PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 558,00 KB
SHA-256 Hash: D83923A063EDB1EDC246C6FEDC3ABD367DC34F179C632699567687D437104688
SHA-1 Hash: 21F0C627D33AC397B3117970CA1E6318417FEF22
MD5 Hash: FE039A497A25C85CAAF09B8252DBEC16
Imphash: 3B658D6C992247EE114D265EB206E678
MajorOSVersion: 6
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 6C2CC
SizeOfHeaders: 400
SizeOfImage: 90000
ImageBase: 0000000180000000
Architecture: x64
ImportTable: 856BC
IAT: 6E000
Characteristics: 2022
TimeDateStamp: 698F2B64
Date: 13/02/2026 13:47:16
File Type: DLL
Number Of Sections: 6
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
.text 60000020 (Code, Executable, Readable) 400 6C400 1000 6C3E76,51662887220,96
.rdata 40000040 (Initialized Data, Readable) 6C800 19600 6E000 1945A6,30981248965,17
.data C0000040 (Initialized Data, Readable, Writeable) 85E00 800 88000 8583,9934127848,50
.pdata 40000040 (Initialized Data, Readable) 86600 4C00 89000 4A645,8380459336,47
.rsrc 40000040 (Initialized Data, Readable) 8B200 200 8E000 F82,531361549,00
.reloc 42000040 (Initialized Data, GP-Relative, Readable) 8B400 400 8F000 2AC4,043943320,00
Entry Point
The section number (1) have the Entry Point
Information -> EntryPoint (calculated) - 6B6CC
Code -> 48895C24084889742410574883EC20498BF88BDA488BF183FA017505E89F0300004C8BC78BD3488BCE488B5C2430488B7424
MOV QWORD PTR [RSP + 8], RBX
MOV QWORD PTR [RSP + 0X10], RSI
PUSH RDI
SUB RSP, 0X20
MOV RDI, R8
MOV EBX, EDX
MOV RSI, RCX
CMP EDX, 1
JNE 0X1021
CALL 0X13C0
MOV R8, RDI
MOV EDX, EBX
MOV RCX, RSI
MOV RBX, QWORD PTR [RSP + 0X30]
Signatures
Rich Signature Analyzer:
Code -> 4090CEA604F1A0F504F1A0F504F1A0F50D8933F514F1A0F54F7BA3F400F1A0F54F7BA4F40CF1A0F54F7BA5F41CF1A0F54F7BA1F402F1A0F57D70A1F415F1A0F504F1A1F5E9F1A0F58F7AA9F416F1A0F58F7A5FF505F1A0F58F7AA2F405F1A0F55269636804F1A0F5
Footprint md5 Hash -> F4E5AA0A27853D47CAF007596A63DFE4
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual Studio
Detect It Easy (die)
PE+(64): compiler: Microsoft Visual C/C++(-)[-]
PE+(64): linker: Microsoft Linker(14.50**)[-]
Entropy: 6.61517
Suspicious Functions
Library Function Description
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL CreateToolhelp32Snapshot Creates a snapshot of the specified processes, heaps, threads, and modules.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
USER32.DLL GetAsyncKeyState Retrieves the status of a virtual key asynchronously.
USER32.DLL CallWindowProcA Invokes the window procedure for the specified window and messages.
SHELL32.DLL ShellExecuteW Performs a run operation on a specific file.
