PREMIUM PESCAN.IO - Analysis Report |
|||||||
| File Structure |
|
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 331,52 KBSHA-256 Hash: 0F16D0E9B38FCEAFD6F7A9D57815E608085D5A81E0086EE6D65E39415A940D07 SHA-1 Hash: 3F46BE1D957F41FE40CAB9DB2184CBE1EBF42B0D MD5 Hash: 21E6251CD3EA9F0BB63386180914E599 Imphash: 3CC7E679222EC65511533C63F9204BB2 MajorOSVersion: 5 MinorOSVersion: 2 CheckSum: 0005DBD2 EntryPoint (rva): 30B61 SizeOfHeaders: 400 SizeOfImage: 57000 ImageBase: 400000 Architecture: x86 ExportTable: 3AB20 ImportTable: 394F0 IAT: 1000 Characteristics: 210E TimeDateStamp: 6935A62D Date: 07/12/2025 16:07:09 File Type: DLL Number Of Sections: 4 ASLR: Disabled Section Names: .text, .data, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 60000020 (Code, Executable, Readable) | 400 | 39C00 | 1000 | 39BDB | 6,1869 | 3070082,52 |
| .data | C0000040 (Initialized Data, Readable, Writeable) | 3A000 | 4E00 | 3B000 | 6FE0 | 2,4810 | 2516923,92 |
| .rsrc | 40000040 (Initialized Data, Readable) | 3EE00 | DE00 | 42000 | DD01 | 4,6334 | 1567521,88 |
| .reloc | 42000040 (Initialized Data, GP-Relative, Readable) | 4CC00 | 6200 | 50000 | 6136 | 5,5900 | 461946,41 |
| Description |
| OriginalFilename: adsiedit.dll CompanyName: Microsoft Corporation LegalCopyright: Microsoft Corporation. All rights reserved. ProductName: Microsoft Windows Operating System FileVersion: 10.0.19041.1 (WinBuild.160101.0800) FileDescription: ADSI Edit ProductVersion: 10.0.19041.1 Language: English (United States) (ID=0x409) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
| The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 2FF61 Code -> 558BEC538B5D08568B750C85F6578B7D107509833D601F440000EB2683FE01740583FE027522A150FA430085C07409575653 • PUSH EBP • MOV EBP, ESP • PUSH EBX • MOV EBX, DWORD PTR [EBP + 8] • PUSH ESI • MOV ESI, DWORD PTR [EBP + 0XC] • TEST ESI, ESI • PUSH EDI • MOV EDI, DWORD PTR [EBP + 0X10] • JNE 0X101C • CMP DWORD PTR [0X441F60], 0 • JMP 0X1042 • CMP ESI, 1 • JE 0X1026 • CMP ESI, 2 • JNE 0X1048 • MOV EAX, DWORD PTR [0X43FA50] • TEST EAX, EAX • JE 0X1038 • PUSH EDI • PUSH ESI • PUSH EBX |
| Signatures |
| CheckSum Integrity Problem: • Header: 383954 • Calculated: 356275 Rich Signature Analyzer: Code -> 6A09C0492E68AE1A2E68AE1A2E68AE1AC677AA1A2C68AE1AAD60A11A2868AE1A2C49AA1A2C68AE1A4E60E31A2C68AE1AAD60F31A3768AE1A2E68AF1AC469AE1AA060F11A3F68AE1AAD60F21A2F68AE1AA060CE1A3568AE1AAD60F01A2F68AE1AAD60F41A2F68AE1A526963682E68AE1A Footprint md5 Hash -> D5FE54523C91D63CB782A2B5F868403E • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Compiler: Microsoft Visual C ++ 6-8 Compiler: Microsoft Visual C ++ 6 DLL Compiler: Microsoft Visual C ++ 7 DLL Detect It Easy (die) • PE: compiler: EP:Microsoft Visual C/C++(2002 (2148))[DLL32] • PE: compiler: Microsoft Visual C/C++(6.0)[-] • PE: linker: Microsoft Linker(7.10*)[-] • Entropy: 6.05974 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| ADVAPI32.DLL | CryptDecrypt | Performs a cryptographic operation on data in a data block. |
| ET Functions (carving) |
| Original Name -> ADSIEDIT.DLL ServiceMain DllCanUnloadNow DllGetClassObject DllRegisterServer DllUnregisterServer |
| Windows REG (UNICODE) |
| SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Components\5A18D5BFC37FA0A4E99D24135BABE742 Software\Microsoft\MMC\NodeTypes Software\Microsoft\MMC\SnapIns Software\Microsoft\Windows\CurrentVersion\AdminDebug |
