PESCAN.IO — Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Executable header (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 1,79 MB
SHA-256 Hash: 52C174DB8FE85141CF1B7E4ED6B4B20AD0EA37BCA75887306257EFBE1DCB9820
SHA-1 Hash: 7C22ABFE2233A354B6AB686BD60EB5B6804A503D
MD5 Hash: 2B0E395E756B44AFF40710E2B00F47E5
Imphash: E7975B0D4EFA966CB8F4C8A08ED22919
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 5B764
SizeOfHeaders: 400
SizeOfImage: 1D4000
ImageBase: 400000
Architecture: x86
ImportTable: 62000
IAT: 626D0
Characteristics: 818E
TimeDateStamp: 2A425E19
Date: 19/06/1992 22:22:17
File Type: EXE
Number Of Sections: 9
ASLR: Disabled
Section Names: .text, .itext, .data, .bss, .idata, .tls, .rdata, .reloc, .rsrc
Number Of Executable Sections: 2
Subsystem: Windows GUI

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	60000020 (Code, Executable, Readable)	400	59E00	1000	59C48	6,5223	2692943,25
.itext	60000020 (Code, Executable, Readable)	5A200	800	5B000	7AC	6,1253	19308,75
.data	C0000040 (Initialized Data, Readable, Writeable)	5AA00	1E00	5C000	1C14	3,7795	653234,93
.bss	C0000000 (Readable, Writeable)	5C800	0	5E000	367C	N/A	N/A
.idata	C0000040 (Initialized Data, Readable, Writeable)	5C800	2600	62000	24AC	5,0650	215214,21
.tls	C0000000 (Readable, Writeable)	5EE00	0	65000	34	N/A	N/A
.rdata	40000040 (Initialized Data, Readable)	5EE00	200	66000	18	0,2108	124998,00
.reloc	42000040 (Initialized Data, GP-Relative, Readable)	5F000	6600	67000	6570	6,6761	100446,37
.rsrc	40000040 (Initialized Data, Readable)	65600	165800	6E000	165800	7,7332	1245015,79

Entry Point

The section number (2) - (.itext) have the Entry Point
Information -> EntryPoint (calculated) - 5A964
Code -> 558BEC83C4F0B818AA4500E874ADFAFF90A190DA45008B00E8678DFFFF8B0D0CD94500A190DA45008B008B15A8A64500E867
• PUSH EBP
• MOV EBP, ESP
• ADD ESP, -0X10
• MOV EAX, 0X45AA18
• CALL 0XFFFABD84
• NOP
• MOV EAX, DWORD PTR [0X45DA90]
• MOV EAX, DWORD PTR [EAX]
• CALL 0XFFFF9D84
• MOV ECX, DWORD PTR [0X45D90C]
• MOV EAX, DWORD PTR [0X45DA90]
• MOV EAX, DWORD PTR [EAX]
• MOV EDX, DWORD PTR [0X45A6A8]

Signatures

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Compiler: Borland Delphi 7
Detect It Easy (die)
• PE: compiler: Borland Delphi(2006)[-]
• PE: linker: Turbo Linker(2.25*,Delphi)[-]
• Entropy: 7.64155

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	GetModuleFileNameA	Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL	VirtualAlloc	Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL	GetModuleHandleA	Retrieves a handle to the specified module.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryA	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	CreateFileA	Creates or opens a file or I/O device.
USER32.DLL	CallWindowProcA	Invokes the window procedure for the specified window and messages.

Windows REG

SOFTWARE\Borland\Delphi\RTL
Software\Borland\Locales
Software\Borland\Delphi\Locales
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
System\CurrentControlSet\Control\Keyboard Layouts\%.8x

File Access

comctl32.dll
oleaut32.dll
kernel32.dll
advapi32.dll
version.dll
gdi32.dll
user32.dll
MAPI32.DLL
vcltest3.dll
imm32.dll
uxtheme.dll
.dat
Temp

File Access (UNICODE)

Temp

Interest's Words

PassWord
attrib
start
replace

Interest's Words (UNICODE)

ToolBar
start
expand

URLs

http://www.w3.org/1999/02/22-rdf-syntax-ns
http://ns.adobe.com/xap/1.0/mm/
http://ns.adobe.com/xap/1.0/sType/ResourceRef
http://ns.adobe.com/xap/1.0/

