PESCAN.IO - Analysis Report

File Structure
Analysis Image
PE Chart Code
The executable header is displayed in light blue.
The executable sections are pink.
Non-executable sections are black.
Code added to executables externally to a compiler appears in red.
If the File Structure content appears in red, it means the PE header is malformed or corrupted.
Chart Code For Other Files
Printable characters are blue.
Non-printable characters (Null Bytes) are black.
Information
Size: 534,50 KB
SHA-256 Hash: 76AB8DF709543469D0F7EA393BC3C50B3052B3723702E9444083459A3D407BED
SHA-1 Hash: 7C4013FE4393D2489CEB47D336C74A73F7482C97
MD5 Hash: F59D3594A5F206F41CF36AF90DAB6641
Imphash: F34D5F2D4577ED6D9CEEC516C1F5A744
MajorOSVersion: 4
CheckSum: 00000000
EntryPoint (rva): 871CE
SizeOfHeaders: 200
SizeOfImage: 8C000
ImageBase: 400000
Architecture: x86
ImportTable: 87180
Characteristics: 22
TimeDateStamp: 1F36AC7B
Date: 06/08/1986 1:46:35
File Type: EXE
Number Of Sections: 3
ASLR: Disabled
Section Names: .text, .rsrc, .reloc
Number Of Executable Sections: 1
Subsystem: Windows GUI
Sections Info
Section Name Flags ROffset RSize VOffset VSize
.text 60000020 (Executable) 200 85200 2000 851D4
.rsrc 40000040 85400 400 88000 3F4
.reloc 42000040 85800 200 8A000 C
Description
InternalName: xxxx.exe
OriginalFilename: xxxx.exe
CompanyName: :594GG9:>82F3=;D5AB995=H
LegalCopyright: Copyright 2024 :594GG9:>82F3=;D5AB995=H
ProductName: BEABBFAG;6=H3J96B78CA
FileVersion: 8.12.16.20
Entry Point
The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 853CE
Code -> FF25002040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
JMP DWORD PTR [0X402000]
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
ADD BYTE PTR [EAX], AL
Signatures
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual .NET - (You can use a decompiler for this...)
AnyCPU: False
Version: v4.0
Detect It Easy (die)
PE: library: .NET(v4.0.30319)[-]
PE: compiler: VB.NET(-)[-]
PE: linker: Microsoft Linker(80.0)[EXE32]
Entropy: 7.059
Suspicious Functions
Library Function Description
USER32.DLL GetAsyncKeyState Retrieves the status of a virtual key asynchronously.
Windows REG (UNICODE)
Software\Microsoft\Windows\CurrentVersion\Themes\Personalize
File Access
mscoree.dll
user32.dll
Temp
File Access (UNICODE)
xxxx.exe
\WorkflowDiagrams\output.txt
schedule.txt
)PrioritizedRisks.txt
OpenRisksReport.txt
yyyyMMdd_HHmmss}.txt
%RiskRegisterDB.txt
VortexLattice.txt
PercolationFlow.txt
OrbitalPath.txt
ResonatedEnergy.txt
VortexSpin.txt
WaveletEnergy.txt
!EnergyConfig.txt
Temp
Interest's Words
Decrypt
exec
attrib
start
pause
ping
replace
Interest's Words (UNICODE)
Encrypt
<html
<head
<body
<table
<title
exec
start
pause
ping
URLs (UNICODE)
http://studyhub.com/{0}/{1}
https://api.calendar/sync
https://api.openweathermap.org/data/2.5/weather?q={0}&appid={1}
IP Addresses
11.0.0.0
17.0.0.0
17.12.0.0
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Encryption (CreateDecryptor)
Text Ascii Encryption (CryptoStream)
Text Ascii Encryption (CryptoStreamMode)
Text Ascii Encryption (FromBase64String)
Text Ascii Encryption (ICryptoTransform)
Text Ascii Encryption (RNGCryptoServiceProvider)
Text Ascii Encryption (ToBase64String)
Entry Point Hex Pattern Microsoft Visual C / Basic .NET
Entry Point Hex Pattern Microsoft Visual C v7.0 / Basic .NET
Entry Point Hex Pattern Microsoft Visual Studio .NET
Entry Point Hex Pattern .NET executable
Resources
Path DataRVA Size FileOffset CodeText
\VERSION\1\0 88058 39C 85458 9C0334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000C00..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
Intelligent String
• xxxx.exe
• 8.12.16.20
• (resources/184839.png
• -.EXj
• .txt
• !EnergyConfig.txt
• .csv
• EnergyWave.wav
• WaveletEnergy.txt
• VortexSpin.txt
• 'ResonatedEnergy.txt
• OrbitalPath.txt
• 'PercolationFlow.txt
• VortexLattice.txt
• %RiskRegisterDB.txt
• URiskRegisterBackup_{0:yyyyMMdd_HHmmss}.txt
• 'OpenRisksReport.txt
• RisksExport.csv
• )PrioritizedRisks.txt
• schedule.txt
• 7study_plan_{0:yyyyMMdd}.ics
• https://api.calendar/sync
• )resources/184839.png
• http://studyhub.com/{0}/{1}
• https://api.openweathermap.org/data/2.5/weather?q={0}&appid={1}
• C:\WorkflowDiagrams\output.txt
• <svg xmlns='http://www.w3.org/2000/svg' width='800' height='600'>
• _CorExeMainmscoree.dll
• 1.0.0.0
Extra Analysis
Metric Value Percentage
Ascii Code 324218 59,2365%
Null Byte Code 100952 18,4445%
© 2025 All rights reserved.