PESCAN.IO — Analysis Report

PESCAN.IO - Analysis Report

File Structure

Information

Icon:

Size: 1,51 MB
SHA-256 Hash: FDAA4E6320BF89854E72716102F28278AADBDFAAC413C559B15DB48ED6A77E09
SHA-1 Hash: 4BAA74DF4F6EB3F4896BEF77D473C426CF7558A0
MD5 Hash: 32DEE17F069C9CE9F5C4952AE39636EF
Imphash: E474CF905ED879AC7F9C20D030CC9B66
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 0018A65E
EntryPoint (rva): 12A0
SizeOfHeaders: 400
SizeOfImage: 18C000
ImageBase: 400000
Architecture: x86
ImportTable: 1F000
IAT: 1F260
Characteristics: 30F
TimeDateStamp: 56B664A6
Date: 06/02/2016 21:24:54
File Type: EXE
Number Of Sections: 9
ASLR: Disabled
Section Names: .text, .data, .rdata, .eh_fram, .bss, .idata, .CRT, .tls, .rsrc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	60500060 (Code, Initialized Data, Executable, Readable)	400	13800	1000	137D0	6,1823	750472,64
.data	C0600040 (Initialized Data, Readable, Writeable)	13C00	600	15000	464	2,6151	184424,67
.rdata	40600040 (Initialized Data, Readable)	14200	2A00	16000	2814	5,4394	221747,57
.eh_fram	40300040 (Initialized Data, Readable)	16C00	400	19000	3F8	4,7322	30671,50
.bss	C0600080 (Uninitialized Data, Readable, Writeable)	0	0	1A000	4B4C	N/A	N/A
.idata	C0300040 (Initialized Data, Readable, Writeable)	17000	E00	1F000	D98	5,2062	65674,00
.CRT	C0300040 (Initialized Data, Readable, Writeable)	17E00	200	20000	1C	0,1701	126001,00
.tls	C0300040 (Initialized Data, Readable, Writeable)	18000	200	21000	20	0,2108	124998,00
.rsrc	C0300040 (Initialized Data, Readable, Writeable)	18200	169400	22000	169230	7,9223	256109,33

Binder/Joiner/Crypter

2 Executable files found

Entry Point

The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 6A0
Code -> 83EC1CC7042402000000FF1598F34100E84BFDFFFF8D7426008DBC2700000000A1C8F34100FFE089F68DBC2700000000A1B8
• SUB ESP, 0X1C
• MOV DWORD PTR [ESP], 2
• CALL DWORD PTR [0X41F398]
• CALL 0XD60
• LEA ESI, [ESI]
• LEA EDI, [EDI]
• MOV EAX, DWORD PTR [0X41F3C8]
• JMP EAX
• MOV ESI, ESI
• LEA EDI, [EDI]

Signatures

CheckSum Integrity Problem:
• Header: 1615454
• Calculated: 1602923
Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Detect It Easy (die)
• PE: compiler: MinGW(GCC: (tlm-2) 4.8.1)[-]
• PE: linker: GNU linker ld (GNU Binutils)(2.23)[-]
• Entropy: 7.89076

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	CreateMutexA	Create a named or unnamed mutex object for controlling access to a shared resource.
KERNEL32.DLL	GetModuleFileNameA	Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL	GetModuleHandleA	Retrieves a handle to the specified module.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	LoadLibraryA	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL	CreateFileA	Creates or opens a file or I/O device.
KERNEL32.DLL	DeleteFileA	Deletes an existing file.
SHELL32.DLL	ShellExecuteA	Performs a run operation on a specific file.
WININET.DLL	InternetConnectA	Opens an File Transfer Protocol (FTP) or HTTP session for a given site.
WININET.DLL	FtpPutFileA	Opens an File Transfer Protocol (FTP) or HTTP session for a given site.

Windows REG

SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Run" /d "%s"$/t REG_SZ /f
Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Run

File Access

5s]NsCruCNminer22.exe
/c start /b %%TEMP%5XsCpuCNMiner32.exe
user32.dll
ADVAPI32.dll
KERNEL32.dll
@WS2_32.dll
SHELL32.DLL
msvcrt.dll
WININET.DLL
lIbgcj-13.dll
hoto.scr
Pjoto.scr
Temp
AppData

Interest's Words

PassWord
exec
start
expand

URLs

http://hrtests.ru/S.php?ver=24&pc=%s&user=%s
httP://%w/test.ht
http://schemas.microsoft.com/SMI/2005/WindowsSettings

PE Carving

Start Offset Header	End Offset	Size (Bytes)
0	2339C	2339C
2339C	181600	15E264

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Execution (ShellExecute)
Text	Ascii	Execution (ResumeThread)
Entry Point	Hex Pattern	Anticrack Software Protector v1.09 (ACProtect)

Resources

Path	DataRVA	Size	FileOffset	Code	Text	PE/Payload
\ICON\1\1033	222B4	668	184B4	2800000030000000600000000100040000000000800400000000000000000000000000000000000000000000000080000080	(...0............................................
\ICON\2\1033	2291C	2E8	18B1C	2800000020000000400000000100040000000000000200000000000000000000000000000000000000000000000080000080	(... ...@.........................................
\ICON\3\1033	22C04	128	18E04	2800000010000000200000000100040000000000800000000000000000000000000000000000000000000000000080000080	(....... .........................................
\ICON\4\1033	22D2C	EA8	18F2C	2800000030000000600000000100080000000000000900000000000000000000000100000001000000000000FFA16300FFB5	(...0........................................c...
\ICON\5\1033	23BD4	8A8	19DD4	28000000200000004000000001000800000000000004000000000000000000000001000000010000000000005ACADF0061CD	(... ...@...................................Z...a.
\ICON\6\1033	2447C	568	1A67C	2800000010000000200000000100080000000000000100000000000000000000000100000001000000000000D3A54900DDB9	(....... .....................................I...
\ICON\7\1033	249E4	4D00	1ABE4	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000200049444154789CEDBD6BAC2DC775	.PNG........IHDR.............\r.f.. .IDATx...k.-.u
\ICON\8\1033	296E4	25A8	1F8E4	2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000	(...0........ ......%............................
\ICON\9\1033	2BC8C	10A8	21E8C	2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\10\1033	2CD34	468	22F34	2880000010000000200800000100200000008000400C00000000000000000004000000000000000000000000000000000000	(....... ..... .....@.............................
\RCDATA\RCDATA1\1033	2D19C	15E000	2339C	4D5A90000300000004000000FFFF000038000000000000004000000000000000000000000000000000000000000000000000	MZ..............8.......@.........................	(Executable found)
\GROUP_ICON\ICON1\1033	18B19C	92	18139C	000001000A0030301000010004006806000001002020100001000400E8020000020010101000010004002801000003003030	......00......h..... ....................(.....00

