PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
The executable header is displayed in light blue.
The executable sections are pink.
Non-executable sections are black.
Code added to executables externally to a compiler appears in red.
If the File Structure content appears in red, it means the PE header is malformed or corrupted.
Chart Code For Other Files
Printable characters are blue.
Non-printable characters (Null Bytes) are black.
Information
Icon: Icon
Size: 649,50 KB
SHA-256 Hash: 56686FD864A702D1D61D17BF6B554190E6D95E3A9A28E264015A47D9B164FE9C
SHA-1 Hash: 7D7345D6C4E0A1BDAFA37DF396469704DB188575
MD5 Hash: 411B3ABEAE596A8B7F57626642CE6F4C
Imphash: C4BC7D903B7A09EA2C8A1DBF333199E0
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 0001934A
EntryPoint (rva): BBF4
SizeOfHeaders: 400
SizeOfImage: AA000
ImageBase: 400000
Architecture: x86
ImportTable: 10000
Characteristics: 818E
TimeDateStamp: 2A425E19
Date: 19/06/1992 22:22:17
File Type: EXE
Number Of Sections: 8
ASLR: Disabled
Section Names: CODE, DATA, BSS, .idata, .tls, .rdata, .reloc, .rsrc
Number Of Executable Sections: 1
Subsystem: Windows GUI
Sections Info
Section Name Flags ROffset RSize VOffset VSizeEntropyChi2
CODE 60000020 (Code, Executable, Readable) 400 B200 1000 B1C86,4142354963,98
DATA C0000040 (Initialized Data, Readable, Writeable) B600 400 D000 2202,764394349,00
BSS C0000000 (Readable, Writeable) BA00 0 E000 11F1N/AN/A
.idata C0000040 (Initialized Data, Readable, Writeable) BA00 C00 10000 BE44,771076368,17
.tls C0000000 (Readable, Writeable) C600 0 11000 8N/AN/A
.rdata 50000040 (Initialized Data, Discardable, Readable) C600 200 12000 180,2054125000,00
.reloc 50000040 (Initialized Data, Discardable, Readable) C800 C00 13000 A606,245929963,17
.rsrc 50000040 (Initialized Data, Discardable, Readable) D400 95200 14000 9510C7,47141423203,84
Entry Point
The section number (1) - (CODE) have the Entry Point
Information -> EntryPoint (calculated) - AFF4
Code -> 558BECB90B0000006A006A004975F953B804BB4000E80A78FFFF33C05568C4C0400064FF3064892068D4C040006A006A00E8
PUSH EBP
MOV EBP, ESP
MOV ECX, 0XB
PUSH 0
PUSH 0
DEC ECX
JNE 0X1008
PUSH EBX
MOV EAX, 0X40BB04
CALL 0XFFFF8824
XOR EAX, EAX
PUSH EBP
PUSH 0X40C0C4
PUSH DWORD PTR FS:[EAX]
MOV DWORD PTR FS:[EAX], ESP
PUSH 0X40C0D4
PUSH 0
PUSH 0
Signatures
CheckSum Integrity Problem:
Header: 103242
Calculated: 692630
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Detect It Easy (die)
PE: compiler: Borland Delphi(6-7 or 2005)[-]
PE: linker: Turbo Linker(2.25*,Delphi)[-]
Entropy: 7.49292
Suspicious Functions
Library Function Description
KERNEL32.DLL CreateMutexA Create a named or unnamed mutex object for controlling access to a shared resource.
KERNEL32.DLL GetModuleFileNameA Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL CopyFileA Copies an existing file to a new file.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL CreateToolhelp32Snapshot Creates a snapshot of the specified processes, heaps, threads, and modules.
KERNEL32.DLL CreateRemoteThread Creates a thread in the address space of another process.
KERNEL32.DLL WriteProcessMemory Writes data to an area of memory in a specified process.
KERNEL32.DLL ReadProcessMemory Reads data from an area of memory in a specified process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
KERNEL32.DLL CreateFileA Creates or opens a file or I/O device.
KERNEL32.DLL DeleteFileA Deletes an existing file.
KERNEL32.DLL IsDebuggerPresent Determines if the calling process is being debugged by a user-mode debugger.
ADVAPI32.DLL RegCreateKeyExA Creates a new registry key or opens an existing one.
ADVAPI32.DLL RegDeleteKeyA Used to delete a subkey and its values from the Windows registry.
ADVAPI32.DLL RegSetValueExA Sets the data and type of a specified value under a registry key.
SHELL32.DLL ShellExecuteA Performs a run operation on a specific file.
