PREMIUM PESCAN.IO - Analysis Report |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 319,00 KB SHA-256 Hash: 3D3BAF5CEF394A0A04AFDB180133E1BC843D63B1173BE1E53F4B7F630D311BD8 SHA-1 Hash: 260ECC663AAAEC05F756D918BF4E2CB53E16B6A6 MD5 Hash: 27623783271C5081889FFFD34A35EF89 Imphash: 733C634382DEAB64142C34FD392D09E1 MajorOSVersion: 5 MinorOSVersion: 1 CheckSum: 00051346 EntryPoint (rva): 22280 SizeOfHeaders: 400 SizeOfImage: 57000 ImageBase: 10000000 Architecture: x86 ExportTable: 46ED0 ImportTable: 45464 Characteristics: 2102 TimeDateStamp: 66851BCF Date: 03/07/2024 9:37:19 File Type: DLL Number Of Sections: 5 ASLR: Enabled Section Names: .text, .rdata, .data, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 38200 | 1000 | 39000 |
|
|
| .rdata | 0xC0000040 Initialized Data Readable Writeable |
38600 | D000 | 3A000 | D000 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
45600 | 7400 | 47000 | B000 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
4CA00 | 400 | 52000 | 1000 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
4CE00 | 2E00 | 53000 | 4000 |
|
|
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 21680 Code -> 8BFF558BEC837D0C017505E89DBA0000FF75088B4D108B550CE8ECFEFFFF595DC20C008BFF558BEC83EC208B450856576A08 Assembler |MOV EDI, EDI |PUSH EBP |MOV EBP, ESP |CMP DWORD PTR [EBP + 0XC], 1 |JNE 0X1010 |CALL 0XCAAD |PUSH DWORD PTR [EBP + 8] |MOV ECX, DWORD PTR [EBP + 0X10] |MOV EDX, DWORD PTR [EBP + 0XC] |CALL 0XF0A |POP ECX |POP EBP |RET 0XC |MOV EDI, EDI |PUSH EBP |MOV EBP, ESP |SUB ESP, 0X20 |MOV EAX, DWORD PTR [EBP + 8] |PUSH ESI |PUSH EDI |PUSH 8 |
| Signatures |
| CheckSum Integrity Problem: • Header: 332614 • Calculated: 384912 Rich Signature Analyzer: Code -> 050F7FC4416E1197416E1197416E1197933C8D97436E119748169597406E11972E188F975B6E11972E18BB97F96E1197481682975E6E1197416E10976E6F119748169297476E11972E18BA97066E11972E18BE97556E11972E188A97406E11972E188C97406E119752696368416E1197 Footprint md5 Hash -> B94DA293E275D65047D11F571FC50E75 • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Detect It Easy (die) • PE: compiler: EP:Microsoft Visual C/C++(2008-2010)[DLL32] • PE: compiler: Microsoft Visual C/C++(2010)[libcmt] • PE: linker: Microsoft Linker(10.0)[-] • Entropy: 6.23338 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| Ws2_32.DLL | connect | Possible Call API By Name | Establish a connection to a specified socket. |
| KERNEL32.DLL | CreateMutexW | Create a named or unnamed mutex object for controlling access to a shared resource. |
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | CreateToolhelp32Snapshot | Creates a snapshot of the specified processes, heaps, threads, and modules. |
| KERNEL32.DLL | CreateRemoteThread | Creates a thread in the address space of another process. |
| KERNEL32.DLL | WriteProcessMemory | Writes data to an area of memory in a specified process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| Ws2_32.DLL | connect | Establish a connection to a specified socket. |
| ET Functions (carving) |
| Original Name -> .dll run |
| Windows REG (UNICODE) |
| SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run SOFTWARE\Microsoft\Windows\CurrentVersion\Run Software\Tencent\Plugin\VAS SOFTWARE\Microsoft\Windows NT\CurrentVersion Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
| File Access |
| Windows\System32\svchost.exe Windows\SysWOW64\svchost.exe \ProgramData\010EditorSg.exe 010EditorSg.exe IMAGENAME eq 010EditorSg.exe .dll RstrtMgr.DLL WININET.dll DINPUT8.dll PSAPI.DLL dxgi.dll gdiplus.dll WINMM.dll SHLWAPI.dll WS2_32.dll OLEAUT32.dll ole32.dll SHELL32.dll ADVAPI32.dll GDI32.dll USER32.dll KERNEL32.dll NtDll.dll .dat Temp |
| File Access (UNICODE) |
