PESCAN.IO — Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Executable header (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 2,45 MB
SHA-256 Hash: D95D62937822A3CE6AF4142636DF4492FD62CDFD94D8430828E08D15492A72F3
SHA-1 Hash: 26250B9372C3974D406EFB3CE91C03199AFAD122
MD5 Hash: 68103C45AF53FAA941747F2CFDD97506
Imphash: BAA93D47220682C04D92F7797D9224CE
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00277D2C
EntryPoint (rva): 61D000
SizeOfHeaders: 400
SizeOfImage: 61E000
ImageBase: 400000
Architecture: x86
ImportTable: D906D
Characteristics: 818E
TimeDateStamp: 2A425E19
Date: 19/06/1992 22:22:17
File Type: EXE
Number Of Sections: 6
ASLR: Disabled
Section Names: (0x20)(0x20)(0x20), .rsrc, .idata(0x20)(0x20), (0x20)(0x20)(0x20)(0x20)(0x20)(0x20)(0x20)(0x20), fwifjgnu, dwkgizsd
Number Of Executable Sections: 4
Subsystem: Windows GUI
[Incomplete Binary or Compressor Packer - 3,67 MB Missing]

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
(0x20)(0x20)(0x20)	E0000040 (Initialized Data, Executable, Readable, Writeable)	1000	58200	1000	BA000	7.9798	10485.86
.rsrc	C0000040 (Initialized Data, Readable, Writeable)	59200	DA00	BB000	1E000	7.8938	23994.03
.idata(0x20)(0x20)	C0000040 (Initialized Data, Readable, Writeable)	66C00	200	D9000	1000	1.3087	93002
(0x20)(0x20)(0x20)(0x20)(0x20)(0x20)(0x20)(0x20)	E0000040 (Initialized Data, Executable, Readable, Writeable)	66E00	200	DA000	338000	0.2554	123998
fwifjgnu	E0000040 (Initialized Data, Executable, Readable, Writeable)	67000	20AE00	412000	20B000	7.9167	397618.08
dwkgizsd	E0000040 (Initialized Data, Executable, Readable, Writeable)	271E00	200	61D000	1000	3.9811	38785

Description

OriginalFilename: CTPROJECT
CompanyName: Bouziyan
LegalCopyright: CTPROJECT
FileVersion: 1.2.2.0
FileDescription: CT TEAM
ProductVersion: 1.0.1.0
Language: Unknown (ID=0x415)
CodePage: Greek (Windows 1253) (0x4E2)

Entry Point

The section number (6) - (dwkgizsd) have the Entry Point
Information -> EntryPoint (calculated) - 271E00
Code -> 565053E801000000CC5889C3402D00B020002DBC04F70405B304F704803BCC7519C60300BB0010000068792F8B40683F0C7C
EP changed to another address -> (Address Of EntryPoint > Base Of Data)

Assembler

|PUSH ESI

|PUSH EAX

|PUSH EBX

|CALL 0X1009

|INT3

|POP EAX

|MOV EBX, EAX

|INC EAX

|SUB EAX, 0X20B000

|SUB EAX, 0X4F704BC

|ADD EAX, 0X4F704B3

|CMP BYTE PTR [EBX], 0XCC

|JNE 0X103A

|MOV BYTE PTR [EBX], 0

|MOV EBX, 0X1000

|PUSH 0X408B2F79

Signatures

Certificate - Digital Signature Not Found:
• The file is not signed

Packer/Compiler

Packer: Themida 2.x
Detect It Easy (die)
• PE: compiler: Borland Delphi(-)[-]
• PE: linker: Turbo Linker(2.25*,Delphi)[-]
• Entropy: 7.93334

File Access

comctl32.dll
kernel32.dll

File Access (UNICODE)

Temp

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Entry Point	Hex Pattern	Microsoft Visual C++ 8
Entry Point	Hex Pattern	Microsoft Visual C++ 8.0

