PREMIUM PESCAN.IO - Analysis Report |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 332,02 KBSHA-256 Hash: 6450BE29AA887D5E3AA882DF387D5896BEC18B85B6B1338B1B9D82A1A51D5303 SHA-1 Hash: 8088EEDAC6CB4A39BFA94434681D1D213AD18BB3 MD5 Hash: 7069BC524E5373E3D85315843BE27928 Imphash: AAECCFA66533BBE60DDA5926290380BB MajorOSVersion: 5 MinorOSVersion: 2 CheckSum: 00058763 EntryPoint (rva): 30BA5 SizeOfHeaders: 400 SizeOfImage: 57000 ImageBase: 400000 Architecture: x86 ExportTable: 3AB50 ImportTable: 39518 IAT: 1000 Characteristics: 210E TimeDateStamp: 691CA7BD Date: 18/11/2025 17:07:09 File Type: DLL Number Of Sections: 4 ASLR: Disabled Section Names: .text, .data, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 39E00 | 1000 | 39C0B |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
3A200 | 4E00 | 3B000 | 6FE0 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
3F000 | DE00 | 42000 | DD01 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
4CE00 | 6200 | 50000 | 6142 |
|
|
| Description |
| OriginalFilename: adsiedit.dll CompanyName: Microsoft Corporation LegalCopyright: Microsoft Corporation. All rights reserved. ProductName: Microsoft Windows Operating System FileVersion: 10.0.19041.1 (WinBuild.160101.0800) FileDescription: ADSI Edit ProductVersion: 10.0.19041.1 Language: English (United States) (ID=0x409) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 2FFA5 Code -> 558BEC538B5D08568B750C85F6578B7D107509833D601F440000EB2683FE01740583FE027522A158FA430085C07409575653 Assembler |PUSH EBP |MOV EBP, ESP |PUSH EBX |MOV EBX, DWORD PTR [EBP + 8] |PUSH ESI |MOV ESI, DWORD PTR [EBP + 0XC] |TEST ESI, ESI |PUSH EDI |MOV EDI, DWORD PTR [EBP + 0X10] |JNE 0X101C |CMP DWORD PTR [0X441F60], 0 |JMP 0X1042 |CMP ESI, 1 |JE 0X1026 |CMP ESI, 2 |JNE 0X1048 |MOV EAX, DWORD PTR [0X43FA58] |TEST EAX, EAX |JE 0X1038 |PUSH EDI |PUSH ESI |PUSH EBX |
| Signatures |
| CheckSum Integrity Problem: • Header: 362339 • Calculated: 375332 Rich Signature Analyzer: Code -> 6A09C0492E68AE1A2E68AE1A2E68AE1AC677AA1A2C68AE1AAD60A11A2868AE1A2C49AA1A2C68AE1A4E60E31A2C68AE1AAD60F31A3768AE1A2E68AF1AC469AE1AA060F11A3F68AE1AAD60F21A2F68AE1AA060CE1A3568AE1AAD60F01A2F68AE1AAD60F41A2F68AE1A526963682E68AE1A Footprint md5 Hash -> D5FE54523C91D63CB782A2B5F868403E • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Compiler: Microsoft Visual C ++ 6-8 Compiler: Microsoft Visual C ++ 6 DLL Compiler: Microsoft Visual C ++ 7 DLL Detect It Easy (die) • PE: compiler: EP:Microsoft Visual C/C++(2002 (2148))[DLL32] • PE: compiler: Microsoft Visual C/C++(6.0)[-] • PE: linker: Microsoft Linker(7.10*)[-] • Entropy: 6.05408 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| ADVAPI32.DLL | CryptDecrypt | Performs a cryptographic operation on data in a data block. |
| ET Functions (carving) |
| Original Name -> ADSIEDIT.DLL ServiceMain DllCanUnloadNow DllGetClassObject DllRegisterServer DllUnregisterServer |
| Windows REG (UNICODE) |
| SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Components\5A18D5BFC37FA0A4E99D24135BABE742 Software\Microsoft\Windows\CurrentVersion\AdminDebug Software\Microsoft\MMC\NodeTypes Software\Microsoft\MMC\SnapIns |
| File Access |
| ADSIEDIT.DLL CRYPT32.dll dsuiext.dll IMM32.dll ACTIVEDS.dll GDI32.dll ADVAPI32.dll ole32.dll OLEAUT32.dll USER32.dll ATL.DLL MSVCP60.dll msvcrt.dll MFC42u.DLL KERNEL32.dll Comctl32.dll Unicows.dll .dat Temp |