| 360Safe.exe 360Tray.exe 360tray.exe kxetray.exe QQPCTray.exe HipsTray.exe UnThreat.exe K7TSecurity.exe ad-watch.exe PSafeSysTray.exe vsserv.exe remupd.exe hQrtvscan.exe \~OashDisp.exe avcenter.exe TMBMSRV.exe knsdtray.exe TaUegui.exe Mcshield.exe avpui.exe avp.exe f-secure.exe avgwdsvc.exe V3Svc.exe acs.exe SPIDer.exe cfp.exe mssecess.exe QUHLPSVC.EXE RavMonD.exe XKvMonXP.exe BaiduSd.exe HipsDaemon.exe HipsMain.exe QQRepair.exe QQPCRealTimeSpeedup.exe QQPCPatch.exe QMPersonalCenter.exe QMDL.exe QQPCRTP.exe kxescore.exe kwsprotect64.exe kscan.exe KSafeTray.exe 360sd.exe ZhuDongFangYu.exe 2345SafeTray.exe cmd.exe kernel32.dll wininet.dll ntdll.dll GetNativeSystemInfokernel32.dll GetLastActivePopupGetActiveWindowMessageBoxWUSER32.DLL KERNEL32.DLL CorExitProcessmscoree.dll bad allocationSetThreadStackGuaranteekernel32.dll \2.dat \1.dat \3.dat \DisplaySessionContainers.log Temp |
| Interest's Words |
| lockbit PADDINGX exec tasklist attrib start shutdown systeminfo ping expand |
| Interest's Words (UNICODE) |
| exec shutdown at.exe |
| Anti-VM/Sandbox/Debug Tricks (UNICODE) |
| LabTools - wireshark |
| URLs |
| https://api.ipify.org |
| AV Services (UNICODE) |
| avp.exe - (Kaspersky AntiVirus) vsserv.exe - (BitDefender) avgwdsvc.exe - (AVG Watchdog) egui.exe - (ESET) ad-watch.exe - (Ad-Aware) avcenter.exe - (Avira) ashdisp.exe - (Avast) tmbmsrv.exe - (Trend Micro) 360safe.exe 360tray.exe 360sd.exe zhudongfangyu.exe qqpcrtp.exe baidusd.exe ravmond.exe kvmonxp.exe kxetray.exe |
| IP Addresses |
| 127.0.0.1 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Unicode | WinAPI Sockets (connect) |
| Text | Ascii | WinAPI Sockets (recv) |
| Text | Ascii | WinAPI Sockets (send) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Anti-Analysis VM (GlobalMemoryStatusEx) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Anti-Analysis VM (CreateToolhelp32Snapshot) |
| Text | Ascii | Stealth (GetThreadContext) |
| Text | Ascii | Stealth (SetThreadContext) |
| Text | Ascii | Stealth (ExitThread) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (IsBadReadPtr) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Stealth (CreateRemoteThread) |
| Text | Ascii | Execution (CreateProcessA) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (WinExec) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Execution (CreateEventA) |
| Text | Ascii | Execution (CreateEventW) |
| Text | Unicode | Antivirus Software (BitDefender) |
| Text | Unicode | Antivirus Software (F-Secure AV) |
| Text | Unicode | Privileges (SeAssignPrimaryTokenPrivilege) |
| Text | Unicode | Privileges (SeAuditPrivilege) |
| Text | Unicode | Privileges (SeBackupPrivilege) |
| Text | Unicode | Privileges (SeChangeNotifyPrivilege) |
| Text | Unicode | Privileges (SeCreateGlobalPrivilege) |
| Text | Unicode | Privileges (SeCreatePagefilePrivilege) |
| Text | Unicode | Privileges (SeCreatePermanentPrivilege) |
| Text | Unicode | Privileges (SeCreateSymbolicLinkPrivilege) |
| Text | Unicode | Privileges (SeCreateTokenPrivilege) |
| Text | Unicode | Privileges (SeDebugPrivilege) |
| Text | Unicode | Privileges (SeEnableDelegationPrivilege) |
| Text | Unicode | Privileges (SeImpersonatePrivilege) |
| Text | Unicode | Privileges (SeIncreaseBasePriorityPrivilege) |
| Text | Unicode | Privileges (SeIncreaseQuotaPrivilege) |
| Text | Unicode | Privileges (SeIncreaseWorkingSetPrivilege) |
| Text | Unicode | Privileges (SeLoadDriverPrivilege) |
| Text | Unicode | Privileges (SeLockMemoryPrivilege) |
| Text | Unicode | Privileges (SeMachineAccountPrivilege) |
| Text | Unicode | Privileges (SeManageVolumePrivilege) |
| Text | Unicode | Privileges (SeProfileSingleProcessPrivilege) |
| Text | Unicode | Privileges (SeRelabelPrivilege) |
