PESCAN.IO - Analysis Report Basic

File Structure
Analysis Image
PE Chart Code
Executable header (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
Information
Icon: Icon
Size: 672,00 KB
SHA-256 Hash: C3C92C195C2D392AA81DC84BCA2C5E1999AADE021E059CB9A61871404886DF3B
SHA-1 Hash: 37231F190B108641781EE4DEC5781614B50DFD6B
MD5 Hash: 5F83C38D6342098374FA3EAB02EE0D27
Imphash: 1C324D1A4E7E6C999D3D207DD1AA7D22
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 15BC
SizeOfHeaders: 1000
SizeOfImage: A9000
ImageBase: 400000
Architecture: x86
ImportTable: 6E78
Characteristics: 10F
TimeDateStamp: 43C44A47
Date: 10/01/2006 23:59:03
File Type: EXE
Number Of Sections: 4
ASLR: Disabled
Section Names: .text, .rdata, .data, .rsrc
Number Of Executable Sections: 1
Subsystem: Windows GUI
Sections Info
Section Name Flags ROffset RSize VOffset VSize
.text 60000020 (Executable) 1000 5000 1000 4158
.rdata 40000040 6000 2000 6000 1424
.data C0000040 (Writeable) 8000 1000 8000 1858
.rsrc 40000040 9000 9F000 A000 9E6D0
Entry Point
The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 15BC
Code -> 6A6068D8614000E880030000BF940000008BC7E87C1000008965E88BF4893E56FF15486040008B4E10890DE49240008B4604
PUSH 0X60
PUSH 0X4061D8
CALL 0X138C
MOV EDI, 0X94
MOV EAX, EDI
CALL 0X2094
MOV DWORD PTR [EBP - 0X18], ESP
MOV ESI, ESP
MOV DWORD PTR [ESI], EDI
PUSH ESI
CALL DWORD PTR [0X406048]
MOV ECX, DWORD PTR [ESI + 0X10]
MOV DWORD PTR [0X4092E4], ECX
MOV EAX, DWORD PTR [ESI + 4]
Signatures
Rich Signature Analyzer:
Code -> 07A76E7A43C6002943C6002943C6002946CA5F2965C6002946CA0F2948C60029B9E5192941C6002950CE5D2940C60029C0CE5D2947C6002943C601297EC6002946CA602947C60029AFCD5E2942C6002946CA5A2942C600295269636843C60029
Footprint md5 Hash -> F3CAFA5EF007959599C7FB20BFA394E0
• The Rich header apparently has not been modified
Certificate - Digital Signature Not Found:
• The file is not signed
Packer/Compiler
Compiler: Microsoft Visual Studio
Compiler: Microsoft Visual C ++
Compiler: Microsoft Visual C ++ 6-8
Detect It Easy (die)
PE: compiler: EP:Microsoft Visual C/C++(2003 v.7.1 (3052-9782))[EXE32]
PE: compiler: Microsoft Visual C/C++(2003)[libc]
PE: linker: Microsoft Linker(7.10)[-]
Entropy: 7.03014
Suspicious Functions
Library Function Description
KERNEL32.DLL GetModuleFileNameA Retrieve the fully qualified path for the executable file of a specified module.
KERNEL32.DLL VirtualAlloc Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL GetModuleHandleA Retrieves a handle to the specified module.
KERNEL32.DLL WriteFile Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL LoadLibraryA Loads the specified module into the address space of the calling process.
KERNEL32.DLL GetProcAddress Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
SHELL32.DLL ShellExecuteExA Performs a run operation on a specific file.
Windows REG
Software\Konami\Winx Club
File Access
WinxClub.exe
Disk1\setup.exe
KERNEL32.dll
SHELL32.dll
ADVAPI32.dll
USER32.dll
mscoree.dll
Interest's Words
exec
start
systeminfo
Strings/Hex Code Found With The File Rules
Rule Type Encoding Matched (Word)
Text Ascii Registry (RegOpenKeyEx)
Text Ascii File (WriteFile)
Text Ascii Anti-Analysis VM (GetSystemInfo)
Text Ascii Anti-Analysis VM (GetVersion)
Text Ascii Stealth (VirtualAlloc)
Text Ascii Stealth (VirtualProtect)
Text Ascii Execution (ShellExecute)
Entry Point Hex Pattern Armadillo v2.xx (CopyMem II)
Entry Point Hex Pattern Microsoft Visual C++ 7.0
Entry Point Hex Pattern Microsoft Visual C++ v7.0
Entry Point Hex Pattern PE-Exe Executable Image
Resources
Path DataRVA Size FileOffset CodeText
\BITMAP\101\4105 A240 9C428 9240 280000001502000090010000010018000000000000C4090000000000000000000000000000000000A86CE6A86CE7A86CE6A9(........................................l..l..l..