Intelligent String

• msvcrt.dll
• .tls
• @0@.bss
• .CRT
• .php
• .PHP
• .htl
• .xml
• .XML
• .xht
• .mht
• .asp
• l?%tSR&w09.rnol%s!dSection-o%p p
• .com*3336-t 1 -% 4"n7TTpcpLe8yPPLxgh27xXSBWJnVu9bW8t7GuZXGWt74vryjew2D5UjSSv@BmxNhx8RezfYJv3J7W63bWS8fEgg6tc43yz -p x
• /c start /b %%TEMP%5XsCpuCNMiner32.exe -dbg -1 %sRCDATA05s]NsCruCNminer22.exe
• kpen
• /c reg add$"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Run" /d "%s"$/t REG_SZ /f
• KERNEL32.dll
• SHELL32.DLL
• E:\CryptoNight\bitmonero-master\src\miner\Release\Crypto.pdb
• <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>

Flow Anomalies

Offset	RVA	Section	Description
68A	41F398	.text	CALL [static] \| Indirect call to absolute memory address
6AA	41F398	.text	CALL [static] \| Indirect call to absolute memory address
979	N/A	.text	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
AA2	N/A	.text	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
D35	N/A	.text	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
D68	N/A	.text	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
E18	N/A	.text	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
EDA	N/A	.text	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
F9A	N/A	.text	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
1A50	41F34C	.text	JMP [static] \| Indirect jump to absolute memory address
1A58	41F2B8	.text	JMP [static] \| Indirect jump to absolute memory address
1A60	41F2E8	.text	JMP [static] \| Indirect jump to absolute memory address
1A68	41F2EC	.text	JMP [static] \| Indirect jump to absolute memory address
1A70	41F2E4	.text	JMP [static] \| Indirect jump to absolute memory address
1A78	41F2BC	.text	JMP [static] \| Indirect jump to absolute memory address
1A80	41F2AC	.text	JMP [static] \| Indirect jump to absolute memory address
1A88	41F324	.text	JMP [static] \| Indirect jump to absolute memory address
1A90	41F320	.text	JMP [static] \| Indirect jump to absolute memory address
1A98	41F300	.text	JMP [static] \| Indirect jump to absolute memory address
1AA0	41F354	.text	JMP [static] \| Indirect jump to absolute memory address
1AA8	41F2C4	.text	JMP [static] \| Indirect jump to absolute memory address
1AB0	41F318	.text	JMP [static] \| Indirect jump to absolute memory address
1AB8	41F31C	.text	JMP [static] \| Indirect jump to absolute memory address
1AC0	41F350	.text	JMP [static] \| Indirect jump to absolute memory address
1AC8	41F29C	.text	JMP [static] \| Indirect jump to absolute memory address
1AD0	41F37C	.text	JMP [static] \| Indirect jump to absolute memory address
1AD8	41F294	.text	JMP [static] \| Indirect jump to absolute memory address
1AE0	41F27C	.text	JMP [static] \| Indirect jump to absolute memory address
1AE8	41F288	.text	JMP [static] \| Indirect jump to absolute memory address
1AF0	41F274	.text	JMP [static] \| Indirect jump to absolute memory address
1AF8	41F260	.text	JMP [static] \| Indirect jump to absolute memory address
1B00	41F26C	.text	JMP [static] \| Indirect jump to absolute memory address
1B08	41F278	.text	JMP [static] \| Indirect jump to absolute memory address
1B10	41F270	.text	JMP [static] \| Indirect jump to absolute memory address
1B18	41F264	.text	JMP [static] \| Indirect jump to absolute memory address
1B20	41F268	.text	JMP [static] \| Indirect jump to absolute memory address
1B28	41F280	.text	JMP [static] \| Indirect jump to absolute memory address
1B30	41F284	.text	JMP [static] \| Indirect jump to absolute memory address
1B98	N/A	.text	CALL DWORD PTR [EAX+8h] \| Displacement form
1BBD	N/A	.text	CALL DWORD PTR [EAX+10h] \| Displacement form
283B	N/A	.text	CALL DWORD PTR [EAX+18h] \| Displacement form
292E	N/A	.text	CALL DWORD PTR [EAX+14h] \| Displacement form
2C0C	N/A	.text	CALL DWORD PTR [ESP+60h] \| ModRM/SIB parsed
2CB3	N/A	.text	CALL DWORD PTR [ESP+10h] \| ModRM/SIB parsed
36AA	N/A	.text	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
3B03	N/A	.text	CALL DWORD PTR [EDX+8h] \| Displacement form
40D2	N/A	.text	CALL DWORD PTR [ESI-77h] \| Displacement form
8536	N/A	.text	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
B229	N/A	.text	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
B3F5	N/A	.text	CALL DWORD PTR [EBP-34h] \| Displacement form
C9CF	N/A	.text	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
CEDF	N/A	.text	CALL DWORD PTR [ECX+50h] \| Displacement form
D298	N/A	.text	CALL DWORD PTR [EBP+10h] \| Displacement form
D2A0	41F384	.text	JMP [static] \| Indirect jump to absolute memory address
D2A8	41F38C	.text	JMP [static] \| Indirect jump to absolute memory address
D2B0	1841F3C0	.text	JMP [static] \| Indirect jump to absolute memory address
D2B8	141F3B4	.text	JMP [static] \| Indirect jump to absolute memory address
D2C0	41F390	.text	JMP [static] \| Indirect jump to absolute memory address
D2C8	41F3A4	.text	JMP [static] \| Indirect jump to absolute memory address
D2D0	41F418	.text	JMP [static] \| Indirect jump to absolute memory address
D2D8	41F41C	.text	JMP [static] \| Indirect jump to absolute memory address
D2E0	41F434	.text	JMP [static] \| Indirect jump to absolute memory address
D2E8	41F3D8	.text	JMP [static] \| Indirect jump to absolute memory address
D2F0	41F3EC	.text	JMP [static] \| Indirect jump to absolute memory address
D2F8	41F3F0	.text	JMP [static] \| Indirect jump to absolute memory address
D300	41F3D4	.text	JMP [static] \| Indirect jump to absolute memory address
D308	41F420	.text	JMP [static] \| Indirect jump to absolute memory address
D310	41F410	.text	JMP [static] \| Indirect jump to absolute memory address
D318	41F428	.text	JMP [static] \| Indirect jump to absolute memory address
D320	41F3A8	.text	JMP [static] \| Indirect jump to absolute memory address
D328	41F408	.text	JMP [static] \| Indirect jump to absolute memory address
D338	41F430	.text	JMP [static] \| Indirect jump to absolute memory address
D340	41F39C	.text	JMP [static] \| Indirect jump to absolute memory address
D350	41F3E8	.text	JMP [static] \| Indirect jump to absolute memory address
D358	41F3F8	.text	JMP [static] \| Indirect jump to absolute memory address
D360	441F424	.text	JMP [static] \| Indirect jump to absolute memory address
D380	2041F400	.text	JMP [static] \| Indirect jump to absolute memory address
D388	1041F414	.text	JMP [static] \| Indirect jump to absolute memory address
D390	41F438	.text	JMP [static] \| Indirect jump to absolute memory address
D398	41F3CC	.text	JMP [static] \| Indirect jump to absolute memory address
DC62	N/A	.text	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
E01C	N/A	.text	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
EF6B	N/A	.text	CALL DWORD PTR [EDI-39h] \| Displacement form
EFA8	N/A	.text	CALL DWORD PTR [ESI-39h] \| Displacement form
F00B	N/A	.text	CALL DWORD PTR [ECX-39h] \| Displacement form