| Text | Unicode | Privileges (SeRemoteShutdownPrivilege) |
| Text | Unicode | Privileges (SeRestorePrivilege) |
| Text | Unicode | Privileges (SeSecurityPrivilege) |
| Text | Unicode | Privileges (SeShutdownPrivilege) |
| Text | Unicode | Privileges (SeSyncAgentPrivilege) |
| Text | Unicode | Privileges (SeSystemEnvironmentPrivilege) |
| Text | Unicode | Privileges (SeSystemProfilePrivilege) |
| Text | Unicode | Privileges (SeSystemtimePrivilege) |
| Text | Unicode | Privileges (SeTakeOwnershipPrivilege) |
| Text | Unicode | Privileges (SeTcbPrivilege) |
| Text | Unicode | Privileges (SeTimeZonePrivilege) |
| Text | Unicode | Privileges (SeTrustedCredManAccessPrivilege) |
| Text | Unicode | Privileges (SeUndockPrivilege) |
| Text | Unicode | Privileges (SeUnsolicitedInputPrivilege) |
| Text | Unicode | Keyboard Key ([F1]) |
| Text | Unicode | Keyboard Key ([F2]) |
| Text | Unicode | Keyboard Key ([F3]) |
| Text | Unicode | Keyboard Key ([F4]) |
| Text | Unicode | Keyboard Key ([F5]) |
| Text | Unicode | Keyboard Key ([F6]) |
| Text | Unicode | Keyboard Key ([F7]) |
| Text | Unicode | Keyboard Key ([F8]) |
| Text | Unicode | Keyboard Key ([F9]) |
| Text | Unicode | Keyboard Key ([F10]) |
| Text | Unicode | Keyboard Key ([F11]) |
| Text | Unicode | Keyboard Key ([F12]) |
| Text | Ascii | Stealer malware focused on obtaining CVV codes to conduct unauthorized transactions (CVV) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | PE Pack v1.0 |
| Entry Point | Hex Pattern | VC8 - Microsoft Corporation |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \24\2\1033 | 52058 | 15A | 4CA58 | 3C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" |
| Intelligent String |
| • Windows\System32\svchost.exe • Windows\SysWOW64\svchost.exe • C:\ProgramData\ntX[.vbs • HipsTray.exe • kxetray.exe • 360Tray.exe • 360tray.exe • QQPCTray.exe • mscoree.dll • KERNEL32.DLL • \DisplaySessionContainers.log • runas • cmd.exe • 2345SafeTray.exe • tasklist /FI "IMAGENAME eq 010EditorSg.exe" 2>NUL | find /I /N "010EditorSg.exe" >NUL • start "" /B cmd /C C:\ProgramData\010EditorSg.exe • ping -n 31 127.0.0.1 >NUL • .\*.bin • C:\ProgramData • c:\3.dat • %s\%d.bak • https://api.ipify.org • 360Safe.exe • ZhuDongFangYu.exe • 360sd.exe • KSafeTray.exe • kscan.exe • kwsprotect64.exe • kxescore.exe • QQPCRTP.exe • QMDL.exe • QMPersonalCenter.exe • QQPCPatch.exe • QQPCRealTimeSpeedup.exe • QQRepair.exe • HipsMain.exe • HipsDaemon.exe • BaiduSd.exe • KvMonXP.exe • RavMonD.exe • QUHLPSVC.EXE • mssecess.exe • cfp.exe • SPIDer.exe • DR.WEB • acs.exe • V3Svc.exe • AYAgent.aye • avgwdsvc.exe • f-secure.exe • avp.exe • avpui.exe • Mcshield.exe • egui.exe • knsdtray.exe • TMBMSRV.exe • avcenter.exe • ashDisp.exe • rtvscan.exe • remupd.exe • vsserv.exe • PSafeSysTray.exe • ad-watch.exe • K7TSecurity.exe • UnThreat.exe • ntdll.dll • OpenProcessKernel32.dll • ExitProcessKernel32.dll • WinExecKernel32.dll • wininet.dll • kernel32.dll • c:\1.dat • c:\2.dat • USER32.dll • ADVAPI32.dll • gdiplus.dll • PSAPI.DLL |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 477 | 1003A25C | .text | CALL [static] | Indirect call to absolute memory address |
| 5BB | 1003A2FC | .text | CALL [static] | Indirect call to absolute memory address |
| 5F9 | 1003A25C | .text | CALL [static] | Indirect call to absolute memory address |
| 68E | 1003A2FC | .text | CALL [static] | Indirect call to absolute memory address |
| 6C3 | 1003A25C | .text | CALL [static] | Indirect call to absolute memory address |
| 7B7 | 1003A29C | .text | CALL [static] | Indirect call to absolute memory address |
| 7C5 | 1003A2A8 | .text | CALL [static] | Indirect call to absolute memory address |
