PREMIUM PESCAN.IO - Analysis Report

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 2,64 MB
SHA-256 Hash: 3622BA0DE67630BA668B36B14907E668E03C2971CFAAEA843772229857AE7455
SHA-1 Hash: 497282CA89FFE5BF670AD42094F5C0CAAB0C2289
MD5 Hash: DDFA503D0DBA2FCCD85A3C94150C0E5A
Imphash: 1EE5CEAA8651BF31EBD235088B7E8B9C
MajorOSVersion: 6
MinorOSVersion: 1
CheckSum: 002ADC49
EntryPoint (rva): 1350
SizeOfHeaders: 400
SizeOfImage: 2CC000
ImageBase: 000000029F980000
Architecture: x64
ExportTable: 2C4000
ImportTable: 2C5000
IAT: 2C52C4
Characteristics: 2226
TimeDateStamp: 0
Date: 01/01/1970
File Type: DLL
Number Of Sections: 11
ASLR: Disabled
Section Names (Optional Header): .text, .data, .rdata, .pdata, .xdata, .bss, .edata, .idata, .CRT, .tls, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60600060 (Code, Initialized Data, Executable, Readable) 400 EA400 1000 EA2606,18418901858,11
.data C0600040 (Initialized Data, Readable, Writeable) EA800 A800 EC000 A6E04,37333341981,64
.rdata 40600040 (Initialized Data, Readable) F5000 17A600 F7000 17A5906,919412944807,45
.pdata 40300040 (Initialized Data, Readable) 26F600 5A00 272000 58445,3259570021,56
.xdata 40300040 (Initialized Data, Readable) 275000 800 278000 6183,657791252,50
.bss C0600080 (Uninitialized Data, Readable, Writeable) 0 0 279000 4A700N/AN/A
.edata 40300040 (Initialized Data, Readable) 275800 400 2C4000 3D24,825217837,50
.idata C0300040 (Initialized Data, Readable, Writeable) 275C00 E00 2C5000 C084,0393200966,29
.CRT C0400040 (Initialized Data, Readable, Writeable) 276A00 200 2C6000 580,2383124003,00
.tls C0400040 (Initialized Data, Readable, Writeable) 276C00 200 2C7000 100,0000130560,00
.reloc 42300040 (Initialized Data, GP-Relative, Readable) 276E00 3600 2C8000 34805,399081547,74
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 750
Code -> 488B0549FD2600C70000000000E99EFEFFFF66662E0F1F8400000000000F1F004889CA488D0D867C2700E9219A0E0090488D
MOV RAX, QWORD PTR [RIP + 0X26FD49]
MOV DWORD PTR [RAX], 0
JMP 0XEB0
NOP WORD PTR CS:[RAX + RAX]
NOP DWORD PTR [RAX]
MOV RDX, RCX
LEA RCX, [RIP + 0X277C86]
JMP 0XEAA50
NOP

Signatures
CheckSum Integrity Problem:
Header: 2808905
Calculated: 2831205
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Detect It Easy (die)
PE+(64): compiler: MinGW(GCC: (GNU) 10.3.0)[-]
PE+(64): linker: GNU linker ld (GNU Binutils)(2.36)[-]
Entropy: 6.77941
Suspicious Functions
Library Function Description
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryW Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
ET Functions (carving)
Original Name -> Crypt.dll
_ctl_parser
_nl_expand_alias
_nl_msg_cat_cntr
bind_textdomain_codeset
