PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 89,50 KB
SHA-256 Hash: B67FCF4B564C4FEEC235F7EFD80E60506372577EA07B5271330C2137D0B6E5BF
SHA-1 Hash: 98C79FB27DF8A4698BD2B6724B6C91F395E8B201
MD5 Hash: F30DC3A50151D77E9ADB23CA56DBFA52
Imphash: 68B924E8CB51AD7BA61DDF80C1DB2F30
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 11037
SizeOfHeaders: 400
SizeOfImage: 2C000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 26548
IAT: 26000
Characteristics: 22
TimeDateStamp: 6A09D044
Date: 17/05/2026 14:27:16
File Type: EXE
Number Of Sections: 10
ASLR: Disabled
Section Names (Optional Header): .textbss, .text, .rdata, .data, .pdata, .idata, .msvcjmc, .00cfg, .rsrc, .reloc
Number Of Executable Sections: 2
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker
[Incomplete Binary or Compressor Packer - 86,50 KB Missing]
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.textbss
0xE00000A0
Code
Uninitialized Data
Executable
Readable
Writeable
 0 0 1000 10000
N/A
N/A
.text
0x60000020
Code
Executable
Readable
 400 D000 11000 CE0B
3.4935
4443877.68
.rdata
0x40000040
Initialized Data
Readable
 D400 3E00 1E000 3D7E
2.4081
2218136.77
.data
0xC0000040
Initialized Data
Readable
Writeable
 11200 600 22000 590
0.6697
340346.33
.pdata
0x40000040
Initialized Data
Readable
 11800 2600 23000 246C
1.5624
1760904.68
.idata
0x40000040
Initialized Data
Readable
 13E00 1A00 26000 1854
3.7601
440063.69
.msvcjmc
0xC0000040
Initialized Data
Readable
Writeable
 15800 200 28000 194
0.7987
82448
.00cfg
0x40000040
Initialized Data
Readable
 15A00 200 29000 175
0.4716
115754
.rsrc
0x40000040
Initialized Data
Readable
 15C00 600 2A000 43C
2.143
215406.67
.reloc
0x42000040
Initialized Data
GP-Relative
Readable
 16200 400 2B000 2E1
1.1512
201628
Entry Point
The section number (2) have the Entry Point
Information -> EntryPoint (calculated) - 437
Code -> E974550000E96F610000E955860000E99E860000E930420000E9AC860000E9F66C0000E9C13B0000E9554A0000E9D2850000
Assembler
|JMP 0X6579
|JMP 0X7179
|JMP 0X9664
|JMP 0X96B2
|JMP 0X5249
|JMP 0X96CA
|JMP 0X7D19
|JMP 0X4BE9
|JMP 0X5A82
|JMP 0X9604
Signatures
Rich Signature Analyzer:
Code -> 6C73A3F82812CDAB2812CDAB2812CDAB6398CEAA2B12CDAB6398C9AA2312CDAB6398C8AA3512CDAB6398CCAA2F12CDAB5193CCAA2C12CDAB2812CCAB4912CDABA599C8AA2912CDABA59932AB2912CDABA599CFAA2912CDAB526963682812CDAB
Footprint md5 Hash -> 07FC7D2A2D9289000BD34307D8EE88D8
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual Studio
Detect It Easy (die)
PE+(64): linker: Microsoft Linker(14.50**)[-]
Entropy: 3.68484
Suspicious Functions
Library Function Description
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
Windows REG (UNICODE)
SOFTWARE\Wow6432Node\Microsoft\VisualStudio\14.0\Setup\VC
File Access
KERNEL32.dll
ucrtbased.dll
VCRUNTIME140_1D.dll
VCRUNTIME140D.dll
MSVCP140D.dll
@.dat
File Access (UNICODE)
advapi32.dll
api-ms-win-core-registry-l1-1-0.dll