| 820 | 1003A298 | .text | CALL [static] | Indirect call to absolute memory address |
| 85C | 1003A284 | .text | CALL [static] | Indirect call to absolute memory address |
| 86E | 1003A288 | .text | CALL [static] | Indirect call to absolute memory address |
| 880 | 1003A290 | .text | CALL [static] | Indirect call to absolute memory address |
| 89A | 1003A2AC | .text | CALL [static] | Indirect call to absolute memory address |
| 8B6 | 1003A2A0 | .text | CALL [static] | Indirect call to absolute memory address |
| 8D8 | 1003A294 | .text | CALL [static] | Indirect call to absolute memory address |
| 8F0 | 1003A28C | .text | CALL [static] | Indirect call to absolute memory address |
| 1208 | 1004FC38 | .text | CALL [static] | Indirect call to absolute memory address |
| 122B | 1004FC3C | .text | CALL [static] | Indirect call to absolute memory address |
| 32F1 | 1003A274 | .text | CALL [static] | Indirect call to absolute memory address |
| 3321 | 1003A268 | .text | CALL [static] | Indirect call to absolute memory address |
| 33CD | 1003A26C | .text | CALL [static] | Indirect call to absolute memory address |
| 33DB | 1003A270 | .text | CALL [static] | Indirect call to absolute memory address |
| 3553 | 1003A260 | .text | CALL [static] | Indirect call to absolute memory address |
| 35BB | 1003A29C | .text | CALL [static] | Indirect call to absolute memory address |
| 361C | 1003A3E0 | .text | CALL [static] | Indirect call to absolute memory address |
| 3646 | 1003A398 | .text | CALL [static] | Indirect call to absolute memory address |
| 3666 | 1003A394 | .text | CALL [static] | Indirect call to absolute memory address |
| 3670 | 1003A3B8 | .text | CALL [static] | Indirect call to absolute memory address |
| 3693 | 1003A3E0 | .text | CALL [static] | Indirect call to absolute memory address |
| 36E5 | 1003A390 | .text | CALL [static] | Indirect call to absolute memory address |
| 3750 | 1003A258 | .text | CALL [static] | Indirect call to absolute memory address |
| 37AA | 1003A264 | .text | CALL [static] | Indirect call to absolute memory address |
| 37C3 | 1003A248 | .text | CALL [static] | Indirect call to absolute memory address |
| 37F0 | 1003A264 | .text | CALL [static] | Indirect call to absolute memory address |
| 38E9 | 1003A408 | .text | CALL [static] | Indirect call to absolute memory address |
| 38F7 | 1003A240 | .text | CALL [static] | Indirect call to absolute memory address |
| 3912 | 1003A248 | .text | CALL [static] | Indirect call to absolute memory address |
| 3999 | 1003A3FC | .text | CALL [static] | Indirect call to absolute memory address |
| 39A5 | 1003A23C | .text | CALL [static] | Indirect call to absolute memory address |
| 39B4 | 1003A248 | .text | CALL [static] | Indirect call to absolute memory address |
| 39C0 | 1003A3EC | .text | CALL [static] | Indirect call to absolute memory address |
| 39CC | 1003A27C | .text | CALL [static] | Indirect call to absolute memory address |
| 3A06 | 1003A244 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A15 | 1003A248 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A1B | 1003A3E0 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A59 | 1003A3F0 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A84 | 1003A24C | .text | CALL [static] | Indirect call to absolute memory address |
| 3A92 | 1003A254 | .text | CALL [static] | Indirect call to absolute memory address |
| 3ABC | 1003A24C | .text | CALL [static] | Indirect call to absolute memory address |
| 3ACA | 1003A254 | .text | CALL [static] | Indirect call to absolute memory address |
