PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 2,58 MBSHA-256 Hash: 84503803698199CE3E45CABACECA58EE5A79E6AEB405D8164984D888A14BEB82 SHA-1 Hash: 8D45B52EAD683D24D702ED92C09F2DF5A61BED06 MD5 Hash: 56064AF13903768E8A21462F0F50312B Imphash: 7CEA4A216B1043642FF6A4454E592DCF MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 61285 SizeOfHeaders: 1000 SizeOfImage: 2B1000 ImageBase: 400000 Architecture: x86 ImportTable: 275F68 IAT: 81000 Characteristics: 10F TimeDateStamp: 692A6313 Date: 29/11/2025 3:05:55 File Type: EXE Number Of Sections: 4 ASLR: Disabled Section Names: .text, .rdata, .data, .rsrc Number Of Executable Sections: 1 Subsystem: Windows GUI |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 60000020 (Code, Executable, Readable) | 1000 | 80000 | 1000 | 7F32E | 6,5560 | 3269780,82 |
| .rdata | 40000040 (Initialized Data, Readable) | 81000 | 1F8000 | 81000 | 1F7268 | 7,2982 | 5037120,04 |
| .data | C0000040 (Initialized Data, Readable, Writeable) | 279000 | 12000 | 279000 | 2DAA8 | 5,0302 | 3246085,05 |
| .rsrc | 40000040 (Initialized Data, Readable) | 28B000 | A000 | 2A7000 | 9244 | 5,1818 | 1042509,49 |
| Description |
| CompanyName: ]US7Rec LegalCopyright: ]US7Rec ProductName: ]US7Rec FileVersion: 1.0.0.0 FileDescription: ]US7Rec ProductVersion: 1.0.0.0 Comments: ]US7Rec Language: Chinese (People's Republic of China) (ID=0x804) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
| The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 61285 Code -> 558BEC6AFF6808E8660068DC60460064A100000000506489250000000083EC585356578965E8FF154813480033D28AD48915 • PUSH EBP • MOV EBP, ESP • PUSH -1 • PUSH 0X66E808 • PUSH 0X4660DC • MOV EAX, DWORD PTR FS:[0] • PUSH EAX • MOV DWORD PTR FS:[0], ESP • SUB ESP, 0X58 • PUSH EBX • PUSH ESI • PUSH EDI • MOV DWORD PTR [EBP - 0X18], ESP • CALL DWORD PTR [0X481348] • XOR EDX, EDX • MOV DL, AH |
| Signatures |
| Rich Signature Analyzer: Code -> C271BD628610D3318610D3318610D331050CDD31AD10D331B036D9313D10D331B036D831DE10D331FD0CDF318510D331D00FC031AA10D331E40FC0319310D3318610D231D412D3316E0FD831CB10D3316E0FD9319F10D3318610D331A210D3314116D5318710D331526963688610D331 Footprint md5 Hash -> CF5D631EDF8A0A59272749ABE28BB2C5 • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual C ++ Detect It Easy (die) • PE: compiler: EP:Microsoft Visual C/C++(6.0 (1720-9782))[EXE32] • PE: compiler: Microsoft Visual C/C++(6.0)[libcmt] • PE: linker: Microsoft Linker(6.0*)[-] • Entropy: 7.25536 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| USER32.DLL | CallWindowProcA | Invokes the window procedure for the specified window and messages. |
| ADVAPI32.DLL | RegCreateKeyExA | Creates a new registry key or opens an existing one. |
| ADVAPI32.DLL | RegSetValueExA | Sets the data and type of a specified value under a registry key. |
| SHELL32.DLL | ShellExecuteA | Performs a run operation on a specific file. |
| File Access |
| Gdi32.dll User32.dll Kernel32.dll Advapi32.dll Mpr.dll Shell32.dll comdlg32.dll WS2_32.dll COMCTL32.dll OLEAUT32.dll ole32.dll WINMM.dll @.dat (*.txt .INI Temp |
| Interest's Words |
| PADDINGX exec attrib start pause |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | Registry (RegCreateKeyEx) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Reconnaissance (FindFirstFileA) |