F05C	N/A	.text	CALL DWORD PTR [EAX-75h] \| Displacement form
F06C	N/A	.text	CALL DWORD PTR [EAX-39h] \| Displacement form
F163	N/A	.text	CALL DWORD PTR [EDX+8h] \| Displacement form
F1B0	N/A	.text	CALL DWORD PTR [ECX-75h] \| Displacement form
F1F3	N/A	.text	CALL DWORD PTR [ECX-5Fh] \| Displacement form
F508	N/A	.text	CALL DWORD PTR [EAX-39h] \| Displacement form
F538	N/A	.text	CALL DWORD PTR [EAX-39h] \| Displacement form
F588	N/A	.text	CALL DWORD PTR [EAX-39h] \| Displacement form
F67E	N/A	.text	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
F800	N/A	.text	CALL DWORD PTR [EAX-18h] \| Displacement form
F817	N/A	.text	CALL DWORD PTR [EAX-15h] \| Displacement form
F88E	N/A	.text	CALL DWORD PTR [EAX-18h] \| Displacement form
F8AF	N/A	.text	CALL DWORD PTR [EAX-15h] \| Displacement form
FE9A	N/A	.text	CALL DWORD PTR [EDI-7Dh] \| Displacement form
FFA8	N/A	.text	CALL DWORD PTR [EAX-39h] \| Displacement form
FFB5	N/A	.text	CALL DWORD PTR [EAX+31h] \| Displacement form
FFCF	N/A	.text	CALL DWORD PTR [EAX+46h] \| Displacement form
FFE6	N/A	.text	CALL DWORD PTR [ESI-73h] \| Displacement form
10160	N/A	.text	CALL DWORD PTR [EAX-75h] \| Displacement form
10170	N/A	.text	CALL DWORD PTR [EAX-39h] \| Displacement form
10310	N/A	.text	CALL DWORD PTR [ECX-75h] \| Displacement form
10320	N/A	.text	CALL DWORD PTR [EDX-39h] \| Displacement form
10484	N/A	.text	CALL DWORD PTR [EAX-75h] \| Displacement form
1049B	N/A	.text	CALL DWORD PTR [EDI-39h] \| Displacement form
10DEB	N/A	.text	CALL DWORD PTR [EBP+57h] \| Displacement form
10FAE	N/A	.text	CALL DWORD PTR [ECX-39h] \| Displacement form
112A8	N/A	.text	CALL DWORD PTR [EDX-77h] \| Displacement form
113E4	N/A	.text	CALL DWORD PTR [EAX-77h] \| Displacement form
11478	N/A	.text	CALL DWORD PTR [EDX-77h] \| Displacement form
11510	N/A	.text	CALL DWORD PTR [EAX-77h] \| Displacement form
11543	N/A	.text	CALL DWORD PTR [ECX-75h] \| Displacement form
115B0	N/A	.text	CALL DWORD PTR [EAX-77h] \| Displacement form
117C1	N/A	.text	CALL DWORD PTR [EAX-75h] \| Displacement form
117FF	N/A	.text	CALL DWORD PTR [EAX-75h] \| Displacement form
118C8	N/A	.text	CALL DWORD PTR [EDX-77h] \| Displacement form
12432	N/A	.text	CALL DWORD PTR [ESP+24h] \| ModRM/SIB parsed
1254B	N/A	.text	CALL DWORD PTR [ESP+24h] \| ModRM/SIB parsed
12BA7	N/A	.text	CALL DWORD PTR [EDX-75h] \| Displacement form
12BB7	N/A	.text	CALL DWORD PTR [EAX-77h] \| Displacement form
130AD	N/A	.text	CALL DWORD PTR [ESP+24h] \| ModRM/SIB parsed
132EE	N/A	.text	CALL DWORD PTR [ESP+24h] \| ModRM/SIB parsed
1367C	N/A	.text	CALL DWORD PTR [ESI-75h] \| Displacement form
13688	N/A	.text	CALL DWORD PTR [EBP-75h] \| Displacement form
13700	41B440	.text	JMP [static] \| Indirect jump to absolute memory address
13708	41F370	.text	JMP [static] \| Indirect jump to absolute memory address
13710	41F16C	.text	JMP [static] \| Indirect jump to absolute memory address
13718	41F2CC	.text	JMP [static] \| Indirect jump to absolute memory address
13720	43F2F4	.text	JMP [static] \| Indirect jump to absolute memory address
13728	41F2B4	.text	JMP [static] \| Indirect jump to absolute memory address
13730	41F360	.text	JMP [static] \| Indirect jump to absolute memory address
13738	41F2E0	.text	JMP [static] \| Indirect jump to absolute memory address
13740	41F314	.text	JMP [static] \| Indirect jump to absolute memory address
13750	51F304	.text	JMP [static] \| Indirect jump to absolute memory address
13758	41F2C8	.text	JMP [static] \| Indirect jump to absolute memory address
13760	41F2A0	.text	JMP [static] \| Indirect jump to absolute memory address
13768	41F378	.text	JMP [static] \| Indirect jump to absolute memory address
13770	41F2C0	.text	JMP [static] \| Indirect jump to absolute memory address
13778	41F290	.text	JMP [static] \| Indirect jump to absolute memory address
13780	41F328	.text	JMP [static] \| Indirect jump to absolute memory address
13788	41D35C	.text	JMP [static] \| Indirect jump to absolute memory address
13790	41F2D8	.text	JMP [static] \| Indirect jump to absolute memory address
13798	41F298	.text	JMP [static] \| Indirect jump to absolute memory address
137A0	41F2D0	.text	JMP [static] \| Indirect jump to absolute memory address
137A8	41F2D4	.text	JMP [static] \| Indirect jump to absolute memory address
137B8	41F2FC	.text	JMP [static] \| Indirect jump to absolute memory address
137C0	41F364	.text	JMP [static] \| Indirect jump to absolute memory address
137C8	41F2F0	.text	JMP [static] \| Indirect jump to absolute memory address
137D0	41F340	.text	JMP [static] \| Indirect jump to absolute memory address
137D8	41F33C	.text	JMP [static] \| Indirect jump to absolute memory address
137E0	341F310	.text	JMP [static] \| Indirect jump to absolute memory address
137E8	41F308	.text	JMP [static] \| Indirect jump to absolute memory address
137F0	41F230	.text	JMP [static] \| Indirect jump to absolute memory address
137F8	41F2DC	.text	JMP [static] \| Indirect jump to absolute memory address
13800	41F338	.text	JMP [static] \| Indirect jump to absolute memory address
13808	4051F358	.text	JMP [static] \| Indirect jump to absolute memory address
13810	41F278	.text	JMP [static] \| Indirect jump to absolute memory address
13818	41F344	.text	JMP [static] \| Indirect jump to absolute memory address
13828	41F348	.text	JMP [static] \| Indirect jump to absolute memory address
13838	41F2A4	.text	JMP [static] \| Indirect jump to absolute memory address
13840	IAT 1F30C	.text	JMP [static] \| Indirect jump to absolute memory address
13848	N/A	.text	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
13850	241F368	.text	JMP [static] \| Indirect jump to absolute memory address
13858	41F404	.text	JMP [static] \| Indirect jump to absolute memory address
13860	41FC0C	.text	JMP [static] \| Indirect jump to absolute memory address
13868	41F3DC	.text	JMP [static] \| Indirect jump to absolute memory address
13878	41F3AC	.text	JMP [static] \| Indirect jump to absolute memory address
13880	141F3F4	.text	JMP [static] \| Indirect jump to absolute memory address
13888	41F3E0	.text	JMP [static] \| Indirect jump to absolute memory address
13890	41F350	.text	JMP [static] \| Indirect jump to absolute memory address
13898	41F3B0	.text	JMP [static] \| Indirect jump to absolute memory address
16C73	10000000	.eh_fram	CALL [static] \| Indirect call to absolute memory address
16C87	0	.eh_fram	CALL [static] \| Indirect call to absolute memory address
16DC7	N/A	.eh_fram	CALL DWORD PTR [EDX] \| Displacement form
1ACED	0	.rsrc	CALL [static] \| Indirect call to absolute memory address
1C3B6	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
1DBA2	N/A	.rsrc	CALL DWORD PTR [ECX-43h] \| Displacement form
1DFB7	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