VCRUNTIME140D.dll
bin\amd64\MSPDB140.DLL
Interest's Words
PassWord
exec
start
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Registry (RegOpenKeyEx)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Entry Point Hex Pattern Microsoft Visual C++ 8.0
Entry Point Hex Pattern Microsoft Visual C++ 8.0
Resources
Path DataRVA Size FileOffset CodeText
\24\1\1033 2A170 17D 15D70 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779<?xml version='1.0' encoding='UTF-8' standalone='y
Intelligent String
• D:\a\_work\1\s\src\vctools\crt\github\stl\src\locale0.cpp
• bin\amd64\MSPDB140.DLL
• VCRUNTIME140D.dll
• api-ms-win-core-registry-l1-1-0.dll
• advapi32.dll
• C:\Users\user\source\repos\BAZA\x64\Debug\BAZA.pdb
• KERNEL32.dll
Flow Anomalies
Offset RVA Section Description
23B4 N/A .text CALL QWORD PTR [RIP+0x131D6]
23DD N/A .text CALL QWORD PTR [RIP+0x131AD]
2407 N/A .text CALL QWORD PTR [RIP+0x13183]
247D N/A .text CALL QWORD PTR [RIP+0x13115]
24C7 N/A .text CALL QWORD PTR [RIP+0x1307B]
24F2 N/A .text CALL QWORD PTR [RIP+0x13048]
250C N/A .text CALL QWORD PTR [RIP+0x13056]
257B N/A .text CALL QWORD PTR [RIP+0x12FC7]
259A N/A .text CALL QWORD PTR [RIP+0x12FC0]
25FD N/A .text CALL QWORD PTR [RIP+0x12F45]
2628 N/A .text CALL QWORD PTR [RIP+0x12F12]
2642 N/A .text CALL QWORD PTR [RIP+0x12F20]
26B8 N/A .text CALL QWORD PTR [RIP+0x12ECA]
26F0 N/A .text CALL QWORD PTR [RIP+0x12E62]
28AD N/A .text CALL QWORD PTR [RIP+0x12D25]
28ED N/A .text CALL QWORD PTR [RIP+0x12CD5]
2A2B N/A .text CALL QWORD PTR [RIP+0x12B4F]
2A8F N/A .text CALL QWORD PTR [RIP+0x12AFB]
2AE2 N/A .text CALL QWORD PTR [RIP+0x12A60]
2AEB N/A .text CALL QWORD PTR [RIP+0x12A87]
2B23 N/A .text CALL QWORD PTR [RIP+0x12A1F]
2B2C N/A .text CALL QWORD PTR [RIP+0x12A3E]
2BAA N/A .text CALL QWORD PTR [RIP+0x12A00]
2C34 N/A .text CALL QWORD PTR [RIP+0x1294E]
2C7A N/A .text CALL QWORD PTR [RIP+0x128D8]
2EB0 N/A .text CALL QWORD PTR [RIP+0x12722]
2F10 N/A .text CALL QWORD PTR [RIP+0x12692]
2FB2 N/A .text CALL QWORD PTR [RIP+0x12610]
3195 N/A .text CALL QWORD PTR [RIP+0x123AD]
3255 N/A .text CALL QWORD PTR [RIP+0x122ED]
353D N/A .text CALL QWORD PTR [RIP+0x11FCD]
35D7 N/A .text CALL QWORD PTR [RIP+0x11FC3]
3612 N/A .text CALL QWORD PTR [RIP+0x11F38]
3646 N/A .text CALL QWORD PTR [RIP+0x11EBC]
366B N/A .text CALL QWORD PTR [RIP+0x11F2F]
37AF N/A .text CALL QWORD PTR [RIP+0x11D93]
384F N/A .text CALL QWORD PTR [RIP+0x11CF3]
3AB5 N/A .text CALL QWORD PTR [RIP+0x11A65]
4B38 N/A .text JMP QWORD PTR [RIP+0x10A9A]
4B3E N/A .text JMP QWORD PTR [RIP+0x10A84]
4B44 N/A .text JMP QWORD PTR [RIP+0x10A76]
4BBC N/A .text CALL QWORD PTR [RIP+0x1385E]
4BF8 N/A .text CALL QWORD PTR [RIP+0x13822]
4CFD N/A .text CALL QWORD PTR [RIP+0x10B75]
4D53 N/A .text CALL QWORD PTR [RIP+0x10AC7]
4E59 N/A .text JMP QWORD PTR [RIP+0x10759]
4E5F N/A .text JMP QWORD PTR [RIP+0x1074B]