File Access
api-ms-win-crt-math-l1-1-0.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-heap-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-runtime-l1-1-0.dll
api-ms-win-crt-convert-l1-1-0.dll
api-ms-win-crt-filesystem-l1-1-0.dll
api-ms-win-crt-stdio-l1-1-0.dll
VCRUNTIME140.dll
VCRUNTIME140_1.dll
D3DCOMPILER_47.dll
IMM32.dll
MSVCP140.dll
SHELL32.dll
USER32.dll
KERNEL32.dll
d3d11.dll
xinput1_1.dll
xinput1_2.dll
xinput9_1_0.dll
xinput1_3.dll
xinput1_4.dll
client.dll
.dat
@.dat
imgui_log.txt
cs2_config.txt
%%TEMP%%/cs2_config.txt
imgui.ini
Temp
Interest's Words
exec
start
pause
shutdown
systeminfo
route
URLs
https://github.com/ocornut/imgui/blob/master/docs/FAQ.mdqa-usage
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii File (GetTempPath)
Text Ascii Anti-Analysis VM (GetSystemInfo)
Text Ascii Anti-Analysis VM (CreateToolhelp32Snapshot)
Text Ascii Stealth (GetThreadContext)
Text Ascii Stealth (SetThreadContext)
Text Ascii Stealth (ExitThread)
Text Ascii Stealth (CloseHandle)
Text Ascii Stealth (IsBadReadPtr)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Execution (ShellExecute)
Text Ascii Execution (ResumeThread)
Text Ascii Keyboard Key (Alt+)
Text Ascii Keyboard Key (Scroll)
Text Ascii Keyboard Key (DownArrow)
Text Ascii Keyboard Key (RightArrow)
Text Ascii Keyboard Key (UpArrow)
Text Ascii Keyboard Key (LeftArrow)
Text Ascii Keyboard Key (PageDown)
Text Ascii Keyboard Key (PageUp)
Text Ascii Keyboard Key (CapsLock)
Text Ascii Keyboard Key (Backspace)
Text Ascii Keyboard Key (Ctrl+S)
Text Ascii Malicious code executed after exploiting a vulnerability (Payload)
Entry Point Hex Pattern Banner's banner file
Entry Point Hex Pattern Microsoft Visual C++ 8.0 (DLL)
Resources
Path DataRVA Size FileOffset CodeText
\24\2\1033 8E060 91 8B260 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779<?xml version='1.0' encoding='UTF-8' standalone='y
Intelligent String
• api-ms-win-crt-filesystem-l1-1-0.dll
• 6_initterm7_initterm_eapi-ms-win-crt-stdio-l1-1-0.dll
• xinput1_2.dll
• xinput9_1_0.dll
• client.dll
• Location: %%TEMP%%/cs2_config.txt
• cs2_config.txt
• imgui.ini
• imgui_log.txt
• (Hold Ctrl to: https://github.com/ocornut/imgui/blob/master/docs/FAQ.mdqa-usage
• ProggyClean.ttfProggyVector.ttf
• R:%0.3fG:%0.3fB:%0.3fA:%0.3fH:%0.3fS:%0.3fV:%0.3fM:0.000M:000
• xinput1_4.dll
• xinput1_3.dll
• xinput1_1.dll
• C:\Users\pigip\source\repos\Dll1\x64\Release\Dll1.pdb
• .tls
• .bss
• KERNEL32.dll
• USER32.dll
• D3DCOMPILER_47.dll
• VCRUNTIME140_1.dll
• VCRUNTIME140.dll
• api-ms-win-crt-convert-l1-1-0.dll
• api-ms-win-crt-runtime-l1-1-0.dll
• api-ms-win-crt-utility-l1-1-0.dll
• api-ms-win-crt-heap-l1-1-0.dll