1E3E8	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
220FB	N/A	.rsrc	CALL DWORD PTR [EAX-30h] \| Displacement form
221F7	N/A	.rsrc	CALL DWORD PTR [ECX-31h] \| Displacement form
22277	N/A	.rsrc	CALL DWORD PTR [EAX-33h] \| Displacement form
222F7	N/A	.rsrc	CALL DWORD PTR [EBX-32h] \| Displacement form
222FB	N/A	.rsrc	CALL DWORD PTR [EAX-33h] \| Displacement form
2237B	N/A	.rsrc	CALL DWORD PTR [EBP-31h] \| Displacement form
2237F	N/A	.rsrc	CALL DWORD PTR [EBP-31h] \| Displacement form
22FEB	N/A	.rsrc	CALL DWORD PTR [ESI-3Bh] \| Displacement form
22FEF	N/A	.rsrc	CALL DWORD PTR [EDX-3Dh] \| Displacement form
23027	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
23033	N/A	.rsrc	CALL DWORD PTR [ESI-3Bh] \| Displacement form
23037	N/A	.rsrc	CALL DWORD PTR [EDX-3Dh] \| Displacement form
2307B	N/A	.rsrc	CALL DWORD PTR [ESI-3Bh] \| Displacement form
2307F	N/A	.rsrc	CALL DWORD PTR [EDX-3Dh] \| Displacement form
230C3	N/A	.rsrc	CALL DWORD PTR [ESI-3Bh] \| Displacement form
230C7	N/A	.rsrc	CALL DWORD PTR [EDX-3Dh] \| Displacement form
2320B	N/A	.rsrc	CALL DWORD PTR [EDI+EDI*4-3Ch] \| ModRM/SIB parsed
2324B	N/A	.rsrc	CALL DWORD PTR [ESI-5Fh] \| Displacement form
24483	30EFC053	.rsrc	JMP [static] \| Indirect jump to absolute memory address
244BD	N/A	.rsrc	CALL DWORD PTR [EDX-13h] \| Displacement form
26BA1	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
26CEB	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
27119	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
28755	N/A	.rsrc	CALL DWORD PTR [ECX-1h] \| Displacement form
28856	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
292DA	N/A	.rsrc	CALL DWORD PTR [EBP+Ah] \| Displacement form
2D8C3	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
2DD4B	N/A	.rsrc	CALL DWORD PTR [ESI+ESI*4-32h] \| ModRM/SIB parsed
2E6E4	N/A	.rsrc	CALL DWORD PTR [ESI+EAX*4+40h] \| ModRM/SIB parsed
2EE1A	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
30293	N/A	.rsrc	CALL DWORD PTR [EBP-4Ah] \| Displacement form
30407	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
319D0	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
31B1A	5E9CA6C1	.rsrc	CALL [static] \| Indirect call to absolute memory address
32891	N/A	.rsrc	CALL DWORD PTR [EAX+7Eh] \| Displacement form
33252	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
3361C	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
33831	N/A	.rsrc	CALL DWORD PTR [EBX-21h] \| Displacement form
33CE0	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
344EE	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
34658	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
34A0D	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
34BA1	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
351BF	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
3603B	7CE34E14	.rsrc	JMP [static] \| Indirect jump to absolute memory address
36162	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
362CA	N/A	.rsrc	CALL DWORD PTR [EBX-70h] \| Displacement form
37852	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
390F0	N/A	.rsrc	CALL DWORD PTR [EDI+71h] \| Displacement form
39111	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
396E1	N/A	.rsrc	CALL DWORD PTR [EAX+7Bh] \| Displacement form
3AF17	N/A	.rsrc	CALL DWORD PTR [EDI+51h] \| Displacement form
3AF79	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
3CD54	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
3D48D	N/A	.rsrc	CALL DWORD PTR [EAX-36h] \| Displacement form
3D88C	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
3DAF2	N/A	.rsrc	CALL DWORD PTR [EAX-77h] \| Displacement form
3E009	N/A	.rsrc	CALL DWORD PTR [EAX+3Dh] \| Displacement form
3E267	N/A	.rsrc	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
3E32A	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
412FC	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
4167E	N/A	.rsrc	CALL DWORD PTR [EDI-2Fh] \| Displacement form
4260D	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
42985	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
42CF2	N/A	.rsrc	CALL DWORD PTR [ECX+30h] \| Displacement form
43C6F	N/A	.rsrc	CALL DWORD PTR [EAX-16h] \| Displacement form
4408C	N/A	.rsrc	CALL DWORD PTR [EBP+EAX*4+52h] \| ModRM/SIB parsed
44686	N/A	.rsrc	CALL DWORD PTR [ECX+4Bh] \| Displacement form
453C9	N/A	.rsrc	CALL DWORD PTR [EBP-76h] \| Displacement form
4554D	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
45D14	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
46140	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
463A4	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
46D48	N/A	.rsrc	CALL DWORD PTR [ECX+7h] \| Displacement form
470EA	N/A	.rsrc	CALL DWORD PTR [EBX+60h] \| Displacement form
4779D	N/A	.rsrc	CALL DWORD PTR [EBP+EDI*2-48h] \| ModRM/SIB parsed
481F6	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
48350	N/A	.rsrc	CALL DWORD PTR [EBX+22h] \| Displacement form
48936	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
48B43	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
48BB9	N/A	.rsrc	CALL DWORD PTR [ECX] \| Displacement form
48CCB	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
49EC4	N/A	.rsrc	CALL DWORD PTR [ECX+5Ah] \| Displacement form
4A406	N/A	.rsrc	CALL DWORD PTR [EAX+61h] \| Displacement form
4A8A2	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
4AD3E	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
4AE23	N/A	.rsrc	CALL DWORD PTR [EAX-26h] \| Displacement form
4C0DB	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
4C2C6	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
4C57B	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
4CD8C	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
4CDA7	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
4D484	N/A	.rsrc	CALL DWORD PTR [EAX-75h] \| Displacement form
4E4AC	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
4E52B	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
4E5DB	N/A	.rsrc	CALL DWORD PTR [ESI+Ah] \| Displacement form
4EDA5	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
4EECF	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
4F0F9	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
4F398	N/A	.rsrc	CALL DWORD PTR [ECX-71h] \| Displacement form
4F84B	N/A	.rsrc	CALL DWORD PTR [EAX-6Fh] \| Displacement form
4FBB6	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
4FE29	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
5010D	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
5102F	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
51216	N/A	.rsrc	CALL DWORD PTR [EAX-26h] \| Displacement form
5186D	N/A	.rsrc	CALL DWORD PTR [EDX+6Bh] \| Displacement form
51E57	N/A	.rsrc	CALL DWORD PTR [ECX-36h] \| Displacement form