| File Access |
| ADSIEDIT.DLL CRYPT32.dll dsuiext.dll IMM32.dll ACTIVEDS.dll GDI32.dll ADVAPI32.dll ole32.dll OLEAUT32.dll USER32.dll ATL.DLL MSVCP60.dll msvcrt.dll MFC42u.DLL KERNEL32.dll Comctl32.dll Unicows.dll .dat Temp |
| File Access (UNICODE) |
| adsiedit.dll Ccomctl32.dll activeds.dll Comctl32.dll ACreateSecurityPageaclui.dll DSCreateISecurityInfoObjectdssec.dll Kernel32.dll %s\peek587.dat Temp |
| Interest's Words |
| Decrypt attrib |
| Interest's Words (UNICODE) |
| PassWord attrib hostname |
| IP Addresses |
| 2.5.5.17 2.5.5.16 2.5.5.15 2.5.5.14 2.5.5.13 2.5.5.12 2.5.5.11 2.5.5.10 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Unicode | WinAPI Sockets (connect) |
| Text | Ascii | Registry (RegCreateKeyEx) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (WriteFile) |
| Text | Unicode | Encryption (Microsoft Enhanced RSA and AES Cryptographic Provider) |
| Text | Ascii | Encryption API (CryptAcquireContext) |
| Text | Ascii | Encryption API (CryptDecrypt) |
| Text | Ascii | Encryption API (CryptReleaseContext) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (IsBadReadPtr) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (CreateEventW) |
| Text | Ascii | Information used to authenticate a user's identity (Credential) |
| Text | Unicode | Information used to authenticate a user's identity (Credential) |
| Text | Ascii | Information used for user authentication (Credential) |
| Text | Unicode | Information used for user authentication (Credential) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 6.0 - 8.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 6.0 - 8.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 7.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ v6.0 DLL |
| Entry Point | Hex Pattern | Microsoft Visual C++ v7.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ v7.0 |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \BITMAP\102\1033 | 42A90 | 16E8 | 3F890 | 28000000D0020000100000000100040000000000801600000000000000000000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\104\1033 | 44178 | 5A68 | 40F78 | 28000000A0050000200000000100040000000000005A00000000000000000000000000000000000000000000000080000080 | (....... ............Z............................ |
| \BITMAP\129\1033 | 49BE0 | E8 | 469E0 | 2800000010000000100000000100040000000000800000000000000000000000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\130\1033 | 49CC8 | 268 | 46AC8 | 2800000020000000200000000100040000000000000200000000000000000000000000000000000000000000000080000080 | (... ... ......................................... |
| \ICON\1\1033 | 49F30 | 128 | 46D30 | 2800000010000000200000000100040000000000C00000000000000000000000100000000000000000000000000080000080 | (....... ......................................... |
| \ICON\2\1033 | 4A058 | 2E8 | 46E58 | 2800000020000000400000000100040000000000800200000000000000000000000000000000000000000000000080000080 | (... ...@......................................... |
| \MENU\52001\1033 | 4A340 | 28 | 47140 | 00000000900031000000800020CB570068006100740027007300200054006800690073003F000000 | ......1..... .W.h.a.t.'.s. .T.h.i.s.?... |
| \DIALOG\107\1033 | 4A368 | BC | 47168 | 0100FFFF00000000000000004800C048020000000000FC00AA000000000043007200650061007400650020004F0062006A00 | ............H..H..............C.r.e.a.t.e. .O.b.j. |