bindtextdomain
dcgettext
dcngettext
dgettext
dngettext
gettext
libintl_bind_textdomain_codeset
libintl_bindtextdomain
libintl_dcgettext
libintl_dcngettext
libintl_dgettext
libintl_dngettext
libintl_fprintf
libintl_fwprintf
libintl_gettext
libintl_ngettext
libintl_printf
libintl_set_relocation_prefix
libintl_sprintf
libintl_swprintf
libintl_textdomain
libintl_version
libintl_vfprintf
libintl_vfwprintf
libintl_vprintf
libintl_vsprintf
libintl_vswprintf
libintl_vwprintf
libintl_wprintf
ngettext
textdomain
File Access
msvcrt.dll
KERNEL32.dll
Crypt.dll
bcryptprimitives.dll
created by 30517578125kernel32.dll
itab.sys
.dat
internal/abi.Name.Dat
main.ini
reflect.ini
unicode.ini
math.ini
errors.ini
iter.ini
sync.ini
internal/syscall/windows/sysdll.ini
internal/runtime/gc/scan.ini
internal/bytealg.ini
internal/cpu.Ini
Temp
WinDir
SysDir
UserProfile
File Access (UNICODE)
bcryptprimitives.dll
powrprof.dll
winmm.dll
ntdll.dll
Interest's Words
zombie
Encrypt
Encryption
exec
attrib
start
pause
shutdown
systeminfo
ping
expand
regini
replace
route
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii WinAPI Sockets (WSACleanup)
Text Ascii WinAPI Sockets (bind)
Text Ascii WinAPI Sockets (listen)
Text Ascii WinAPI Sockets (accept)
Text Ascii WinAPI Sockets (connect)
Text Ascii WinAPI Sockets (recv)
Text Ascii WinAPI Sockets (send)
Text Ascii Registry (RegOpenKeyEx)
Text Ascii File (GetTempPath)
Text Ascii File (CreateFile)
Text Ascii File (WriteFile)
Text Ascii File (ReadFile)
Text Ascii Encryption API (CryptAcquireContext)
Text Ascii Encryption API (CryptReleaseContext)
Text Ascii Anti-Analysis VM (GetSystemInfo)
Text Ascii Anti-Analysis VM (GetVersion)
Text Ascii Anti-Analysis VM (CreateToolhelp32Snapshot)
Text Ascii Reconnaissance (FindFirstFileW)
Text Ascii Reconnaissance (FindNextFileW)
Text Ascii Reconnaissance (FindClose)
Text Ascii Stealth (GetThreadContext)
Text Ascii Stealth (SetThreadContext)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (UnmapViewOfFile)
Text Ascii Stealth (MapViewOfFile)
Text Ascii Stealth (CreateFileMappingW)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Execution (CreateProcessA)
Text Ascii Execution (CreateProcessW)
Text Ascii Execution (ResumeThread)
Text Ascii Execution (CreateEventA)
Text Ascii Antivirus Software (esafe)
Text Ascii Technique used to circumvent security measures (Bypass)
Intelligent String
• .bss
• .tls
• @0@.bss
• .CRT
• ntdll.dll
• winmm.dll
• powrprof.dll
• bcryptprimitives.dll
• P,KERNEL32.dll
Flow Anomalies
Offset RVA Section Description
11AAE N/A .text JMP QWORD PTR [RIP+0xCF840F]
5DCE6 N/A .text JMP QWORD PTR [RIP+0x10740000]