| Text | Ascii | Reconnaissance (FindNextFileA) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (ReleaseSemaphore) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (IsBadReadPtr) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Execution (WinExec) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Execution (CreateSemaphoreA) |
| Text | Ascii | Execution (CreateEventA) |
| Text | Ascii | Keyboard Key (Scroll) |
| Text | Unicode | Keyboard Key (PageDown) |
| Text | Unicode | Keyboard Key (PageUp) |
| Text | Ascii | Keyboard Key (Ctrl+A) |
| Text | Ascii | Keyboard Key (Ctrl+C) |
| Text | Ascii | Keyboard Key (Ctrl+D) |
| Text | Unicode | Keyboard Key (Ctrl+D) |
| Text | Ascii | Keyboard Key (Ctrl+F1) |
| Text | Ascii | Keyboard Key (Ctrl+F2) |
| Text | Ascii | Keyboard Key (Ctrl+F3) |
| Text | Ascii | Keyboard Key (Ctrl+F4) |
| Text | Ascii | Keyboard Key (Ctrl+F5) |
| Text | Ascii | Keyboard Key (Ctrl+F6) |
| Text | Ascii | Keyboard Key (Ctrl+F7) |
| Text | Ascii | Keyboard Key (Ctrl+F8) |
| Text | Ascii | Keyboard Key (Ctrl+F9) |
| Text | Ascii | Keyboard Key (Ctrl+I) |
| Text | Ascii | Keyboard Key (Ctrl+P) |
| Text | Unicode | Keyboard Key (Ctrl+P) |
| Text | Ascii | Keyboard Key (Ctrl+S) |
| Text | Ascii | Keyboard Key (Ctrl+T) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 5.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ v6.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ v6.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \TEXTINCLUDE\1\2052 | 2A7BF4 | B | 28BBF4 | 7265736F757263652E6800 | resource.h. |
| \TEXTINCLUDE\2\2052 | 2A7C00 | 16 | 28BC00 | 23696E636C75646520226166787265732E68220D0A00 | include "afxres.h"... |
| \TEXTINCLUDE\3\2052 | 2A7C18 | 151 | 28BC18 | 23646566696E65205F4146585F4E4F5F53504C49545445525F5245534F55524345530D0A23646566696E65205F4146585F4E | define _AFX_NO_SPLITTER_RESOURCES..define _AFX_N |
| \CURSOR\1\2052 | 2A7D6C | 134 | 28BD6C | 000000002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\2\2052 | 2A7EA0 | 134 | 28BEA0 | 060001002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\3\2052 | 2A7FD4 | 134 | 28BFD4 | 020002002800000020000000400000000100010000000000000100000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\4\2052 | 2A8108 | B4 | 28C108 | 010001002800000010000000200000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(....... ..................................... |
| \BITMAP\IEXT_IDB_STATEIMAGES\2052 | 2A81BC | 16C | 28C1BC | 28000000270000000D0000000100040000000000040100000000000000000000000000000000000000000000000080000080 | (...'............................................. |
| \BITMAP\1031\2052 | 2A8328 | 248 | 28C328 | 28000000400000000F0000000100040000000000E00100000000000000000000000000000000000000000000000080000080 | (...@............................................. |
| \BITMAP\1038\2052 | 2A8570 | 144 | 28C570 | 28000000210000000B0000000100040000000000DC0000000000000000000000000000000000000000000000000080000080 | (...!............................................. |