| \DIALOG\108\1033 | 4A424 | 43C | 47224 | 0100FFFF0000000000000000C800C880100000000000FC00DA000000000043006F006E006E0065006300740069006F006E00 | ..............................C.o.n.n.e.c.t.i.o.n. |
| \DIALOG\110\1033 | 4A860 | 26E | 47660 | C000C880000000000D0000000000FC00DA000000000041006400760061006E00630065006400000008004D00530020005300 | ......................A.d.v.a.n.c.e.d.....M.S. .S. |
| \DIALOG\111\1033 | 4AAD0 | 3A2 | 478D0 | 4000C04800000000130000000000FC00DA00000000004100740074007200690062007500740065007300000008004D005300 | @..H..................A.t.t.r.i.b.u.t.e.s.....M.S. |
| \DIALOG\112\1033 | 4AE74 | 174 | 47C74 | 0100FFFF00000000000000004800C048070000000000FC00AA000000000043007200650061007400650020004F0062006A00 | ............H..H..............C.r.e.a.t.e. .O.b.j. |
| \DIALOG\113\1033 | 4AFE8 | 18A | 47DE8 | 4000C04800000000030000000000FC00AA000000000043007200650061007400650020004F0062006A006500630074000000 | @..H..................C.r.e.a.t.e. .O.b.j.e.c.t... |
| \DIALOG\114\1033 | 4B174 | C6 | 47F74 | C000C88000000000040000000000B100440000000000520065006E0061006D006500000008004D0053002000530068006500 | ................D.....R.e.n.a.m.e.....M.S. .S.h.e. |
| \DIALOG\119\1033 | 4B23C | 1C8 | 4803C | 0100FFFF0000000000000000C800C880070000000000B8005C0000000000460069006C007400650072000000080000000000 | ........................\.....F.i.l.t.e.r......... |
| \DIALOG\121\1033 | 4B404 | 17C | 48204 | 0100FFFF0000000000000000C800C880060000000000FC00DA000000000045006400690074002000460069006C0074006500 | ..............................E.d.i.t. .F.i.l.t.e. |
| \DIALOG\122\1033 | 4B580 | 1E8 | 48380 | 0100FFFF0000000000000000C800C880070000000000A800660000000000430072006500640065006E007400690061006C00 | ........................f.....C.r.e.d.e.n.t.i.a.l. |
| \DIALOG\127\1033 | 4B768 | 28A | 48568 | C000C880000000000D0000000000FC00DA00000000004E0065007700200051007500650072007900000008004D0053002000 | ......................N.e.w. .Q.u.e.r.y.....M.S. . |
| \DIALOG\5001\1033 | 4B9F4 | 1EC | 487F4 | C000C88000000000060000000000FC00DA000000000041007400740072006900620075007400650020004500640069007400 | ......................A.t.t.r.i.b.u.t.e. .E.d.i.t. |
| \DIALOG\5002\1033 | 4BBE0 | 164 | 489E0 | C000C880000000000700000000000F0146000000000053007400720069006E00670020004100740074007200690062007500 | ................F.....S.t.r.i.n.g. .A.t.t.r.i.b.u. |
| \DIALOG\5003\1033 | 4BD44 | 1E2 | 48B44 | C000C880000000000A0000000000F000DA00000000004D0075006C00740069002D00760061006C0075006500640020005300 | ......................M.u.l.t.i.-.v.a.l.u.e.d. .S. |
| \DIALOG\5020\1033 | 4BF28 | 164 | 48D28 | C000C880000000000700000000000F0146000000000049006E00740065006700650072002000410074007400720069006200 | ................F.....I.n.t.e.g.e.r. .A.t.t.r.i.b. |
| \DIALOG\5021\1033 | 4C08C | 170 | 48E8C | C000C880000000000700000000000F014600000000004C006100720067006500200049006E00740065006700650072002000 | ................F.....L.a.r.g.e. .I.n.t.e.g.e.r. . |
| \DIALOG\5022\1033 | 4C1FC | 196 | 48FFC | C000C88000000000080000000000B6005F000000000042006F006F006C00650061006E002000410074007400720069006200 | ................_.....B.o.o.l.e.a.n. .A.t.t.r.i.b. |
| \DIALOG\5023\1033 | 4C394 | 262 | 49194 | C000C88000000000090000000000B600760000000000540069006D0065002000410074007400720069006200750074006500 | ................v.....T.i.m.e. .A.t.t.r.i.b.u.t.e. |