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (GetVersion)
Text	Ascii	Reconnaissance (FindFirstFileA)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Stealth (VirtualAlloc)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Stealth (NtWriteVirtualMemory)
Text	Ascii	Execution (CreateEventA)
Text	Unicode	Keyboard Key (Alt+)
Text	Ascii	Keyboard Key (Scroll)
Text	Ascii	Keyboard Key (UpArrow)
Entry Point	Hex Pattern	BobSoft Mini Delphi - BoB / BobSoft
Entry Point	Hex Pattern	Borland Delphi 4.0
Entry Point	Hex Pattern	Borland Delphi v3.0
Entry Point	Hex Pattern	Microsoft Visual C++ 8
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0 - Debug
Entry Point	Hex Pattern	TrueVision Targa Graphics format

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\CURSOR\1\1033	6EACC	134	660CC	070001002800000020000000400000000100010000000000000200000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\2\1033	6EC00	134	66200	000000002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\3\1033	6ED34	134	66334	000000002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\4\1033	6EE68	134	66468	0E000C002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\5\1033	6EF9C	134	6659C	10000E002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\6\1033	6F0D0	134	666D0	000000002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\CURSOR\7\1033	6F204	134	66804	020002002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF	....(... ...@.....................................
\BITMAP\BBABORT\1033	6F338	1D0	66938	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBALL\1033	6F508	1E4	66B08	28000000240000001300000001000400000000007C0100000000000000000000100000000000000000000000000080000080	(...$...............\|.............................
\BITMAP\BBCANCEL\1033	6F6EC	1D0	66CEC	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBCLOSE\1033	6F8BC	1D0	66EBC	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBHELP\1033	6FA8C	1D0	6708C	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBIGNORE\1033	6FC5C	1D0	6725C	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBNO\1033	6FE2C	1D0	6742C	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBOK\1033	6FFFC	1D0	675FC	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBRETRY\1033	701CC	1D0	677CC	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\BBYES\1033	7039C	1D0	6799C	2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080	(...$...............h.............................
\BITMAP\PREVIEWGLYPH\1033	7056C	E8	67B6C	2800000010000000100000000100040000000000800000000000000000000000000000000000000000000000000080000080	(.................................................
\ICON\50\0	70654	42028	67C54	280000000001000000020000010020000000000000000400C30E0000C30E00000000000000000000EAEBEFFFECEDF0FFEFF1	(............. ...................................
\DIALOG\DLGTEMPLATE\0	B267C	52	A9C7C	44040054000000000100000000003C014C0000000000000008004D0053002000530061006E00730020005300650072006900660000000000000002400000000000000000CC004C005F04FFFF820000000000	D..T..........<.L.........M.S. .S.a.n.s. .S.e.r.i.f........@..........L._.........
\DIALOG\TEXTFILEDLG\0	B26D0	52	A9CD0	44040054000000000100000000003C014C0000000000000008004D0053002000530061006E007300200053006500720069006600000000000000024000000000000000003C0137005F04FFFF820000000000	D..T..........<.L.........M.S. .S.a.n.s. .S.e.r.i.f........@........<.7._.........
\STRING\4083\0	B2724	2C	A9D24	05005500540046002D0037000000000000000000000000000000000000000000000000000000000000000000	..U.T.F.-.7.................................
\STRING\4084\0	B2750	2B4	A9D50	0300440065006C000600530068006900660074002B0005004300740072006C002B00040041006C0074002B00200043006C00	..D.e.l...S.h.i.f.t.+...C.t.r.l.+...A.l.t.+. .C.l.