| \BITMAP\1138\2052 | 2A86B4 | 158 | 28C6B4 | 2800000014000000140000000100040000000000F0000000C40E0000C40E0000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\1139\2052 | 2A880C | 158 | 28C80C | 2800000014000000140000000100040000000000F0000000C40E0000C40E0000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\1140\2052 | 2A8964 | 158 | 28C964 | 2800000014000000140000000100040000000000F0000000C40E0000C40E0000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\1141\2052 | 2A8ABC | 158 | 28CABC | 2800000014000000140000000100040000000000F0000000C40E0000C40E0000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\1142\2052 | 2A8C14 | 158 | 28CC14 | 2800000014000000140000000100040000000000F0000000C40E0000C40E0000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\1143\2052 | 2A8D6C | 158 | 28CD6C | 2800000014000000140000000100040000000000F00000000000000000000000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\1144\2052 | 2A8EC4 | 158 | 28CEC4 | 2800000014000000140000000100040000000000F00000000000000000000000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\1145\2052 | 2A901C | 158 | 28D01C | 2800000014000000140000000100040000000000F00000000000000000000000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\26567\2052 | 2A9174 | 5E4 | 28D174 | 28000000460000002700000001000400000000007C0500000000000000000000000000000000000000000000000080000080 | (...F...'...........|............................. |
| \BITMAP\30994\2052 | 2A9758 | B8 | 28D758 | 280000000C0000000A0000000100040000000000500000000000000000000000000000000000000000000000000080000080 | (...................P............................. |
| \BITMAP\30995\2052 | 2A9810 | 16C | 28D810 | 28000000270000000D0000000100040000000000040100000000000000000000000000000000000000000000000080000080 | (...'............................................. |
| \BITMAP\30996\2052 | 2A997C | 144 | 28D97C | 28000000210000000B0000000100040000000000DC0000000000000000000000000000000000000000000000000080000080 | (...!............................................. |
| \ICON\1\2052 | 2A9AC0 | 2E8 | 28DAC0 | 2800000020000000400000000100040000000000800200000000000000000000000000000000000000000000000080000080 | (... ...@......................................... |
| \ICON\2\2052 | 2A9DA8 | 128 | 28DDA8 | 2800000010000000200000000100040000000000C00000000000000000000000000000000000000000000000000080000080 | (....... ......................................... |
| \ICON\3\0 | 2A9ED0 | 4228 | 28DED0 | 2800000040000000800000000100200000000000004000000000000000000000000000000000000000000000000000000000 | (...@......... ......@............................ |
| \MENU\127\2052 | 2AE0F8 | C | 2920F8 | 000000008000058031000000 | ........1... |
| \MENU\1039\2052 | 2AE104 | 284 | 292104 | 000000001000260052002E00B08B555F000000000D00260046002E0030529699B08B555F09004300740072006C002B005000 | ......&.R.....U_......&.F...0R....U_..C.t.r.l.+.P. |
| \DIALOG\150\2052 | 2AE388 | 98 | 292388 | C008C88000000000040000000000F300B300FFFF0F040000000009008B5B534F000000000010005000000000040007003200 | .............................[SO.......P........2. |
| \DIALOG\286\2052 | 2AE420 | 17A | 292420 | C008C880000000000900000000002401E60000000000000009008B5B534F00000418A14000000000070007001601BB00EA03 | ..............$............[SO.....@.............. |
| \DIALOG\554\2052 | 2AE59C | FA | 29259C | C008C88000000000060000000000DE00500000000000C65B0178938F6551000009008B5B534F000000000250000000000700 | ................P......[.x..eQ.....[SO.....P...... |
| \DIALOG\1037\2052 | 2AE698 | EA | 292698 | C008C88000000000060000000000FC005C0000000000F78B938F65511AFF000009008B5B534F000000100250000000000700 | ................\.........eQ.......[SO.....P...... |
| \DIALOG\1084\2052 | 2AE784 | 8AE | 292784 | C008C880000000003600000000000F010F010000000053627053BE8B6E7FF95BDD8B4668000009008B5B534F000000000000 | ........6.............SbpS..n..[..Fh.....[SO...... |