| \DIALOG\5024\1033 | 4C5F8 | 302 | 493F8 | C000C880000000000C0000000000FC00DA00000000004F006300740065007400200053007400720069006E00670020004100 | ......................O.c.t.e.t. .S.t.r.i.n.g. .A. |
| \DIALOG\5026\1033 | 4C8FC | 212 | 496FC | C000C880000000000B0000000000F000DA00000000004D0075006C00740069002D00760061006C0075006500640020004200 | ......................M.u.l.t.i.-.v.a.l.u.e.d. .B. |
| \DIALOG\5027\1033 | 4CB10 | 2FA | 49910 | C000C880000000000D0000000000F000DA00000000004D0075006C00740069002D00760061006C0075006500640020005400 | ......................M.u.l.t.i.-.v.a.l.u.e.d. .T. |
| \DIALOG\5028\1033 | 4CE0C | 1D0 | 49C0C | 0100FFFF0000000000000000C800C88009000000000014016200000000004400690061006C006F0067000000080090010001 | ........................b.....D.i.a.l.o.g......... |
| \DIALOG\10025\1033 | 4CFDC | 1C0 | 49DDC | C000C88000000000090000000000F000DA00000000004D0075006C00740069002D00760061006C0075006500640020004F00 | ......................M.u.l.t.i.-.v.a.l.u.e.d. .O. |
| \STRING\1\1033 | 4D19C | A0 | 49F9C | 0000000000000000000000000000000000000000000009004100440053004900200045006400690074003700410020006C00 | ........................A.D.S.I. .E.d.i.t.7.A. .l. |
| \STRING\3\1033 | 4D23C | 2A | 4A03C | 0000000005004D006F007600650020000000000000000000000000000000000000000000000000000000 | ......M.o.v.e. ........................... |
| \STRING\7\1033 | 4D268 | 238 | 4A068 | 00000000000018004400690072006500630074006F0072007900200050006100720074006900740069006F006E0020004E00 | ........D.i.r.e.c.t.o.r.y. .P.a.r.t.i.t.i.o.n. .N. |
| \STRING\8\1033 | 4D4A0 | 3C2 | 4A2A0 | 1E0026004F0062006A006500630074002E002E002E000A004300720065006100740065002000610020006E00650077002000 | ..&.O.b.j.e.c.t.........C.r.e.a.t.e. .a. .n.e.w. . |
| \STRING\16\1033 | 4D864 | A2 | 4A664 | 0000000000000000000000000000000000001D00260043006F006E007400610069006E0065007200200074006F0020006D00 | ....................&.C.o.n.t.a.i.n.e.r. .t.o. .m. |
| \STRING\17\1033 | 4D908 | 2C | 4A708 | 0600260043006C00650061007200000000000000000000000000000000000000000000000000000000000000 | ..&.C.l.e.a.r............................... |
| \STRING\32\1033 | 4D934 | 282 | 4A734 | 00000000000000001400570065006C0063006F006D006500200074006F002000410044005300490020004500640069007400 | ..........W.e.l.c.o.m.e. .t.o. .A.D.S.I. .E.d.i.t. |
| \STRING\38\1033 | 4DBB8 | 10A | 4A9B8 | 000000000000000000000000000000001200440069007300740069006E00670075006900730068006500640020004E006100 | ..................D.i.s.t.i.n.g.u.i.s.h.e.d. .N.a. |
| \STRING\39\1033 | 4DCC4 | 190 | 4AAC4 | 070049006E00740065006700650072000C004F006300740065007400200053007400720069006E0067000E00550054004300 | ..I.n.t.e.g.e.r...O.c.t.e.t. .S.t.r.i.n.g...U.T.C. |
| \STRING\313\1033 | 4DE54 | 130 | 4AC54 | 000000000000000000000000000000000F0041007400740072006900620075007400650045006400690074006F0072000900 | ..................A.t.t.r.i.b.u.t.e.E.d.i.t.o.r... |
| \STRING\315\1033 | 4DF84 | 2C | 4AD84 | 00000600530079006E0074006100780000000000000000000000000000000000000000000000000000000000 | ....S.y.n.t.a.x............................. |
| \STRING\376\1033 | 4DFB0 | 6A | 4ADB0 | 09004100740074007200690062007500740065000B005300650074002F004E006F0074002000530065007400050056006100 | ..A.t.t.r.i.b.u.t.e...S.e.t./.N.o.t. .S.e.t...V.a. |
| \STRING\379\1033 | 4E01C | B0 | 4AE1C | 000000000B00480065007800610064006500630069006D0061006C00070044006500630069006D0061006C00060042006900 | ......H.e.x.a.d.e.c.i.m.a.l...D.e.c.i.m.a.l...B.i. |
