PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 5,65 MBSHA-256 Hash: 944406F6D40F50CA0106B6DF996588280B25EF0175DCDBA8BBC433C7A75196D0 SHA-1 Hash: 9C83AD206C73ED71B692EF70208AB4658FECECBF MD5 Hash: 0E058399701FF8161F9D4086B1F0B5D5 Imphash: C947183695560CC59793FD7524F97C8F MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 005B1BC0 EntryPoint (rva): 63628A SizeOfHeaders: 200 SizeOfImage: 647000 ImageBase: 400000 Architecture: x86 ImportTable: 636000 IAT: 636104 Characteristics: 30F TimeDateStamp: 69C1370A Date: 23/03/2026 12:50:18 File Type: EXE Number Of Sections: 3 ASLR: Disabled Section Names: .MPRESS1, .MPRESS2, .rsrc Number Of Executable Sections: 2 Subsystem: Windows GUI UAC Execution Level Manifest: requireAdministrator |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .MPRESS1 | E00000E0 (Code, Initialized Data, Uninitialized Data, Executable, Readable, Writeable) | 200 | 592000 | 1000 | 635000 | 8,0000 | 247,60 |
| .MPRESS2 | E00000E0 (Code, Initialized Data, Uninitialized Data, Executable, Readable, Writeable) | 592200 | E00 | 636000 | DF4 | 6,0257 | 38344,86 |
| .rsrc | C0000040 (Initialized Data, Readable, Writeable) | 593000 | F600 | 637000 | F4DC | 5,9861 | 1407268,98 |
| Description |
| FileVersion: 6.9.0.0 ProductVersion: 6.9.0.0 Comments: ,gzO(ufQ(http://www.eyuyan.com) Language: Chinese (People's Republic of China) (ID=0x804) CodePage: Unicode (UTF-16 LE) (0x4B0) Unusual Chars Found In Description File - (Polymorphic Patterns) |
| Entry Point |
| The section number (2) - (.MPRESS2) have the Entry Point Information -> EntryPoint (calculated) - 59248A Code -> 60E80000000058055A0B00008B3003F02BC08BFE66ADC1E00C8BC850AD2BC803F18BC85751498A44390688043175F62BC0AC • PUSHAD • CALL 0X1006 • POP EAX • ADD EAX, 0XB5A • MOV ESI, DWORD PTR [EAX] • ADD ESI, EAX • SUB EAX, EAX • MOV EDI, ESI • LODSW AX, WORD PTR [ESI] • SHL EAX, 0XC • MOV ECX, EAX • PUSH EAX • LODSD EAX, DWORD PTR [ESI] • SUB ECX, EAX • ADD ESI, ECX • MOV ECX, EAX • PUSH EDI • PUSH ECX • DEC ECX • MOV AL, BYTE PTR [ECX + EDI + 6] • MOV BYTE PTR [ECX + ESI], AL • JNE 0X1025 • SUB EAX, EAX • LODSB AL, BYTE PTR [ESI] EP changed to another address -> (Address Of EntryPoint > Base Of Data) |
| Signatures |
| Certificate - Digital Signature: • The file is signed and the signature is correct |
| Packer/Compiler |
| Packer: MPress v2.x Detect It Easy (die) • PE: packer: EP:MPRESS(2.01-2.12)[-] • PE: packer: MPRESS(2.12)[-] • PE: Sign tool: Windows Authenticode(2.0)[PKCS 7] • Entropy: 7.99831 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| SHELL32.DLL | ShellExecuteA | Performs a run operation on a specific file. |
| File Access |
| !Win32 .EXE comdlg32.dll WS2_32.dll COMCTL32.dll OLEAUT32.dll ole32.dll SHELL32.dll ADVAPI32.dll WINMM.dll GDI32.dll USER32.dll KERNEL32.DLL |
| Interest's Words |
| exec ping |
| URLs |
| http://ocsp.digicert.com http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl http://ccsca2021.crl.certum.pl/ccsca2021.crl http://ccsca2021.ocsp-certum.com http://repository.certum.pl/ccsca2021.cer http://cacerts.digicert.com/DigiCertTrustedRootG4.crt http://crl3.digicert.com/DigiCertTrustedRootG4.crl http://crl.certum.pl/ctnca2.crl http://subca.ocsp-certum.com http://repository.certum.pl/ctnca2.cer http://www.cer http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl https://www.cer |
| URLs (UNICODE) |
| http://www.eyuyan.com) |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Keyboard Key ([F3]) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \TEXTINCLUDE\1\2052 | 622CEC | B | 621EEC | N/A | N/A |
| \TEXTINCLUDE\2\2052 | 622CF8 | 16 | 621EF8 | N/A | N/A |
| \TEXTINCLUDE\3\2052 | 622D10 | 151 | 621F10 | N/A | N/A |
| \CURSOR\1\2052 | 622E64 | 134 | 622064 | N/A | N/A |
| \CURSOR\2\2052 | 622F98 | 134 | 622198 | N/A | N/A |
| \CURSOR\3\2052 | 6230CC | 134 | 6222CC | N/A | N/A |
| \CURSOR\4\2052 | 623200 | B4 | 622400 | N/A | N/A |
| \BITMAP\1031\2052 | 6232B4 | 248 | 6224B4 | N/A | N/A |
| \BITMAP\1038\2052 | 6234FC | 144 | 6226FC | N/A | N/A |
| \BITMAP\1138\2052 | 623640 | 158 | 622840 | N/A | N/A |
| \BITMAP\1139\2052 | 623798 | 158 | 622998 | N/A | N/A |
| \BITMAP\1140\2052 | 6238F0 | 158 | 622AF0 | N/A | N/A |
| \BITMAP\1141\2052 | 623A48 | 158 | 622C48 | N/A | N/A |
| \BITMAP\1142\2052 | 623BA0 | 158 | 622DA0 | N/A | N/A |
| \BITMAP\1143\2052 | 623CF8 | 158 | 622EF8 | N/A | N/A |
| \BITMAP\1144\2052 | 623E50 | 158 | 623050 | N/A | N/A |
| \BITMAP\1145\2052 | 623FA8 | 158 | 6231A8 | N/A | N/A |
| \BITMAP\26567\2052 | 624100 | 5E4 | 623300 | N/A | N/A |
| \BITMAP\30994\2052 | 6246E4 | B8 | 6238E4 | N/A | N/A |
| \BITMAP\30995\2052 | 62479C | 16C | 62399C | N/A | N/A |
| \BITMAP\30996\2052 | 624908 | 144 | 623B08 | N/A | N/A |
| \ICON\1\2052 | 624A4C | 2E8 | 623C4C | N/A | N/A |
| \ICON\2\2052 | 624D34 | 128 | 623F34 | N/A | N/A |
| \ICON\3\0 | 637578 | 3AF2 | 593578 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000200049444154789CED9D79781CD599 | .PNG........IHDR.............\r.f.. .IDATx...yx... |
| \ICON\4\0 | 63B094 | 4228 | 597094 | 2800000040000000800000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (...@......... ................................... |
| \ICON\5\0 | 63F2E4 | 25A8 | 59B2E4 | 2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (...0........ ................................... |
| \ICON\6\0 | 6418B4 | 1A68 | 59D8B4 | 2800000028000000500000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (...(...P..... ................................... |
| \ICON\7\0 | 643344 | 10A8 | 59F344 | 2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\8\0 | 644414 | 988 | 5A0414 | 2800000018000000300000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (.......0..... ................................... |