Windows REG
Software\Microsoft\Active Setup\Installed Components\
Software\Microsoft\Windows\CurrentVersion
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
SOFTWARE\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Internet Explorer\IntelliForms\Storage2
Software\Microsoft\Internet Explorer
SOFTWARE\Vitalwerks\DUC
Rebuilt string - SOFTWARE\Vitalwerks\DUC - (No-ip DUC)
Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Rebuilt string - SOFTWARE\Microsoft\Windows\CurrentVersion\Run
File Access
explorer.exe
\Internet Explorer\iexplore.exe
.exe
VBoxService.exe
advapi32.dll
crypt32.dll
shell32.dll
rasapi32.dll
ole32.dll
pstorec.dll
user32.dll
kernel32.dll
oleaut32.dll
userenv.dll
nss3.dll
softokn3.dll
nssutil3.dll
plds4.dll
plc4.dll
nspr4.dll
sqlite3.dll
mozcrt19.dll
rnaph.dll
PSAPI.dll
dbghelp.dll
SbieDll.dll
XX--XX--XX.txt
\signons.txt
\signons1.txt
\signons2.txt
\signons3.txt
profiles.ini
Temp
ProgramFiles
AppData
UserProfile
Interest's Words
PADDINGX
Decrypt
PassWord
exec
attrib
start
shutdown
Anti-VM/Sandbox/Debug Tricks
SyserDebugger - SyserDbgMsg/SyserBoot
SandBoxie Library - SbieDll.dll
VirtualBox Service - VBoxService.exe
OllyDbg Libary - dbghelp.dll
JoeBox ProductID - 55274-640-2673064-23950
CWSandbox ProductID - 76487-644-3177037-23510
Anubis ProductID - 76487-337-8429955-22614
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Registry (RegCreateKeyEx)
Text Ascii Registry (RegOpenKeyEx)
Text Ascii Registry (RegSetValueEx)
Text Ascii File (GetTempPath)
Text Ascii File (CopyFile)
Text Ascii File (CreateFile)
Text Ascii File (WriteFile)
Text Ascii File (ReadFile)
Text Ascii Encryption API (CryptAcquireContext)
Text Ascii Encryption API (CryptReleaseContext)
Text Ascii Anti-Analysis VM (IsDebuggerPresent)
Text Ascii Anti-Analysis VM (GetVersion)
Text Ascii Anti-Analysis VM (CreateToolhelp32Snapshot)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Stealth (ReadProcessMemory)
Text Ascii Stealth (CreateRemoteThread)
Text Ascii Execution (CreateProcessA)
Text Ascii Execution (ShellExecute)
Text Ascii Sandbox Product ID (76487-337-8429955-22614)
Text Ascii Sandbox Product ID (76487-644-3177037-23510)
Text Ascii Sandbox Product ID (55274-640-2673064-23950)
Text Ascii Information used to authenticate a user's identity (Credential)
Text Ascii Information used for user authentication (Credential)
Text Ascii Technique used to insert malicious code into legitimate processes (Inject)
Entry Point Hex Pattern Microsoft Visual C++ 8
Resources
Path DataRVA Size FileOffset CodeText
\ICON\1\0 14244 8A8 D644 2800000020000000400000000100080000000000000000000000000000000000000000000000000000000000000000003614(... ...@.......................................6.
\ICON\50\0 14AEC 8A8 DEEC 2800000020000000400000000100080000000000000000000000000000000000000000000000000000000000000000003614(... ...@.......................................6.
\ICON\51\0 15394 8A8 E794 2800000020000000400000000100080000000000000000000000000000000000000000000000000000000000000000003614(... ...@.......................................6.
\RCDATA\DVCLAL\0 15C3C 10 F03C A28CDF987B3C3A7926713F090F2A2517....{<:y&q?..*%.
\RCDATA\PACKAGEINFO\0 15C4C 184 F04C 000000CC000000001D0000000164535455420010D4426173653634000C4B57696E646F77730000C753797374656D00008153.............dSTUB...Base64..KWindows...System...S
\RCDATA\XX-XX-XX-XX\0 15DD0 93314 F1D0 8D858E928F928D8B8B928D888586848C848B2323232340232323232023232323402323232320232323234023232323202323..................@ @ @
\GROUP_ICON\ICON_STANDARD\0 A90E4 14 A24E4 0000010001002020000001000800A80800003300...... ..........3.
\GROUP_ICON\MAINICON\0 A90F8 14 A24F8 0000010001002020000001000800A80800003200...... ..........2.