| \STRING\380\1033 | 4E0CC | E6 | 4AECC | 0000000000000000000000002900570069006E0064006F007700730020006600610069006C0065006400200074006F002000 | ............).W.i.n.d.o.w.s. .f.a.i.l.e.d. .t.o. . |
| \STRING\692\1033 | 4E1B4 | 3AC | 4AFB4 | 990049006E00760061006C0069006400200066006F0072006D00610074002E002000200041006E0020006F00630074006100 | ..I.n.v.a.l.i.d. .f.o.r.m.a.t... . .A.n. .o.c.t.a. |
| \STRING\694\1033 | 4E560 | 47C | 4B360 | 0000000000000000000000000000000000000000000000003B00570069006E0064006F007700730020006600610069006C00 | ........................;.W.i.n.d.o.w.s. .f.a.i.l. |
| \STRING\695\1033 | 4E9DC | 26C | 4B7DC | 3C00570069006E0064006F0077007300200063006F0075006C00640020006E006F00740020006C006F006100640020007400 | <.W.i.n.d.o.w.s. .c.o.u.l.d. .n.o.t. .l.o.a.d. .t. |
| \STRING\2687\1033 | 4EC48 | 58C | 4BA48 | 000000000000000000005500540068006900730020007200650073006F00750072006300650020007200650063006F007200 | ..........U.T.h.i.s. .r.e.s.o.u.r.c.e. .r.e.c.o.r. |
| \STRING\2688\1033 | 4F1D4 | 4AE | 4BFD4 | 000000004D004F006E00650020006F00720020006D006F007200650020006F00660020007400680065002000760061006C00 | ....M.O.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .v.a.l. |
| \GROUP_ICON\105\1033 | 4F684 | 22 | 4C484 | 00000100020010101000010004002801000001002020100001000400E80200000200 | ..............(..... ............ |
| \VERSION\1\1033 | 4F6A8 | 378 | 4C4A8 | 780334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | x.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\2\1033 | 4FA20 | 2E1 | 4C820 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • adsiedit.dll • w2rksupp.chm • \help\adsiedit.hlp • %s\peek587.dat • w2rksupp.chm::/topics/adsiedit.htm • Kernel32.dll • aclui.dll • Comctl32.dll • AComctl32.dll • 2.5.5.16 • 2.5.5.15 • 2.5.5.14 • 2.5.5.13 • 2.5.5.12 • 2.5.5.11 • 2.5.5.10 • 2.5.5.9 • 2.5.5.8 • 2.5.5.7 • 2.5.5.6 • 2.5.5.5 • 2.5.5.4 • 2.5.5.3 • 2.5.5.2 • 2.5.5.1 • 2.5.5.0 • activeds.dll • kernel32.dll • Ccomctl32.dll • ADSIEdit.pdb • MFC42u.DLL • msvcrt.dll • OLEAUT32.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 9CD2 | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| 9D07 | 40107C | .text | CALL [static] | Indirect call to absolute memory address |
| 9D2D | 401600 | .text | CALL [static] | Indirect call to absolute memory address |
| 9D40 | 401018 | .text | CALL [static] | Indirect call to absolute memory address |
| 9D72 | 401014 | .text | CALL [static] | Indirect call to absolute memory address |
| 9DB3 | 401040 | .text | CALL [static] | Indirect call to absolute memory address |
| 9DEC | 401050 | .text | CALL [static] | Indirect call to absolute memory address |
| 9E48 | 40118C | .text | CALL [static] | Indirect call to absolute memory address |
| 9E61 | 40104C | .text | CALL [static] | Indirect call to absolute memory address |
| 9E78 | 4011A8 | .text | CALL [static] | Indirect call to absolute memory address |
| 9E86 | 40119C | .text | CALL [static] | Indirect call to absolute memory address |
| 9ED4 | 401728 | .text | CALL [static] | Indirect call to absolute memory address |
| A03B | 401034 | .text | CALL [static] | Indirect call to absolute memory address |
| A05F | 401038 | .text | CALL [static] | Indirect call to absolute memory address |
| A09E | 40171C | .text | CALL [static] | Indirect call to absolute memory address |