| \DIALOG\1124\2052 | 2AF034 | B2 | 293034 | C008C88000000000040000000000BB0053000000000075986297F38D6C8F3A00000009008B5B534F00000000000202500000 | ................S.....u.b...l.:......[SO.......P.. |
| \DIALOG\1134\2052 | 2AF0E8 | CC | 2930E8 | C008C88000000000030000000000E0006D0000000000636B2857536270530CFFF78B0D7A19502E002E002E00000009008B5B | ................m.....ck(WSbpS.....z.P...........[ |
| \DIALOG\1150\2052 | 2AF1B4 | B2 | 2931B4 | C008C88000000000040000000000D600380000000000F78B938F65511AFF000009008B5B534F000080008150000000000700 | ................8.........eQ.......[SO.....P...... |
| \DIALOG\30721\2052 | 2AF268 | E2 | 293268 | C400C88000000000050009001A00B700460000000000B065FA5E000008004D00530020005300680065006C006C0020004400 | ................F......e.....M.S. .S.h.e.l.l. .D. |
| \DIALOG\30722\2052 | 2AF34C | 18C | 29334C | C408C080000000000A0006001200F400720000000000636B2857DB8F4C88536270530CFFF78B0D7A195020002E002E002E00 | ................r.....ck(W..L.SbpS.....z.P ....... |
| \STRING\3841\2052 | 2AF4D8 | 50 | 2934D8 | 02005362005F0300DD4F585B3A4E0A00406209678765F64E200028002A002E002A0029000300E06507689898000000000600004E2A677D540D548765F64E000000000000000000000000000000000000 | ..Sb._...OX[:N..@b.g.e.N .(.*...*.)....e.h.........N*g}T.T.e.N.................. |
| \STRING\3842\2052 | 2AF528 | 2C | 293528 | 000006009096CF85280026004800290000000000000000000000000000000000000000000000000000000000 | ........(.&.H.)............................. |
| \STRING\3843\2052 | 2AF554 | 78 | 293554 | 0800975F0D4E3052FA511995E14F6F6002300D00D58BFE5667624C88FB7CDF7E0D4E2F6501638476CD645C4F02300A00C55F | ..._.N0R.Q...Oo.0.....VgbL..|.~.N/e.c.v.d\O.0..._ |
| \STRING\3857\2052 | 2AF5CC | 1C4 | 2935CC | 0700E065486584768765F64E0D54023007005362005F876563683159258D02300700DD4F585B876563683159258D02300A00 | ...eHe.v.e.N.T.0..Sb._.ech1Y%..0...OX[.ech1Y%..0.. |
| \STRING\3858\2052 | 2AF790 | 12A | 293790 | 0800F78B2E956551004E2A4E7465706502300700F78B2E956551004E2A4E7065023013001C20F78B6B586551004E2A4E2857 | ......eQ.N*Ntepe.0......eQ.N*Npe.0... ..kXeQ.N*N(W |
| \STRING\3859\2052 | 2AF8BC | 146 | 2938BC | 09005E9784981F6784768765F64E3C680F5F02301A00E065D56C7E623052E58B8765F64E02300A00F78B8C9AC18BD97EFA51 | ......g.v.e.N<h._.0...e.l~b0R...e.N.0.........~.Q |
| \STRING\3865\2052 | 2AFA04 | 40 | 293A04 | 0000000000000000000000000000000000000000000000000800E065D56CFB8BEA5399517972276002300800E065D56C9951EA53FB8B79722760023000000000 | ...........................e.l...S.Qyr'.0...e.l.Q.S..yr'.0.... |
| \STRING\3866\2052 | 2AFA44 | 64 | 293A44 | 0B00E065D56CC5886551AE90F64EFB7CDF7E2F65F46302300C00AE90F64EFB7CDF7E200044004C004C002000E06548650230 | ...e.l..eQ...N.|.~/e.c.0.....N.|.~ .D.L.L. ..eHe.0 |
| \STRING\3867\2052 | 2AFAA8 | 1D8 | 293AA8 | 0600E0651995EF8BD1531F75023015002857F95B2000250031002000DB8F4C88BF8BEE95F665D1531F75864E004E2A4E0D4E | ...e.....S.u.0..(W.[ .%.1. ...L......e.S.u.N.N*N.N |
| \STRING\3868\2052 | 2AFC80 | 114 | 293C80 | 0600E0651995EF8BD1531F75023015002857F95B2000250031002000DB8F4C88BF8BEE95F665D1531F75864E004E2A4E0D4E | ...e.....S.u.0..(W.[ .%.1. ...L......e.S.u.N.N*N.N |
| \STRING\3869\2052 | 2AFD94 | 24 | 293D94 | 0200618C207D000000000000000000000000000000000000000000000000000000000000 | ..a. }.............................. |
| \GROUP_CURSOR\1032\2052 | 2AFDB8 | 14 | 293DB8 | 0000020001002000400001000100340100000200 | ...... .@.....4..... |