| File Access (UNICODE) |
| adsiedit.dll Ccomctl32.dll EBCreateSecurityPageaclui.dll DSCreateISecurityInfoObjectdssec.dll activeds.dll Comctl32.dll Kernel32.dll %s\grind066.dat Temp |
| Interest's Words |
| Decrypt attrib |
| Interest's Words (UNICODE) |
| PassWord attrib hostname |
| IP Addresses |
| 2.5.5.17 2.5.5.16 2.5.5.15 2.5.5.14 2.5.5.13 2.5.5.12 2.5.5.11 2.5.5.10 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Unicode | WinAPI Sockets (connect) |
| Text | Ascii | Registry (RegCreateKeyEx) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (WriteFile) |
| Text | Unicode | Encryption (Microsoft Enhanced RSA and AES Cryptographic Provider) |
| Text | Ascii | Encryption API (CryptAcquireContext) |
| Text | Ascii | Encryption API (CryptDecrypt) |
| Text | Ascii | Encryption API (CryptReleaseContext) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (IsBadReadPtr) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (CreateEventW) |
| Text | Ascii | Information used for user authentication (Credential) |
| Text | Unicode | Information used for user authentication (Credential) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 6.0 - 8.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 6.0 - 8.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 7.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ v6.0 DLL |
| Entry Point | Hex Pattern | Microsoft Visual C++ v7.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ v7.0 |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \BITMAP\102\1033 | 42A90 | 16E8 | 3FA90 | 28000000D0020000100000000100040000000000801600000000000000000000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\104\1033 | 44178 | 5A68 | 41178 | 28000000A0050000200000000100040000000000005A00000000000000000000000000000000000000000000000080000080 | (....... ............Z............................ |
| \BITMAP\129\1033 | 49BE0 | E8 | 46BE0 | 2800000010000000100000000100040000000000800000000000000000000000000000000000000000000000000080000080 | (................................................. |
| \BITMAP\130\1033 | 49CC8 | 268 | 46CC8 | 2800000020000000200000000100040000000000000200000000000000000000000000000000000000000000000080000080 | (... ... ......................................... |
| \ICON\1\1033 | 49F30 | 128 | 46F30 | 2800000010000000200000000100040000000000C00000000000000000000000100000000000000000000000000080000080 | (....... ......................................... |
| \ICON\2\1033 | 4A058 | 2E8 | 47058 | 2800000020000000400000000100040000000000800200000000000000000000000000000000000000000000000080000080 | (... ...@......................................... |
| \MENU\52001\1033 | 4A340 | 28 | 47340 | 00000000900031000000800020CB570068006100740027007300200054006800690073003F000000 | ......1..... .W.h.a.t.'.s. .T.h.i.s.?... |
| \DIALOG\107\1033 | 4A368 | BC | 47368 | 0100FFFF00000000000000004800C048020000000000FC00AA000000000043007200650061007400650020004F0062006A00 | ............H..H..............C.r.e.a.t.e. .O.b.j. |
| \DIALOG\108\1033 | 4A424 | 43C | 47424 | 0100FFFF0000000000000000C800C880100000000000FC00DA000000000043006F006E006E0065006300740069006F006E00 | ..............................C.o.n.n.e.c.t.i.o.n. |
| \DIALOG\110\1033 | 4A860 | 26E | 47860 | C000C880000000000D0000000000FC00DA000000000041006400760061006E00630065006400000008004D00530020005300 | ......................A.d.v.a.n.c.e.d.....M.S. .S. |