| A0BB | 401720 | .text | CALL [static] | Indirect call to absolute memory address |
| A0F0 | 401724 | .text | CALL [static] | Indirect call to absolute memory address |
| A10A | 40101C | .text | CALL [static] | Indirect call to absolute memory address |
| A11D | 401044 | .text | CALL [static] | Indirect call to absolute memory address |
| A12A | 401048 | .text | CALL [static] | Indirect call to absolute memory address |
| A147 | 401044 | .text | CALL [static] | Indirect call to absolute memory address |
| A154 | 401048 | .text | CALL [static] | Indirect call to absolute memory address |
| A15B | 401724 | .text | CALL [static] | Indirect call to absolute memory address |
| A1AE | 401034 | .text | CALL [static] | Indirect call to absolute memory address |
| A1CB | 401024 | .text | CALL [static] | Indirect call to absolute memory address |
| A228 | 40102C | .text | CALL [static] | Indirect call to absolute memory address |
| A237 | 4015D8 | .text | CALL [static] | Indirect call to absolute memory address |
| A240 | 401030 | .text | CALL [static] | Indirect call to absolute memory address |
| A24A | 401048 | .text | CALL [static] | Indirect call to absolute memory address |
| A2C0 | 401184 | .text | CALL [static] | Indirect call to absolute memory address |
| A2E2 | 401188 | .text | CALL [static] | Indirect call to absolute memory address |
| A2F7 | 401700 | .text | CALL [static] | Indirect call to absolute memory address |
| A306 | 401704 | .text | CALL [static] | Indirect call to absolute memory address |
| A329 | 401710 | .text | CALL [static] | Indirect call to absolute memory address |
| A360 | 4015C4 | .text | CALL [static] | Indirect call to absolute memory address |
| A375 | 40171C | .text | CALL [static] | Indirect call to absolute memory address |
| A390 | 401718 | .text | CALL [static] | Indirect call to absolute memory address |
| A3A5 | 4015D8 | .text | CALL [static] | Indirect call to absolute memory address |
| A3C7 | 4015C8 | .text | CALL [static] | Indirect call to absolute memory address |
| A3CE | 401720 | .text | CALL [static] | Indirect call to absolute memory address |
| A3D5 | 401724 | .text | CALL [static] | Indirect call to absolute memory address |
| A41A | 4015CC | .text | CALL [static] | Indirect call to absolute memory address |
| A438 | 4015D0 | .text | CALL [static] | Indirect call to absolute memory address |
| A4A0 | 401064 | .text | CALL [static] | Indirect call to absolute memory address |
| A4D4 | 40105C | .text | CALL [static] | Indirect call to absolute memory address |
| A5C7 | 401080 | .text | CALL [static] | Indirect call to absolute memory address |
| A636 | 401060 | .text | CALL [static] | Indirect call to absolute memory address |
| A7AC | 40119C | .text | CALL [static] | Indirect call to absolute memory address |
| A7ED | 40119C | .text | CALL [static] | Indirect call to absolute memory address |
| A99A | 401054 | .text | CALL [static] | Indirect call to absolute memory address |
| A9EA | 401728 | .text | CALL [static] | Indirect call to absolute memory address |
| A9F5 | 4016F8 | .text | CALL [static] | Indirect call to absolute memory address |
| AA02 | 4016FC | .text | CALL [static] | Indirect call to absolute memory address |
| AB10 | 40119C | .text | CALL [static] | Indirect call to absolute memory address |
| AB4E | 40174C | .text | CALL [static] | Indirect call to absolute memory address |
| ABD5 | 401188 | .text | CALL [static] | Indirect call to absolute memory address |