\ICON\1\4105 A6818 8A8 A5818 2800000020000000400000000100080000000000000400000000000000000000000100000001000000000000FFFFFF00F8F8(... ...@.........................................
\ICON\2\4105 A70C0 EA8 A60C0 2800000030000000600000000100080000000000000000000000000000000000000000000000000000000000E3E3E300D7D7(...0............................................
\ICON\3\4105 A7F68 568 A6F68 2800000010000000200000000100080000000000000000000000000000000000000000000000000000000000FFFFFF006633(....... .......................................f3
\DIALOG\102\4105 A6668 104 A5668 0100FFFF00000000880100004808C88004000000000063010E010000000020002000570069006E007800200043006C007500............H.........c....... . .W.i.n.x. .C.l.u.
\DIALOG\104\4105 A6770 A4 A5770 0100FFFF0000000000000000C908C0800200000000008800290000000000530065006C0065006300740020006C0061006E00........................).....S.e.l.e.c.t. .l.a.n.
\STRING\7\4105 A8500 C2 A7500 00000000000000000000000000000B0020002000570069006E007800200043006C0075006200070050006C00610079002E00................ . .W.i.n.x. .C.l.u.b...P.l.a.y...
\STRING\8\4105 A85C8 102 A75C8 0A0053007000690065006C0065006E002E002E002E000F0049006E007300740061006C006C0069006500720065006E002E00..S.p.i.e.l.e.n.........I.n.s.t.a.l.l.i.e.r.e.n...
\GROUP_ICON\107\4105 A84D0 30 A74D0 0000010003002020000001000800A808000001003030000001000800A80E000002001010000001000800680500000300...... ............00....................h.....
Intelligent String
• WinxClub.exe
• C:\alienbrainWork\Winx PS2\CODE\Tools\Launcher\WinxClubLauncher\Release\WinxClubLauncher.pdb
Flow Anomalies
Offset RVA Section Description
1030 4060E4 .text CALL [static] | Indirect call to absolute memory address
10F8 4060F4 .text CALL [static] | Indirect call to absolute memory address
110C 4060F8 .text CALL [static] | Indirect call to absolute memory address
11B8 4060E0 .text CALL [static] | Indirect call to absolute memory address
1205 N/A .text CALL DWORD PTR [EAX-1h] | Displacement form
1207 4060E4 .text CALL [static] | Indirect call to absolute memory address
124E 4060E4 .text CALL [static] | Indirect call to absolute memory address
1267 4060E8 .text CALL [static] | Indirect call to absolute memory address
1361 4060E0 .text CALL [static] | Indirect call to absolute memory address
13B7 406008 .text CALL [static] | Indirect call to absolute memory address
14C6 406004 .text CALL [static] | Indirect call to absolute memory address
153C 4060D4 .text CALL [static] | Indirect call to absolute memory address
1582 406038 .text CALL [static] | Indirect call to absolute memory address
15B3 408034 .text CALL [static] | Indirect call to absolute memory address
15DC 406048 .text CALL [static] | Indirect call to absolute memory address
16C8 406044 .text CALL [static] | Indirect call to absolute memory address
171C 406040 .text CALL [static] | Indirect call to absolute memory address
17B3 40605C .text CALL [static] | Indirect call to absolute memory address
17BF 406058 .text CALL [static] | Indirect call to absolute memory address
17C7 406054 .text CALL [static] | Indirect call to absolute memory address
17CF 406050 .text CALL [static] | Indirect call to absolute memory address
17DB 40604C .text CALL [static] | Indirect call to absolute memory address
187C N/A .text CALL DWORD PTR [EAX+51h] | Displacement form
187F 406060 .text CALL [static] | Indirect call to absolute memory address
1893 N/A .text CALL DWORD PTR [EAX-18h] | Displacement form
1924 N/A .text CALL DWORD PTR [ESI-18h] | Displacement form
1A6A N/A .text CALL DWORD PTR [EBX-18h] | Displacement form
1AA2 40603C .text CALL [static] | Indirect call to absolute memory address
1AB2 406064 .text CALL [static] | Indirect call to absolute memory address
1AC6 406038 .text CALL [static] | Indirect call to absolute memory address
1B4A 40606C .text CALL [static] | Indirect call to absolute memory address
1B51 406068 .text CALL [static] | Indirect call to absolute memory address
1CB9 406060 .text CALL [static] | Indirect call to absolute memory address
1D86 406074 .text CALL [static] | Indirect call to absolute memory address
1D8D 406070 .text CALL [static] | Indirect call to absolute memory address
1F4F 406078 .text CALL [static] | Indirect call to absolute memory address
2213 406060 .text CALL [static] | Indirect call to absolute memory address
22BB 406088 .text CALL [static] | Indirect call to absolute memory address
234C 406080 .text CALL [static] | Indirect call to absolute memory address
2362 40607C .text CALL [static] | Indirect call to absolute memory address
239E 406030 .text CALL [static] | Indirect call to absolute memory address
2404 406040 .text CALL [static] | Indirect call to absolute memory address
24AB 406094 .text CALL [static] | Indirect call to absolute memory address
