PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 785,00 KBSHA-256 Hash: 39BBC85F74A97E15CD6F0ADAABA719D443B69FA9E9FDFBC0A604CC6C64769360 SHA-1 Hash: 0826A754D683E235A24365FBD7B11E39C1D3B3E6 MD5 Hash: E9E7ABA622BE34FC5972C57CE6B2D739 Imphash: 15802F6D39F794E98ABB5079E15C931F MajorOSVersion: 6 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 89A10 SizeOfHeaders: 400 SizeOfImage: CB000 ImageBase: 0000000140000000 Architecture: x64 ImportTable: B2968 IAT: 8B000 Characteristics: 23 TimeDateStamp: 69DDB47C Date: 14/04/2026 3:29:00 File Type: EXE Number Of Sections: 5 ASLR: Disabled Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc Number Of Executable Sections: 1 Subsystem: Windows GUI |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 89A00 | 1000 | 89868 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
89E00 | 29400 | 8B000 | 29216 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
B3200 | 8400 | B5000 | BAE0 |
|
|
| .pdata | 0x40000040 Initialized Data Readable |
BB600 | 4400 | C1000 | 4284 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
BFA00 | 4A00 | C6000 | 4938 |
|
|
| Description |
| CompanyName: My Custom Company LegalCopyright: (c) 2026 My Custom Company ProductName: My Custom App FileVersion: 1.0.0.0 FileDescription: My Custom Application ProductVersion: 1.0.0.0 Language: English (United States) (ID=0x409) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) have the Entry Point Information -> EntryPoint (calculated) - 88E10 Code -> 4883EC28E8C30600004883C428E97AFEFFFFCCCCE98B080000CCCCCC40534883EC20488BD9488BC2488D0DC92100000F57C0 Assembler |SUB RSP, 0X28 |CALL 0X16CC |ADD RSP, 0X28 |JMP 0XE8C |INT3 |INT3 |JMP 0X18A4 |INT3 |INT3 |INT3 |PUSH RBX |SUB RSP, 0X20 |MOV RBX, RCX |MOV RAX, RDX |LEA RCX, [RIP + 0X21C9] |XORPS XMM0, XMM0 |
| Signatures |
| Rich Signature Analyzer: Code -> 7756B5F73337DBA43337DBA43337DBA43A4F48A42137DBA4B4BEDAA53737DBA4B4BED8A53037DBA4B4BEDFA53A37DBA4B4BEDEA52C37DBA44AB6DFA53437DBA44AB6DEA53237DBA44AB6DDA53237DBA44AB6DAA53037DBA43337DAA42835DBA4AABED8A53137DBA4AABED2A57137DBA4AABE24A43237DBA4AABED9A53237DBA4526963683337DBA4 Footprint md5 Hash -> 6C5BBF7C47F6431CF68B993EF13000A6 • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Detect It Easy (die) • PE+(64): compiler: Microsoft Visual C/C++(-)[-] • PE+(64): linker: Microsoft Linker(14.44**)[-] • Entropy: 6.32349 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | CreateMutexW | Create a named or unnamed mutex object for controlling access to a shared resource. |
| KERNEL32.DLL | CopyFileW | Copies an existing file to a new file. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | CreateToolhelp32Snapshot | Creates a snapshot of the specified processes, heaps, threads, and modules. |
| KERNEL32.DLL | WriteProcessMemory | Writes data to an area of memory in a specified process. |
| KERNEL32.DLL | ReadProcessMemory | Reads data from an area of memory in a specified process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| USER32.DLL | GetAsyncKeyState | Retrieves the status of a virtual key asynchronously. |
| SHELL32.DLL | ShellExecuteExW | Performs a run operation on a specific file. |
| Windows REG (UNICODE) |
| SOFTWARE\AutoHotkey SYSTEM\CurrentControlSet\Control\Keyboard Layouts\ |
| File Access |