51EA3	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
53CA9	N/A	.rsrc	CALL DWORD PTR [ECX-67h] \| Displacement form
53E9B	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
542A8	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
54BCB	N/A	.rsrc	CALL DWORD PTR [ECX+1Bh] \| Displacement form
55257	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
55B63	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
5632E	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
5666F	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
56B73	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
56BDA	N/A	.rsrc	CALL DWORD PTR [EDI-47h] \| Displacement form
56F30	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
588AD	N/A	.rsrc	CALL DWORD PTR [EBP-9h] \| Displacement form
58FA1	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
5924E	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
593BE	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
595FA	N/A	.rsrc	CALL DWORD PTR [EDX+73h] \| Displacement form
5A59A	3C835634	.rsrc	CALL [static] \| Indirect call to absolute memory address
5AA9C	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
5B3E9	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
5BC42	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
5CB8D	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
5D0B8	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
5D620	N/A	.rsrc	CALL DWORD PTR [EBP-38h] \| Displacement form
5E304	N/A	.rsrc	CALL DWORD PTR [EBP-37h] \| Displacement form
5E562	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
5EBA7	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
5EC75	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
5F446	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
61705	N/A	.rsrc	CALL DWORD PTR [EBP+69h] \| Displacement form
61752	1A20AC65	.rsrc	JMP [static] \| Indirect jump to absolute memory address
61BCA	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
63E23	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
63E66	N/A	.rsrc	CALL DWORD PTR [EDI-42h] \| Displacement form
641CB	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
643E8	N/A	.rsrc	CALL DWORD PTR [EDI-28h] \| Displacement form
64F29	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
656B2	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
65C71	N/A	.rsrc	CALL DWORD PTR [EDX+46h] \| Displacement form
65F0A	N/A	.rsrc	CALL DWORD PTR [EDI+5Fh] \| Displacement form
66103	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
66612	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
68492	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
68642	N/A	.rsrc	CALL DWORD PTR [EDX+76h] \| Displacement form
68F23	N/A	.rsrc	CALL DWORD PTR [EBX+3Bh] \| Displacement form
691DD	N/A	.rsrc	CALL DWORD PTR [EDI-6h] \| Displacement form
69A4B	N/A	.rsrc	CALL DWORD PTR [EDX-6h] \| Displacement form
6BC55	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
6C24C	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
6C64A	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
6CD97	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
6D2BB	N/A	.rsrc	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
6D8D4	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
6DFE1	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
6E848	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
70155	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
70E5F	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
70F25	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
70F3A	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
70F6A	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
71FE6	N/A	.rsrc	CALL DWORD PTR [EDI-6Eh] \| Displacement form
724AD	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
72A4B	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
7300C	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
76AA3	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
77253	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
778CC	3670CA0F	.rsrc	JMP [static] \| Indirect jump to absolute memory address
77CBE	N/A	.rsrc	CALL DWORD PTR [EAX-10h] \| Displacement form
78BA2	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
78D92	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
7A3E2	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
7AEBE	3670CA0F	.rsrc	CALL [static] \| Indirect call to absolute memory address
7C27D	N/A	.rsrc	CALL DWORD PTR [EDI+15h] \| Displacement form
7CE48	N/A	.rsrc	CALL DWORD PTR [EDX+EAX*8] \| ModRM/SIB parsed
7D1AD	N/A	.rsrc	CALL DWORD PTR [EBX-5Eh] \| Displacement form
7D5FB	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
7E1C0	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
7E257	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
8026D	N/A	.rsrc	CALL DWORD PTR [EBP-8h] \| Displacement form
8029E	N/A	.rsrc	CALL DWORD PTR [ESI-3Eh] \| Displacement form
81AF5	N/A	.rsrc	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
81DC3	N/A	.rsrc	CALL DWORD PTR [EAX-7Ah] \| Displacement form
83CED	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
8400E	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
84297	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
84A76	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
84C4D	N/A	.rsrc	CALL DWORD PTR [EAX+60h] \| Displacement form
876C1	N/A	.rsrc	CALL DWORD PTR [EBP-Bh] \| Displacement form
87A58	N/A	.rsrc	CALL DWORD PTR [EDI+4Bh] \| Displacement form
87D62	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
89064	N/A	.rsrc	CALL DWORD PTR [EBP+51h] \| Displacement form
89109	N/A	.rsrc	CALL DWORD PTR [EBP+ECX*4+64h] \| ModRM/SIB parsed
89128	N/A	.rsrc	CALL DWORD PTR [EBP-77h] \| Displacement form
89297	N/A	.rsrc	CALL DWORD PTR [ECX+EBP*8+23h] \| ModRM/SIB parsed
8ACD7	73502C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
8C575	N/A	.rsrc	CALL DWORD PTR [EBP+60h] \| Displacement form
8CECF	2434FF60	.rsrc	CALL [static] \| Indirect call to absolute memory address
8D181	28AC43B1	.rsrc	CALL [static] \| Indirect call to absolute memory address
8D235	N/A	.rsrc	CALL DWORD PTR [EBX+16h] \| Displacement form
8DD79	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
8EB29	N/A	.rsrc	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
907E1	N/A	.rsrc	CALL DWORD PTR [EDX+ESI*8-38h] \| ModRM/SIB parsed
90FBE	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
91AD2	N/A	.rsrc	CALL DWORD PTR [EDI-18h] \| Displacement form
921B0	N/A	.rsrc	CALL DWORD PTR [EDX-8h] \| Displacement form
92475	N/A	.rsrc	CALL DWORD PTR [EAX+EBP*8+7Fh] \| ModRM/SIB parsed
9271E	N/A	.rsrc	CALL DWORD PTR [ECX-17h] \| Displacement form
93F3D	D767FE8	.rsrc	CALL [static] \| Indirect call to absolute memory address