| \GROUP_CURSOR\1033\2052 | 2AFDCC | 14 | 293DCC | 0000020001002000400001000100340100000100 | ...... .@.....4..... |
| \GROUP_CURSOR\30977\2052 | 2AFDE0 | 22 | 293DE0 | 00000200020020004000010001003401000003001000200001000100B40000000400 | ...... .@.....4....... ........... |
| \GROUP_ICON\DEFAULT_ICON\0 | 2AFE04 | 14 | 293E04 | 0000010001004040000001002000284200000300 | ......@@.... .(B.... |
| \GROUP_ICON\1151\2052 | 2AFE18 | 14 | 293E18 | 0000010001002020100001000400E80200000100 | ...... ............ |
| \GROUP_ICON\1152\2052 | 2AFE2C | 14 | 293E2C | 0000010001001010100001000400280100000200 | ..............(..... |
| \VERSION\1\2052 | 2AFE40 | 234 | 293E40 | 340234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000000000000 | 4.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\0 | 2B0074 | 1CD | 294074 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • 1.0.0.0 • Gdi32.dll • User32.dll • COMCTL32.DLL • CObject.INI • .HLP • KERNEL32.dll • WINSPOOL.DRV • ADVAPI32.dll • WS2_32.dll • DestroyWindowLCreateDialogIndirectParamA • comdlg32.dll • gshell32.dll • mpr.dll • advapi32.dll • Kernel32.dll • \shell\open\command.htm • .PAX |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 15EE | 482AC8 | .text | JMP [static] | Indirect jump to absolute memory address |
| 15F4 | 482ACC | .text | JMP [static] | Indirect jump to absolute memory address |
| 15FA | 482AD0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1600 | 482AB4 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1606 | 482AAC | .text | JMP [static] | Indirect jump to absolute memory address |
| 160C | 482AC0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 1612 | 482AB0 | .text | JMP [static] | Indirect jump to absolute memory address |
| 183B | 4813DC | .text | CALL [static] | Indirect call to absolute memory address |
| 19A2 | 4813AC | .text | CALL [static] | Indirect call to absolute memory address |
| 19B2 | 4813AC | .text | CALL [static] | Indirect call to absolute memory address |
| 1C5F | 4812C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1C74 | 4812C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 1D14 | 4812C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1D2E | 4812C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 1D90 | 4812C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 1E19 | 4812C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1E28 | 4812BC | .text | CALL [static] | Indirect call to absolute memory address |
| 276A | 481188 | .text | CALL [static] | Indirect call to absolute memory address |
| 2774 | 4812B8 | .text | CALL [static] | Indirect call to absolute memory address |
| 28FD | 481434 | .text | CALL [static] | Indirect call to absolute memory address |
| 2959 | 4810D4 | .text | CALL [static] | Indirect call to absolute memory address |
| 2CBA | 481448 | .text | CALL [static] | Indirect call to absolute memory address |
| 2D54 | 4813DC | .text | CALL [static] | Indirect call to absolute memory address |
| 2FC5 | 48141C | .text | CALL [static] | Indirect call to absolute memory address |
| 3032 | 4813E8 | .text | CALL [static] | Indirect call to absolute memory address |
| 3041 | 4813FC | .text | CALL [static] | Indirect call to absolute memory address |
| 30AA | 48141C | .text | CALL [static] | Indirect call to absolute memory address |
| 3116 | 4813E8 | .text | CALL [static] | Indirect call to absolute memory address |