2504 406074 .text CALL [static] | Indirect call to absolute memory address
2512 406094 .text CALL [static] | Indirect call to absolute memory address
2549 406090 .text CALL [static] | Indirect call to absolute memory address
260B 40609C .text CALL [static] | Indirect call to absolute memory address
263E 406098 .text CALL [static] | Indirect call to absolute memory address
26A5 4060A8 .text CALL [static] | Indirect call to absolute memory address
2729 40944C .text CALL [static] | Indirect call to absolute memory address
277B 40943C .text CALL [static] | Indirect call to absolute memory address
2BED 4060B4 .text CALL [static] | Indirect call to absolute memory address
2C6B 4060B0 .text CALL [static] | Indirect call to absolute memory address
2CD0 4060B0 .text CALL [static] | Indirect call to absolute memory address
2ED7 4060C0 .text CALL [static] | Indirect call to absolute memory address
2F58 N/A .text CALL DWORD PTR [EAX+6Ah] | Displacement form
2F9B N/A .rsrc CALL DWORD PTR [EAX+68h] | Displacement form
3072 4060BC .text CALL [static] | Indirect call to absolute memory address
3089 4060B8 .text CALL [static] | Indirect call to absolute memory address
30DA 4060C0 .text CALL [static] | Indirect call to absolute memory address
327B 4060A4 .text CALL [static] | Indirect call to absolute memory address
32C1 4060C4 .text CALL [static] | Indirect call to absolute memory address
365A 4060C4 .text CALL [static] | Indirect call to absolute memory address
3974 4060A4 .text CALL [static] | Indirect call to absolute memory address
39FF 4060CC .text CALL [static] | Indirect call to absolute memory address
3A38 4060C4 .text CALL [static] | Indirect call to absolute memory address
3A56 4060C8 .text CALL [static] | Indirect call to absolute memory address
3A6D 4060A4 .text CALL [static] | Indirect call to absolute memory address
3AE1 4060C8 .text CALL [static] | Indirect call to absolute memory address
3CBF N/A .text JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
4026 N/A .text JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
422C 4060C4 .text CALL [static] | Indirect call to absolute memory address
426D 4060CC .text CALL [static] | Indirect call to absolute memory address
42AD 4060CC .text CALL [static] | Indirect call to absolute memory address
4302 406034 .text CALL [static] | Indirect call to absolute memory address
4331 406028 .text CALL [static] | Indirect call to absolute memory address
4343 406088 .text CALL [static] | Indirect call to absolute memory address
43CA 406018 .text CALL [static] | Indirect call to absolute memory address
444B 406018 .text CALL [static] | Indirect call to absolute memory address
4465 406028 .text CALL [static] | Indirect call to absolute memory address
44A0 406028 .text CALL [static] | Indirect call to absolute memory address
4514 406028 .text CALL [static] | Indirect call to absolute memory address
4537 406084 .text CALL [static] | Indirect call to absolute memory address
45CD 40601C .text CALL [static] | Indirect call to absolute memory address
464E 40601C .text CALL [static] | Indirect call to absolute memory address
46A5 40601C .text CALL [static] | Indirect call to absolute memory address
46EA 40602C .text CALL [static] | Indirect call to absolute memory address
46FC 406088 .text CALL [static] | Indirect call to absolute memory address
475E 406018 .text CALL [static] | Indirect call to absolute memory address
47DC 406018 .text CALL [static] | Indirect call to absolute memory address
47EE 40602C .text CALL [static] | Indirect call to absolute memory address
4862 406010 .text CALL [static] | Indirect call to absolute memory address
4C60 406014 .text CALL [static] | Indirect call to absolute memory address
4D19 406018 .text CALL [static] | Indirect call to absolute memory address
4D9B 406018 .text CALL [static] | Indirect call to absolute memory address
4DBC 406084 .text CALL [static] | Indirect call to absolute memory address
4DDD 406084 .text CALL [static] | Indirect call to absolute memory address
4E04 406084 .text CALL [static] | Indirect call to absolute memory address
4E66 4060B4 .text CALL [static] | Indirect call to absolute memory address
4E77 406024 .text CALL [static] | Indirect call to absolute memory address
4EBD 4060B4 .text CALL [static] | Indirect call to absolute memory address
4EFB 4060C8 .text CALL [static] | Indirect call to absolute memory address
4F21 406020 .text CALL [static] | Indirect call to absolute memory address
4F76 4060C4 .text CALL [static] | Indirect call to absolute memory address
5152 4060AC .text JMP [static] | Indirect jump to absolute memory address
6D93 N/A .text CALL DWORD PTR [EBP+4Dh] | Displacement form
26982 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
26FC2 361AFFDF .text JMP [static] | Indirect jump to absolute memory address