Intelligent String
• advapi32.dll
• ole32.dll
• kernel32.dll
• explorer.exe
• .tls
• .exe
• PSAPI.dll
• Microsoft\Network\Connections\pbk\rasphone.pbk
• rasapi32.dll
• rnaph.dll
• xxxyyyzzz.dat
• mozcrt19.dll
• nspr4.dll
• plc4.dll
• plds4.dll
• nssutil3.dll
• softokn3.dll
• nss3.dll
• profiles.ini
• \signons3.txt
• \signons2.txt
• \signons1.txt
• \signons.txt
• NOIP.abc
• IEPASS.abc
• IEAUTO.abc
• IEWEB.abc
• XX--XX--XX.txt
• user32.dll
• CharNextAoleaut32.dll
• CloseHandleuser32.dll
• crypt32.dll
Flow Anomalies
Offset RVA Section Description
474 410198 CODE JMP [static] | Indirect jump to absolute memory address
47C 410194 CODE JMP [static] | Indirect jump to absolute memory address
484 410190 CODE JMP [static] | Indirect jump to absolute memory address
48C 41018C CODE JMP [static] | Indirect jump to absolute memory address
494 410188 CODE JMP [static] | Indirect jump to absolute memory address
49C 410184 CODE JMP [static] | Indirect jump to absolute memory address
4A4 410180 CODE JMP [static] | Indirect jump to absolute memory address
4AC 41017C CODE JMP [static] | Indirect jump to absolute memory address
4B4 410178 CODE JMP [static] | Indirect jump to absolute memory address
4BC 410174 CODE JMP [static] | Indirect jump to absolute memory address
4C4 410170 CODE JMP [static] | Indirect jump to absolute memory address
4CC 41016C CODE JMP [static] | Indirect jump to absolute memory address
4D4 410168 CODE JMP [static] | Indirect jump to absolute memory address
4DC 410164 CODE JMP [static] | Indirect jump to absolute memory address
4E4 4101A0 CODE JMP [static] | Indirect jump to absolute memory address
4EC 410160 CODE JMP [static] | Indirect jump to absolute memory address
4F4 41015C CODE JMP [static] | Indirect jump to absolute memory address
4FC 410158 CODE JMP [static] | Indirect jump to absolute memory address
504 4101B0 CODE JMP [static] | Indirect jump to absolute memory address
50C 4101AC CODE JMP [static] | Indirect jump to absolute memory address
514 4101A8 CODE JMP [static] | Indirect jump to absolute memory address
51C 410154 CODE JMP [static] | Indirect jump to absolute memory address
578 40D040 CODE CALL [static] | Indirect call to absolute memory address
590 40D044 CODE CALL [static] | Indirect call to absolute memory address
5B1 40D048 CODE CALL [static] | Indirect call to absolute memory address
5CA 40D044 CODE CALL [static] | Indirect call to absolute memory address
5E3 40D040 CODE CALL [static] | Indirect call to absolute memory address
616 40E004 CODE CALL [static] | Indirect call to absolute memory address
8B0 N/A CODE CALL DWORD PTR [ECX-4h] | Displacement form
99F N/A CODE CALL DWORD PTR [EAX-Ch] | Displacement form
9D6 N/A CODE CALL DWORD PTR [ECX-4h] | Displacement form
9EA N/A CODE CALL DWORD PTR [EDX-8h] | Displacement form
9F7 N/A CODE CALL DWORD PTR [EDX-1Ch] | Displacement form
A09 N/A CODE CALL DWORD PTR [EDX-18h] | Displacement form
A24 40E00C CODE CALL [static] | Indirect call to absolute memory address
A42 40E00C CODE CALL [static] | Indirect call to absolute memory address
A5A 40E00C CODE CALL [static] | Indirect call to absolute memory address
AAC N/A CODE CALL DWORD PTR [ECX+54h] | Displacement form
AB8 40E00C CODE CALL [static] | Indirect call to absolute memory address
AD8 40E00C CODE CALL [static] | Indirect call to absolute memory address
BB2 40E010 CODE CALL [static] | Indirect call to absolute memory address
D3F 40D02C CODE CALL [static] | Indirect call to absolute memory address
D62 40D02C CODE CALL [static] | Indirect call to absolute memory address
E10 40D068 CODE CALL [static] | Indirect call to absolute memory address
E26 40D030 CODE CALL [static] | Indirect call to absolute memory address
E3E 40D01C CODE CALL [static] | Indirect call to absolute memory address
E59 40D034 CODE CALL [static] | Indirect call to absolute memory address
E65 N/A CODE CALL DWORD PTR [EBX+24h] | Displacement form
E81 40E014 CODE CALL [static] | Indirect call to absolute memory address
1019 N/A CODE CALL DWORD PTR [EAX-7Dh] | Displacement form
1165 N/A CODE CALL DWORD PTR [EBX+56h] | Displacement form
11BD N/A CODE CALL DWORD PTR [EBX+56h] | Displacement form
1259 N/A CODE CALL DWORD PTR [EAX-77h] | Displacement form
1556 N/A CODE CALL DWORD PTR [ECX+52h] | Displacement form
1571 N/A CODE CALL DWORD PTR [EAX-7Dh] | Displacement form
15FB N/A CODE CALL DWORD PTR [EAX+51h] | Displacement form
169C N/A CODE CALL DWORD PTR [EAX-77h] | Displacement form
198B 40D024 CODE CALL [static] | Indirect call to absolute memory address
1995 40D028 CODE CALL [static] | Indirect call to absolute memory address
1A96 40D020 CODE CALL [static] | Indirect call to absolute memory address
1D37 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
1DBC 40E5C0 CODE JMP [static] | Indirect jump to absolute memory address
1DC4 40E5C4 CODE JMP [static] | Indirect jump to absolute memory address
1DD4 40E654 CODE JMP [static] | Indirect jump to absolute memory address
2011 N/A CODE JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
2170 N/A CODE CALL DWORD PTR [EDX+50h] | Displacement form
2455 N/A CODE CALL DWORD PTR [EBX+4h] | Displacement form
2474 N/A CODE CALL DWORD PTR [EAX+8h] | Displacement form
2485 N/A CODE CALL DWORD PTR [EAX+4h] | Displacement form