\STRING\4085\0	B2A04	B4	AA004	0A004E0026006F00200074006F00200041006C006C000B00590065007300200074006F002000260041006C006C0004004200	..N.&.o. .t.o. .A.l.l...Y.e.s. .t.o. .&.A.l.l...B.
\STRING\4086\0	B2AB8	E8	AA0B8	0500410062006F00720074000400260041006C006C001200430061006E006E006F0074002000640072006100670020006100	..A.b.o.r.t...&.A.l.l...C.a.n.n.o.t. .d.r.a.g. .a.
\STRING\4087\0	B2BA0	2A8	AA1A0	2200430061006E006E006F00740020006D0061006B006500200061002000760069007300690062006C006500200077006900	".C.a.n.n.o.t. .m.a.k.e. .a. .v.i.s.i.b.l.e. .w.i.
\STRING\4088\0	B2E48	3E8	AA448	1700490063006F006E00200069006D0061006700650020006900730020006E006F0074002000760061006C00690064002100	..I.c.o.n. .i.m.a.g.e. .i.s. .n.o.t. .v.a.l.i.d.!.
\STRING\4089\0	B3230	370	AA830	18004500720072006F0072002000720065006100640069006E00670020002500730025007300250073003A00200025007300	..E.r.r.o.r. .r.e.a.d.i.n.g. .%.s.%.s.%.s.:. .%.s.
\STRING\4090\0	B35A0	3CC	AABA0	120043006C0061007300730020002500730020006E006F007400200066006F0075006E0064001F004100200063006C006100	..C.l.a.s.s. .%.s. .n.o.t. .f.o.u.n.d...A. .c.l.a.
\STRING\4091\0	B396C	214	AAF6C	03005700650064000300540068007500030046007200690003005300610074000600530075006E0064006100790006004D00	..W.e.d...T.h.u...F.r.i...S.a.t...S.u.n.d.a.y...M.
\STRING\4092\0	B3B80	CC	AB180	030044006500630007004A0061006E00750061007200790008004600650062007200750061007200790005004D0061007200	..D.e.c...J.a.n.u.a.r.y...F.e.b.r.u.a.r.y...M.a.r.
\STRING\4093\0	B3C4C	194	AB24C	10002500730020002800250073002C0020006C0069006E00650020002500640029000E004100620073007400720061006300	..%.s. .(.%.s.,. .l.i.n.e. .%.d.)...A.b.s.t.r.a.c.
\STRING\4094\0	B3DE0	3C4	AB3E0	2900560061007200690061006E00740020006F00720020007300610066006500200061007200720061007900200069006E00	).V.a.r.i.a.n.t. .o.r. .s.a.f.e. .a.r.r.a.y. .i.n.
\STRING\4095\0	B41A4	338	AB7A4	180046006C006F006100740069006E006700200070006F0069006E007400200075006E0064006500720066006C006F007700	..F.l.o.a.t.i.n.g. .p.o.i.n.t. .u.n.d.e.r.f.l.o.w.
\STRING\4096\0	B44DC	294	ABADC	2100270025007300270020006900730020006E006F007400200061002000760061006C0069006400200069006E0074006500	!.'.%.s.'. .i.s. .n.o.t. .a. .v.a.l.i.d. .i.n.t.e.
\RCDATA\DVCLAL\0	B4770	10	ABD70	263D4F38C28237B8F3244203179B3A83	&=O8..7..$B...:.
\RCDATA\OSIK\1033	B4780	11E8E5	ABD80	47494638396190012C01F7FF00EEEEEDD6D6D5D2D2D116161C595959E6E6E5E2E1E13A3A3D1B1B21323235656564555556AA	GIF89a..,................YYY......::=..!225eedUUV.
\RCDATA\PACKAGEINFO\0	1D3068	2E8	1CA668	010010CC0000000045000000012F42546265727300107D545F5F32343333353634550010EA545F5F32343333363734550010	........E..../BTbers..}T__2433564U...T__2433674U..
\RCDATA\T__611321636\0	1D3350	319	1CA950	545046300C545F5F3631313332313633360B5F5F363131333231363336044C65667403CF0003546F70023B0B426F72646572	TPF0.T__611321636.__611321636.Left....Top.;.Border
\GROUP_CURSOR\32761\1033	1D366C	14	1CAC6C	0000020001002000400001000100340100000100	...... .@.....4.....
\GROUP_CURSOR\32762\1033	1D3680	14	1CAC80	0000020001002000400001000100340100000200	...... .@.....4.....
\GROUP_CURSOR\32763\1033	1D3694	14	1CAC94	0000020001002000400001000100340100000300	...... .@.....4.....
\GROUP_CURSOR\32764\1033	1D36A8	14	1CACA8	0000020001002000400001000100340100000400	...... .@.....4.....
\GROUP_CURSOR\32765\1033	1D36BC	14	1CACBC	0000020001002000400001000100340100000500	...... .@.....4.....
\GROUP_CURSOR\32766\1033	1D36D0	14	1CACD0	0000020001002000400001000100340100000600	...... .@.....4.....
\GROUP_CURSOR\32767\1033	1D36E4	14	1CACE4	0000020001002000400001000100340100000700	...... .@.....4.....
\GROUP_ICON\ICON\0	1D36F8	14	1CACF8	0000010001000000000001002000282004003200	............ .( ..2.