| api-ms-win-crt-locale-l1-1-0.dll api-ms-win-crt-filesystem-l1-1-0.dll api-ms-win-crt-math-l1-1-0.dll api-ms-win-crt-utility-l1-1-0.dll api-ms-win-crt-convert-l1-1-0.dll api-ms-win-crt-stdio-l1-1-0.dll api-ms-win-crt-heap-l1-1-0.dll api-ms-win-crt-runtime-l1-1-0.dll api-ms-win-crt-string-l1-1-0.dll VCRUNTIME140.dll VCRUNTIME140_1.dll KERNEL32.dll OLEAUT32.dll Fole32.dll SHELL32.dll ADVAPI32.dll GDI32.dll USER32.dll dwmapi.dll UxTheme.dll SHLWAPI.dll WININET.dll PSAPI.DLL COMCTL32.dll VERSION.dll WINMM.dll WSOCK32.dll .dat @.dat Temp |
| File Access (UNICODE) |
| \AutoHotkey.exe ntdll.dll user32.dll msftedit.dll KERNEL32.DLL cmd,.hta exe,.bat Temp WinDir ProgramFiles AppData |
| Interest's Words |
| exec attrib start shutdown systeminfo expand replace |
| Interest's Words (UNICODE) |
| PassWord exec attrib start pause comspec shutdown dism expand replace |
| URLs |
| http://schemas.microsoft.com/SMI/2005/WindowsSettings http://schemas.microsoft.com/SMI/2016/WindowsSettings |
| URLs (UNICODE) |
| https://example.com https://example.com in default browser. |
| IP Addresses |
| 2.0.00.00 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Unicode | WinAPI Sockets (accept) |
| Text | Ascii | Registry (RegCreateKeyEx) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | Registry (RegDeleteKeyEx) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (CopyFile) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Service (OpenSCManager) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Unicode | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Anti-Analysis VM (CreateToolhelp32Snapshot) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Stealth (ReadProcessMemory) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Unicode | Privileges (SeShutdownPrivilege) |
| Text | Unicode | Keyboard Key ([F5]) |
| Text | Unicode | Keyboard Key (ALTDOWN) |
| Text | Unicode | Keyboard Key (ALTUP) |
| Text | Unicode | Keyboard Key (SHIFTDOWN) |
| Text | Unicode | Keyboard Key (SHIFTUP) |
| Text | Unicode | Keyboard Key (CTRLDOWN) |
| Text | Unicode | Keyboard Key (CONTROLDOWN) |
| Text | Unicode | Keyboard Key (CTRLUP) |
| Text | Unicode | Keyboard Key (CONTROLUP) |
| Text | Unicode | Keyboard Key (LWINDOWN) |
| Text | Unicode | Keyboard Key (LWINUP) |
| Text | Unicode | Keyboard Key (RWINDOWN) |
| Text | Unicode | Keyboard Key (RWINUP) |
| Text | Ascii | Keyboard Key (Scroll) |
| Text | Unicode | Keyboard Key (Scroll) |
| Text | Unicode | Keyboard Key (UpArrow) |
| Text | Unicode | Keyboard Key (CapsLock) |
| Text | Unicode | Keyboard Key (Backspace) |
| Text | Unicode | Malware that monitors and collects user data (Spy) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 (DLL) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \ICON\1\1033 | C6F78 | 244 | C0978 | 89504E470D0A1A0A0000000D4948445200000020000000200806000000737A7AF40000000774494D4507E6070C00221AAEEF | .PNG........IHDR... ... .....szz.....tIME....."... |
| \ICON\2\1033 | C71C0 | 197 | C0BC0 | 89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF610000000774494D4507E6070C00221AAEEF | .PNG........IHDR................a....tIME....."... |
| \ICON\3\1033 | C7358 | 1D1 | C0D58 | 89504E470D0A1A0A0000000D49484452000000140000001408060000008D891D0D0000000774494D4507E6070C00221AAEEF | .PNG........IHDR.....................tIME....."... |