| \ICON\9\0 | 644DC4 | 6B8 | 5A0DC4 | 2800000014000000280000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (.......(..... ................................... |
| \ICON\10\0 | 6454A4 | 468 | 5A14A4 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \MENU\127\2052 | 6330D8 | C | 6322D8 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \MENU\1039\2052 | 6330E4 | 284 | 6322E4 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \DIALOG\150\2052 | 633368 | 98 | 632568 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \DIALOG\286\2052 | 633400 | 17A | 632600 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \DIALOG\554\2052 | 63357C | FA | 63277C | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \DIALOG\1037\2052 | 633678 | EA | 632878 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \DIALOG\1084\2052 | 633764 | 8AE | 632964 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \DIALOG\1124\2052 | 634014 | B2 | 633214 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \DIALOG\1134\2052 | 6340C8 | CC | 6332C8 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \DIALOG\1150\2052 | 634194 | B2 | 633394 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \DIALOG\30721\2052 | 634248 | E2 | 633448 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \DIALOG\30722\2052 | 63432C | 18C | 63352C | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3841\2052 | 6344B8 | 50 | 6336B8 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3842\2052 | 634508 | 2C | 633708 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3843\2052 | 634534 | 78 | 633734 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3857\2052 | 6345AC | 1C4 | 6337AC | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3858\2052 | 634770 | 12A | 633970 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3859\2052 | 63489C | 146 | 633A9C | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3865\2052 | 6349E4 | 40 | 633BE4 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3866\2052 | 634A24 | 64 | 633C24 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3867\2052 | 634A88 | 1D8 | 633C88 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3868\2052 | 634C60 | 114 | 633E60 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \STRING\3869\2052 | 634D74 | 24 | 633F74 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \GROUP_CURSOR\1032\2052 | 634D98 | 14 | 633F98 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \GROUP_CURSOR\1033\2052 | 634DAC | 14 | 633FAC | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \GROUP_CURSOR\30977\2052 | 634DC0 | 22 | 633FC0 | 2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000 | (....... ..... ................................... |
| \GROUP_ICON\DEFAULT_ICON\0 | 645E98 | 76 | 5A1E98 | 0000010008000000000001002000F23A0000030040400000010020002842000004003030000001002000A825000005002828 | ............ ..:....@@.... .(B....00.... ..%....(( |
| \GROUP_ICON\1151\2052 | 634E5C | 14 | 63405C | 0000010008000000000001002000F23A0000030040400000010020002842000004003030000001002000A825000005002828 | ............ ..:....@@.... .(B....00.... ..%....(( |
| \GROUP_ICON\1152\2052 | 634E70 | 14 | 634070 | 0000010008000000000001002000F23A0000030040400000010020002842000004003030000001002000A825000005002828 | ............ ..:....@@.... .(B....00.... ..%....(( |
| \VERSION\1\2052 | 645FA0 | 240 | 5A1FA0 | 400234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000000000900 | @.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\0 | 646220 | 2B9 | 5A2220 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • :060U00Uq]dL.g?O0U0E1-Q!m0U0y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0EU>0<0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0U • 6.9.0.0 • .XHd • =/CiDyd • waveOutOpenWINSPOOL.DRV • ShellExecuteAole32.dll • http://www.eyuyan.com) |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 2100E | 646220 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 291A9 | 646220 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 31F7F | 359E516D | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 34EC9 | 359E516D | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 35C95 | 359E516D | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 36DCA | 359E516D | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 38A3A | 359E516D | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 39133 | 5C191252 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 4B09B | 72FE2022 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 4FDE5 | 72FE2022 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 57550 | 72FE2022 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 59EB2 | 72FE2022 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 607AB | 106434CB | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 66169 | 654F3400 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 67A3C | 654F3400 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 73CAA | 94B3F5F | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 78BDA | 7CB8A916 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 7B819 | 42CB4C45 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 7BFD8 | 42CB4C45 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 7FCD0 | 1F0AE359 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 924CB | 6368CDA0 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| A3F43 | 6368CDA0 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| B0CCE | 6368CDA0 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| BC78E | 6368CDA0 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| D14CE | 6ED46019 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| D3E3C | 5FC8AD97 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| D677F | 5FC8AD97 