93FA4	N/A	.rsrc	CALL DWORD PTR [EDX+29h] \| Displacement form
948B1	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
948D4	N/A	.rsrc	CALL DWORD PTR [EDI+ECX*8-1Dh] \| ModRM/SIB parsed
949DB	N/A	.rsrc	CALL DWORD PTR [EAX-62h] \| Displacement form
94BE6	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
950E7	N/A	.rsrc	CALL DWORD PTR [EDX+78h] \| Displacement form
959B0	N/A	.rsrc	CALL DWORD PTR [EAX-56h] \| Displacement form
95C72	N/A	.rsrc	CALL DWORD PTR [EBX-6Ch] \| Displacement form
962A5	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
9759B	DFA06C8	.rsrc	JMP [static] \| Indirect jump to absolute memory address
97F36	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
98240	N/A	.rsrc	CALL DWORD PTR [EBX-62h] \| Displacement form
992C8	N/A	.rsrc	CALL DWORD PTR [EDX+76h] \| Displacement form
9A258	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
9A38B	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
9AA89	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
9D7A1	N/A	.rsrc	CALL DWORD PTR [EAX+EDI*8+2Bh] \| ModRM/SIB parsed
9E5BB	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
9E692	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
9E750	N/A	.rsrc	CALL DWORD PTR [ESI-15h] \| Displacement form
9F27C	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
9FA01	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
A1AEF	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
A23A9	N/A	.rsrc	CALL DWORD PTR [ESI-7Eh] \| Displacement form
A2A2A	1A10931F	.rsrc	CALL [static] \| Indirect call to absolute memory address
A2CAF	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
A36A8	N/A	.rsrc	CALL DWORD PTR [EDI-6Eh] \| Displacement form
A3ADC	N/A	.rsrc	CALL DWORD PTR [EBP+65h] \| Displacement form
A42BD	N/A	.rsrc	CALL DWORD PTR [EBP+37h] \| Displacement form
A43CB	N/A	.rsrc	CALL DWORD PTR [EBP-4Eh] \| Displacement form
A4CAD	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
A7F91	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
AC084	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
AC59D	N/A	.rsrc	CALL DWORD PTR [ESI+EDI*8+2Fh] \| ModRM/SIB parsed
AC840	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
ACF87	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
AD939	N/A	.rsrc	CALL DWORD PTR [EDI+51h] \| Displacement form
ADF8D	57F3B651	.rsrc	CALL [static] \| Indirect call to absolute memory address
AEF53	N/A	.rsrc	CALL DWORD PTR [EAX-14h] \| Displacement form
B2680	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
B336C	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
B3A2D	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
B4A79	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
B883F	N/A	.rsrc	CALL DWORD PTR [EBP-13h] \| Displacement form
B9AC7	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
BA396	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
BEC00	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
BEC8C	N/A	.rsrc	CALL DWORD PTR [EBX+4Bh] \| Displacement form
C0A72	N/A	.rsrc	CALL DWORD PTR [EAX-6h] \| Displacement form
C3791	N/A	.rsrc	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
C415D	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
C450B	N/A	.rsrc	CALL DWORD PTR [EDX-2Bh] \| Displacement form
C4A24	N/A	.rsrc	CALL DWORD PTR [EAX+EDX*2-4Ch] \| ModRM/SIB parsed
C4D5E	N/A	.rsrc	CALL DWORD PTR [EDX+5Ah] \| Displacement form
C717D	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
C7734	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
C94A6	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
CA4D8	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
CA657	N/A	.rsrc	CALL DWORD PTR [EDX+53h] \| Displacement form
CA7D7	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
CB0AE	N/A	.rsrc	CALL DWORD PTR [EDX+EDX*8+5Bh] \| ModRM/SIB parsed
CB45E	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
CC12E	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
CC609	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
CD931	N/A	.rsrc	CALL DWORD PTR [ECX+18h] \| Displacement form
CEA2E	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
CF20A	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
CF48F	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
D0074	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
D0531	N/A	.rsrc	CALL DWORD PTR [EDX-6Dh] \| Displacement form
D076A	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
D09DC	N/A	.rsrc	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
D0CCA	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
D1105	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
D1C6D	N/A	.rsrc	CALL DWORD PTR [ECX-4Eh] \| Displacement form
D1F87	26365F3C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
D2D5E	N/A	.rsrc	CALL DWORD PTR [EDX-1Eh] \| Displacement form
D2DF3	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
D4939	70A3F1E2	.rsrc	CALL [static] \| Indirect call to absolute memory address
D57E9	N/A	.rsrc	CALL DWORD PTR [EDI+6Bh] \| Displacement form
D5B97	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
D7B4F	5A04C2BF	.rsrc	JMP [static] \| Indirect jump to absolute memory address
D7EFE	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
D8265	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
D8CE3	40DBA305	.rsrc	CALL [static] \| Indirect call to absolute memory address
D9365	N/A	.rsrc	CALL DWORD PTR [EAX+22h] \| Displacement form
D9821	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
D9B7E	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
DAA19	N/A	.rsrc	CALL DWORD PTR [ECX-3Bh] \| Displacement form
DD473	N/A	.rsrc	CALL DWORD PTR [ESI-25h] \| Displacement form
DFED3	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
E0ABD	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
E1E93	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
E337C	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
E4354	N/A	.rsrc	CALL DWORD PTR [ESI+EBX*1-1h] \| ModRM/SIB parsed
E522E	N/A	.rsrc	CALL DWORD PTR [EDX+Ah] \| Displacement form
E59C7	N/A	.rsrc	CALL DWORD PTR [EBP+8h] \| Displacement form
E698F	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
E70EB	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
E738F	4AA04F77	.rsrc	JMP [static] \| Indirect jump to absolute memory address
E7C56	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
E7ED7	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
E7FFF	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
E8603	N/A	.rsrc	CALL DWORD PTR [EDI+71h] \| Displacement form
E921A	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
EAC79	N/A	.rsrc	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
EB9A4	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
ECF26	7D9B4A8F	.rsrc	JMP [static] \| Indirect jump to absolute memory address