2495 N/A CODE CALL DWORD PTR [EAX+8h] | Displacement form
24A4 N/A CODE CALL DWORD PTR [EAX+8h] | Displacement form
24AF N/A CODE CALL DWORD PTR [EAX+51h] | Displacement form
24BC N/A CODE CALL DWORD PTR [EAX+8h] | Displacement form
24C4 N/A CODE CALL DWORD PTR [EAX] | Indirect call via pointer at address in EAX
24DB N/A CODE CALL DWORD PTR [EAX+4h] | Displacement form
25FF N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
2611 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
26D1 40D06C CODE CALL [static] | Indirect call to absolute memory address
26D7 40D038 CODE CALL [static] | Indirect call to absolute memory address
28D8 4101E4 CODE JMP [static] | Indirect jump to absolute memory address
28E0 4101E0 CODE JMP [static] | Indirect jump to absolute memory address
28E8 4101DC CODE JMP [static] | Indirect jump to absolute memory address
28F0 4101D8 CODE JMP [static] | Indirect jump to absolute memory address
28F8 4101D4 CODE JMP [static] | Indirect jump to absolute memory address
2900 4101D0 CODE JMP [static] | Indirect jump to absolute memory address
2908 4101CC CODE JMP [static] | Indirect jump to absolute memory address
2910 4101C8 CODE JMP [static] | Indirect jump to absolute memory address
2918 4101C4 CODE JMP [static] | Indirect jump to absolute memory address
2920 4101C0 CODE JMP [static] | Indirect jump to absolute memory address
2928 4101BC CODE JMP [static] | Indirect jump to absolute memory address
2930 4101B8 CODE JMP [static] | Indirect jump to absolute memory address
2938 4102A4 CODE JMP [static] | Indirect jump to absolute memory address
2940 4102A0 CODE JMP [static] | Indirect jump to absolute memory address
2948 41029C CODE JMP [static] | Indirect jump to absolute memory address
2950 410298 CODE JMP [static] | Indirect jump to absolute memory address
2958 410298 CODE JMP [static] | Indirect jump to absolute memory address
2960 410294 CODE JMP [static] | Indirect jump to absolute memory address
2988 410290 CODE JMP [static] | Indirect jump to absolute memory address
2990 41028C CODE JMP [static] | Indirect jump to absolute memory address
2998 410288 CODE JMP [static] | Indirect jump to absolute memory address
29A0 410284 CODE JMP [static] | Indirect jump to absolute memory address
29A8 410280 CODE JMP [static] | Indirect jump to absolute memory address
29B0 41027C CODE JMP [static] | Indirect jump to absolute memory address
29B8 410278 CODE JMP [static] | Indirect jump to absolute memory address
29C0 410274 CODE JMP [static] | Indirect jump to absolute memory address
29C8 410270 CODE JMP [static] | Indirect jump to absolute memory address
29D0 41026C CODE JMP [static] | Indirect jump to absolute memory address
29D8 410268 CODE JMP [static] | Indirect jump to absolute memory address
29E0 410264 CODE JMP [static] | Indirect jump to absolute memory address
29E8 410260 CODE JMP [static] | Indirect jump to absolute memory address
29F0 41025C CODE JMP [static] | Indirect jump to absolute memory address
29F8 410258 CODE JMP [static] | Indirect jump to absolute memory address
2A00 410254 CODE JMP [static] | Indirect jump to absolute memory address
2A08 410250 CODE JMP [static] | Indirect jump to absolute memory address
2A10 41024C CODE JMP [static] | Indirect jump to absolute memory address
2A18 410248 CODE JMP [static] | Indirect jump to absolute memory address
2A20 410244 CODE JMP [static] | Indirect jump to absolute memory address
2A28 410240 CODE JMP [static] | Indirect jump to absolute memory address
2A30 41023C CODE JMP [static] | Indirect jump to absolute memory address
2A38 410238 CODE JMP [static] | Indirect jump to absolute memory address
2A40 410234 CODE JMP [static] | Indirect jump to absolute memory address
2A48 410230 CODE JMP [static] | Indirect jump to absolute memory address
2A50 41022C CODE JMP [static] | Indirect jump to absolute memory address
2A58 410228 CODE JMP [static] | Indirect jump to absolute memory address
2A60 410224 CODE JMP [static] | Indirect jump to absolute memory address
2A68 410220 CODE JMP [static] | Indirect jump to absolute memory address
2A70 41021C CODE JMP [static] | Indirect jump to absolute memory address
2A78 410218 CODE JMP [static] | Indirect jump to absolute memory address
2A80 410214 CODE JMP [static] | Indirect jump to absolute memory address
2A88 410210 CODE JMP [static] | Indirect jump to absolute memory address
2A90 41020C CODE JMP [static] | Indirect jump to absolute memory address
2A98 410208 CODE JMP [static] | Indirect jump to absolute memory address
2AA0 410204 CODE JMP [static] | Indirect jump to absolute memory address
2AA8 410200 CODE JMP [static] | Indirect jump to absolute memory address
2AB0 4101FC CODE JMP [static] | Indirect jump to absolute memory address
2AB8 4101F8 CODE JMP [static] | Indirect jump to absolute memory address
2AC0 4101F4 CODE JMP [static] | Indirect jump to absolute memory address
2AC8 4101F0 CODE JMP [static] | Indirect jump to absolute memory address
2AD0 4101EC CODE JMP [static] | Indirect jump to absolute memory address
2AD8 4102D0 CODE JMP [static] | Indirect jump to absolute memory address
2AE0 4102D4 CODE JMP [static] | Indirect jump to absolute memory address
2AE8 4102CC CODE JMP [static] | Indirect jump to absolute memory address