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\CURSOR\1\0	BBCCC	134	59ECC	7FD0E223AFECB73E98FAA2DE7C2D50448891175568B59E89B8DDDDB26C5AE13F7C8861E48CABDE4D65D381E5A0144244FCD9	......>....\|-PD...Uh.......lZ.?\|.a....Me.....BD..
\CURSOR\2\0	BBE00	134	5A000	7F103577AEB5DC2A6F528E94A590AE8067B52A32E4EFA3A8DA2E85FC96D86ABA9BD4E55693441CCC56CE0A3171C86933048C	..5w...oR......g.2..........j....V.D..V..1q.i3..
\CURSOR\3\0	BBF34	134	5A134	6BB1E4049B292109476EED736015AB496A848E806413AC05F0E4238249442FBF7C49854D86B172B71A05323093DB1EF350BC	k....)!.Gn.s..Ij...d......ID/.\|I.M..r...20....P.
\CURSOR\4\0	BC068	134	5A268	1A9867261099CAB284B2C710DC536CF5B0A75188586B11ADCEFAA0B85B9AAB9BFA7B796EAD2033CF061295AD4F2D6BBD5423	..g&.........Sl...Q.Xk......[....{yn. 3.....O-k.T
\CURSOR\5\0	BC19C	134	5A39C	099C123905F6E733D08FCDE947FFAFC8D26A43A506393ABB41C5E733376C7B377C51E90F5756FBB154487A276B2B6D5A0A38	...9...3....G....jC..9:.A..37l{7\|Q..WV..THz'k+mZ.8
\CURSOR\6\0	BC2D0	134	5A4D0	0F4B8ACF844B7DCB7486714DFD2DD404ACC6EB5A2C7FCDD80ED342D9B2E623664F9E713BB003C90DBC256BF67F73F6DA1703	.K...K}.t.qM.-.....Z,.....B...fO.q;.....%k..s....
\CURSOR\7\0	BC404	134	5A604	A9830612367B879A7375EC64B881EF71FEA7884E91B372E878077E7394AD9452B8DA5FD8A5798991708DB40B2117356F4022	....6{..su.d...q...N..r.x.~s...R.._..y..p...!.5o@"
\BITMAP\BBABORT\0	BC538	1D0	5A738	03941ADC84A0228E82AE24554F3451B9F1C3FAEC84FD19EF98D75A4D64CFF2CECC3253B58C3661A594EA411E250891F37AC5	......"...$UO4Q...........ZMd....2S..6a...A.%...z.
\BITMAP\BBALL\0	BC708	1E4	5A908	43BC0C38BC5C75CF4B0DAC2032888E91A15E5CB1630E0B2915CD0D04B518D17172C79160CC1CA3778A5CD2950ABDCD811230	C..8.\u.K.. 2....\.c..).......qr.....w.\.......0
\BITMAP\BBCANCEL\0	BC8EC	1D0	5AAEC	4A769DCBA45055507F7E6531480CE7E7A69D56B29EDD823C52FED0F4E5D3E000BCF16B3784D42688549E4D7D264205283AE9	Jv...PUP.~e1H.....V....<R.........k7..&.T.M}&B.(:.
\BITMAP\BBCLOSE\0	BCABC	1D0	5ACBC	696C9ABE9AFB8D4774DEF97D34864A14895873B7CEFB928CFC49C63DAD58A4B38F12A1406BDA1926A066A71E76408FE27376	il.....Gt..}4.J..Xs......I.=.X.....@k..&.f..v@..sv
\BITMAP\BBHELP\0	BCC8C	1D0	5AE8C	E8E73BCE602F0D772641B09303750989D8E52B306FF59C1DAE40E19760F766AF3D1265BB7F6DB20C6A61C955FFC6A5B99800	..;./.w&A...u....+0o....@...f.=.e..m..ja.U......
\BITMAP\BBIGNORE\0	BCE5C	1D0	5B05C	52BF72B90369D973D629B13FF20FB66B139EACCBEE8C4AC00677D297629AFAAB52CD520EA5CDA5FA789286BC8C2424BACB4B	R.r..i.s.).?...k......J..w..b...R.R.....x....$$..K