• api-ms-win-crt-string-l1-1-0.dll
• api-ms-win-crt-math-l1-1-0.dll
Flow Anomalies
Offset RVA Section Description
41B N/A .text CALL QWORD PTR [RIP+0x6D16F]
435 N/A .text CALL QWORD PTR [RIP+0x6D14D]
442 N/A .text CALL QWORD PTR [RIP+0x6D148]
452 N/A .text CALL QWORD PTR [RIP+0x6D130]
462 N/A .text CALL QWORD PTR [RIP+0x6D3B0]
475 N/A .text CALL QWORD PTR [RIP+0x6D10D]
480 N/A .text CALL QWORD PTR [RIP+0x6D392]
495 N/A .text CALL QWORD PTR [RIP+0x6D0ED]
4A4 N/A .text CALL QWORD PTR [RIP+0x6D0AE]
4C5 N/A .text CALL QWORD PTR [RIP+0x6D015]
4E4 N/A .text CALL QWORD PTR [RIP+0x6D0CE]
4F2 N/A .text CALL QWORD PTR [RIP+0x6D0B0]
6DE N/A .text CALL QWORD PTR [RIP+0x6D06C]
134D N/A .text JMP QWORD PTR [RIP+0x8B480005]
19C5 N/A .text CALL QWORD PTR [RIP+0x6BDF5]
19D8 N/A .text CALL QWORD PTR [RIP+0x6BDE2]
1B26 N/A .text CALL QWORD PTR [RIP+0x6BCCC]
1B3F N/A .text CALL QWORD PTR [RIP+0x6BD93]
1C22 N/A .text CALL QWORD PTR [RIP+0x6BBF0]
1CF4 N/A .text CALL QWORD PTR [RIP+0x6B896]
1E11 N/A .text CALL QWORD PTR [RIP+0x6B9E9]
1E77 N/A .text CALL QWORD PTR [RIP+0x6BC23]
1ED2 N/A .text CALL QWORD PTR [RIP+0x6B6B0]
1EFF N/A .text CALL QWORD PTR [RIP+0x6B5BB]
1F8C N/A .text CALL QWORD PTR [RIP+0x6B5F6]
1FDB N/A .text CALL QWORD PTR [RIP+0x6B4BF]
1FF9 N/A .text CALL QWORD PTR [RIP+0x6B4D1]
2006 N/A .text CALL QWORD PTR [RIP+0x6B51C]
2046 N/A .text CALL QWORD PTR [RIP+0x6B7AC]
2132 N/A .text CALL QWORD PTR [RIP+0x6B7A8]
2164 N/A .text CALL QWORD PTR [RIP+0x6B326]
2200 N/A .text CALL QWORD PTR [RIP+0x6B6DA]
229E N/A .text CALL QWORD PTR [RIP+0x6B63C]
2353 N/A .text CALL QWORD PTR [RIP+0x6B6AF]
23C7 N/A .text CALL QWORD PTR [RIP+0x6B28B]
23D0 N/A .text CALL QWORD PTR [RIP+0x6B32A]
2459 N/A .text CALL QWORD PTR [RIP+0x6B1F9]
2468 N/A .text JMP QWORD PTR [RIP+0x6B292]
252C N/A .text CALL QWORD PTR [RIP+0x6B0AE]
2562 N/A .text CALL QWORD PTR [RIP+0x6B080]
259E N/A .text CALL QWORD PTR [RIP+0x6B054]
260C N/A .text CALL QWORD PTR [RIP+0x6AFDE]
2648 N/A .text CALL QWORD PTR [RIP+0x6B012]
26F0 N/A .text CALL QWORD PTR [RIP+0x6AF12]
2710 N/A .text CALL QWORD PTR [RIP+0x6AF32]
2741 N/A .text CALL QWORD PTR [RIP+0x6AED9]
275E N/A .text CALL QWORD PTR [RIP+0x6AF0C]
27A5 N/A .text CALL QWORD PTR [RIP+0x6AEB5]
284D N/A .text CALL QWORD PTR [RIP+0x6ADBD]
2871 N/A .text CALL QWORD PTR [RIP+0x6AD61]
29D6 N/A .text CALL QWORD PTR [RIP+0x6AF9C]
2A07 N/A .text CALL QWORD PTR [RIP+0x6AE9B]
2A57 N/A .text CALL QWORD PTR [RIP+0x6AF1B]
2A82 N/A .text CALL QWORD PTR [RIP+0x6AE28]
2AD1 N/A .text CALL QWORD PTR [RIP+0x6AEA1]
2B02 N/A .text CALL QWORD PTR [RIP+0x6ADA0]
2B52 N/A .text CALL QWORD PTR [RIP+0x6AE20]
2B7D N/A .text CALL QWORD PTR [RIP+0x6AD2D]