2AF0 4102C8 CODE JMP [static] | Indirect jump to absolute memory address
2AF8 4102C4 CODE JMP [static] | Indirect jump to absolute memory address
2B00 4102C0 CODE JMP [static] | Indirect jump to absolute memory address
2B08 4102BC CODE JMP [static] | Indirect jump to absolute memory address
2B10 4102B8 CODE JMP [static] | Indirect jump to absolute memory address
2B18 4102B4 CODE JMP [static] | Indirect jump to absolute memory address
2B20 4102B0 CODE JMP [static] | Indirect jump to absolute memory address
2B28 4102AC CODE JMP [static] | Indirect jump to absolute memory address
2CF8 N/A CODE CALL DWORD PTR [EDI-18h] | Displacement form
2D3D N/A CODE CALL DWORD PTR [EBP-Ch] | Displacement form
2D44 N/A CODE CALL DWORD PTR [EAX-1h] | Displacement form
2D46 N/A CODE CALL DWORD PTR [EBP-4h] | Displacement form
2D87 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
2D9F N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
2E40 N/A CODE CALL DWORD PTR [EBP-Ch] | Displacement form
2E47 N/A CODE CALL DWORD PTR [EBP-10h] | Displacement form
2E4B N/A CODE CALL DWORD PTR [EBP-14h] | Displacement form
2E75 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
2E8E N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
2EA7 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
2EE7 N/A CODE CALL DWORD PTR [EBX-18h] | Displacement form
2EED N/A CODE CALL DWORD PTR [EBX+EDX*2-18h] | ModRM/SIB parsed
3033 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
303B N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
31C6 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
3473 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
34E8 N/A CODE CALL DWORD PTR [EBP-4h] | Displacement form
38BB N/A CODE CALL DWORD PTR [EBX-18h] | Displacement form
3B7C N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
3B82 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
3C00 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
3C06 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
449D 40E948 CODE CALL [static] | Indirect call to absolute memory address
44BD 40E960 CODE CALL [static] | Indirect call to absolute memory address
44DD 40E964 CODE CALL [static] | Indirect call to absolute memory address
45D4 N/A CODE CALL DWORD PTR [EBX+56h] | Displacement form
4647 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
469F N/A CODE CALL DWORD PTR [ESI-18h] | Displacement form
49A1 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
4D05 N/A CODE CALL DWORD PTR [ESI-18h] | Displacement form
4E8D N/A CODE CALL DWORD PTR [ESI-18h] | Displacement form
4EF2 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
508F N/A CODE CALL DWORD PTR [EAX+56h] | Displacement form
509E N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
50A7 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
50B4 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
510C N/A CODE CALL DWORD PTR [EBX-77h] | Displacement form
512E N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
5137 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
51B4 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
51E1 N/A CODE CALL DWORD PTR [EAX+53h] | Displacement form
51E8 N/A CODE CALL DWORD PTR [EBX-18h] | Displacement form
522C N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
5232 N/A CODE CALL DWORD PTR [ESI+53h] | Displacement form
5274 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
527A N/A CODE CALL DWORD PTR [ESI+53h] | Displacement form
52C0 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
52C6 N/A CODE CALL DWORD PTR [ESI+53h] | Displacement form
52F8 N/A CODE CALL DWORD PTR [EBX+33h] | Displacement form
5384 N/A CODE CALL DWORD PTR [EBX+33h] | Displacement form
54DA N/A CODE CALL DWORD PTR [EAX+56h] | Displacement form
551E N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
578B N/A CODE CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
580D N/A CODE CALL DWORD PTR [ESI+6Ah] | Displacement form
5866 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
58E4 N/A CODE CALL DWORD PTR [EBX+56h] | Displacement form
599C N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
59E6 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
5A22 N/A CODE CALL DWORD PTR [EDI-18h] | Displacement form
5A69 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
5B4E N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
5D06 N/A CODE CALL DWORD PTR [EAX+68h] | Displacement form
5D52 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
5DFE N/A CODE CALL DWORD PTR [EBX-75h] | Displacement form
6188 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
6427 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
642F N/A CODE CALL DWORD PTR [EAX-5Fh] | Displacement form
6570 4102E0 CODE JMP [static] | Indirect jump to absolute memory address
6578 4102DC CODE JMP [static] | Indirect jump to absolute memory address
65FC 4102F0 CODE JMP [static] | Indirect jump to absolute memory address
6604 4102E8 CODE JMP [static] | Indirect jump to absolute memory address
66C7 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
66D9 N/A CODE CALL DWORD PTR [EAX+44h] | Displacement form
67DC N/A CODE CALL DWORD PTR [EAX+28h] | Displacement form
6829 N/A CODE CALL DWORD PTR [EAX+1Ch] | Displacement form
68AE N/A CODE CALL DWORD PTR [EAX+54h] | Displacement form