\BITMAP\BBNO\0	BD02C	1D0	5B22C	F46065E7059AFE4AFF5614CE23C1D304158FAAA0F05A279AAE98AD4323EF0ECC239AD8BFB6293F4C9AD569CDBF4649C4BED5	.e....J.V..........Z'....C.......)?L..i..FI...
\BITMAP\BBOK\0	BD1FC	1D0	5B3FC	62E00627B596B73768B2CD1A4ECF8D3B71D149B0576B0E51D363868743C401071985D2BE22CE8E558258C9B3F1DF8424D8E7	b..'...7h...N..;q.I.Wk.Q.c..C......."..U.X.....$..
\BITMAP\BBRETRY\0	BD3CC	1D0	5B5CC	F742D961532B3CDE186FA0664D8E58FC56295805E74F6DBB8E071C1BBE043FC41840C7E7B332BA37A0300EE1C3688A81A23C	.B.aS+<..o.fM.X.V)X..Om.......?..@...2.7.0...h...<
\BITMAP\BBYES\0	BD59C	1D0	5B79C	F401DB7015151E4C35FF76607F572147901D153BC42275AA52F2E2E614225704514D31BDBC111933888E89B6E652FEB2F618	...p...L5.v.W!G...;."u.R...."W.QM1....3.....R....
\BITMAP\BOOKMARKICONS\1031	BD76C	450	5B96C	6C411053AB33799204F8523EE4D0D2CC767DA8C5A321B93B254A2B1B7FC62E837BD85471945FDDE2167E1DDCAB5AF62BAE4E	lA.S.3y...R>....v}...!.;%J+.....{.Tq._...~...Z.+.N
\BITMAP\PREVIEWGLYPH\1045	BDBBC	E8	5BDBC	7FAF3C65AB26F0143A44BD6B162B884EC92931530E3F90AA7A61B10ACBD6BAEB322A3326E10F0C6756D0B79D56E6E6271952	..<e.&..:D.k.+.N.)1S.?..za......2*3&...gV...V..'.R
\ICON\1\1045	60C124	10828	261124	28000000800000000001000001002000000000000000010025160000251600000000000000000000FFFFFF00FFFFFF00FFFF	(............. .........%...%.....................
\DIALOG\DLGTEMPLATE\0	CE4CC	52	6C6CC	6277ACC40097AA598A4C09C20074A7E1F8248B3FFF3CCF1B82418E14789965C0083FF2161CC1F475C5012DFE300CF4241D06E0A09C2469C3C880CCA9309377AE00E7AD63DA07EF1FD99544D8005CDFCC61B3	bw.....Y.L...t...$.?.<...A..x.e..?.....u..-.0..$.....$i.....0.w....c......D..\..a.
\STRING\4074\0	CE520	240	6C720	0F9700B859CE24D7A080C2C5510DA4202C2758CAC4DF040B6280C478C710C89354C3C859B96814D79863B44800519B5F04D5	....Y.$.....Q.. ,'X.....b..x....T..Y.h...c.H.Q._..
\STRING\4075\0	CE760	284	6C960	8246E26E235C2846174825C444D11480580DEFAA52A45C93D010E1CD152F984C1FA97907BA7F24FE76D4B837BCF5AB8568A3	.F.n\(F.H%.D...X...R.\....../.L..y...$.v..7....h.
\STRING\4076\0	CE9E4	340	6CBE4	8534B2DA61CD4FD1C0288AE3DB6C7C18D50BD45044CC07DFF9469AC680C3301619035E3ED2D3C483012842CE22F6E04BDC27	.4..a.O..(...l\|....PD....F....0...>.....(B."..K.'
\STRING\4077\0	CED24	510	6CF24	AC4782611D8878DF2C4203101DF25D901CEA411E57D594978A68693F8C0856B304C04BB7D10062D843540A0AA03E5C668C00	.G.a..x.,B....]...A.W....hi?..V...K...b.CT...>\f..
\STRING\4078\0	CF234	218	6D434	89A741CBF96C0CB37C9863200B17D5AEAD4954A844BC2C3E5C14000D9BBA553A4300CABE03EA21E2DA61A5CCBC8159B34B98	..A..l..\|.c .....IT.D.,>\.....U:C.....!..a....Y.K.