2BCC N/A .text CALL QWORD PTR [RIP+0x6ADA6]
2BFD N/A .text CALL QWORD PTR [RIP+0x6ACA5]
2C4A N/A .text CALL QWORD PTR [RIP+0x6AD28]
2C7B N/A .text CALL QWORD PTR [RIP+0x6AC27]
2CCF N/A .text CALL QWORD PTR [RIP+0x6ACA3]
2D00 N/A .text CALL QWORD PTR [RIP+0x6ABA2]
2D50 N/A .text CALL QWORD PTR [RIP+0x6AC22]
2D81 N/A .text CALL QWORD PTR [RIP+0x6AB21]
2DD1 N/A .text CALL QWORD PTR [RIP+0x6ABA1]
2E02 N/A .text CALL QWORD PTR [RIP+0x6AAA0]
2E52 N/A .text CALL QWORD PTR [RIP+0x6AB20]
2E83 N/A .text CALL QWORD PTR [RIP+0x6AA1F]
2ED3 N/A .text CALL QWORD PTR [RIP+0x6AA9F]
2F04 N/A .text CALL QWORD PTR [RIP+0x6A99E]
2F54 N/A .text CALL QWORD PTR [RIP+0x6AA1E]
2F7E N/A .text CALL QWORD PTR [RIP+0x6A92C]
2FCC N/A .text CALL QWORD PTR [RIP+0x6A9A6]
2FF6 N/A .text CALL QWORD PTR [RIP+0x6A8B4]
3044 N/A .text CALL QWORD PTR [RIP+0x6A92E]
306E N/A .text CALL QWORD PTR [RIP+0x6A83C]
30BC N/A .text CALL QWORD PTR [RIP+0x6A8B6]
30E6 N/A .text CALL QWORD PTR [RIP+0x6A7C4]
3134 N/A .text CALL QWORD PTR [RIP+0x6A83E]
315E N/A .text CALL QWORD PTR [RIP+0x6A74C]
31AC N/A .text CALL QWORD PTR [RIP+0x6A7C6]
31D6 N/A .text CALL QWORD PTR [RIP+0x6A6D4]
3224 N/A .text CALL QWORD PTR [RIP+0x6A74E]
3254 N/A .text CALL QWORD PTR [RIP+0x6A64E]
32A3 N/A .text CALL QWORD PTR [RIP+0x6A6CF]
32CD N/A .text CALL QWORD PTR [RIP+0x6A5DD]
331B N/A .text CALL QWORD PTR [RIP+0x6A657]
334B N/A .text CALL QWORD PTR [RIP+0x6A557]
3397 N/A .text CALL QWORD PTR [RIP+0x6A5DB]
33C8 N/A .text CALL QWORD PTR [RIP+0x6A4DA]
348A N/A .text CALL QWORD PTR [RIP+0x6A180]
34AE N/A .text CALL QWORD PTR [RIP+0x6A124]
350C N/A .text CALL QWORD PTR [RIP+0x6A4DE]
3527 N/A .text CALL QWORD PTR [RIP+0x6A143]
3555 N/A .text CALL QWORD PTR [RIP+0x6A16D]
3563 N/A .text CALL QWORD PTR [RIP+0x6A097]
3571 N/A .text CALL QWORD PTR [RIP+0x6A151]
357F N/A .text CALL QWORD PTR [RIP+0x6A07B]
86600 1010 .pdata ExceptionHook | Pointer to 1010 - 0x410 .text + UnwindInfo: .rdata
8660C 10B0 .pdata ExceptionHook | Pointer to 10B0 - 0x4B0 .text + UnwindInfo: .rdata
86618 1110 .pdata ExceptionHook | Pointer to 1110 - 0x510 .text + UnwindInfo: .rdata
86624 1340 .pdata ExceptionHook | Pointer to 1340 - 0x740 .text + UnwindInfo: .rdata
86630 2620 .pdata ExceptionHook | Pointer to 2620 - 0x1A20 .text + UnwindInfo: .rdata
8663C 29B0 .pdata ExceptionHook | Pointer to 29B0 - 0x1DB0 .text + UnwindInfo: .rdata
86648 2A89 .pdata ExceptionHook | Pointer to 2A89 - 0x1E89 .text + UnwindInfo: .rdata
86654 2AF8 .pdata ExceptionHook | Pointer to 2AF8 - 0x1EF8 .text + UnwindInfo: .rdata
86660 2B2F .pdata ExceptionHook | Pointer to 2B2F - 0x1F2F .text + UnwindInfo: .rdata