29B82 N/A .text JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
2C781 N/A .text CALL DWORD PTR [EAX-27h] | Displacement form
3D546 N/A .text CALL DWORD PTR [EDI-7Ah] | Displacement form
432EE N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
48446 N/A .text CALL DWORD PTR [EBP-78h] | Displacement form
4AFFD N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
4BC7A N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
4C8F4 N/A .text CALL DWORD PTR [ESI-75h] | Displacement form
4CC9D N/A .text CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
4F20E N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
4FEAC N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
506CC N/A .text CALL DWORD PTR [EDX+6Eh] | Displacement form
56B71 N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
571B4 N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
5B055 N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
5B698 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
5BC7B N/A .text CALL DWORD PTR [EAX+EAX*4-39h] | ModRM/SIB parsed
5BCDB N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
5D007 N/A .text CALL DWORD PTR [ECX-76h] | ModRM/SIB parsed
620A2 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
620A5 4528DD70 .text JMP [static] | Indirect jump to absolute memory address
626E8 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
62D2B N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
639AB N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
63C03 N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
65696 N/A .text JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
670E0 N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
67732 N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
67873 N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
689E9 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
69026 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
6964B N/A .text CALL DWORD PTR [EAX-3Bh] | Displacement form
69663 1C24F699 .text JMP [static] | Indirect jump to absolute memory address
6A2DD N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
6A457 6222FBAD .text JMP [static] | Indirect jump to absolute memory address
6A90E N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
6A959 N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
6AA79 N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
6AACD N/A .text CALL DWORD PTR [EBX] | Indirect call via pointer at address in EBX
6AE64 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
6AF3C N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
6AF9C N/A .text JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
6B296 N/A .text CALL DWORD PTR [ECX+67h] | Displacement form
6B579 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
6BBB6 N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
6BCCA N/A .text CALL DWORD PTR [EDI] | Indirect call via pointer at address in EDI
6C1ED N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
6C1F6 N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
6C35E N/A .text CALL DWORD PTR [EAX-7Eh] | Displacement form
6C3CD N/A .text CALL DWORD PTR [ECX] | Indirect call via pointer at address in ECX
6C550 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
6C758 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
6CE73 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
6D4B3 1F23AE3F .text JMP [static] | Indirect jump to absolute memory address
6D68A N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
6DCC7 N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
6E052 N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
6E133 1F22AE42 .text JMP [static] | Indirect jump to absolute memory address
6E304 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
6E68F N/A .text CALL DWORD PTR [EBX-38h] | Displacement form
6E81B 6627E81D .text JMP [static] | Indirect jump to absolute memory address
6EE5B N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
6EF7E N/A .text JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
6F37E N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
6FA36 N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
70644 705EB67C .text JMP [static] | Indirect jump to absolute memory address
70CF9 N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
712BB N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
7197C N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
719BE N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
71A1B N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
72B52 N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
72C6C N/A .text CALL DWORD PTR [EDX] | Indirect call via pointer at address in EDX
73315 N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