\STRING\4079\0	CF44C	1E0	6D64C	75063BD26998B8CF4842AB3243F3D8DD894CE1981B3084602C6A6B98474844D3A3640055DEACA2BF238E48A9A300FB6A43D1	u.;.i...HB.2C....L...0.,jk.GHD..d.U.....H....jC.
\STRING\4080\0	CF62C	210	6D82C	EC5618D7C2F20106523908ACA79CE4027ADEBD300D50E9B6410C0F350811A0342E7B41168A48A059400CC43719BFE0518806	.V......R9......z..0.P..A..5...4.{A..H.Y@..7...Q..
\STRING\4081\0	CF83C	1C8	6DA3C	065C4E277FC150406502A4C03E5255123A7444E85915C1AC800D00AE5F5C404B6C32A86128CC868C34707C1030EB4818B268	.\N'..P@e...>RU.:tD.Y......._\@Kl2.a(...4p\|.0.H..h
\STRING\4082\0	CFA04	E8	6DC04	F8C59334A0B049D348101A2F0EE79277239B9A8E8044C96B5937E824C35C0031324F3543FE12B8CB8B0388F8C23D883EA9DA	...4..I.H../...w....D.kY7.$.\.12O5C.........=.>..
\STRING\4083\0	CFAEC	41C	6DCEC	194B644E3091205C046C11D0306C30D76840934A78675028F9C4CCD1BCE2AC60F49D24AA75AC26B064553280918CE3BA1802	.KdN0. \.l..0l0.h@.JxgP(.........$.u.&.dU2.......
\STRING\4084\0	CFF08	E8	6E108	6A20C415003ADDCD61BACB40AA001E5AE893349A137C3CFA4BF8506C08E590B40C5472A75368E40158556B50ED0C9F3078DF	j ...:..a..@...Z..4..\|<.K.Pl.....Tr.Sh..XUkP...0x.
\STRING\4085\0	CFFF0	F8	6E1F0	C0865490C803026CD88DE35880EA709EF236695438E8E0BF56A808C60DDEF0025988F06C8C86D88E00587FF40FE4A438C50C	..T....l...X..p..6iT8...V.......Y..l.....X.....8..
\STRING\4086\0	D00E8	1A8	6E2E8	8E7F7EC1B0B406F10A9EEF780C012E84098001C85948365C28506843688B144C4EC0EE4072EB5B18E99C0A1689C778582A7B	..~........x........YH6\(PhCh..LN..@r.[.......xX*{
\STRING\4087\0	D0290	3EC	6E490	A092F7D80D3200DAEC570582F470872889C195A82ABED500DC7E3DF7DE4681F60CE869F37DDA4039B58DE47EE000BA56EB2A	.....2...W...p.(........~=..F....i.}.@9...~...V.
\STRING\4088\0	D067C	3AC	6E87C	C5B7A990D18717A69C2C58575993540AC4B79A86E205554EB9936988A5060429FD5F849CA5FB80EBB993902F3F4198040CC6	.........,XWY.T.......UN..i....)._........./?A....
\STRING\4089\0	D0A28	3A4	6EC28	982E2BEFE969E02231D1B8691EF11E8A587E0C65AF242C77386F7D8275059ED7C12DCD2CF53B5948B991B84E4573E91A4DDE	..+..i."1..i....X~.e.$,w8o}.u....-.,.;YH...NEs..M.
\STRING\4090\0	D0DCC	460	6EFCC	CB1F9BE716D8C702FFC298B864417FDCDDFF78D21D6F20837AE9EDE5004A4AC1E2024281C20F5690FC7B7DC1EAE0F1F8F465	............dA....x..o .z....JJ...B...V..{}......e
\STRING\4091\0	D122C	1B0	6F42C	2551CDC3DF62F00E916242030A8988B0052B0FA4F35769FB2220FC36A23A040EA94C2968EFB35409310F98D409D3903E900E	%Q...b...bB......+...Wi." .6.:...L)h..T.1......>..
\STRING\4092\0	D13DC	EC	6F5DC	080A75B38229E5D9D127A95CDB439B24C20E65C7D9D96053C390B5591F0389EB9A9000D9E42A3C669A162EA201AD1FF85DFB	..u..)...'.\.C.$..e...S...Y.........*<f........].