8666C 2B50 .pdata ExceptionHook | Pointer to 2B50 - 0x1F50 .text + UnwindInfo: .rdata
86678 2B56 .pdata ExceptionHook | Pointer to 2B56 - 0x1F56 .text + UnwindInfo: .rdata
86684 2C60 .pdata ExceptionHook | Pointer to 2C60 - 0x2060 .text + UnwindInfo: .rdata
86690 2E2A .pdata ExceptionHook | Pointer to 2E2A - 0x222A .text + UnwindInfo: .rdata
8669C 2EBA .pdata ExceptionHook | Pointer to 2EBA - 0x22BA .text + UnwindInfo: .rdata
866A8 2F10 .pdata ExceptionHook | Pointer to 2F10 - 0x2310 .text + UnwindInfo: .rdata
866B4 2F70 .pdata ExceptionHook | Pointer to 2F70 - 0x2370 .text + UnwindInfo: .rdata
866C0 3010 .pdata ExceptionHook | Pointer to 3010 - 0x2410 .text + UnwindInfo: .rdata
866CC 3070 .pdata ExceptionHook | Pointer to 3070 - 0x2470 .text + UnwindInfo: .rdata
866D8 30A0 .pdata ExceptionHook | Pointer to 30A0 - 0x24A0 .text + UnwindInfo: .rdata
866E4 30D0 .pdata ExceptionHook | Pointer to 30D0 - 0x24D0 .text + UnwindInfo: .rdata
866F0 3290 .pdata ExceptionHook | Pointer to 3290 - 0x2690 .text + UnwindInfo: .rdata
866FC 44C0 .pdata ExceptionHook | Pointer to 44C0 - 0x38C0 .text + UnwindInfo: .rdata
86708 4600 .pdata ExceptionHook | Pointer to 4600 - 0x3A00 .text + UnwindInfo: .rdata
86714 4770 .pdata ExceptionHook | Pointer to 4770 - 0x3B70 .text + UnwindInfo: .rdata
86720 4810 .pdata ExceptionHook | Pointer to 4810 - 0x3C10 .text + UnwindInfo: .rdata
8672C 4890 .pdata ExceptionHook | Pointer to 4890 - 0x3C90 .text + UnwindInfo: .rdata
86738 4980 .pdata ExceptionHook | Pointer to 4980 - 0x3D80 .text + UnwindInfo: .rdata
86744 49B3 .pdata ExceptionHook | Pointer to 49B3 - 0x3DB3 .text + UnwindInfo: .rdata
86750 49CD .pdata ExceptionHook | Pointer to 49CD - 0x3DCD .text + UnwindInfo: .rdata
8675C 49F0 .pdata ExceptionHook | Pointer to 49F0 - 0x3DF0 .text + UnwindInfo: .rdata
86768 4A22 .pdata ExceptionHook | Pointer to 4A22 - 0x3E22 .text + UnwindInfo: .rdata
86774 4B4D .pdata ExceptionHook | Pointer to 4B4D - 0x3F4D .text + UnwindInfo: .rdata
86780 4B53 .pdata ExceptionHook | Pointer to 4B53 - 0x3F53 .text + UnwindInfo: .rdata
8678C 4B60 .pdata ExceptionHook | Pointer to 4B60 - 0x3F60 .text + UnwindInfo: .rdata
86798 4E30 .pdata ExceptionHook | Pointer to 4E30 - 0x4230 .text + UnwindInfo: .rdata
867A4 4EA4 .pdata ExceptionHook | Pointer to 4EA4 - 0x42A4 .text + UnwindInfo: .rdata
867B0 4ED9 .pdata ExceptionHook | Pointer to 4ED9 - 0x42D9 .text + UnwindInfo: .rdata
867BC 4F90 .pdata ExceptionHook | Pointer to 4F90 - 0x4390 .text + UnwindInfo: .rdata
867C8 4FDE .pdata ExceptionHook | Pointer to 4FDE - 0x43DE .text + UnwindInfo: .rdata
867D4 503D .pdata ExceptionHook | Pointer to 503D - 0x443D .text + UnwindInfo: .rdata