| 3ADC | 1003A3E8 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B0A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B12 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B1A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B22 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B2A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B32 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B3A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B42 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B4A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B52 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B5A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B62 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B6A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B72 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B7A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B82 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B8A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B92 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3B9A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3BA2 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3BAB | 1003A400 | .text | CALL [static] | Indirect call to absolute memory address |
| 3BCE | 1003A40C | .text | CALL [static] | Indirect call to absolute memory address |
| 3BFD | 1003A3FC | .text | CALL [static] | Indirect call to absolute memory address |
| 3C20 | 1003A3FC | .text | CALL [static] | Indirect call to absolute memory address |
| 3C43 | 1003A3FC | .text | CALL [static] | Indirect call to absolute memory address |
| 3C63 | 1003A3FC | .text | CALL [static] | Indirect call to absolute memory address |
| 3C9F | 1003A410 | .text | CALL [static] | Indirect call to absolute memory address |
| 3CAE | 1003A248 | .text | CALL [static] | Indirect call to absolute memory address |
| 3E15 | 1003A404 | .text | CALL [static] | Indirect call to absolute memory address |
| 3E52 | 1003A3F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 3F29 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 3F48 | 1003A3E0 | .text | CALL [static] | Indirect call to absolute memory address |
| 4090 | 1003A438 | .text | CALL [static] | Indirect call to absolute memory address |
| 40ED | 1003A438 | .text | CALL [static] | Indirect call to absolute memory address |
| 414C | 1003A280 | .text | CALL [static] | Indirect call to absolute memory address |
| 4157 | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 4166 | 1003A248 | .text | CALL [static] | Indirect call to absolute memory address |
| 4174 | 1003A280 | .text | CALL [static] | Indirect call to absolute memory address |
| 4182 | 1003A280 | .text | CALL [static] | Indirect call to absolute memory address |
| 419A | 1003A278 | .text | CALL [static] | Indirect call to absolute memory address |
| 4292 | 1003A3E0 | .text | CALL [static] | Indirect call to absolute memory address |
| 4379 | 1003A238 | .text | CALL [static] | Indirect call to absolute memory address |
| 4394 | 1003A26C | .text | CALL [static] | Indirect call to absolute memory address |
| 4402 | 1003A408 | .text | CALL [static] | Indirect call to absolute memory address |
| 4434 | 1003A3F8 | .text | CALL [static] | Indirect call to absolute memory address |
| 45BA | 1003A244 | .text | CALL [static] | Indirect call to absolute memory address |
| 45CE | 1003A27C | .text | CALL [static] | Indirect call to absolute memory address |
| 4711 | 1003A3FC | .text | CALL [static] | Indirect call to absolute memory address |
| 4734 | 1003A3FC | .text | CALL [static] | Indirect call to absolute memory address |
| 47A2 | 1003A430 | .text | CALL [static] | Indirect call to absolute memory address |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 180603 | 55,2884% |
| Null Byte Code | 66113 | 20,2393% |
© 2026 All rights reserved.