\STRING\4093\0	D14C8	1E4	6F6C8	06B2D2C68FD0D2C2F1E7807F28068950DB8802F6F7BBC9A43CC9331C252CCF1118E921B62C1FA598EA3363012A21D7483E96	............(..P........<.3.%,....!.,....3c.*!.H>.
\STRING\4094\0	D16AC	3F4	6F8AC	944829FA38961C6221D1ECD6CA48409B641FE2B989F34E150D033139333E0C86EE5ABF32BE3145712653244AA215FF695A8A	.H).8..b!....H@.d.....N...193>...Z.2.1Eq&S$J...iZ.
\STRING\4095\0	D1AA0	340	6FCA0	7664F8AC5DFF28ADD1A126F62A6ADCA5EED7D782CADB6068FC5F9A379AB94EEE224DC971C73BAC104CCB46912C09D95240D3	vd..].(...&.*j........h._.7..N."M.q.;..L.F.,..R@.
\STRING\4096\0	D1DE0	2D4	6FFE0	B21BDE464780E5C94E06C31526438424F1A560F98A033CA9C63E2C7FDA8CF486EC73F1A927E96E32D205D96E490624033680	...FG...N...&C.$.....<..>,......s..'.n2...nI.$.6.
\RCDATA\DVCLAL\0	D20B4	10	702B4	BD3B191EF9379C85F82580EC8AB33125	.;...7...%....1%
\RCDATA\PACKAGEINFO\0	D20C4	314	702C4	C6CE918CD72D9C4F336309EFB321C391C78B9E10D285D6F611F80926C6D12F3B4982085EB9508B3F9732B1F96AAF667C653F	.....-.O3c...!.............&../;I...P.?.2..j.f\|e?
\RCDATA\TFORM1\0	D23D8	663A	705D8	89C901C22B27F56B468D13851F9C61C8CE802E3874E69C2E6585B29148471709DB5F4993062C658A4C07D297A9075B9CD301	....+'.kF.....a....8t...e...HG..._I..,e.L.....[...
\RCDATA\TFRAME2\0	D8A14	40	76C14	21C62D9A145F323DDD9C7117660107A771168B0AA2208033F3536A019FFBE1BCAB0B0A21182D73CB49C6E8991A10BFE4F1142E295C04EFAE3578C42A2409AF90	!.-.._2=..q.f...q.... .3.Sj........!.-s.I..........)\...5x.*$...
\GROUP_CURSOR\32761\0	D8A54	14	76C54	E4A345604B67C16A8B935746482D183BE7289C51	..EKg.j..WFH-.;.(.Q
\GROUP_CURSOR\32762\0	D8A68	14	76C68	6951CF94C7CCC1F188CABF3BCB454FFDF6DA917F	iQ.........;.EO.....
\GROUP_CURSOR\32763\0	D8A7C	14	76C7C	E8F6E94EB71C219E9149F747CB0AC74080E85D4D	...N..!..I.G...@..]M
\GROUP_CURSOR\32764\0	D8A90	14	76C90	0A324E89BFDFE5802D631223FFC7101F8BEFA407	.2N.....-c.........
\GROUP_CURSOR\32765\0	D8AA4	14	76CA4	CAB7F91E31CBBD2502941B903C9C4A6BE4379D56	....1..%....<.Jk.7.V
\GROUP_CURSOR\32766\0	D8AB8	14	76CB8	946B5584A0E2EC92B4B27405333909F8E888A7CB	.kU.......t.39......
\GROUP_CURSOR\32767\0	D8ACC	14	76CCC	50B7BE0C534A30350FF414F0951A2555C027CF35	P...SJ05......%U.'.5
\GROUP_ICON\MAINICON\1045	61C94C	14	27194C	0000010001008080000001002000280801000100	............ .(.....
\VERSION\1\1045	61C960	2B0	271960	B00234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000200	..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............