68C2 N/A CODE CALL DWORD PTR [EAX+Ch] | Displacement form
6964 4102F8 CODE JMP [static] | Indirect jump to absolute memory address
69EF N/A CODE CALL DWORD PTR [EAX+3Ch] | Displacement form
6A03 N/A CODE CALL DWORD PTR [EAX+Ch] | Displacement form
6B09 N/A CODE CALL DWORD PTR [EAX+38h] | Displacement form
6B1D N/A CODE CALL DWORD PTR [EAX+Ch] | Displacement form
6C00 N/A CODE CALL DWORD PTR [EAX+Ch] | Displacement form
6F54 410324 CODE JMP [static] | Indirect jump to absolute memory address
6F5C 410320 CODE JMP [static] | Indirect jump to absolute memory address
6F64 41031C CODE JMP [static] | Indirect jump to absolute memory address
6F6C 410318 CODE JMP [static] | Indirect jump to absolute memory address
6F74 410314 CODE JMP [static] | Indirect jump to absolute memory address
6F7C 41030C CODE JMP [static] | Indirect jump to absolute memory address
6F84 410304 CODE JMP [static] | Indirect jump to absolute memory address
6F8C 410300 CODE JMP [static] | Indirect jump to absolute memory address
70B4 N/A CODE CALL DWORD PTR [EBX+33h] | Displacement form
70F1 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
7117 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
7122 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
712B N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
713D N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
7151 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
71EE N/A CODE CALL DWORD PTR [ESI+EDX*2-73h] | ModRM/SIB parsed
720B N/A CODE CALL DWORD PTR [EBP-73h] | Displacement form
7366 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
74C2 N/A CODE CALL DWORD PTR [EAX-5Fh] | Displacement form
74FF N/A CODE CALL DWORD PTR [EAX-5Fh] | Displacement form
7531 N/A CODE CALL DWORD PTR [EAX-5Fh] | Displacement form
7558 N/A CODE CALL DWORD PTR [EAX-5Fh] | Displacement form
75F7 52000000 CODE CALL [static] | Indirect call to absolute memory address
7640 N/A CODE CALL DWORD PTR [EBX+56h] | Displacement form
76F1 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
772F N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
7763 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
77DB N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
7870 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
7896 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
78B2 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
78C2 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
78D6 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
78E6 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
7935 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
7AE8 410334 CODE JMP [static] | Indirect jump to absolute memory address
7AF0 41032C CODE JMP [static] | Indirect jump to absolute memory address
7B70 N/A CODE CALL DWORD PTR [EAX+68h] | Displacement form
7C06 N/A CODE CALL DWORD PTR [EAX-5Fh] | Displacement form
7C10 N/A CODE CALL DWORD PTR [EAX+1Ch] | Displacement form
7C20 N/A CODE CALL DWORD PTR [EAX+1Ch] | Displacement form
7CB8 N/A CODE CALL DWORD PTR [EAX+Ch] | Displacement form
7D60 410350 CODE JMP [static] | Indirect jump to absolute memory address
7D68 41034C CODE JMP [static] | Indirect jump to absolute memory address
7D70 410348 CODE JMP [static] | Indirect jump to absolute memory address
7D78 410344 CODE JMP [static] | Indirect jump to absolute memory address
7D80 410340 CODE JMP [static] | Indirect jump to absolute memory address
7D88 41033C CODE JMP [static] | Indirect jump to absolute memory address
7E58 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
8735 N/A CODE CALL DWORD PTR [ESI-42h] | Displacement form
8830 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
88C2 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
88E0 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
8973 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
8995 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
89B7 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
8F9B N/A CODE CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
9191 40F1DC CODE CALL [static] | Indirect call to absolute memory address
9226 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
9377 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
93AA N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
93DD N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
9410 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
9443 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
9476 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
94A9 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
94DC N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
9828 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
9864 IAT N/A CODE CALL DWORD PTR [EAX+68h] | Displacement form
9870 N/A CODE CALL DWORD PTR [EAX+68h] | Displacement form
9C72 N/A CODE CALL DWORD PTR [EAX-1h] | Displacement form
9C74 N/A CODE CALL DWORD PTR [EBP-8h] | Displacement form
9C80 N/A CODE CALL DWORD PTR [EBP-Ch] | Displacement form
9C98 N/A CODE CALL DWORD PTR [EBP-10h] | Displacement form
9DC0 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
9DC9 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
9DD0 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