| \ICON\4\1033 | C7530 | 229 | C0F30 | 89504E470D0A1A0A0000000D4948445200000018000000180806000000E0773DF80000000774494D4507E6070C00221AAEEF | .PNG........IHDR..............w=.....tIME....."... |
| \ICON\5\1033 | C7760 | 26F | C1160 | 89504E470D0A1A0A0000000D494844520000001C0000001C0806000000720DDF940000000774494D4507E6070C00221AAEEF | .PNG........IHDR.............r.......tIME....."... |
| \ICON\6\1033 | C79D0 | 322 | C13D0 | 89504E470D0A1A0A0000000D49484452000000280000002808060000008CFEB86D0000000774494D4507E6070C00221AAEEF | .PNG........IHDR...(...(........m....tIME....."... |
| \ICON\7\1033 | C7CF8 | 3AB | C16F8 | 89504E470D0A1A0A0000000D49484452000000300000003008060000005702F9870000000774494D4507E6070C00221AAEEF | .PNG........IHDR...0...0.....W.......tIME....."... |
| \ICON\8\1033 | C80A8 | 413 | C1AA8 | 89504E470D0A1A0A0000000D4948445200000040000000400806000000AA6971DE0000000774494D4507E6070C00221AAEEF | .PNG........IHDR...@...@......iq.....tIME....."... |
| \ICON\9\1033 | C8538 | 26B | C1F38 | 89504E470D0A1A0A0000000D4948445200000020000000200806000000737A7AF40000000774494D4507E6070C020E2EB5EE | .PNG........IHDR... ... .....szz.....tIME......... |
| \ICON\10\1033 | C87A8 | 19B | C21A8 | 89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF610000000774494D4507E6070C020E2EB5EE | .PNG........IHDR................a....tIME......... |
| \ICON\11\1033 | C8948 | 1D8 | C2348 | 89504E470D0A1A0A0000000D49484452000000140000001408060000008D891D0D0000000774494D4507E6070C020E2EB5EE | .PNG........IHDR.....................tIME......... |
| \ICON\12\1033 | C8B20 | 22A | C2520 | 89504E470D0A1A0A0000000D4948445200000018000000180806000000E0773DF80000000774494D4507E6070C020E2EB5EE | .PNG........IHDR..............w=.....tIME......... |
| \ICON\13\1033 | C8D50 | 252 | C2750 | 89504E470D0A1A0A0000000D494844520000001C0000001C0806000000720DDF940000000774494D4507E6070C020E2EB5EE | .PNG........IHDR.............r.......tIME......... |
| \ICON\14\1033 | C8FF8 | 16E | C29F8 | 89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF610000000774494D4507E6070C020B2FBF9E | .PNG........IHDR................a....tIME....../.. |
| \ICON\15\1033 | C9168 | 1B0 | C2B68 | 89504E470D0A1A0A0000000D49484452000000140000001408060000008D891D0D0000000774494D4507E6070C020B2FBF9E | .PNG........IHDR.....................tIME....../.. |
| \ICON\16\1033 | C9318 | 1ED | C2D18 | 89504E470D0A1A0A0000000D4948445200000018000000180806000000E0773DF80000000774494D4507E6070C020B2FBF9E | .PNG........IHDR..............w=.....tIME....../.. |
| \ICON\17\1033 | C9508 | 22A | C2F08 | 89504E470D0A1A0A0000000D494844520000001C0000001C0806000000720DDF940000000774494D4507E6070C020B2FBF9E | .PNG........IHDR.............r.......tIME....../.. |
| \ICON\18\1033 | C9738 | 203 | C3138 | 89504E470D0A1A0A0000000D4948445200000020000000200806000000737A7AF40000000774494D4507E6070C020B2FBF9E | .PNG........IHDR... ... .....szz.....tIME....../.. |
| \ICON\19\1033 | C9990 | 163 | C3390 | 89504E470D0A1A0A0000000D49484452000000100000001008060000001FF3FF610000000774494D4507E6070C020C03C207 | .PNG........IHDR................a....tIME......... |
| \ICON\20\1033 | C9AF8 | 19F | C34F8 | 89504E470D0A1A0A0000000D49484452000000140000001408060000008D891D0D0000000774494D4507E6070C020C03C207 | .PNG........IHDR.....................tIME......... |