| \DIALOG\111\1033 | 4AAD0 | 3A2 | 47AD0 | 4000C04800000000130000000000FC00DA00000000004100740074007200690062007500740065007300000008004D005300 | @..H..................A.t.t.r.i.b.u.t.e.s.....M.S. |
| \DIALOG\112\1033 | 4AE74 | 174 | 47E74 | 0100FFFF00000000000000004800C048070000000000FC00AA000000000043007200650061007400650020004F0062006A00 | ............H..H..............C.r.e.a.t.e. .O.b.j. |
| \DIALOG\113\1033 | 4AFE8 | 18A | 47FE8 | 4000C04800000000030000000000FC00AA000000000043007200650061007400650020004F0062006A006500630074000000 | @..H..................C.r.e.a.t.e. .O.b.j.e.c.t... |
| \DIALOG\114\1033 | 4B174 | C6 | 48174 | C000C88000000000040000000000B100440000000000520065006E0061006D006500000008004D0053002000530068006500 | ................D.....R.e.n.a.m.e.....M.S. .S.h.e. |
| \DIALOG\119\1033 | 4B23C | 1C8 | 4823C | 0100FFFF0000000000000000C800C880070000000000B8005C0000000000460069006C007400650072000000080000000000 | ........................\.....F.i.l.t.e.r......... |
| \DIALOG\121\1033 | 4B404 | 17C | 48404 | 0100FFFF0000000000000000C800C880060000000000FC00DA000000000045006400690074002000460069006C0074006500 | ..............................E.d.i.t. .F.i.l.t.e. |
| \DIALOG\122\1033 | 4B580 | 1E8 | 48580 | 0100FFFF0000000000000000C800C880070000000000A800660000000000430072006500640065006E007400690061006C00 | ........................f.....C.r.e.d.e.n.t.i.a.l. |
| \DIALOG\127\1033 | 4B768 | 28A | 48768 | C000C880000000000D0000000000FC00DA00000000004E0065007700200051007500650072007900000008004D0053002000 | ......................N.e.w. .Q.u.e.r.y.....M.S. . |
| \DIALOG\5001\1033 | 4B9F4 | 1EC | 489F4 | C000C88000000000060000000000FC00DA000000000041007400740072006900620075007400650020004500640069007400 | ......................A.t.t.r.i.b.u.t.e. .E.d.i.t. |
| \DIALOG\5002\1033 | 4BBE0 | 164 | 48BE0 | C000C880000000000700000000000F0146000000000053007400720069006E00670020004100740074007200690062007500 | ................F.....S.t.r.i.n.g. .A.t.t.r.i.b.u. |
| \DIALOG\5003\1033 | 4BD44 | 1E2 | 48D44 | C000C880000000000A0000000000F000DA00000000004D0075006C00740069002D00760061006C0075006500640020005300 | ......................M.u.l.t.i.-.v.a.l.u.e.d. .S. |
| \DIALOG\5020\1033 | 4BF28 | 164 | 48F28 | C000C880000000000700000000000F0146000000000049006E00740065006700650072002000410074007400720069006200 | ................F.....I.n.t.e.g.e.r. .A.t.t.r.i.b. |
| \DIALOG\5021\1033 | 4C08C | 170 | 4908C | C000C880000000000700000000000F014600000000004C006100720067006500200049006E00740065006700650072002000 | ................F.....L.a.r.g.e. .I.n.t.e.g.e.r. . |
| \DIALOG\5022\1033 | 4C1FC | 196 | 491FC | C000C88000000000080000000000B6005F000000000042006F006F006C00650061006E002000410074007400720069006200 | ................_.....B.o.o.l.e.a.n. .A.t.t.r.i.b. |
| \DIALOG\5023\1033 | 4C394 | 262 | 49394 | C000C88000000000090000000000B600760000000000540069006D0065002000410074007400720069006200750074006500 | ................v.....T.i.m.e. .A.t.t.r.i.b.u.t.e. |
| \DIALOG\5024\1033 | 4C5F8 | 302 | 495F8 | C000C880000000000C0000000000FC00DA00000000004F006300740065007400200053007400720069006E00670020004100 | ......................O.c.t.e.t. .S.t.r.i.n.g. .A. |