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| D74A1 | 40BCA9C2 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| DDFE3 | 185F65FF | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| EC5BB | 185F65FF | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| F810C | 429E5C9A | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| F9EC7 | 429E5C9A | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| FDA9D | 429E5C9A | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 10795D | 24195BC8 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 109F35 | 24195BC8 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 10AE28 | 2ED03CC6 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 113D65 | 2ED03CC6 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 133719 | 2BDCE9CA | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 137C4E | 142BB4A2 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 137E62 | 142BB4A2 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 157B45 | 142BB4A2 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 15FC24 | 96B8703 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 15FCDE | 5B032DF2 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 167634 | 68BC10A8 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 172C64 | 191713E2 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 1749E1 | 233E0551 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 177611 | 233E0551 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 188E4E | 233E0551 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 19115B | 233E0551 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 196D1D | 3DCDFB62 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 19EB0C | F9C764A | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 1AAC9F | F9C764A | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 1AB146 | 20DD885 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 1B2DE3 | 20DD885 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 1B326C | 4ADCA0EC | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 1B9D89 | 7424463E | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 1BE776 | 7DF08FAD | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 1CC100 | 7DF08FAD | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 1CC88E | 7DF08FAD | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 1D05BA | 10D78329 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 1D362F | 49749362 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 1D518F | 49749362 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 1E1044 | 3BAF7355 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 1E7807 | 1F844B0D | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 1F3DEE | 560928D6 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 201F1B | 6357BA65 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 202809 | 6357BA65 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2094B1 | 6357BA65 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 20EB12 | 55C51585 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 220FFE | 55C51585 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 222A49 | 64217D6A | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 22411D | 64217D6A | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 22CA92 | 6CDA725E | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 2377DE | DCD96F1 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 23B7CB | 535C7E37 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 23CC4F | 62CB4403 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 24640D | 3297DED6 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 24E56B | 1063B644 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2548CF | 30DDC6D8 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 25C3E9 | 30DDC6D8 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 277D3F | 6AA3F2AD | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 279E15 | 74EF4D3C | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 28E84B | 74EF4D3C | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 295EEF | 74EF4D3C | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2AF306 | 4520EA9 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 2B7AA4 | 9D32BE9 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 2C39F4 | 9D32BE9 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2C4DA0 | 9D32BE9 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2CB937 | 9D32BE9 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 2CDF72 | 9D32BE9 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2D2D49 | 2C7C40F1 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2E1F02 | 2C7C40F1 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2E5A86 | 6EB09C89 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 2E967D | 6EB09C89 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2F00D6 | 6EB09C89 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2F4E20 | 6EB09C89 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2F8EDC | 3E515471 | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2FBDE5 | 40E8CF6E | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 2FFF43 | 40E8CF6E | .MPRESS1 | CALL [static] | Indirect call to absolute memory address |
| 30856D | 17DC2544 | .MPRESS1 | JMP [static] | Indirect jump to absolute memory address |
| 200-5921FF | 1000 | .MPRESS1 | Executable section anomaly, first bytes: 35062F1F59002005 |
| 592200-592FFF | 636000 | .MPRESS2 | Executable section anomaly, first bytes: 0461630000000000 |
| 5A2600 | N/A | *Overlay* | 005000000002020030824FEF06092A864886F70D | .P......0.O...*.H... |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 4055787 | 68,4123% |
| Null Byte Code | 41565 | 0,7011% |
© 2026 All rights reserved.