9DE0 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
9DE7 N/A CODE CALL DWORD PTR [EAX-1h] | Displacement form
9E79 N/A CODE CALL DWORD PTR [EBP-18h] | Displacement form
9E7D N/A CODE CALL DWORD PTR [EBP-14h] | Displacement form
9E9F N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
9EC3 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
9EE7 N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
9FC3 N/A CODE CALL DWORD PTR [ECX] | Indirect call via pointer at address in ECX
A133 N/A CODE CALL DWORD PTR [ECX] | Indirect call via pointer at address in ECX
A22B N/A CODE CALL DWORD PTR [EDX] | Indirect call via pointer at address in EDX
A370 N/A CODE CALL DWORD PTR [EAX+57h] | Displacement form
A399 N/A CODE CALL DWORD PTR [EBX-18h] | Displacement form
A3F1 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
A4C0 N/A CODE CALL DWORD PTR [EBX+56h] | Displacement form
A4DB N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
A4ED N/A CODE CALL DWORD PTR [EAX-75h] | Displacement form
A887 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
A97F N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
A9E5 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
AA5E N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
AAC4 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
AB7A N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
AC33 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
AC78 N/A CODE CALL DWORD PTR [EAX-18h] | Displacement form
B09D N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
B0EA N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
B137 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
B184 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
B1D1 N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
B21E N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
B26F N/A CODE CALL DWORD PTR [EAX-73h] | Displacement form
B34B N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
B383 N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
B3BB N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
B3EF N/A CODE CALL DWORD PTR [EAX+6Ah] | Displacement form
11381 N/A .rsrc JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
11835 N/A .rsrc JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
11E13 N/A .rsrc JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
11E74 6A006A .rsrc JMP [static] | Indirect jump to absolute memory address
12594 N/A .rsrc CALL DWORD PTR [ECX] | Indirect call via pointer at address in ECX
126FB N/A .rsrc CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
14490 N/A .rsrc CALL DWORD PTR [EAX+7Eh] | Displacement form
14885 N/A .rsrc CALL DWORD PTR [EBX] | Indirect call via pointer at address in EBX
14937 69209DF6 .rsrc JMP [static] | Indirect jump to absolute memory address
1540E N/A .rsrc CALL DWORD PTR [EAX] | Indirect call via pointer at address in EAX
15591 N/A .rsrc CALL DWORD PTR [ESI] | Indirect call via pointer at address in ESI
15624 N/A .rsrc CALL DWORD PTR [EAX] | Indirect call via pointer at address in EAX
15673 N/A .rsrc JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
15AD4 N/A .rsrc JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
15FA5 N/A .rsrc CALL DWORD PTR [ECX-54h] | Displacement form
173FB N/A .rsrc JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
17563 N/A .rsrc CALL DWORD PTR [ECX-1Fh] | Displacement form
17776 N/A .rsrc CALL DWORD PTR [EAX-42h] | Displacement form
181B2 N/A .rsrc JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
188F7 N/A .rsrc JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
1A02D 323C5328 .rsrc JMP [static] | Indirect jump to absolute memory address
1A095 323C5328 .rsrc JMP [static] | Indirect jump to absolute memory address
1C22D N/A .rsrc CALL DWORD PTR [EAX-3Ah] | Displacement form
1C29F N/A .rsrc CALL DWORD PTR [ESI] | Indirect call via pointer at address in ESI
1DBF2 N/A .rsrc CALL DWORD PTR [EDX-4Bh] | Displacement form
1E250 N/A .rsrc JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
1E741 7403448F .rsrc CALL [static] | Indirect call to absolute memory address
1FC8C N/A .rsrc CALL DWORD PTR [EAX-35h] | Displacement form
1FE3C N/A .rsrc CALL DWORD PTR [ESI-4Ch] | Displacement form
202CC N/A .rsrc CALL DWORD PTR [ECX+1h] | Displacement form
20CED N/A .rsrc CALL DWORD PTR [ECX-2Ah] | Displacement form
20D74 N/A .rsrc CALL DWORD PTR [ESP+ECX*4-33h] | ModRM/SIB parsed
22A21 N/A .rsrc CALL DWORD PTR [EBP+30h] | Displacement form
22A9B N/A .rsrc CALL DWORD PTR [EDX+22h] | Displacement form
237AC N/A .rsrc JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
245CB N/A .rsrc CALL DWORD PTR [EAX] | Indirect call via pointer at address in EAX
24BB6 N/A .rsrc CALL DWORD PTR [EBX+6Ah] | Displacement form
24BEE N/A .rsrc JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
24F68 N/A .rsrc CALL DWORD PTR [EDI+43h] | Displacement form
25264 N/A .rsrc CALL DWORD PTR [ECX] | Indirect call via pointer at address in ECX
25AB4 N/A .rsrc CALL DWORD PTR [EDX] | Indirect call via pointer at address in EDX
26154 N/A .rsrc CALL DWORD PTR [ESI+43h] | Displacement form
263D5 N/A .rsrc CALL DWORD PTR [EAX] | Indirect call via pointer at address in EAX
278B6 N/A .rsrc JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