| \DIALOG\5026\1033 | 4C8FC | 212 | 498FC | C000C880000000000B0000000000F000DA00000000004D0075006C00740069002D00760061006C0075006500640020004200 | ......................M.u.l.t.i.-.v.a.l.u.e.d. .B. |
| \DIALOG\5027\1033 | 4CB10 | 2FA | 49B10 | C000C880000000000D0000000000F000DA00000000004D0075006C00740069002D00760061006C0075006500640020005400 | ......................M.u.l.t.i.-.v.a.l.u.e.d. .T. |
| \DIALOG\5028\1033 | 4CE0C | 1D0 | 49E0C | 0100FFFF0000000000000000C800C88009000000000014016200000000004400690061006C006F0067000000080090010001 | ........................b.....D.i.a.l.o.g......... |
| \DIALOG\10025\1033 | 4CFDC | 1C0 | 49FDC | C000C88000000000090000000000F000DA00000000004D0075006C00740069002D00760061006C0075006500640020004F00 | ......................M.u.l.t.i.-.v.a.l.u.e.d. .O. |
| \STRING\1\1033 | 4D19C | A0 | 4A19C | 0000000000000000000000000000000000000000000009004100440053004900200045006400690074003700410020006C00 | ........................A.D.S.I. .E.d.i.t.7.A. .l. |
| \STRING\3\1033 | 4D23C | 2A | 4A23C | 0000000005004D006F007600650020000000000000000000000000000000000000000000000000000000 | ......M.o.v.e. ........................... |
| \STRING\7\1033 | 4D268 | 238 | 4A268 | 00000000000018004400690072006500630074006F0072007900200050006100720074006900740069006F006E0020004E00 | ........D.i.r.e.c.t.o.r.y. .P.a.r.t.i.t.i.o.n. .N. |
| \STRING\8\1033 | 4D4A0 | 3C2 | 4A4A0 | 1E0026004F0062006A006500630074002E002E002E000A004300720065006100740065002000610020006E00650077002000 | ..&.O.b.j.e.c.t.........C.r.e.a.t.e. .a. .n.e.w. . |
| \STRING\16\1033 | 4D864 | A2 | 4A864 | 0000000000000000000000000000000000001D00260043006F006E007400610069006E0065007200200074006F0020006D00 | ....................&.C.o.n.t.a.i.n.e.r. .t.o. .m. |
| \STRING\17\1033 | 4D908 | 2C | 4A908 | 0600260043006C00650061007200000000000000000000000000000000000000000000000000000000000000 | ..&.C.l.e.a.r............................... |
| \STRING\32\1033 | 4D934 | 282 | 4A934 | 00000000000000001400570065006C0063006F006D006500200074006F002000410044005300490020004500640069007400 | ..........W.e.l.c.o.m.e. .t.o. .A.D.S.I. .E.d.i.t. |
| \STRING\38\1033 | 4DBB8 | 10A | 4ABB8 | 000000000000000000000000000000001200440069007300740069006E00670075006900730068006500640020004E006100 | ..................D.i.s.t.i.n.g.u.i.s.h.e.d. .N.a. |
| \STRING\39\1033 | 4DCC4 | 190 | 4ACC4 | 070049006E00740065006700650072000C004F006300740065007400200053007400720069006E0067000E00550054004300 | ..I.n.t.e.g.e.r...O.c.t.e.t. .S.t.r.i.n.g...U.T.C. |
| \STRING\313\1033 | 4DE54 | 130 | 4AE54 | 000000000000000000000000000000000F0041007400740072006900620075007400650045006400690074006F0072000900 | ..................A.t.t.r.i.b.u.t.e.E.d.i.t.o.r... |
| \STRING\315\1033 | 4DF84 | 2C | 4AF84 | 00000600530079006E0074006100780000000000000000000000000000000000000000000000000000000000 | ....S.y.n.t.a.x............................. |
| \STRING\376\1033 | 4DFB0 | 6A | 4AFB0 | 09004100740074007200690062007500740065000B005300650074002F004E006F0074002000530065007400050056006100 | ..A.t.t.r.i.b.u.t.e...S.e.t./.N.o.t. .S.e.t...V.a. |
| \STRING\379\1033 | 4E01C | B0 | 4B01C | 000000000B00480065007800610064006500630069006D0061006C00070044006500630069006D0061006C00060042006900 | ......H.e.x.a.d.e.c.i.m.a.l...D.e.c.i.m.a.l...B.i. |
| \STRING\380\1033 | 4E0CC | E6 | 4B0CC | 0000000000000000000000002900570069006E0064006F007700730020006600610069006C0065006400200074006F002000 | ............).W.i.n.d.o.w.s. .f.a.i.l.e.d. .t.o. . |