| 3137 | 481450 | .text | CALL [static] | Indirect call to absolute memory address |
| 3196 | 4813C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 31D7 | 481110 | .text | CALL [static] | Indirect call to absolute memory address |
| 330C | 4813C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 39EF | 481400 | .text | CALL [static] | Indirect call to absolute memory address |
| 3A04 | 4813FC | .text | CALL [static] | Indirect call to absolute memory address |
| 3AC4 | 481418 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AF6 | 48141C | .text | CALL [static] | Indirect call to absolute memory address |
| 3B71 | 4813C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 3C5F | 4813CC | .text | CALL [static] | Indirect call to absolute memory address |
| 3C7F | 4813C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 3D50 | 4813CC | .text | CALL [static] | Indirect call to absolute memory address |
| 3E9C | 4813EC | .text | CALL [static] | Indirect call to absolute memory address |
| 4006 | 481418 | .text | CALL [static] | Indirect call to absolute memory address |
| 401E | 4813E8 | .text | CALL [static] | Indirect call to absolute memory address |
| 40D4 | 48145C | .text | CALL [static] | Indirect call to absolute memory address |
| 412F | 481458 | .text | CALL [static] | Indirect call to absolute memory address |
| 416F | 48141C | .text | CALL [static] | Indirect call to absolute memory address |
| 4343 | 481108 | .text | CALL [static] | Indirect call to absolute memory address |
| 4421 | 48144C | .text | CALL [static] | Indirect call to absolute memory address |
| 4468 | 48144C | .text | CALL [static] | Indirect call to absolute memory address |
| 44B5 | 48144C | .text | CALL [static] | Indirect call to absolute memory address |
| 4795 | 4810C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 47BB | 4810C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 4806 | 481460 | .text | CALL [static] | Indirect call to absolute memory address |
| 481E | 481458 | .text | CALL [static] | Indirect call to absolute memory address |
| 4849 | 481418 | .text | CALL [static] | Indirect call to absolute memory address |
| 48FD | 4810C4 | .text | CALL [static] | Indirect call to absolute memory address |
| 4923 | 4810C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 4BCD | 481454 | .text | CALL [static] | Indirect call to absolute memory address |
| 4C85 | 481418 | .text | CALL [static] | Indirect call to absolute memory address |
| 4D62 | 4813E8 | .text | CALL [static] | Indirect call to absolute memory address |
| 4D7E | 4810BC | .text | CALL [static] | Indirect call to absolute memory address |
| 4E42 | 4810C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 4F00 | 4810CC | .text | CALL [static] | Indirect call to absolute memory address |
| 4F5D | 4810FC | .text | CALL [static] | Indirect call to absolute memory address |
| 4F8C | 4810F8 | .text | CALL [static] | Indirect call to absolute memory address |
| 4FDF | 48110C | .text | CALL [static] | Indirect call to absolute memory address |
| 520E | 4813E8 | .text | CALL [static] | Indirect call to absolute memory address |
| 5229 | 48141C | .text | CALL [static] | Indirect call to absolute memory address |
| 5359 | 48146C | .text | CALL [static] | Indirect call to absolute memory address |
| 53C5 | 481464 | .text | CALL [static] | Indirect call to absolute memory address |