Intelligent String

• comctl32.dll
• oleaut32.dll
• kernel32.dll
• .bss
• .tls
• USER32.DLL
• .DCx
• vcltest3.dll
• User32.dll
• MAPI32.DLL
• RegCloseKeyuser32.dll
• CharNextAkernel32.dll
• user32.dll
• gdi32.dll
• version.dll
• CloseHandleadvapi32.dll
• RegCloseKeykernel32.dll
• Sleepoleaut32.dll
• VariantInitcomctl32.dll

Flow Anomalies

Offset	RVA	Section	Description
5F4	462784	.text	JMP [static] \| Indirect jump to absolute memory address
5FC	462780	.text	JMP [static] \| Indirect jump to absolute memory address
604	46277C	.text	JMP [static] \| Indirect jump to absolute memory address
60C	462778	.text	JMP [static] \| Indirect jump to absolute memory address
614	462774	.text	JMP [static] \| Indirect jump to absolute memory address
61C	462700	.text	JMP [static] \| Indirect jump to absolute memory address
624	462770	.text	JMP [static] \| Indirect jump to absolute memory address
62C	46276C	.text	JMP [static] \| Indirect jump to absolute memory address
634	4626FC	.text	JMP [static] \| Indirect jump to absolute memory address
63C	462768	.text	JMP [static] \| Indirect jump to absolute memory address
644	462764	.text	JMP [static] \| Indirect jump to absolute memory address
64C	462760	.text	JMP [static] \| Indirect jump to absolute memory address
654	46275C	.text	JMP [static] \| Indirect jump to absolute memory address
65C	462758	.text	JMP [static] \| Indirect jump to absolute memory address
664	462754	.text	JMP [static] \| Indirect jump to absolute memory address
66C	462750	.text	JMP [static] \| Indirect jump to absolute memory address
674	46274C	.text	JMP [static] \| Indirect jump to absolute memory address
67C	462748	.text	JMP [static] \| Indirect jump to absolute memory address
684	462744	.text	JMP [static] \| Indirect jump to absolute memory address
68C	462740	.text	JMP [static] \| Indirect jump to absolute memory address
694	4626F8	.text	JMP [static] \| Indirect jump to absolute memory address
69C	46273C	.text	JMP [static] \| Indirect jump to absolute memory address
6A4	462738	.text	JMP [static] \| Indirect jump to absolute memory address
6AC	462734	.text	JMP [static] \| Indirect jump to absolute memory address
6B4	4626E8	.text	JMP [static] \| Indirect jump to absolute memory address
6BC	4626E4	.text	JMP [static] \| Indirect jump to absolute memory address
6C4	4626E0	.text	JMP [static] \| Indirect jump to absolute memory address
6CC	462730	.text	JMP [static] \| Indirect jump to absolute memory address
6D4	46272C	.text	JMP [static] \| Indirect jump to absolute memory address
6DC	4626D8	.text	JMP [static] \| Indirect jump to absolute memory address
6E4	4626D4	.text	JMP [static] \| Indirect jump to absolute memory address
6EC	4626D0	.text	JMP [static] \| Indirect jump to absolute memory address
6F4	462728	.text	JMP [static] \| Indirect jump to absolute memory address
6FC	462724	.text	JMP [static] \| Indirect jump to absolute memory address
704	462720	.text	JMP [static] \| Indirect jump to absolute memory address
70C	46271C	.text	JMP [static] \| Indirect jump to absolute memory address
714	462718	.text	JMP [static] \| Indirect jump to absolute memory address
740	462714	.text	JMP [static] \| Indirect jump to absolute memory address
748	462710	.text	JMP [static] \| Indirect jump to absolute memory address
750	46270C	.text	JMP [static] \| Indirect jump to absolute memory address
758	4626F4	.text	JMP [static] \| Indirect jump to absolute memory address
2088	45C72C	.text	CALL [static] \| Indirect call to absolute memory address
20A0	45C720	.text	CALL [static] \| Indirect call to absolute memory address
20BC	45C724	.text	CALL [static] \| Indirect call to absolute memory address
20DD	45C728	.text	CALL [static] \| Indirect call to absolute memory address
20F6	45C724	.text	CALL [static] \| Indirect call to absolute memory address
210F	45C720	.text	CALL [static] \| Indirect call to absolute memory address
21B6	45E008	.text	CALL [static] \| Indirect call to absolute memory address
23FD	45E028	.text	CALL [static] \| Indirect call to absolute memory address
2AC4	4626F0	.text	JMP [static] \| Indirect jump to absolute memory address
2AE1	FF00	.text	JMP [static] \| Indirect jump to absolute memory address