5DDBB N/A .text JMP QWORD PTR [RIP+0x8B4D6500]
5E1BB N/A .text JMP QWORD PTR [RIP+0x24548900]
E3AF1 N/A .text CALL QWORD PTR [RIP+0x1E0BE5]
E3B0F N/A .text JMP QWORD PTR [RIP+0x1E0C6F]
E3B1A N/A .text CALL QWORD PTR [RIP+0x11FA0]
E3BCD N/A .text CALL QWORD PTR [RIP+0x1E0B39]
E3BE1 N/A .text CALL QWORD PTR [RIP+0x1E0BAD]
E3CA9 N/A .text CALL QWORD PTR [RIP+0x11E11]
E3CE0 N/A .text CALL QWORD PTR [RIP+0x1E0A26]
E3CF7 N/A .text CALL QWORD PTR [RIP+0x1E0A97]
E3D04 N/A .text CALL QWORD PTR [RIP+0x1E0ADA]
E3D18 N/A .text CALL QWORD PTR [RIP+0x11DA2]
E3D4F N/A .text CALL QWORD PTR [RIP+0x1E09B7]
E3D82 N/A .text JMP QWORD PTR [RIP+0x1E0A0C]
E3D9D N/A .text CALL QWORD PTR [RIP+0x1E0969]
E3DB1 N/A .text CALL QWORD PTR [RIP+0x1E09DD]
E3DE1 N/A .text CALL QWORD PTR [RIP+0x1E0925]
E3DF5 N/A .text CALL QWORD PTR [RIP+0x1E0999]
E3E2D N/A .text CALL QWORD PTR [RIP+0x1E08D9]
E3E41 N/A .text CALL QWORD PTR [RIP+0x1E094D]
E3E6D N/A .text CALL QWORD PTR [RIP+0x1E0899]
E3E81 N/A .text CALL QWORD PTR [RIP+0x1E090D]
E3EB1 N/A .text CALL QWORD PTR [RIP+0x1E0855]
E3EC5 N/A .text CALL QWORD PTR [RIP+0x1E08C9]
E3F46 N/A .text CALL QWORD PTR [RIP+0x11B74]
E3F73 N/A .text JMP QWORD PTR [RIP+0x1E075B]
E3F87 N/A .text CALL QWORD PTR [RIP+0x1E0877]
E4028 N/A .text CALL QWORD PTR [RIP+0x11A92]
E4AB5 N/A .text JMP QWORD PTR [RIP+0x600]
E8277 N/A .text JMP QWORD PTR [RIP+0x1DC48F]
E838F N/A .text CALL QWORD PTR [RIP+0x1DC3FF]
E845E N/A .text JMP QWORD PTR [RIP+0x1DC330]
E85BF N/A .text CALL QWORD PTR [RIP+0x1DC1CF]
E88F2 N/A .text CALL QWORD PTR [RIP+0x1DBE9C]
E91E9 N/A .text CALL QWORD PTR [RIP+0x1DB655]
E924E N/A .text CALL QWORD PTR [RIP+0x1DB5E8]
E9258 N/A .text CALL QWORD PTR [RIP+0x1DB4E6]
E9540 N/A .text CALL QWORD PTR [RIP+0x1DB1C6]
E9595 N/A .text JMP QWORD PTR [RIP+0x1DB1F9]
E95E4 N/A .text CALL QWORD PTR [RIP+0x1DB122]
E9603 N/A .text CALL QWORD PTR [RIP+0x1DB18B]
E9647 N/A .text CALL QWORD PTR [RIP+0x1DB0BF]
E968A N/A .text CALL QWORD PTR [RIP+0x1DB104]
E9765 N/A .text CALL QWORD PTR [RIP+0x1DAF91]
E9787 N/A .text CALL QWORD PTR [RIP+0x1DAFF7]
E9B90 N/A .text JMP QWORD PTR [RIP+0x1DACE6]
E9B98 N/A .text JMP QWORD PTR [RIP+0x1DACD6]
E9BA0 N/A .text JMP QWORD PTR [RIP+0x1DACBE]
E9BA8 N/A .text JMP QWORD PTR [RIP+0x1DACAE]
E9BB0 N/A .text JMP QWORD PTR [RIP+0x1DAC9E]
E9BB8 N/A .text JMP QWORD PTR [RIP+0x1DAC8E]
E9BC0 N/A .text JMP QWORD PTR [RIP+0x1DAC7E]
E9BC8 N/A .text JMP QWORD PTR [RIP+0x1DAC6E]
E9BD0 N/A .text JMP QWORD PTR [RIP+0x1DAC5E]
E9BD8 N/A .text JMP QWORD PTR [RIP+0x1DAC4E]
E9BE0 N/A .text JMP QWORD PTR [RIP+0x1DAC3E]
E9BE8 N/A .text JMP QWORD PTR [RIP+0x1DAC2E]
E9BF0 N/A .text JMP QWORD PTR [RIP+0x1DAC1E]
E9BF8 N/A .text JMP QWORD PTR [RIP+0x1DAC0E]