| \ICON\21\1033 | C9C98 | 1D6 | C3698 | 89504E470D0A1A0A0000000D4948445200000018000000180806000000E0773DF80000000774494D4507E6070C020C03C207 | .PNG........IHDR..............w=.....tIME......... |
| \ICON\22\1033 | C9E70 | 20F | C3870 | 89504E470D0A1A0A0000000D494844520000001C0000001C0806000000720DDF940000000774494D4507E6070C020C03C207 | .PNG........IHDR.............r.......tIME......... |
| \ICON\23\1033 | CA080 | 1F0 | C3A80 | 89504E470D0A1A0A0000000D4948445200000020000000200806000000737A7AF40000000774494D4507E6070C020C03C207 | .PNG........IHDR... ... .....szz.....tIME......... |
| \ICON\24\1033 | CA2C0 | 128 | C3CC0 | 2800000010000000200000000100040000000000C000000000000000000000000000000000000000593872006D4E7F00C48E | (....... ...............................Y8r.mN.... |
| \MENU\211\1033 | C6CB0 | 2C8 | C06B0 | 0000000010002600460069006C0065000000000078FF2600520065006C006F00610064002000530063007200690070007400 | ......&.F.i.l.e.....x.&.R.e.l.o.a.d. .S.c.r.i.p.t. |
| \DIALOG\205\1033 | CA400 | E0 | C3E00 | 0100FFFF0000000000000000480ACC80040000000000D2005300000000004400690061006C006F00670000000A0090010000 | ............H...........S.....D.i.a.l.o.g......... |
| \DIALOG\500\1033 | CA4E0 | 162 | C3EE0 | 0100FFFF0000000000000400C00AC8900600000000007C01B000000000004500720072006F00720000000800900100005300 | ......................|.......E.r.r.o.r.........S. |
| \ACCELERATOR\212\1033 | CA648 | 48 | C4048 | 0300700083FF00000B00480080FF00000B004B0081FF00000B004C007EFF00000300740082FF00000B0056007FFF0000030013007BFF00000B00450079FF00008B00520078FF0000 | ..p.......H.......K.......L.~.....t.......V.........{.....E.y.....R.x... |
| \RCDATA\1\1033 | CA900 | 32 | C4300 | 235265717569726573204175746F486F746B65792076322E300D0A0D0A4D7367426F78282248656C6C6F20576F726C642229 | Requires AutoHotkey v2.0....MsgBox("Hello World") |
| \GROUP_ICON\159\1033 | C84C0 | 76 | C1EC0 | 000001000800202000000100200044020000010010100000010020009701000002001414000001002000D101000003001818 | ...... .... .D........... ............. ......... |
| \GROUP_ICON\160\1033 | CA3E8 | 14 | C3DE8 | 0000010001001010100001000400280100001800 | ..............(..... |
| \GROUP_ICON\206\1033 | C8FA8 | 4C | C29A8 | 00000100050020200000010020006B020000090010100000010020009B0100000A001414000001002000D80100000B0018180000010020002A0200000C001C1C000001002000520200000D00 | ...... .... .k........... ............. ............. .*........... .R..... |
| \GROUP_ICON\207\1033 | C9940 | 4C | C3340 | 00000100050010100000010020006E0100000E001414000001002000B00100000F001818000001002000ED01000010001C1C0000010020002A02000011002020000001002000030200001200 | ............ .n........... ............. ............. .*..... .... ....... |
| \GROUP_ICON\208\1033 | CA270 | 4C | C3C70 | 000001000500101000000100200063010000130014140000010020009F01000014001818000001002000D601000015001C1C0000010020000F02000016002020000001002000F00100001700 | ............ .c........... ............. ............. ....... .... ....... |
| \VERSION\1\1033 | CA690 | 270 | C4090 | 700234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | p.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\1033 | C6790 | 519 | C0190 | 3C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" |
| Intelligent String |