| AC4E | 401750 | .text | CALL [static] | Indirect call to absolute memory address |
| AC9E | 401758 | .text | CALL [static] | Indirect call to absolute memory address |
| B000 | 401748 | .text | CALL [static] | Indirect call to absolute memory address |
| B143 | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| B14B | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B167 | 401078 | .text | CALL [static] | Indirect call to absolute memory address |
| B198 | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| B1B9 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B1D8 | 401078 | .text | CALL [static] | Indirect call to absolute memory address |
| B1F6 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B254 | 401078 | .text | CALL [static] | Indirect call to absolute memory address |
| B276 | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| B297 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B2B6 | 401078 | .text | CALL [static] | Indirect call to absolute memory address |
| B304 | 401078 | .text | CALL [static] | Indirect call to absolute memory address |
| B374 | 401078 | .text | CALL [static] | Indirect call to absolute memory address |
| B3AE | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| B3C2 | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| B3D5 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B406 | 401078 | .text | CALL [static] | Indirect call to absolute memory address |
| B427 | 401078 | .text | CALL [static] | Indirect call to absolute memory address |
| B484 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B599 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B5C8 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B60B | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| B621 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B650 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B693 | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| B6A7 | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| B6FF | 401078 | .text | CALL [static] | Indirect call to absolute memory address |
| B723 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| B814 | 4016F8 | .text | CALL [static] | Indirect call to absolute memory address |
| B821 | 4016FC | .text | CALL [static] | Indirect call to absolute memory address |
| B87D | 401728 | .text | CALL [static] | Indirect call to absolute memory address |
| B8F4 | 4016F4 | .text | CALL [static] | Indirect call to absolute memory address |
| BCFF | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| BD13 | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| BD26 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| BDB1 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| BE44 | 401078 | .text | CALL [static] | Indirect call to absolute memory address |
| BE89 | 401190 | .text | CALL [static] | Indirect call to absolute memory address |
| C079 | 4016F0 | .text | CALL [static] | Indirect call to absolute memory address |
| C09B | 4010A4 | .text | CALL [static] | Indirect call to absolute memory address |
| C0BF | 401690 | .text | CALL [static] | Indirect call to absolute memory address |
| 52E00 | N/A | *Overlay* | DB833AB6C608092B64C30F758D03E9E9 | ..:....+d..u.... |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 167659 | 49,3882% |
| Null Byte Code | 86606 | 25,512% |
© 2026 All rights reserved.