27D29 N/A .rsrc JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
282F3 N/A .rsrc CALL DWORD PTR [EBP-1Ah] | Displacement form
295A1 N/A .rsrc CALL DWORD PTR [ESI+2Fh] | Displacement form
29A07 N/A .rsrc CALL DWORD PTR [EBX+37h] | Displacement form
29C1B N/A .rsrc CALL DWORD PTR [EAX+2Ch] | Displacement form
2A22F N/A .rsrc CALL DWORD PTR [EDI+36h] | Displacement form
2AADC N/A .rsrc CALL DWORD PTR [ECX+2Eh] | Displacement form
2AC12 N/A .rsrc CALL DWORD PTR [EDI-37h] | Displacement form
2BF00 N/A .rsrc JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
2C733 N/A .rsrc CALL DWORD PTR [ESI-52h] | Displacement form
2CB32 N/A .rsrc CALL DWORD PTR [EDX+10h] | Displacement form
2CD02 N/A .rsrc CALL DWORD PTR [EBX] | Indirect call via pointer at address in EBX
2DD8C N/A .rsrc JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
2EB85 N/A .rsrc JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
2EC36 N/A .rsrc JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
3101B 467BDF70 .rsrc JMP [static] | Indirect jump to absolute memory address
31FE8 N/A .rsrc CALL DWORD PTR [EDX-66h] | Displacement form
32A18 N/A .rsrc CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
3425E N/A .rsrc CALL DWORD PTR [ECX] | Indirect call via pointer at address in ECX
34D6D N/A .rsrc JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
35FEE N/A .rsrc CALL DWORD PTR [EBX] | Indirect call via pointer at address in EBX
361FF N/A .rsrc CALL DWORD PTR [ESI+42h] | Displacement form
36C73 N/A .rsrc CALL DWORD PTR [ECX+5Ch] | Displacement form
395C7 N/A .rsrc JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
3962D N/A .rsrc JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
3A88A N/A .rsrc CALL DWORD PTR [ECX+69h] | Displacement form
3A8E5 N/A .rsrc CALL DWORD PTR [EBP-7Eh] | Displacement form
3AE79 N/A .rsrc CALL DWORD PTR [EBX] | Indirect call via pointer at address in EBX
3B5BB N/A .rsrc CALL DWORD PTR [EBP-14h] | Displacement form
3BCB2 1DC15063 .rsrc JMP [static] | Indirect jump to absolute memory address
3C018 N/A .rsrc CALL DWORD PTR [EDX+28h] | Displacement form
3C7EB N/A .rsrc CALL DWORD PTR [EDX] | Indirect call via pointer at address in EDX
3D088 N/A .rsrc JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
3D52B N/A .rsrc CALL DWORD PTR [ESI] | Indirect call via pointer at address in ESI
3EB1A N/A .rsrc JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
3F618 N/A .rsrc CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
3FB86 N/A .rsrc JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
3FC19 N/A .rsrc CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
406E6 N/A .rsrc CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
4243F N/A .rsrc CALL DWORD PTR [EAX] | Indirect call via pointer at address in EAX
427CB N/A .rsrc CALL DWORD PTR [ECX+74h] | Displacement form
42FA8 N/A .rsrc CALL DWORD PTR [EAX-3Eh] | Displacement form
44ABE N/A .rsrc CALL DWORD PTR [ECX+28h] | Displacement form
44C96 N/A .rsrc CALL DWORD PTR [EBP+6Fh] | Displacement form
44D14 N/A .rsrc CALL DWORD PTR [EBP-29h] | Displacement form
45007 N/A .rsrc JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
45AB2 N/A .rsrc JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
46F2F N/A .rsrc JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
4758B N/A .rsrc JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
4805F N/A .rsrc CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
488D3 18CA0C56 .rsrc JMP [static] | Indirect jump to absolute memory address
495DB N/A .rsrc CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
4B805 N/A .rsrc CALL DWORD PTR [EDI+5Bh] | Displacement form
4CA7D N/A .rsrc JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
4CD42 N/A .rsrc JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
4E7DE N/A .rsrc CALL DWORD PTR [EDX] | Indirect call via pointer at address in EDX
4EF48 N/A .rsrc CALL DWORD PTR [EBX+Dh] | Displacement form
4F200 N/A .rsrc JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
4F4A8 N/A .rsrc CALL DWORD PTR [ECX+6Dh] | Displacement form
4F511 N/A .rsrc JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
4F6BA N/A .rsrc JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
5045F N/A .rsrc CALL DWORD PTR [EAX-1Bh] | Displacement form
50CCD N/A .rsrc CALL DWORD PTR [EAX] | Indirect call via pointer at address in EAX
50E4A N/A .rsrc CALL DWORD PTR [ESI+60h] | Displacement form
50E5B N/A .rsrc CALL DWORD PTR [ESI-Fh] | Displacement form
5323C N/A .rsrc JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
53281 N/A .rsrc JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
59012 N/A .rsrc CALL DWORD PTR [EBX] | Indirect call via pointer at address in EBX
595AD N/A .rsrc CALL DWORD PTR [EAX+EBX*4+43h] | ModRM/SIB parsed
65666 N/A .rsrc CALL DWORD PTR [EBP+42h] | Displacement form
675BE N/A .rsrc CALL DWORD PTR [EBX+43h] | Displacement form
74150 N/A .rsrc CALL DWORD PTR [EDI-52h] | Displacement form
79B52 N/A .rsrc CALL DWORD PTR [EAX+41h] | Displacement form
8A70A N/A .rsrc JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
9AB18 N/A .rsrc CALL DWORD PTR [ESI-3h] | Displacement form
Extra Analysis
Metric Value Percentage
Ascii Code 430892 64,7872%
Null Byte Code 11414 1,7162%
© 2025 All rights reserved.