E9C00 N/A .text JMP QWORD PTR [RIP+0x1DABFE]
E9C08 N/A .text JMP QWORD PTR [RIP+0x1DABEE]
E9C10 N/A .text JMP QWORD PTR [RIP+0x1DABDE]
E9C18 N/A .text JMP QWORD PTR [RIP+0x1DABCE]
E9C20 N/A .text JMP QWORD PTR [RIP+0x1DABBE]
E9C28 N/A .text JMP QWORD PTR [RIP+0x1DABAE]
E9C30 N/A .text JMP QWORD PTR [RIP+0x1DAB9E]
E9C38 N/A .text JMP QWORD PTR [RIP+0x1DAB8E]
E9C40 N/A .text JMP QWORD PTR [RIP+0x1DAB7E]
E9C48 N/A .text JMP QWORD PTR [RIP+0x1DAB6E]
E9C50 N/A .text JMP QWORD PTR [RIP+0x1DAB5E]
E9C58 N/A .text JMP QWORD PTR [RIP+0x1DAB4E]
E9C60 N/A .text JMP QWORD PTR [RIP+0x1DAB36]
E9C68 N/A .text JMP QWORD PTR [RIP+0x1DAB26]
E9C70 N/A .text JMP QWORD PTR [RIP+0x1DAB0E]
E9C78 N/A .text JMP QWORD PTR [RIP+0x1DAAFE]
E9C80 N/A .text JMP QWORD PTR [RIP+0x1DAAEE]
E9C88 N/A .text JMP QWORD PTR [RIP+0x1DAADE]
E9C90 N/A .text JMP QWORD PTR [RIP+0x1DAACE]
E9C98 N/A .text JMP QWORD PTR [RIP+0x1DAABE]
E9CA0 N/A .text JMP QWORD PTR [RIP+0x1DAAAE]
E9CA8 N/A .text JMP QWORD PTR [RIP+0x1DAA9E]
E9CB0 N/A .text JMP QWORD PTR [RIP+0x1DAA8E]
E9CB8 N/A .text JMP QWORD PTR [RIP+0x1DAA7E]
E9CC0 N/A .text JMP QWORD PTR [RIP+0x1DAA6E]
E9CC8 N/A .text JMP QWORD PTR [RIP+0x1DAA5E]
E9CD0 N/A .text JMP QWORD PTR [RIP+0x1DAA4E]
E9CD8 N/A .text JMP QWORD PTR [RIP+0x1DAA3E]
E9CE0 N/A .text JMP QWORD PTR [RIP+0x1DAA2E]
E9CE8 N/A .text JMP QWORD PTR [RIP+0x1DAA1E]
E9CF0 N/A .text JMP QWORD PTR [RIP+0x1DAA0E]
E9CF8 N/A .text JMP QWORD PTR [RIP+0x1DA9FE]
E9D00 N/A .text JMP QWORD PTR [RIP+0x1DA9EE]
E9D08 N/A .text JMP QWORD PTR [RIP+0x1DA9DE]
E9D10 N/A .text JMP QWORD PTR [RIP+0x1DA9CE]
E9D18 N/A .text JMP QWORD PTR [RIP+0x1DA9BE]
E9D20 N/A .text JMP QWORD PTR [RIP+0x1DA9AE]
E9D28 N/A .text JMP QWORD PTR [RIP+0x1DA99E]
E9D30 N/A .text JMP QWORD PTR [RIP+0x1DA98E]
788A2-789A0 N/A .text Potential obfuscated jump sequence detected, count: 51
901-91F N/A .text Unusual BP Cave, count: 31
21C2-21DF N/A .text Unusual BP Cave, count: 30
806F-809F N/A .text Unusual BP Cave, count: 49
14022-1403F N/A .text Unusual BP Cave, count: 30
15542-1555F N/A .text Unusual BP Cave, count: 30
18642-1865F N/A .text Unusual BP Cave, count: 30
18D61-18D7F N/A .text Unusual BP Cave, count: 31
1A962-1A97F N/A .text Unusual BP Cave, count: 30
1F482-1F49F N/A .text Unusual BP Cave, count: 30
1FA82-1FA9F N/A .text Unusual BP Cave, count: 30
20EA2-20EBF N/A .text Unusual BP Cave, count: 30
24362-2437F N/A .text Unusual BP Cave, count: 30
28741-2875F N/A .text Unusual BP Cave, count: 31
2B222-2B23F N/A .text Unusual BP Cave, count: 30
39902-3991F N/A .text Unusual BP Cave, count: 30
3A6E2-3A6FF N/A .text Unusual BP Cave, count: 30