30CC	45E014	.text	CALL [static] \| Indirect call to absolute memory address
30EA	45E014	.text	CALL [static] \| Indirect call to absolute memory address
3102	45E014	.text	CALL [static] \| Indirect call to absolute memory address
3174	45E014	.text	CALL [static] \| Indirect call to absolute memory address
3194	45E014	.text	CALL [static] \| Indirect call to absolute memory address
31B1	45E014	.text	CALL [static] \| Indirect call to absolute memory address
328E	45E018	.text	CALL [static] \| Indirect call to absolute memory address
3299	45E018	.text	JMP [static] \| Indirect jump to absolute memory address
3393	45E010	.text	CALL [static] \| Indirect call to absolute memory address
3416	45E018	.text	CALL [static] \| Indirect call to absolute memory address
3571	45E014	.text	JMP [static] \| Indirect jump to absolute memory address
36F4	45E018	.text	CALL [static] \| Indirect call to absolute memory address
39AB	45E234	.text	CALL [static] \| Indirect call to absolute memory address
3AC8	45E024	.text	CALL [static] \| Indirect call to absolute memory address
4679	45C010	.text	CALL [static] \| Indirect call to absolute memory address
4789	45C018	.text	CALL [static] \| Indirect call to absolute memory address
57BC	462708	.text	JMP [static] \| Indirect jump to absolute memory address
5824	462798	.text	JMP [static] \| Indirect jump to absolute memory address
582C	462794	.text	JMP [static] \| Indirect jump to absolute memory address
5834	462790	.text	JMP [static] \| Indirect jump to absolute memory address
583C	46278C	.text	JMP [static] \| Indirect jump to absolute memory address
5A50	462C00	.text	JMP [static] \| Indirect jump to absolute memory address
5A58	462BFC	.text	JMP [static] \| Indirect jump to absolute memory address
5A60	462BF8	.text	JMP [static] \| Indirect jump to absolute memory address
5A68	462BF4	.text	JMP [static] \| Indirect jump to absolute memory address
5A70	462BEC	.text	JMP [static] \| Indirect jump to absolute memory address
5A78	462BE8	.text	JMP [static] \| Indirect jump to absolute memory address
5A80	462BE4	.text	JMP [static] \| Indirect jump to absolute memory address
5A88	462BE0	.text	JMP [static] \| Indirect jump to absolute memory address
5A90	462BDC	.text	JMP [static] \| Indirect jump to absolute memory address
5A98	462BD8	.text	JMP [static] \| Indirect jump to absolute memory address
5AA0	462BD4	.text	JMP [static] \| Indirect jump to absolute memory address
5AA8	462BD0	.text	JMP [static] \| Indirect jump to absolute memory address
5AB0	462BCC	.text	JMP [static] \| Indirect jump to absolute memory address
5AB8	462BC8	.text	JMP [static] \| Indirect jump to absolute memory address
5AC0	462BC4	.text	JMP [static] \| Indirect jump to absolute memory address
5AC8	462BC0	.text	JMP [static] \| Indirect jump to absolute memory address
5AD0	462BBC	.text	JMP [static] \| Indirect jump to absolute memory address
5AD8	462BB8	.text	JMP [static] \| Indirect jump to absolute memory address
5AE0	462BB4	.text	JMP [static] \| Indirect jump to absolute memory address
5AE8	462BB0	.text	JMP [static] \| Indirect jump to absolute memory address
5AF0	462BAC	.text	JMP [static] \| Indirect jump to absolute memory address
5AF8	462BA8	.text	JMP [static] \| Indirect jump to absolute memory address
5B00	462BA4	.text	JMP [static] \| Indirect jump to absolute memory address
5B08	462BA0	.text	JMP [static] \| Indirect jump to absolute memory address
5B10	462B9C	.text	JMP [static] \| Indirect jump to absolute memory address
5B18	462B98	.text	JMP [static] \| Indirect jump to absolute memory address
5B20	462B94	.text	JMP [static] \| Indirect jump to absolute memory address
5B28	462B90	.text	JMP [static] \| Indirect jump to absolute memory address
1C79D7-1C7A16	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 32
1C837F-1C83AE	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 24
1C88FB-1C8926	N/A	.rsrc	Potential obfuscated jump sequence detected, count: 22

Extra Analysis

Metric	Value	Percentage
Ascii Code	1218714	64,8407%
Null Byte Code	82501	4,3894%
NOP Cave Found	0x9090909090	Block Count: 83 \| Total: 0,011%

PESCAN.IO - Analysis Report Basic