| • 1.0.0.0 • api-ms-win-crt-heap-l1-1-0.dll • api-ms-win-crt-runtime-l1-1-0.dll • WSOCK32.dll • WINMM.dll • VERSION.dll • COMCTL32.dll • PSAPI.DLL • WININET.dll • SHLWAPI.dll • UxTheme.dll • dwmapi.dll • USER32.dll • GDI32.dll • ADVAPI32.dll • SHELL32.dll • Fole32.dll • OLEAUT32.dll • KERNEL32.DLL • RunAs • .Get • .Set • msftedit.dll • user32.dll • \AutoHotkey.exe • ComSpec • ntdll.dll • System verbs unsupported with RunAs. • .exe,.bat,.com,.cmd,.hta • WindowSpy.ahk • AutoHotkey.chm • https://example.com • Could not open URL https://example.com in default browser. • .bss • GetClassInfoExWkCreateDialogIndirectParamW • KERNEL32.dll • VCRUNTIME140.dll • gterminateapi-ms-win-crt-string-l1-1-0.dll • api-ms-win-crt-stdio-l1-1-0.dll • api-ms-win-crt-convert-l1-1-0.dll • api-ms-win-crt-utility-l1-1-0.dll • api-ms-win-crt-math-l1-1-0.dll • api-ms-win-crt-filesystem-l1-1-0.dll • api-ms-win-crt-locale-l1-1-0.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 404 | N/A | .text | CALL QWORD PTR [RIP+0x8A05E] |
| 424 | N/A | .text | CALL QWORD PTR [RIP+0xBC05E] |
| 435 | N/A | .text | CALL QWORD PTR [RIP+0xBBACD] |
| 442 | N/A | .text | CALL QWORD PTR [RIP+0xBC048] |
| 498 | N/A | .text | CALL QWORD PTR [RIP+0x8A02A] |
| 4A8 | N/A | .text | CALL QWORD PTR [RIP+0x89FFA] |
| 4DA | N/A | .text | CALL QWORD PTR [RIP+0x8A1A8] |
| 5D4 | N/A | .text | CALL QWORD PTR [RIP+0x89E2E] |
| 5EC | N/A | .text | CALL QWORD PTR [RIP+0x89E16] |
| 660 | N/A | .text | CALL QWORD PTR [RIP+0x8A2BA] |
| 944 | N/A | .text | CALL QWORD PTR [RIP+0x89DFE] |
| 986 | N/A | .text | CALL QWORD PTR [RIP+0xBBC24] |
| 9A8 | N/A | .text | CALL QWORD PTR [RIP+0xBBC62] |
| A6D | N/A | .text | CALL QWORD PTR [RIP+0x89995] |
| AD6 | N/A | .text | CALL QWORD PTR [RIP+0xBBAC4] |
| B58 | N/A | .text | CALL QWORD PTR [RIP+0xBB9FA] |
| B79 | N/A | .text | CALL QWORD PTR [RIP+0xBBA49] |
| B90 | N/A | .text | CALL QWORD PTR [RIP+0xBB9BA] |
| BBA | N/A | .text | CALL QWORD PTR [RIP+0xBBA30] |
| BCE | N/A | .text | CALL QWORD PTR [RIP+0x89F74] |
| BD8 | N/A | .text | CALL QWORD PTR [RIP+0xBB98A] |
| BF7 | N/A | .text | CALL QWORD PTR [RIP+0xBB9F3] |
| C0B | N/A | .text | CALL QWORD PTR [RIP+0x89F3F] |
| C23 | N/A | .text | CALL QWORD PTR [RIP+0x89F27] |
| C5A | N/A | .text | CALL QWORD PTR [RIP+0xBB958] |
| C7E | N/A | .text | CALL QWORD PTR [RIP+0xBB934] |
| C9F | N/A | .text | CALL QWORD PTR [RIP+0xBB913] |
| CCE | N/A | .text | CALL QWORD PTR [RIP+0xBB8E4] |
| D02 | N/A | .text | CALL QWORD PTR [RIP+0xBB8B0] |
| D19 | N/A | .text | CALL QWORD PTR [RIP+0x896E1] |
| D4B | N/A | .text | CALL QWORD PTR [RIP+0x896AF] |
| D76 | N/A | .text | CALL QWORD PTR [RIP+0x89684] |
| E25 | N/A | .text | CALL QWORD PTR [RIP+0xBB7AD] |
| EED | N/A | .text | CALL QWORD PTR [RIP+0xBB66D] |
| F15 | N/A | .text | CALL QWORD PTR [RIP+0xBB62D] |
| F54 | N/A | .text | CALL QWORD PTR [RIP+0xBB676] |
| F73 | N/A | .text | CALL QWORD PTR [RIP+0xBB5E7] |
| FE9 | N/A | .text | CALL QWORD PTR [RIP+0xBB571] |
| FFB | N/A | .text | CALL QWORD PTR [RIP+0xBB55F] |
| 1050 | N/A | .text | CALL QWORD PTR [RIP+0xBB4F2] |
| 1084 | N/A | .text | CALL QWORD PTR [RIP+0xBB4EE] |
| 10BC | N/A | .text | CALL QWORD PTR [RIP+0xBB476] |
| 113D | N/A | .text | CALL QWORD PTR [RIP+0xBB465] |
| 1314 | N/A | .text | CALL QWORD PTR [RIP+0xBB2EE] |