3A7A1-3A7BF N/A .text Unusual BP Cave, count: 31
40D82-40D9F N/A .text Unusual BP Cave, count: 30
43162-4317F N/A .text Unusual BP Cave, count: 30
43AA1-43ABF N/A .text Unusual BP Cave, count: 31
43AE1-43AFF N/A .text Unusual BP Cave, count: 31
4CD82-4CD9F N/A .text Unusual BP Cave, count: 30
51542-5155F N/A .text Unusual BP Cave, count: 30
526C2-526DF N/A .text Unusual BP Cave, count: 30
53182-5319F N/A .text Unusual BP Cave, count: 30
55D81-55D9F N/A .text Unusual BP Cave, count: 31
5ADE1-5ADFF N/A .text Unusual BP Cave, count: 31
5C742-5C75F N/A .text Unusual BP Cave, count: 30
5CEC2-5CEDF N/A .text Unusual BP Cave, count: 30
60122-6013F N/A .text Unusual BP Cave, count: 30
607C2-607DF N/A .text Unusual BP Cave, count: 30
66921-6693F N/A .text Unusual BP Cave, count: 31
66C82-66C9F N/A .text Unusual BP Cave, count: 30
68A22-68A3F N/A .text Unusual BP Cave, count: 30
6A0C2-6A0DF N/A .text Unusual BP Cave, count: 30
6E301-6E31F N/A .text Unusual BP Cave, count: 31
6EFC2-6EFDF N/A .text Unusual BP Cave, count: 30
6F7A2-6F7BF N/A .text Unusual BP Cave, count: 30
72FA1-72FBF N/A .text Unusual BP Cave, count: 31
73E01-73E1F N/A .text Unusual BP Cave, count: 31
74022-7403F N/A .text Unusual BP Cave, count: 30
75761-7577F N/A .text Unusual BP Cave, count: 31
759C2-759DF N/A .text Unusual BP Cave, count: 30
7AA21-7AA3F N/A .text Unusual BP Cave, count: 31
80BA2-80BBF N/A .text Unusual BP Cave, count: 30
80C22-80C3F N/A .text Unusual BP Cave, count: 30
E3145-E3190 N/A .text Unusual BP Cave, count: 76
276A30 E9C30 .CRT TLS Callback | Pointer to 29FA69C30 - 0xE9030 .text
276A38 E9C00 .CRT TLS Callback | Pointer to 29FA69C00 - 0xE9000 .text
26F600 1000 .pdata ExceptionHook | Pointer to 1000 - 0x400 .text + UnwindInfo: .xdata
26F60C 1010 .pdata ExceptionHook | Pointer to 1010 - 0x410 .text + UnwindInfo: .xdata
26F618 1200 .pdata ExceptionHook | Pointer to 1200 - 0x600 .text + UnwindInfo: .xdata
26F624 1350 .pdata ExceptionHook | Pointer to 1350 - 0x750 .text + UnwindInfo: .xdata
26F630 1370 .pdata ExceptionHook | Pointer to 1370 - 0x770 .text + UnwindInfo: .xdata
26F63C 1380 .pdata ExceptionHook | Pointer to 1380 - 0x780 .text + UnwindInfo: .xdata
26F648 1390 .pdata ExceptionHook | Pointer to 1390 - 0x790 .text + UnwindInfo: .xdata
26F654 1420 .pdata ExceptionHook | Pointer to 1420 - 0x820 .text + UnwindInfo: .xdata
26F660 1520 .pdata ExceptionHook | Pointer to 1520 - 0x920 .text + UnwindInfo: .xdata
26F66C 1580 .pdata ExceptionHook | Pointer to 1580 - 0x980 .text + UnwindInfo: .xdata
26F678 1600 .pdata ExceptionHook | Pointer to 1600 - 0xA00 .text + UnwindInfo: .xdata
26F684 16A0 .pdata ExceptionHook | Pointer to 16A0 - 0xAA0 .text + UnwindInfo: .xdata