Intelligent String

• lhi.aGg
• 1.2.2.0
• 1.0.1.0

Flow Anomalies

Offset	RVA	Section	Description
11840	61C960	(0x20)(0x20)(0x20)	JMP [static] \| Indirect jump to absolute memory address
16AC4	61C960	(0x20)(0x20)(0x20)	CALL [static] \| Indirect call to absolute memory address
243B0	334F32C1	(0x20)(0x20)(0x20)	CALL [static] \| Indirect call to absolute memory address
28F01	334F32C1	(0x20)(0x20)(0x20)	CALL [static] \| Indirect call to absolute memory address
2B5D1	1789567B	(0x20)(0x20)(0x20)	CALL [static] \| Indirect call to absolute memory address
2DE71	1789567B	(0x20)(0x20)(0x20)	CALL [static] \| Indirect call to absolute memory address
2EB0A	1789567B	(0x20)(0x20)(0x20)	CALL [static] \| Indirect call to absolute memory address
3BF34	1789567B	(0x20)(0x20)(0x20)	JMP [static] \| Indirect jump to absolute memory address
3C783	3528B6F5	(0x20)(0x20)(0x20)	JMP [static] \| Indirect jump to absolute memory address
4A44C	39DF8693	(0x20)(0x20)(0x20)	JMP [static] \| Indirect jump to absolute memory address
4EBB4	39DF8693	(0x20)(0x20)(0x20)	JMP [static] \| Indirect jump to absolute memory address
50BBE	39DF8693	(0x20)(0x20)(0x20)	JMP [static] \| Indirect jump to absolute memory address
5E66D	39DF8693	.rsrc	CALL [static] \| Indirect call to absolute memory address
5E99C	39DF8693	.rsrc	CALL [static] \| Indirect call to absolute memory address
781FD	4509EF39	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
790D9	4509EF39	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
84A1B	4509EF39	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
85FCC	124C57E8	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
89312	27092ADC	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
8B436	27092ADC	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
8E37A	4750E07D	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
9213F	1CFC0498	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
92B36	1CFC0498	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
94947	1CFC0498	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
965E3	1CFC0498	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
986B2	1CFC0498	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
988A7	1CFC0498	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
9D598	1CFC0498	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
A30D6	78D1D1A3	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
A8275	78D1D1A3	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
AD016	BBE01B9	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
AE2DD	49A5FC1B	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
AFB9F	49A5FC1B	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
B1499	147FA52E	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
B2068	38E5D5F3	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
BC45F	38E5D5F3	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
D4002	5F28B259	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
E851C	5F28B259	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
EBE24	5F28B259	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
EE399	5F28B259	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
F7692	5F28B259	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
F8FEE	8B1B0AC	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
FBA0E	8B1B0AC	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
11A471	4AD96018	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
12620F	4AD96018	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1289A4	4AD96018	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
12A54C	4AD96018	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
14137B	4AD96018	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
14572C	3FF9CE6D	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
15C1C2	5EA1F339	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
15EFDA	35BCE7B9	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
16A410	2B0CF5C	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
16BAA7	43502DF9	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
16DA3A	43502DF9	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
171904	43502DF9	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1745AB	125298D1	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
17BBDF	125298D1	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
1911DC	125298D1	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1919B0	125298D1	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1939AC	125298D1	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
199514	5279E574	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1B317F	5279E574	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
1C11C3	5279E574	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1CC8CB	5279E574	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1D6988	5279E574	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
1DBD9F	7B8DD222	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1DC708	4210E363	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
1E0783	3F7D2529	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
1EAA4F	3F7D2529	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1ED3A8	3F7D2529	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1F1F8B	19D4103F	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
1FC892	1EF98E52	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
1FDDF3	569E5889	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
200606	569E5889	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
2041EE	1BFD0933	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
20B9B6	398A4C	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
20BD60	398A4C	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
2104FE	6CDFAEAA	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
218E5F	6CDFAEAA	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
219181	46D567EF	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
21B9ED	66D5097D	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
21C338	477F37FC	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
21FDB2	477F37FC	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
2265AD	477F37FC	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
228F48	477F37FC	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
23EF74	1E2ED304	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
244EDD	1E2ED304	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
24B538	1E2ED304	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
2538DE	5E470777	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
25A837	5E470777	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
264C6F	12CE1C23	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
264E4F	26FF091F	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
2653FB	1BFF1829	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
2659D3	1EFF1724	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
265BCB	8FF0C10	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
265DBB	6FF0A17	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
265E1F	16FF0C16	fwifjgnu	CALL [static] \| Indirect call to absolute memory address
266597	2FFF162D	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
267413	61FF2E27	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
267607	1EFF2724	fwifjgnu	JMP [static] \| Indirect jump to absolute memory address
235F0E-235F21	N/A	fwifjgnu	Potential obfuscated jump sequence detected, count: 10
1000-591FF	1000	(0x20)(0x20)(0x20)	Executable section anomaly, first bytes: 18B60B128B518673
66E00-66FFF	DA000	(0x20)(0x20)(0x20)(0x20)(0x20)(0x20)(0x20)(0x20)	Executable section anomaly, first bytes: 721A9A8508CB0400
67000-271DFF	412000	fwifjgnu	Executable section anomaly, first bytes: D8B40986B8DCB0FD
271E00-271FFF	61D000	dwkgizsd	Executable section anomaly, first bytes: 565053E801000000

Extra Analysis

Metric	Value	Percentage
Ascii Code	1730657	67,4958%
Null Byte Code	49805	1,9424%

PESCAN.IO - Analysis Report Basic