PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Size: 2,50 MB
SHA-256 Hash: CB887DEC441CD582E5859F0A1029EDC7BF0892CB39E1D6FA1DF80D8FC9DD629E
SHA-1 Hash: 7D5A625228AB65DB11A086A74364D290D22BDC7A
MD5 Hash: BA74B84295E05E57E8864FF4B4C82104
Imphash: E7F214A81357D3C800C3774E7FCE8173
MajorOSVersion: 6
CheckSum: 00000000
EntryPoint (rva): 4DFE70
SizeOfHeaders: 400
SizeOfImage: 523000
ImageBase: 0000000140000000
Architecture: x64
ImportTable: 2DFBA0
Characteristics: 22
TimeDateStamp: 685478E7
Date: 19/06/2025 20:53:59
File Type: EXE
Number Of Sections: 9
ASLR: Disabled
Section Names (Optional Header): .text, .rdata, .data, .pdata, .idiot0, .idiot1, .idiot2, .rsrc, .reloc
Number Of Executable Sections: 3
Subsystem: Windows Console
UAC Execution Level Manifest: asInvoker
[Incomplete Binary or Compressor Packer - 2,63 MB Missing]
Sections Info
Section Name Flags ROffset RSize VOffset VSize
.text 60000020 (Executable) 0 0 1000 CD08C
.rdata 40000040 0 0 CF000 32F68
.data C0000040 (Writeable) 0 0 102000 2850
.pdata 40000040 0 0 105000 7E18
.idiot0 60000020 (Executable) 0 0 10D000 191EB9
.idiot1 C0000040 (Writeable) 400 200 29F000 1D0
.idiot2 68000060 (Executable) 600 280800 2A0000 280784
.rsrc 40000040 280E00 200 521000 1D5
.reloc 42000040 281000 200 522000 58
Entry Point
The section number (7) have the Entry Point
Information -> EntryPoint (calculated) - 240470
Code -> E83309DCFF6F37D00AE27C5839C1071387A8C17274407A661DD9287B8D96608475A95813E509F8649596609465D928D425B1
CALL 0XFFFFFFFFFFDC1938
• OUTSD DX, DWORD PTR [RSI]
Signatures
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Detect It Easy (die)
PE+(64): linker: Microsoft Linker(14.42)[EXE64,console]
Entropy: 7.98878
Suspicious Functions
Library Function Description
SHELL32.DLL ShellExecuteA Performs a run operation on a specific file.
File Access
fapi-ms-win-crt-runtime-l1-1-0.dll
WININET.dll
KERNEL32.dll
MSVCP140.dll
api-ms-win-crt-convert-l1-1-0.dll
USERENV.dll
CRYPT32.dll
api-ms-win-crt-environment-l1-1-0.dll
USER32.dll
PSAPI.DLL
api-ms-win-crt-heap-l1-1-0.dll
{Y9SHELL32.dll
_api-ms-win-crt-locale-l1-1-0.dll
VCRUNTIME140.dll
)bcrypt.dll
g|VzfADVAPI32.dll
api-ms-win-crt-filesystem-l1-1-0.dll
WS2_32.dll
api-ms-win-crt-string-l1-1-0.dll
api-ms-win-crt-utility-l1-1-0.dll
api-ms-win-crt-math-l1-1-0.dll
$VCRUNTIME140_1.dll
)api-ms-win-crt-time-l1-1-0.dll
SHLWAPI.dll
api-ms-win-crt-stdio-l1-1-0.dll
UserProfile
Interest's Words
exec
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Execution (ShellExecute)
Resources
Path DataRVA Size FileOffset CodeText
\24\1\1033 521058 17D 280E58 3C3F786D6C2076657273696F6E3D27312E302720656E636F64696E673D275554462D3827207374616E64616C6F6E653D2779<?xml version='1.0' encoding='UTF-8' standalone='y
Intelligent String
• Zn.
Extra Analysis
Metric Value Percentage
Ascii Code 1792193 68,2468%
Null Byte Code 35080 1,3358%
© 2025 All rights reserved.