26F690 17A0 .pdata ExceptionHook | Pointer to 17A0 - 0xBA0 .text + UnwindInfo: .xdata
26F69C 1840 .pdata ExceptionHook | Pointer to 1840 - 0xC40 .text + UnwindInfo: .xdata
26F6A8 18C0 .pdata ExceptionHook | Pointer to 18C0 - 0xCC0 .text + UnwindInfo: .xdata
26F6B4 1920 .pdata ExceptionHook | Pointer to 1920 - 0xD20 .text + UnwindInfo: .xdata
26F6C0 1E20 .pdata ExceptionHook | Pointer to 1E20 - 0x1220 .text + UnwindInfo: .xdata
26F6CC 29A0 .pdata ExceptionHook | Pointer to 29A0 - 0x1DA0 .text + UnwindInfo: .xdata
26F6D8 2A20 .pdata ExceptionHook | Pointer to 2A20 - 0x1E20 .text + UnwindInfo: .xdata
26F6E4 30E0 .pdata ExceptionHook | Pointer to 30E0 - 0x24E0 .text + UnwindInfo: .xdata
26F6F0 3320 .pdata ExceptionHook | Pointer to 3320 - 0x2720 .text + UnwindInfo: .xdata
26F6FC 35A0 .pdata ExceptionHook | Pointer to 35A0 - 0x29A0 .text + UnwindInfo: .xdata
26F708 36C0 .pdata ExceptionHook | Pointer to 36C0 - 0x2AC0 .text + UnwindInfo: .xdata
26F714 3820 .pdata ExceptionHook | Pointer to 3820 - 0x2C20 .text + UnwindInfo: .xdata
26F720 3B00 .pdata ExceptionHook | Pointer to 3B00 - 0x2F00 .text + UnwindInfo: .xdata
26F72C 3B80 .pdata ExceptionHook | Pointer to 3B80 - 0x2F80 .text + UnwindInfo: .xdata
26F738 3D20 .pdata ExceptionHook | Pointer to 3D20 - 0x3120 .text + UnwindInfo: .xdata
26F744 3F20 .pdata ExceptionHook | Pointer to 3F20 - 0x3320 .text + UnwindInfo: .xdata
26F750 3F80 .pdata ExceptionHook | Pointer to 3F80 - 0x3380 .text + UnwindInfo: .xdata
26F75C 40E0 .pdata ExceptionHook | Pointer to 40E0 - 0x34E0 .text + UnwindInfo: .xdata
26F768 4240 .pdata ExceptionHook | Pointer to 4240 - 0x3640 .text + UnwindInfo: .xdata
26F774 4460 .pdata ExceptionHook | Pointer to 4460 - 0x3860 .text + UnwindInfo: .xdata
26F780 46A0 .pdata ExceptionHook | Pointer to 46A0 - 0x3AA0 .text + UnwindInfo: .xdata
26F78C 47A0 .pdata ExceptionHook | Pointer to 47A0 - 0x3BA0 .text + UnwindInfo: .xdata
26F798 48C0 .pdata ExceptionHook | Pointer to 48C0 - 0x3CC0 .text + UnwindInfo: .xdata
26F7A4 4AA0 .pdata ExceptionHook | Pointer to 4AA0 - 0x3EA0 .text + UnwindInfo: .xdata
26F7B0 4C80 .pdata ExceptionHook | Pointer to 4C80 - 0x4080 .text + UnwindInfo: .xdata
26F7BC 5000 .pdata ExceptionHook | Pointer to 5000 - 0x4400 .text + UnwindInfo: .xdata
26F7C8 5140 .pdata ExceptionHook | Pointer to 5140 - 0x4540 .text + UnwindInfo: .xdata
26F7D4 5240 .pdata ExceptionHook | Pointer to 5240 - 0x4640 .text + UnwindInfo: .xdata
26F7E0 58C0 .pdata ExceptionHook | Pointer to 58C0 - 0x4CC0 .text + UnwindInfo: .xdata
26F7EC 5920 .pdata ExceptionHook | Pointer to 5920 - 0x4D20 .text + UnwindInfo: .xdata