867E0 5060 .pdata ExceptionHook | Pointer to 5060 - 0x4460 .text + UnwindInfo: .rdata
867EC 5160 .pdata ExceptionHook | Pointer to 5160 - 0x4560 .text + UnwindInfo: .rdata
867F8 5240 .pdata ExceptionHook | Pointer to 5240 - 0x4640 .text + UnwindInfo: .rdata
86804 5280 .pdata ExceptionHook | Pointer to 5280 - 0x4680 .text + UnwindInfo: .rdata
86810 5315 .pdata ExceptionHook | Pointer to 5315 - 0x4715 .text + UnwindInfo: .rdata
8681C 5320 .pdata ExceptionHook | Pointer to 5320 - 0x4720 .text + UnwindInfo: .rdata
86828 5370 .pdata ExceptionHook | Pointer to 5370 - 0x4770 .text + UnwindInfo: .rdata
86834 5480 .pdata ExceptionHook | Pointer to 5480 - 0x4880 .text + UnwindInfo: .rdata
86840 54D0 .pdata ExceptionHook | Pointer to 54D0 - 0x48D0 .text + UnwindInfo: .rdata
8684C 5540 .pdata ExceptionHook | Pointer to 5540 - 0x4940 .text + UnwindInfo: .rdata
86858 55F0 .pdata ExceptionHook | Pointer to 55F0 - 0x49F0 .text + UnwindInfo: .rdata
86864 5640 .pdata ExceptionHook | Pointer to 5640 - 0x4A40 .text + UnwindInfo: .rdata
86870 5680 .pdata ExceptionHook | Pointer to 5680 - 0x4A80 .text + UnwindInfo: .rdata
8687C 56C0 .pdata ExceptionHook | Pointer to 56C0 - 0x4AC0 .text + UnwindInfo: .rdata
86888 56F0 .pdata ExceptionHook | Pointer to 56F0 - 0x4AF0 .text + UnwindInfo: .rdata
86894 5720 .pdata ExceptionHook | Pointer to 5720 - 0x4B20 .text + UnwindInfo: .rdata
868A0 5760 .pdata ExceptionHook | Pointer to 5760 - 0x4B60 .text + UnwindInfo: .rdata
868AC 5930 .pdata ExceptionHook | Pointer to 5930 - 0x4D30 .text + UnwindInfo: .rdata
868B8 599F .pdata ExceptionHook | Pointer to 599F - 0x4D9F .text + UnwindInfo: .rdata
868C4 5AC9 .pdata ExceptionHook | Pointer to 5AC9 - 0x4EC9 .text + UnwindInfo: .rdata
868D0 5AF0 .pdata ExceptionHook | Pointer to 5AF0 - 0x4EF0 .text + UnwindInfo: .rdata
868DC 5B25 .pdata ExceptionHook | Pointer to 5B25 - 0x4F25 .text + UnwindInfo: .rdata
868E8 5B84 .pdata ExceptionHook | Pointer to 5B84 - 0x4F84 .text + UnwindInfo: .rdata
868F4 5BC3 .pdata ExceptionHook | Pointer to 5BC3 - 0x4FC3 .text + UnwindInfo: .rdata
86900 5BE0 .pdata ExceptionHook | Pointer to 5BE0 - 0x4FE0 .text + UnwindInfo: .rdata
8690C 5BFF .pdata ExceptionHook | Pointer to 5BFF - 0x4FFF .text + UnwindInfo: .rdata
86918 5C57 .pdata ExceptionHook | Pointer to 5C57 - 0x5057 .text + UnwindInfo: .rdata
86924 5CA0 .pdata ExceptionHook | Pointer to 5CA0 - 0x50A0 .text + UnwindInfo: .rdata
86930 5CC9 .pdata ExceptionHook | Pointer to 5CC9 - 0x50C9 .text + UnwindInfo: .rdata
8693C 5E20 .pdata ExceptionHook | Pointer to 5E20 - 0x5220 .text + UnwindInfo: .rdata
86948 5E26 .pdata ExceptionHook | Pointer to 5E26 - 0x5226 .text + UnwindInfo: .rdata