| \STRING\692\1033 | 4E1B4 | 3AC | 4B1B4 | 990049006E00760061006C0069006400200066006F0072006D00610074002E002000200041006E0020006F00630074006100 | ..I.n.v.a.l.i.d. .f.o.r.m.a.t... . .A.n. .o.c.t.a. |
| \STRING\694\1033 | 4E560 | 47C | 4B560 | 0000000000000000000000000000000000000000000000003B00570069006E0064006F007700730020006600610069006C00 | ........................;.W.i.n.d.o.w.s. .f.a.i.l. |
| \STRING\695\1033 | 4E9DC | 26C | 4B9DC | 3C00570069006E0064006F0077007300200063006F0075006C00640020006E006F00740020006C006F006100640020007400 | <.W.i.n.d.o.w.s. .c.o.u.l.d. .n.o.t. .l.o.a.d. .t. |
| \STRING\2687\1033 | 4EC48 | 58C | 4BC48 | 000000000000000000005500540068006900730020007200650073006F00750072006300650020007200650063006F007200 | ..........U.T.h.i.s. .r.e.s.o.u.r.c.e. .r.e.c.o.r. |
| \STRING\2688\1033 | 4F1D4 | 4AE | 4C1D4 | 000000004D004F006E00650020006F00720020006D006F007200650020006F00660020007400680065002000760061006C00 | ....M.O.n.e. .o.r. .m.o.r.e. .o.f. .t.h.e. .v.a.l. |
| \GROUP_ICON\105\1033 | 4F684 | 22 | 4C684 | 00000100020010101000010004002801000001002020100001000400E80200000200 | ..............(..... ............ |
| \VERSION\1\1033 | 4F6A8 | 378 | 4C6A8 | 780334000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | x.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\2\1033 | 4FA20 | 2E1 | 4CA20 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • adsiedit.dll • Comctl32.dll • Kernel32.dll • w2rksupp.chm • \help\adsiedit.hlp • w2rksupp.chm::/topics/adsiedit.htm • 2.5.5.16 • 2.5.5.15 • 2.5.5.14 • 2.5.5.13 • 2.5.5.12 • 2.5.5.11 • 2.5.5.10 • 2.5.5.9 • 2.5.5.8 • 2.5.5.7 • 2.5.5.6 • 2.5.5.5 • 2.5.5.4 • 2.5.5.3 • 2.5.5.2 • 2.5.5.1 • 2.5.5.0 • activeds.dll • aclui.dll • %s\grind066.dat • kernel32.dll • Ccomctl32.dll • ADSIEdit.pdb • MFC42u.DLL • msvcrt.dll • OLEAUT32.dll • ADVAPI32.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 9C90 | 40170C | .text | CALL [static] | Indirect call to absolute memory address |
| 9CAA | 40170C | .text | CALL [static] | Indirect call to absolute memory address |
| 9CC4 | 40170C | .text | CALL [static] | Indirect call to absolute memory address |
| 9CDF | 40170C | .text | CALL [static] | Indirect call to absolute memory address |
| 9CFC | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| 9D11 | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| 9D26 | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| 9D39 | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| 9D4E | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| 9D65 | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| 9D80 | 401600 | .text | CALL [static] | Indirect call to absolute memory address |
| 9D8A | 401604 | .text | CALL [static] | Indirect call to absolute memory address |
| 9D9A | 401600 | .text | CALL [static] | Indirect call to absolute memory address |
| 9EB1 | 401724 | .text | CALL [static] | Indirect call to absolute memory address |
| 9F80 | 401750 | .text | CALL [static] | Indirect call to absolute memory address |
| 9F93 | 40174C | .text | CALL [static] | Indirect call to absolute memory address |
| A095 | 401690 | .text | CALL [static] | Indirect call to absolute memory address |
| A0A1 | 401690 | .text | CALL [static] | Indirect call to absolute memory address |