26F7F8 5B40 .pdata ExceptionHook | Pointer to 5B40 - 0x4F40 .text + UnwindInfo: .xdata
26F804 5D20 .pdata ExceptionHook | Pointer to 5D20 - 0x5120 .text + UnwindInfo: .xdata
26F810 6020 .pdata ExceptionHook | Pointer to 6020 - 0x5420 .text + UnwindInfo: .xdata
26F81C 65E0 .pdata ExceptionHook | Pointer to 65E0 - 0x59E0 .text + UnwindInfo: .xdata
26F828 6800 .pdata ExceptionHook | Pointer to 6800 - 0x5C00 .text + UnwindInfo: .xdata
26F834 6A20 .pdata ExceptionHook | Pointer to 6A20 - 0x5E20 .text + UnwindInfo: .xdata
26F840 6DC0 .pdata ExceptionHook | Pointer to 6DC0 - 0x61C0 .text + UnwindInfo: .xdata
26F84C 7160 .pdata ExceptionHook | Pointer to 7160 - 0x6560 .text + UnwindInfo: .xdata
26F858 7420 .pdata ExceptionHook | Pointer to 7420 - 0x6820 .text + UnwindInfo: .xdata
26F864 79C0 .pdata ExceptionHook | Pointer to 79C0 - 0x6DC0 .text + UnwindInfo: .xdata
26F870 7A20 .pdata ExceptionHook | Pointer to 7A20 - 0x6E20 .text + UnwindInfo: .xdata
26F87C 7B20 .pdata ExceptionHook | Pointer to 7B20 - 0x6F20 .text + UnwindInfo: .xdata
26F888 8CA0 .pdata ExceptionHook | Pointer to 8CA0 - 0x80A0 .text + UnwindInfo: .xdata
26F894 8E20 .pdata ExceptionHook | Pointer to 8E20 - 0x8220 .text + UnwindInfo: .xdata
26F8A0 9120 .pdata ExceptionHook | Pointer to 9120 - 0x8520 .text + UnwindInfo: .xdata
26F8AC 92E0 .pdata ExceptionHook | Pointer to 92E0 - 0x86E0 .text + UnwindInfo: .xdata
26F8B8 94E0 .pdata ExceptionHook | Pointer to 94E0 - 0x88E0 .text + UnwindInfo: .xdata
26F8C4 9740 .pdata ExceptionHook | Pointer to 9740 - 0x8B40 .text + UnwindInfo: .xdata
26F8D0 9860 .pdata ExceptionHook | Pointer to 9860 - 0x8C60 .text + UnwindInfo: .xdata
26F8DC 9A40 .pdata ExceptionHook | Pointer to 9A40 - 0x8E40 .text + UnwindInfo: .xdata
26F8E8 9C40 .pdata ExceptionHook | Pointer to 9C40 - 0x9040 .text + UnwindInfo: .xdata
26F8F4 9D00 .pdata ExceptionHook | Pointer to 9D00 - 0x9100 .text + UnwindInfo: .xdata
26F900 9E20 .pdata ExceptionHook | Pointer to 9E20 - 0x9220 .text + UnwindInfo: .xdata
26F90C A440 .pdata ExceptionHook | Pointer to A440 - 0x9840 .text + UnwindInfo: .xdata
26F918 A860 .pdata ExceptionHook | Pointer to A860 - 0x9C60 .text + UnwindInfo: .xdata
26F924 AAA0 .pdata ExceptionHook | Pointer to AAA0 - 0x9EA0 .text + UnwindInfo: .xdata
26F930 AF80 .pdata ExceptionHook | Pointer to AF80 - 0xA380 .text + UnwindInfo: .xdata
26F93C B460 .pdata ExceptionHook | Pointer to B460 - 0xA860 .text + UnwindInfo: .xdata
26F948 B7A0 .pdata ExceptionHook | Pointer to B7A0 - 0xABA0 .text + UnwindInfo: .xdata
26F954 B8E0 .pdata ExceptionHook | Pointer to B8E0 - 0xACE0 .text + UnwindInfo: .xdata
26F960 BFE0 .pdata ExceptionHook | Pointer to BFE0 - 0xB3E0 .text + UnwindInfo: .xdata