738CB N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
73F26 5D26EB31 .text JMP [static] | Indirect jump to absolute memory address
745CC N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
74BF1 3024ED46 .text JMP [static] | Indirect jump to absolute memory address
74C09 1C24F9AD .text JMP [static] | Indirect jump to absolute memory address
750F0 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
7522E N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
75246 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
7571B N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
75763 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
75787 N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
75D5E 7160A366 .text JMP [static] | Indirect jump to absolute memory address
763A1 N/A .rdata JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
76401 N/A .text CALL DWORD PTR [ESI-32h] | Displacement form
769E4 N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
76B22 N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
7712F N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
7715F N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
7766A N/A .text JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
7779C N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
77CAD N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
77DD9 N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
782F0 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
78335 N/A .text CALL DWORD PTR [ESI-34h] | Displacement form
78933 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
78F76 N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
79093 N/A .text JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
796D3 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
7AB0D N/A .text CALL DWORD PTR [EDX+6Ch] | Displacement form
7BCF8 N/A .text JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
7C89A N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
7D084 N/A .text CALL DWORD PTR [EBX-2Eh] | Displacement form
7DC6B N/A .text CALL DWORD PTR [ESI-77h] | Displacement form
7FBA8 N/A .text CALL DWORD PTR [EBX-7Ah] | Displacement form
8222D N/A .text CALL DWORD PTR [EDX+40h] | Displacement form
826D2 N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
83FD8 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
83FDB N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
8421E N/A .text CALL DWORD PTR [EAX+1Eh] | Displacement form
84660 3F25D23F .text JMP [static] | Indirect jump to absolute memory address
84C8B N/A .text CALL DWORD PTR [EBP-7Ah] | Displacement form
84E1A N/A .text CALL DWORD PTR [EBX+24h] | Displacement form
854DE N/A .text CALL DWORD PTR [EDI+3Fh] | Displacement form
85F39 N/A .text CALL DWORD PTR [EBP+78h] | Displacement form
86DDE N/A .text CALL DWORD PTR [ECX+30h] | Displacement form
87776 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
877AC N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
87E85 N/A .data JMP DWORD PTR [EDX] | Indirect jump via pointer at address in EDX
88092 N/A .text CALL DWORD PTR [EDX+1Bh] | Displacement form
88CB2 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
89076 N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
89D32 7A42FED3 .text JMP [static] | Indirect jump to absolute memory address
89F42 3427 .text CALL [static] | Indirect call to absolute memory address
89F78 N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
8B6FB N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
8BD3B N/A .text JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
8C33F N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
8CFE9 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
8CFFB N/A .data CALL DWORD PTR [EBP+68h] | Displacement form
8DC3C N/A .text JMP DWORD PTR [EDI] | Indirect jump via pointer at address in EDI
8E2B8 N/A .text CALL DWORD PTR [ECX-75h] | Displacement form
8F572 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
8F57E N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
8F59C 7A47FFE9 .text JMP [static] | Indirect jump to absolute memory address
90E7B N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
914B8 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
91AF2 N/A .text JMP DWORD PTR [ECX] | Indirect jump via pointer at address in ECX
933FE N/A .text CALL DWORD PTR [ESI] | Indirect call via pointer at address in ESI
9469A N/A .text JMP DWORD PTR [EAX] | Indirect jump via pointer at address in EAX
94CE0 N/A .text JMP DWORD PTR [ESI] | Indirect jump via pointer at address in ESI
95323 N/A .text JMP DWORD PTR [EBX] | Indirect jump via pointer at address in EBX
Extra Analysis
Metric Value Percentage
Ascii Code 485695 70,5821%
Null Byte Code 29350 4,2652%
© 2025 All rights reserved.