| A3E5 | 40170C | .text | CALL [static] | Indirect call to absolute memory address |
| A9BE | 4015F8 | .text | CALL [static] | Indirect call to absolute memory address |
| A9DC | 4015FC | .text | CALL [static] | Indirect call to absolute memory address |
| AADD | 4015FC | .text | CALL [static] | Indirect call to absolute memory address |
| AD0F | 401604 | .text | CALL [static] | Indirect call to absolute memory address |
| B07D | 40170C | .text | CALL [static] | Indirect call to absolute memory address |
| BD94 | 40170C | .text | CALL [static] | Indirect call to absolute memory address |
| BF8A | 40119C | .text | CALL [static] | Indirect call to absolute memory address |
| BF9E | 4011A8 | .text | CALL [static] | Indirect call to absolute memory address |
| C089 | 401198 | .text | CALL [static] | Indirect call to absolute memory address |
| CBB6 | 401600 | .text | CALL [static] | Indirect call to absolute memory address |
| CC21 | 401600 | .text | CALL [static] | Indirect call to absolute memory address |
| CFE6 | 40171C | .text | CALL [static] | Indirect call to absolute memory address |
| D122 | 401714 | .text | CALL [static] | Indirect call to absolute memory address |
| D149 | 401718 | .text | CALL [static] | Indirect call to absolute memory address |
| D244 | 40170C | .text | CALL [static] | Indirect call to absolute memory address |
| D5AE | 401710 | .text | CALL [static] | Indirect call to absolute memory address |
| D602 | 401710 | .text | CALL [static] | Indirect call to absolute memory address |
| D61C | 401188 | .text | CALL [static] | Indirect call to absolute memory address |
| D629 | 40118C | .text | CALL [static] | Indirect call to absolute memory address |
| DD0E | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| DD23 | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| DE53 | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| DE63 | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| DEBD | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| DFD2 | 401700 | .text | CALL [static] | Indirect call to absolute memory address |
| E0B2 | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| E4E6 | 401184 | .text | JMP [static] | Indirect jump to absolute memory address |
| E4EC | 401180 | .text | JMP [static] | Indirect jump to absolute memory address |
| E516 | 401170 | .text | CALL [static] | Indirect call to absolute memory address |
| E521 | 401184 | .text | CALL [static] | Indirect call to absolute memory address |
| E5A9 | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| E753 | 401164 | .text | CALL [static] | Indirect call to absolute memory address |
| E953 | 4016FC | .text | CALL [static] | Indirect call to absolute memory address |
| EA01 | 4016FC | .text | CALL [static] | Indirect call to absolute memory address |
| EA23 | 4016FC | .text | CALL [static] | Indirect call to absolute memory address |
| EAEB | 401160 | .text | CALL [static] | Indirect call to absolute memory address |
| EB2B | 4016F4 | .text | CALL [static] | Indirect call to absolute memory address |
| EBAC | 401160 | .text | CALL [static] | Indirect call to absolute memory address |
| EBCB | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| EBE2 | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| EBFF | 40115C | .text | CALL [static] | Indirect call to absolute memory address |