| 1361 | N/A | .text | CALL QWORD PTR [RIP+0xBB221] |
| 1482 | N/A | .text | CALL QWORD PTR [RIP+0x88F80] |
| 168A | N/A | .text | CALL QWORD PTR [RIP+0xBA9F8] |
| 16ED | N/A | .text | CALL QWORD PTR [RIP+0xBA98D] |
| 173B | N/A | .text | CALL QWORD PTR [RIP+0xBAE87] |
| 1752 | N/A | .text | CALL QWORD PTR [RIP+0xBADF8] |
| 1770 | N/A | .text | CALL QWORD PTR [RIP+0xBAE7A] |
| 1784 | N/A | .text | CALL QWORD PTR [RIP+0x893BE] |
| 17AC | N/A | .text | CALL QWORD PTR [RIP+0xBADF6] |
| 17F8 | N/A | .text | CALL QWORD PTR [RIP+0xBADDA] |
| 181D | N/A | .text | CALL QWORD PTR [RIP+0xBADC5] |
| 1828 | N/A | .text | CALL QWORD PTR [RIP+0xBAD6A] |
| 194F | N/A | .text | CALL QWORD PTR [RIP+0xBA72B] |
| 19F6 | N/A | .text | CALL QWORD PTR [RIP+0x88A0C] |
| 1A19 | N/A | .text | CALL QWORD PTR [RIP+0x889E9] |
| 1C27 | N/A | .text | CALL QWORD PTR [RIP+0xBA993] |
| 1C36 | N/A | .text | CALL QWORD PTR [RIP+0xBA9C4] |
| 1C43 | N/A | .text | CALL QWORD PTR [RIP+0xBA9B7] |
| 1D3A | N/A | .text | CALL QWORD PTR [RIP+0xBA838] |
| 1E83 | N/A | .text | CALL QWORD PTR [RIP+0xBA6EF] |
| 1EBC | N/A | .text | CALL QWORD PTR [RIP+0xBA6B6] |
| 1EDF | N/A | .text | CALL QWORD PTR [RIP+0xBA693] |
| 1EF3 | N/A | .text | CALL QWORD PTR [RIP+0xBA67F] |
| 1F0F | N/A | .text | CALL QWORD PTR [RIP+0xBA663] |
| 1F2C | N/A | .text | CALL QWORD PTR [RIP+0xBA566] |
| 1F40 | N/A | .text | CALL QWORD PTR [RIP+0xBA582] |
| 1F95 | N/A | .text | CALL QWORD PTR [RIP+0xBA5DD] |
| 1FAC | N/A | .text | CALL QWORD PTR [RIP+0xBA5BE] |
| 1FDF | N/A | .text | CALL QWORD PTR [RIP+0xBA593] |
| 2000 | N/A | .text | CALL QWORD PTR [RIP+0xBA572] |
| 2016 | N/A | .text | CALL QWORD PTR [RIP+0xBA554] |
| 2107 | N/A | .text | CALL QWORD PTR [RIP+0x88303] |
| 2146 | N/A | .text | CALL QWORD PTR [RIP+0x882C4] |
| 2174 | N/A | .text | CALL QWORD PTR [RIP+0xBA3F6] |
| 2185 | N/A | .text | CALL QWORD PTR [RIP+0xBA3BD] |
| 2197 | N/A | .text | CALL QWORD PTR [RIP+0xBA45B] |
| 2217 | N/A | .text | CALL QWORD PTR [RIP+0x881F3] |
| 2254 | N/A | .text | CALL QWORD PTR [RIP+0x881B6] |
| 226B | N/A | .text | CALL QWORD PTR [RIP+0xB9E0F] |
| 2365 | N/A | .text | CALL QWORD PTR [RIP+0xBA1DD] |
| 2377 | N/A | .text | CALL QWORD PTR [RIP+0xBA27B] |
| 2526 | N/A | .text | CALL QWORD PTR [RIP+0x87EDC] |
| 25EE | N/A | .text | CALL QWORD PTR [RIP+0x87E14] |
| 274D | N/A | .text | CALL QWORD PTR [RIP+0xB9F5D] |
| 27B2 | N/A | .text | CALL QWORD PTR [RIP+0xB9D80] |
| 28FB | N/A | .text | CALL QWORD PTR [RIP+0x87B07] |
| 2A57 | N/A | .text | CALL QWORD PTR [RIP+0x87E2B] |
| 2A6D | N/A | .text | CALL QWORD PTR [RIP+0x87E0D] |
| 2AE1 | N/A | .text | CALL QWORD PTR [RIP+0x87921] |
| 2BD8 | N/A | .text | CALL QWORD PTR [RIP+0x8782A] |
| 2C2C | N/A | .text | CALL QWORD PTR [RIP+0xB995E] |
| 2C40 | N/A | .text | CALL QWORD PTR [RIP+0xB993A] |
| 2C4C | N/A | .text | CALL QWORD PTR [RIP+0xB99B6] |
| 2CCD | N/A | .text | CALL QWORD PTR [RIP+0xB9865] |
| 2D09 | N/A | .text | CALL QWORD PTR [RIP+0xB9891] |
| 2D30 | N/A | .text | CALL QWORD PTR [RIP+0xB98D2] |
| 8E022-8E069 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 36 |
| 945D0-94617 | N/A | .rdata | Potential obfuscated jump sequence detected, count: 36 |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 456435 | 56,7818% |
| Null Byte Code | 162716 | 20,2423% |
© 2026 All rights reserved.