| 54A9 | 48146C | .text | CALL [static] | Indirect call to absolute memory address |
| 5515 | 481464 | .text | CALL [static] | Indirect call to absolute memory address |
| 55ED | 4813C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 599D | 4813D0 | .text | CALL [static] | Indirect call to absolute memory address |
| 5D8A | 481184 | .text | CALL [static] | Indirect call to absolute memory address |
| 5E3C | 4812B4 | .text | CALL [static] | Indirect call to absolute memory address |
| 5E4F | 481180 | .text | CALL [static] | Indirect call to absolute memory address |
| 65AD | 4813EC | .text | CALL [static] | Indirect call to absolute memory address |
| 65DC | 4813E8 | .text | CALL [static] | Indirect call to absolute memory address |
| 65F1 | 481450 | .text | CALL [static] | Indirect call to absolute memory address |
| 6601 | 4813B4 | .text | CALL [static] | Indirect call to absolute memory address |
| 660F | 4813EC | .text | CALL [static] | Indirect call to absolute memory address |
| 661F | 481608 | .text | CALL [static] | Indirect call to absolute memory address |
| 662A | 48160C | .text | CALL [static] | Indirect call to absolute memory address |
| 664B | 4813EC | .text | CALL [static] | Indirect call to absolute memory address |
| 6655 | 48160C | .text | CALL [static] | Indirect call to absolute memory address |
| 668A | 481008 | .text | CALL [static] | Indirect call to absolute memory address |
| 66AE | 481000 | .text | CALL [static] | Indirect call to absolute memory address |
| 66C1 | 4812B0 | .text | CALL [static] | Indirect call to absolute memory address |
| 66CC | 481004 | .text | CALL [static] | Indirect call to absolute memory address |
| 6778 | 481394 | .text | CALL [static] | Indirect call to absolute memory address |
| 680C | 4812A8 | .text | CALL [static] | Indirect call to absolute memory address |
| 6865 | 4812AC | .text | CALL [static] | Indirect call to absolute memory address |
| 68F6 | 481418 | .text | CALL [static] | Indirect call to absolute memory address |
| 697D | 4810C0 | .text | CALL [static] | Indirect call to absolute memory address |
| 6A0A | 481108 | .text | CALL [static] | Indirect call to absolute memory address |
| 6A7C | 4813E8 | .text | CALL [static] | Indirect call to absolute memory address |
| 6DD0 | 4810D0 | .text | CALL [static] | Indirect call to absolute memory address |
| 6DDE | 481428 | .text | CALL [static] | Indirect call to absolute memory address |
| 6E6F | 481600 | .text | CALL [static] | Indirect call to absolute memory address |
| 17F598 | N/A | .rdata | Injected Junk Code | HitsBL=95/200 - UniqueHits=16 - Ratio=0,48 |
| 187298 | N/A | .rdata | Injected Junk Code | HitsBL=97/200 - UniqueHits=15 - Ratio=0,49 |
| 198728 | N/A | .rdata | Injected Junk Code | HitsBL=101/200 - UniqueHits=15 - Ratio=0,51 |
| 1D0BF0 | N/A | .rdata | Injected Junk Code | HitsBL=95/200 - UniqueHits=17 - Ratio=0,48 |
| 1E3728 | N/A | .rdata | Injected Junk Code | HitsBL=95/200 - UniqueHits=15 - Ratio=0,48 |
| 1F40C8 | N/A | .rdata | Injected Junk Code | HitsBL=100/200 - UniqueHits=15 - Ratio=0,50 |
| 260598 | N/A | .rdata | Injected Junk Code | HitsBL=102/200 - UniqueHits=15 - Ratio=0,51 |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 1556821 | 57,5012% |
| Null Byte Code | 252436 | 9,3237% |
| NOP Cave Found | 0x9090909090 | Block Count: 1779 | Total: 0,1643% |
© 2026 All rights reserved.