4E65 N/A .text JMP QWORD PTR [RIP+0x1073D]
4E6B N/A .text JMP QWORD PTR [RIP+0x1072F]
4E71 N/A .text JMP QWORD PTR [RIP+0x10721]
4E77 N/A .text JMP QWORD PTR [RIP+0x10713]
4E7D N/A .text JMP QWORD PTR [RIP+0x10705]
4E83 N/A .text JMP QWORD PTR [RIP+0x106F7]
4E89 N/A .text JMP QWORD PTR [RIP+0x106E9]
4E8F N/A .text JMP QWORD PTR [RIP+0x106DB]
4E95 N/A .text JMP QWORD PTR [RIP+0x106CD]
4E9B N/A .text JMP QWORD PTR [RIP+0x106BF]
4EA1 N/A .text JMP QWORD PTR [RIP+0x106B1]
4EA7 N/A .text JMP QWORD PTR [RIP+0x106A3]
4EAD N/A .text JMP QWORD PTR [RIP+0x10695]
4EB3 N/A .text JMP QWORD PTR [RIP+0x10687]
4EB9 N/A .text JMP QWORD PTR [RIP+0x10661]
4EBF N/A .text JMP QWORD PTR [RIP+0x10643]
4EC5 N/A .text JMP QWORD PTR [RIP+0x10645]
4ECB N/A .text JMP QWORD PTR [RIP+0x10667]
5208 N/A .text CALL QWORD PTR [RIP+0x101F2]
5792 N/A .text CALL QWORD PTR [RIP+0x12C88]
5D2C N/A .text CALL QWORD PTR [RIP+0x126EE]
6396 N/A .text CALL QWORD PTR [RIP+0x12084]
6C61 N/A .text CALL QWORD PTR [RIP+0xE7B1]
6C93 N/A .text CALL QWORD PTR [RIP+0xE77F]
6CEF N/A .text CALL QWORD PTR [RIP+0xE713]
6D5D N/A .text CALL QWORD PTR [RIP+0x116BD]
6DA2 N/A .text CALL QWORD PTR [RIP+0xE678]
6DF1 N/A .text CALL QWORD PTR [RIP+0xE629]
6E2F N/A .text CALL QWORD PTR [RIP+0x115EB]
6F24 N/A .text CALL QWORD PTR [RIP+0xE4E6]
722C N/A .text CALL QWORD PTR [RIP+0xE206]
723C N/A .text CALL QWORD PTR [RIP+0xE1BE]
7254 N/A .text CALL QWORD PTR [RIP+0xE1D6]
7271 N/A .text CALL QWORD PTR [RIP+0xE1B1]
740B N/A .text CALL QWORD PTR [RIP+0xE02F]
757F N/A .text CALL QWORD PTR [RIP+0xDECB]
7606 N/A .text CALL QWORD PTR [RIP+0xDE4C]
76DB N/A .text CALL QWORD PTR [RIP+0xDD67]
77F8 N/A .text CALL QWORD PTR [RIP+0x10C22]
7858 N/A .text CALL QWORD PTR [RIP+0x10BC2]
7F8D N/A .text CALL QWORD PTR [RIP+0xD4CD]
7FCC N/A .text CALL QWORD PTR [RIP+0xD48E]
811D N/A .text CALL QWORD PTR [RIP+0xD33D]
814F N/A .text CALL QWORD PTR [RIP+0xD33B]
8167 N/A .text CALL QWORD PTR [RIP+0xD323]
817F N/A .text CALL QWORD PTR [RIP+0xD30B]
81B1 N/A .text CALL QWORD PTR [RIP+0x10269]
81BE N/A .text CALL QWORD PTR [RIP+0xD2C4]
8225 N/A .text CALL QWORD PTR [RIP+0x101F5]
8235 N/A .text CALL QWORD PTR [RIP+0x101E5]
823E N/A .text CALL QWORD PTR [RIP+0xD244]
833A N/A .text CALL QWORD PTR [RIP+0xD120]
859C N/A .text CALL QWORD PTR [RIP+0xCEDE]
405-97C N/A .text Potential obfuscated jump sequence detected, count: 280
97D-EFF N/A .text Unusual BP Cave, count: 1411
F16-21DF N/A .text Unusual BP Cave, count: 4810
222E-224F N/A .text Unusual BP Cave, count: 34
22AF-22CF N/A .text Unusual BP Cave, count: 33
2744-284F N/A .text Unusual BP Cave, count: 268
292D-296F N/A .text Unusual BP Cave, count: 67
2CCE-2DAF N/A .text Unusual BP Cave, count: 226
2FEE-305F N/A .text Unusual BP Cave, count: 114
3104-312F N/A .text Unusual BP Cave, count: 44
31C6-31EF N/A .text Unusual BP Cave, count: 42
3286-32AF N/A .text Unusual BP Cave, count: 42
