 | 4928E4 | .text | CALL [static] | Indirect call to absolute memory address |
| D9C | 492040 | .text | CALL [static] | Indirect call to absolute memory address |
| DAF | 492874 | .text | CALL [static] | Indirect call to absolute memory address |
| DC0 | 4928D8 | .text | CALL [static] | Indirect call to absolute memory address |
| DD0 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| DDE | 492878 | .text | CALL [static] | Indirect call to absolute memory address |
| DF2 | 492860 | .text | CALL [static] | Indirect call to absolute memory address |
| E03 | 4928D8 | .text | CALL [static] | Indirect call to absolute memory address |
| E13 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| E2C | 492864 | .text | CALL [static] | Indirect call to absolute memory address |
| E3C | 4921D0 | .text | CALL [static] | Indirect call to absolute memory address |
| E4F | 492888 | .text | CALL [static] | Indirect call to absolute memory address |
| E5B | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| E67 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| E7B | 49203C | .text | CALL [static] | Indirect call to absolute memory address |
| E90 | 492038 | .text | CALL [static] | Indirect call to absolute memory address |
| EA1 | 4920A4 | .text | CALL [static] | Indirect call to absolute memory address |
| EB7 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| EC3 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| EEA | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| EF6 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| 1041 | 492858 | .text | CALL [static] | Indirect call to absolute memory address |
| 10F2 | 4928F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1143 | 49247C | .text | CALL [static] | Indirect call to absolute memory address |
| 1167 | 492684 | .text | CALL [static] | Indirect call to absolute memory address |
| 1208 | 49247C | .text | CALL [static] | Indirect call to absolute memory address |
| 122C | 492684 | .text | CALL [static] | Indirect call to absolute memory address |
| 1263 | 4928C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 13BB | 4928C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1427 | 4928C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1490 | 4928C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 1548 | 492208 | .text | CALL [static] | Indirect call to absolute memory address |
| 155C | 492208 | .text | CALL [static] | Indirect call to absolute memory address |
| 159D | 492208 | .text | CALL [static] | Indirect call to absolute memory address |
| 15BC | 49289C | .text | CALL [static] | Indirect call to absolute memory address |
| 15DD | 492208 | .text | CALL [static] | Indirect call to absolute memory address |
| 1608 | 4928F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1632 | 4928F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 168E | 492680 | .text | CALL [static] | Indirect call to absolute memory address |
| 16B6 | 4928E4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1700 | 492864 | .text | CALL [static] | Indirect call to absolute memory address |
| 1723 | 492864 | .text | CALL [static] | Indirect call to absolute memory address |
| 1737 | 492888 | .text | CALL [static] | Indirect call to absolute memory address |
| 1747 | 4928E0 | .text | CALL [static] | Indirect call to absolute memory address |
| 1771 | 4928F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1786 | 492690 | .text | CALL [static] | Indirect call to absolute memory address |
| 1793 | 4928F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 17B6 | 492210 | .text | CALL [static] | Indirect call to absolute memory address |
| 17C6 | 492210 | .text | CALL [static] | Indirect call to absolute memory address |
| 23265-2328F | N/A | .text | Unusual BP Cave, count: 43 |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 542143 | 54,9778% |
| Null Byte Code | 229034 | 23,226% |
© 2026 All rights reserved.