ED316	7D9B4A8F	.rsrc	CALL [static] \| Indirect call to absolute memory address
EE0A5	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
F0410	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
F110E	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
F27D1	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
F2C4D	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
F3038	N/A	.rsrc	CALL DWORD PTR [ESI-Ah] \| Displacement form
F39BF	N/A	.rsrc	CALL DWORD PTR [EDI-3Ah] \| Displacement form
F3AD9	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
F56D4	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
F5E55	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
F5FAC	N/A	.rsrc	CALL DWORD PTR [EDX-7h] \| Displacement form
F6448	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
F7D0B	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
F8841	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
F8977	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
F8BA2	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
FB608	N/A	.rsrc	CALL DWORD PTR [EDI+47h] \| Displacement form
FBC50	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
FD3A6	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
FE8C1	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
100E7E	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
101547	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
1016C9	N/A	.rsrc	CALL DWORD PTR [ESI-20h] \| Displacement form
101EEC	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
10213E	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
10285D	N/A	.rsrc	CALL DWORD PTR [ECX-6Dh] \| Displacement form
103229	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
103E6C	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
103EFC	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
103FDD	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
106435	N/A	.rsrc	CALL DWORD PTR [EAX+Fh] \| Displacement form
1065FA	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
107FA8	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
1081D6	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
1082C4	N/A	.rsrc	CALL DWORD PTR [EBP+11h] \| Displacement form
108BFE	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
109EFF	N/A	.rsrc	CALL DWORD PTR [EDX-38h] \| Displacement form
10B619	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
10D8DF	N/A	.rsrc	CALL DWORD PTR [ESI-7Bh] \| Displacement form
10DE1C	N/A	.rsrc	CALL DWORD PTR [ESI+65h] \| Displacement form
111306	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
111401	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
112AB2	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
113051	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
113C21	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
115498	N/A	.rsrc	CALL DWORD PTR [EDX-2Ah] \| Displacement form
11557D	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
116164	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
11687D	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
116EB3	778A3241	.rsrc	JMP [static] \| Indirect jump to absolute memory address
118299	5D092B4	.rsrc	JMP [static] \| Indirect jump to absolute memory address
118971	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
1196E1	N/A	.rsrc	CALL DWORD PTR [EAX-5Ch] \| Displacement form
119FBA	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
11B240	N/A	.rsrc	CALL DWORD PTR [EAX-1Ch] \| Displacement form
11BCD3	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
11C1D0	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
11D085	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
11D678	N/A	.rsrc	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
11F79B	N/A	.rsrc	CALL DWORD PTR [ECX-9h] \| Displacement form
121E39	N/A	.rsrc	CALL DWORD PTR [EAX-32h] \| Displacement form
122420	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
122D6C	28AEC1B7	.rsrc	JMP [static] \| Indirect jump to absolute memory address
12420D	N/A	.rsrc	CALL DWORD PTR [EBX-60h] \| Displacement form
124FA5	N/A	.rsrc	CALL DWORD PTR [ECX+4Ah] \| Displacement form
125E16	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
126187	N/A	.rsrc	CALL DWORD PTR [ESI-64h] \| Displacement form
127A5D	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
1281FC	5149A09C	.rsrc	CALL [static] \| Indirect call to absolute memory address
12820E	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
128A76	N/A	.rsrc	CALL DWORD PTR [EDX+17h] \| Displacement form
128B2D	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
12956F	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
12B8A2	N/A	.rsrc	CALL DWORD PTR [EAX-4Dh] \| Displacement form
12CAE9	N/A	.rsrc	CALL DWORD PTR [ECX-41h] \| Displacement form
12D357	N/A	.rsrc	CALL DWORD PTR [EDX-5Ah] \| Displacement form
12D978	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
12EAFB	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
12EC4B	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
12EE4B	N/A	.rsrc	CALL DWORD PTR [EDX-42h] \| Displacement form
13121C	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
132986	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
132CF4	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
13470B	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
135209	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
135AD0	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
136A5C	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
1377C2	N/A	.rsrc	CALL DWORD PTR [ECX-38h] \| Displacement form
138301	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
139EDC	N/A	.rsrc	CALL DWORD PTR [EBP-4Eh] \| Displacement form
13A60B	N/A	.rsrc	CALL DWORD PTR [ESI+46h] \| Displacement form
13B0CE	N/A	.rsrc	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
13C296	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
13C54F	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
13D9BC	N/A	.rsrc	CALL DWORD PTR [EAX+40h] \| Displacement form
13E6AF	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
13E89E	N/A	.rsrc	CALL DWORD PTR [EDI+12h] \| Displacement form
140B80	N/A	.rsrc	CALL DWORD PTR [ECX-1Dh] \| Displacement form
143DC4	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
144544	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
144E49	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
145163	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
145D3E	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
146086	47859AC2	.rsrc	JMP [static] \| Indirect jump to absolute memory address
146498	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
148CCF	N/A	.rsrc	CALL DWORD PTR [EAX-62h] \| Displacement form