26F96C C060 .pdata ExceptionHook | Pointer to C060 - 0xB460 .text + UnwindInfo: .xdata
26F978 C5C0 .pdata ExceptionHook | Pointer to C5C0 - 0xB9C0 .text + UnwindInfo: .xdata
26F984 CAA0 .pdata ExceptionHook | Pointer to CAA0 - 0xBEA0 .text + UnwindInfo: .xdata
26F990 CBE0 .pdata ExceptionHook | Pointer to CBE0 - 0xBFE0 .text + UnwindInfo: .xdata
26F99C CC60 .pdata ExceptionHook | Pointer to CC60 - 0xC060 .text + UnwindInfo: .xdata
26F9A8 D040 .pdata ExceptionHook | Pointer to D040 - 0xC440 .text + UnwindInfo: .xdata
26F9B4 D180 .pdata ExceptionHook | Pointer to D180 - 0xC580 .text + UnwindInfo: .xdata
26F9C0 D240 .pdata ExceptionHook | Pointer to D240 - 0xC640 .text + UnwindInfo: .xdata
26F9CC D460 .pdata ExceptionHook | Pointer to D460 - 0xC860 .text + UnwindInfo: .xdata
26F9D8 D7C0 .pdata ExceptionHook | Pointer to D7C0 - 0xCBC0 .text + UnwindInfo: .xdata
26F9E4 DA80 .pdata ExceptionHook | Pointer to DA80 - 0xCE80 .text + UnwindInfo: .xdata
26F9F0 DB40 .pdata ExceptionHook | Pointer to DB40 - 0xCF40 .text + UnwindInfo: .xdata
26F9FC DC00 .pdata ExceptionHook | Pointer to DC00 - 0xD000 .text + UnwindInfo: .xdata
26FA08 DDE0 .pdata ExceptionHook | Pointer to DDE0 - 0xD1E0 .text + UnwindInfo: .xdata
26FA14 DE20 .pdata ExceptionHook | Pointer to DE20 - 0xD220 .text + UnwindInfo: .xdata
26FA20 DEC0 .pdata ExceptionHook | Pointer to DEC0 - 0xD2C0 .text + UnwindInfo: .xdata
26FA2C DFA0 .pdata ExceptionHook | Pointer to DFA0 - 0xD3A0 .text + UnwindInfo: .xdata
26FA38 E0A0 .pdata ExceptionHook | Pointer to E0A0 - 0xD4A0 .text + UnwindInfo: .xdata
26FA44 E660 .pdata ExceptionHook | Pointer to E660 - 0xDA60 .text + UnwindInfo: .xdata
26FA50 E6A0 .pdata ExceptionHook | Pointer to E6A0 - 0xDAA0 .text + UnwindInfo: .xdata
26FA5C E800 .pdata ExceptionHook | Pointer to E800 - 0xDC00 .text + UnwindInfo: .xdata
26FA68 E840 .pdata ExceptionHook | Pointer to E840 - 0xDC40 .text + UnwindInfo: .xdata
26FA74 E880 .pdata ExceptionHook | Pointer to E880 - 0xDC80 .text + UnwindInfo: .xdata
26FA80 E8C0 .pdata ExceptionHook | Pointer to E8C0 - 0xDCC0 .text + UnwindInfo: .xdata
26FA8C E980 .pdata ExceptionHook | Pointer to E980 - 0xDD80 .text + UnwindInfo: .xdata
26FA98 EA40 .pdata ExceptionHook | Pointer to EA40 - 0xDE40 .text + UnwindInfo: .xdata
26FAA4 EAA0 .pdata ExceptionHook | Pointer to EAA0 - 0xDEA0 .text + UnwindInfo: .xdata
27A400 N/A *Overlay* 0000000004000000000000000100200003010000 | .............. .....
Extra Analysis
Metric Value Percentage
Ascii Code 1647108 59,4048%
Null Byte Code 502625 18,1277%
NOP Cave Found 0x9090909090 Block Count: 45 | Total: 0,0041%
© 2026 All rights reserved.