32FE-331F N/A .text Unusual BP Cave, count: 34
337C-339F N/A .text Unusual BP Cave, count: 36
341D-343F N/A .text Unusual BP Cave, count: 35
34B5-34DF N/A .text Unusual BP Cave, count: 43
355E-357F N/A .text Unusual BP Cave, count: 34
368C-36CF N/A .text Unusual BP Cave, count: 68
3742-375F N/A .text Unusual BP Cave, count: 30
37D9-37FF N/A .text Unusual BP Cave, count: 39
3879-389F N/A .text Unusual BP Cave, count: 39
392F-394F N/A .text Unusual BP Cave, count: 33
39EF-3A1F N/A .text Unusual BP Cave, count: 49
3C11-3C3F N/A .text Unusual BP Cave, count: 47
3E31-3E6F N/A .text Unusual BP Cave, count: 63
41ED-420F N/A .text Unusual BP Cave, count: 35
453A-45BF N/A .text Unusual BP Cave, count: 134
4721-473F N/A .text Unusual BP Cave, count: 31
4A0C-4B37 N/A .text Unusual BP Cave, count: 300
4C13-4C3F N/A .text Unusual BP Cave, count: 45
4D20-4D3F N/A .text Unusual BP Cave, count: 32
4FCC-4FEF N/A .text Unusual BP Cave, count: 36
50F7-513F N/A .text Unusual BP Cave, count: 73
5379-53BF N/A .text Unusual BP Cave, count: 71
5467-5495 N/A .text Unusual BP Cave, count: 47
55FC-562F N/A .text Unusual BP Cave, count: 52
5846-58AF N/A .text Unusual BP Cave, count: 106
5A96-5ACF N/A .text Unusual BP Cave, count: 58
5B5A-5B7F N/A .text Unusual BP Cave, count: 38
5BF2-5C0F N/A .text Unusual BP Cave, count: 30
5F25-5F6F N/A .text Unusual BP Cave, count: 75
5FFB-601F N/A .text Unusual BP Cave, count: 37
612D-614F N/A .text Unusual BP Cave, count: 35
63A2-63BF N/A .text Unusual BP Cave, count: 30
642B-644F N/A .text Unusual BP Cave, count: 37
6679-669F N/A .text Unusual BP Cave, count: 39
6937-698F N/A .text Unusual BP Cave, count: 89
69DE-69FF N/A .text Unusual BP Cave, count: 34
6ACF-6B0F N/A .text Unusual BP Cave, count: 65
6BA4-6BCF N/A .text Unusual BP Cave, count: 44
6E66-6F0F N/A .text Unusual BP Cave, count: 170
7005-703F N/A .text Unusual BP Cave, count: 59
72CE-72FF N/A .text Unusual BP Cave, count: 50
7374-739F N/A .text Unusual BP Cave, count: 44
75B1-75CF N/A .text Unusual BP Cave, count: 31
76A6-76CF N/A .text Unusual BP Cave, count: 42
779B-77CF N/A .text Unusual BP Cave, count: 53
7812-782F N/A .text Unusual BP Cave, count: 30
7872-788F N/A .text Unusual BP Cave, count: 30
7D7D-7EBF N/A .text Unusual BP Cave, count: 323
8050-80AF N/A .text Unusual BP Cave, count: 96
8362-840F N/A .text Unusual BP Cave, count: 174
8512-855F N/A .text Unusual BP Cave, count: 78
8926-8A16 N/A .text Unusual BP Cave, count: 241
8C13-9E75 N/A .text Unusual BP Cave, count: 4707
9EA6-AEAF N/A .text Unusual BP Cave, count: 4106
AF3A-AF5F N/A .text Unusual BP Cave, count: 38
B01A-B03F N/A .text Unusual BP Cave, count: 38
B1CF-C1EF N/A .text Unusual BP Cave, count: 4129
C206-D20A N/A .text Unusual BP Cave, count: 4101
Extra Analysis
Metric Value Percentage
Ascii Code 51204 55,8703%
Null Byte Code 32782 35,7695%
© 2026 All rights reserved.