1499A7	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
149E2B	N/A	.rsrc	CALL DWORD PTR [EAX-2h] \| Displacement form
14A16D	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
14CCE3	N/A	.rsrc	CALL DWORD PTR [ESI-12h] \| Displacement form
14D0D8	N/A	.rsrc	CALL DWORD PTR [EDX+5Ah] \| Displacement form
14D384	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
14D43C	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
150392	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
15259C	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
152A74	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
1539AB	N/A	.rsrc	CALL DWORD PTR [ECX+6Dh] \| Displacement form
153AE0	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
155AA3	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
15628E	13AB79AD	.rsrc	JMP [static] \| Indirect jump to absolute memory address
156995	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
1569E2	N/A	.rsrc	CALL DWORD PTR [EBP-6Bh] \| Displacement form
15848A	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
158EDB	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
15903F	N/A	.rsrc	CALL DWORD PTR [EBX-46h] \| Displacement form
15920D	N/A	.rsrc	JMP DWORD PTR [EDX] \| Indirect jump via pointer at address in EDX
15996E	544B84E3	.rsrc	CALL [static] \| Indirect call to absolute memory address
159B16	N/A	.rsrc	CALL DWORD PTR [EDX+53h] \| Displacement form
15AA24	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
15BEF4	N/A	.rsrc	CALL DWORD PTR [EBX+5Eh] \| Displacement form
15CDC2	N/A	.rsrc	CALL DWORD PTR [EDI-5Eh] \| Displacement form
15DBFC	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
15E1ED	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
15E3DB	N/A	.rsrc	CALL DWORD PTR [EAX-6Eh] \| Displacement form
15E619	N/A	.rsrc	CALL DWORD PTR [ESI] \| Indirect call via pointer at address in ESI
15F57C	N/A	.rsrc	JMP DWORD PTR [ECX] \| Indirect jump via pointer at address in ECX
161029	N/A	.rsrc	CALL DWORD PTR [ESI+32h] \| Displacement form
1630C2	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
163AB4	N/A	.rsrc	CALL DWORD PTR [EAX] \| Indirect call via pointer at address in EAX
165155	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
165654	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
165E88	N/A	.rsrc	CALL DWORD PTR [EDI+42h] \| Displacement form
16630C	N/A	.rsrc	CALL DWORD PTR [EBX+61h] \| Displacement form
166F00	N/A	.rsrc	CALL DWORD PTR [EAX+EAX*4+35h] \| ModRM/SIB parsed
16720B	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
1694DB	N/A	.rsrc	CALL DWORD PTR [EAX+14h] \| Displacement form
16999E	N/A	.rsrc	CALL DWORD PTR [EAX+68h] \| Displacement form
169FD7	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
16A721	N/A	.rsrc	JMP DWORD PTR [EDI] \| Indirect jump via pointer at address in EDI
16B292	N/A	.rsrc	CALL DWORD PTR [EDI-36h] \| Displacement form
16CC75	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
16CF7A	N/A	.rsrc	CALL DWORD PTR [EAX-4Eh] \| Displacement form
16D2B0	N/A	.rsrc	CALL DWORD PTR [ECX+7Dh] \| Displacement form
16D9A3	N/A	.rsrc	CALL DWORD PTR [EAX-39h] \| Displacement form
16DD5A	N/A	.rsrc	CALL DWORD PTR [EDI-16h] \| Displacement form
16E288	N/A	.rsrc	CALL DWORD PTR [EAX+42h] \| Displacement form
16E694	N/A	.rsrc	CALL DWORD PTR [EDX+66h] \| Displacement form
16EA49	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
1706FC	N/A	.rsrc	CALL DWORD PTR [EDX] \| Indirect call via pointer at address in EDX
17094B	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
170977	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
171968	N/A	.rsrc	CALL DWORD PTR [EBX] \| Indirect call via pointer at address in EBX
175D38	N/A	.rsrc	JMP DWORD PTR [EBX] \| Indirect jump via pointer at address in EBX
17664A	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
17DC42	N/A	.rsrc	CALL DWORD PTR [EDI] \| Indirect call via pointer at address in EDI
17DF53	N/A	.rsrc	CALL DWORD PTR [EBX-17h] \| Displacement form
17E5AE	N/A	.rsrc	CALL DWORD PTR [ESI+66h] \| Displacement form
17E696	N/A	.rsrc	CALL DWORD PTR [EAX-17h] \| Displacement form
17EDE5	N/A	.rsrc	CALL DWORD PTR [EBP+ECX*4+7Ch] \| ModRM/SIB parsed
17F162	N/A	.rsrc	CALL DWORD PTR [ECX-17h] \| Displacement form
17F33A	N/A	.rsrc	CALL DWORD PTR [EDI+66h] \| Displacement form
17F869	N/A	.rsrc	JMP DWORD PTR [ESI] \| Indirect jump via pointer at address in ESI
17F8CE	N/A	.rsrc	CALL DWORD PTR [EAX-1h] \| Displacement form
17F974	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
17F980	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
17F9A8	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
17F9BC	N/A	.rsrc	CALL DWORD PTR [EBX-32h] \| Displacement form
17F9DC	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
17F9F4	N/A	.rsrc	CALL DWORD PTR [EBX-32h] \| Displacement form
17F9FC	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
17FA00	N/A	.rsrc	CALL DWORD PTR [EBX-32h] \| Displacement form
17FA24	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
17FA64	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
17FA70	N/A	.rsrc	CALL DWORD PTR [EBX-32h] \| Displacement form
17FA9C	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
17FAD0	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
17FAD4	N/A	.rsrc	CALL DWORD PTR [EBX-4Eh] \| Displacement form
17FB3C	N/A	.rsrc	CALL DWORD PTR [EBX-32h] \| Displacement form
17FB48	N/A	.rsrc	CALL DWORD PTR [EBX-4Eh] \| Displacement form
17FB54	6FF8BD3	.rsrc	JMP [static] \| Indirect jump to absolute memory address
17FB68	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
17FB88	N/A	.rsrc	CALL DWORD PTR [EBX-4Eh] \| Displacement form
17FC0C	N/A	.rsrc	CALL DWORD PTR [EBX-4Eh] \| Displacement form
17FC14	N/A	.rsrc	CALL DWORD PTR [EBX-32h] \| Displacement form
17FC20	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
17FC48	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
17FCA8	N/A	.rsrc	CALL DWORD PTR [ECX] \| Indirect call via pointer at address in ECX
17FCE4	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
17FD10	N/A	.rsrc	JMP DWORD PTR [EAX] \| Indirect jump via pointer at address in EAX
17FD18	5AFF8BAB	.rsrc	JMP [static] \| Indirect jump to absolute memory address
17FD44	N/A	.rsrc	CALL DWORD PTR [EBX-4Eh] \| Displacement form
17FD6C	68FF8BD3	.rsrc	JMP [static] \| Indirect jump to absolute memory address
1800A1	N/A	.rsrc	CALL DWORD PTR [EDI-64h] \| Displacement form
17E04	C2B0	.CRT	TLS Callback \| Pointer to 40C2B0 Memory
17E08	C260	.CRT	TLS Callback \| Pointer to 40C260 Memory
17E0C	FAE0	.CRT	TLS Callback \| Pointer to 40FAE0 Memory

Extra Analysis

Metric	Value	Percentage
Ascii Code	1025194	64,9475%
Null Byte Code	48996	3,104%
NOP Cave Found	0x9090909090	Block Count: 42 \| Total: 0,0067%

PESCAN.IO - Analysis Report