86954 5E30 .pdata ExceptionHook | Pointer to 5E30 - 0x5230 .text + UnwindInfo: .rdata
86960 5E80 .pdata ExceptionHook | Pointer to 5E80 - 0x5280 .text + UnwindInfo: .rdata
8696C 5EC0 .pdata ExceptionHook | Pointer to 5EC0 - 0x52C0 .text + UnwindInfo: .rdata
86978 5F00 .pdata ExceptionHook | Pointer to 5F00 - 0x5300 .text + UnwindInfo: .rdata
86984 5F20 .pdata ExceptionHook | Pointer to 5F20 - 0x5320 .text + UnwindInfo: .rdata
86990 5F6F .pdata ExceptionHook | Pointer to 5F6F - 0x536F .text + UnwindInfo: .rdata
8699C 600D .pdata ExceptionHook | Pointer to 600D - 0x540D .text + UnwindInfo: .rdata
869A8 6013 .pdata ExceptionHook | Pointer to 6013 - 0x5413 .text + UnwindInfo: .rdata
869B4 6020 .pdata ExceptionHook | Pointer to 6020 - 0x5420 .text + UnwindInfo: .rdata
869C0 60B0 .pdata ExceptionHook | Pointer to 60B0 - 0x54B0 .text + UnwindInfo: .rdata
869CC 60F0 .pdata ExceptionHook | Pointer to 60F0 - 0x54F0 .text + UnwindInfo: .rdata
869D8 67A0 .pdata ExceptionHook | Pointer to 67A0 - 0x5BA0 .text + UnwindInfo: .rdata
869E4 67D4 .pdata ExceptionHook | Pointer to 67D4 - 0x5BD4 .text + UnwindInfo: .rdata
869F0 67EC .pdata ExceptionHook | Pointer to 67EC - 0x5BEC .text + UnwindInfo: .rdata
869FC 6821 .pdata ExceptionHook | Pointer to 6821 - 0x5C21 .text + UnwindInfo: .rdata
86A08 6F87 .pdata ExceptionHook | Pointer to 6F87 - 0x6387 .text + UnwindInfo: .rdata
86A14 6F8F .pdata ExceptionHook | Pointer to 6F8F - 0x638F .text + UnwindInfo: .rdata
86A20 6F97 .pdata ExceptionHook | Pointer to 6F97 - 0x6397 .text + UnwindInfo: .rdata
86A2C 6FA0 .pdata ExceptionHook | Pointer to 6FA0 - 0x63A0 .text + UnwindInfo: .rdata
86A38 70D0 .pdata ExceptionHook | Pointer to 70D0 - 0x64D0 .text + UnwindInfo: .rdata
86A44 70FD .pdata ExceptionHook | Pointer to 70FD - 0x64FD .text + UnwindInfo: .rdata
86A50 726E .pdata ExceptionHook | Pointer to 726E - 0x666E .text + UnwindInfo: .rdata
86A5C 7296 .pdata ExceptionHook | Pointer to 7296 - 0x6696 .text + UnwindInfo: .rdata
86A68 72EB .pdata ExceptionHook | Pointer to 72EB - 0x66EB .text + UnwindInfo: .rdata
86A74 789C .pdata ExceptionHook | Pointer to 789C - 0x6C9C .text + UnwindInfo: .rdata
86A80 7990 .pdata ExceptionHook | Pointer to 7990 - 0x6D90 .text + UnwindInfo: .rdata
86A8C 7998 .pdata ExceptionHook | Pointer to 7998 - 0x6D98 .text + UnwindInfo: .rdata
86A98 79A0 .pdata ExceptionHook | Pointer to 79A0 - 0x6DA0 .text + UnwindInfo: .rdata
86AA4 79D2 .pdata ExceptionHook | Pointer to 79D2 - 0x6DD2 .text + UnwindInfo: .rdata
Extra Analysis
Metric Value Percentage
Ascii Code 364213 63,7414%
Null Byte Code 85178 14,9071%
© 2026 All rights reserved.