| EC14 | 401158 | .text | CALL [static] | Indirect call to absolute memory address |
| EC25 | 40117C | .text | CALL [static] | Indirect call to absolute memory address |
| EC32 | 401154 | .text | CALL [static] | Indirect call to absolute memory address |
| EC8D | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| ECA6 | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| ECCC | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| ECFA | 4016E8 | .text | CALL [static] | Indirect call to absolute memory address |
| ED42 | 4016EC | .text | CALL [static] | Indirect call to absolute memory address |
| ED5F | 4016F0 | .text | CALL [static] | Indirect call to absolute memory address |
| EE01 | 40114C | .text | CALL [static] | Indirect call to absolute memory address |
| EE08 | 401150 | .text | CALL [static] | Indirect call to absolute memory address |
| EF6C | 40113C | .text | CALL [static] | Indirect call to absolute memory address |
| EF82 | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| EFDA | 401140 | .text | CALL [static] | Indirect call to absolute memory address |
| F04C | 401144 | .text | CALL [static] | Indirect call to absolute memory address |
| F08D | 401138 | .text | CALL [static] | Indirect call to absolute memory address |
| F0C4 | 401140 | .text | CALL [static] | Indirect call to absolute memory address |
| F10E | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| F146 | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| F169 | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| F1F6 | 40114C | .text | CALL [static] | Indirect call to absolute memory address |
| F1FD | 401134 | .text | CALL [static] | Indirect call to absolute memory address |
| F34A | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| F3AB | 401130 | .text | CALL [static] | Indirect call to absolute memory address |
| F3E0 | 401140 | .text | CALL [static] | Indirect call to absolute memory address |
| F3FA | 401168 | .text | CALL [static] | Indirect call to absolute memory address |
| F58B | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| F828 | 40119C | .text | CALL [static] | Indirect call to absolute memory address |
| F8D2 | 4011A8 | .text | CALL [static] | Indirect call to absolute memory address |
| F8F6 | 40119C | .text | CALL [static] | Indirect call to absolute memory address |
| F904 | 4011A8 | .text | CALL [static] | Indirect call to absolute memory address |
| F912 | 40119C | .text | CALL [static] | Indirect call to absolute memory address |
| F920 | 4011A8 | .text | CALL [static] | Indirect call to absolute memory address |
| F927 | 40112C | .text | CALL [static] | Indirect call to absolute memory address |
| F935 | 40119C | .text | CALL [static] | Indirect call to absolute memory address |
| F943 | 4011A8 | .text | CALL [static] | Indirect call to absolute memory address |
| F957 | 40170C | .text | CALL [static] | Indirect call to absolute memory address |
| F974 | 40168C | .text | CALL [static] | Indirect call to absolute memory address |
| FEA2 | 40170C | .text | CALL [static] | Indirect call to absolute memory address |
| 101B6 | 4015FC | .text | CALL [static] | Indirect call to absolute memory address |
| 346DC | FFC0002E | .text | TLS Callback | Pointer to 2E *Memory* |
| 346E0 | 31A67 | .text | TLS Callback | Pointer to 431A67 - 0x30E67 .text |
| 346E4 | FFC0002F | .text | TLS Callback | Pointer to 2F *Memory* |
| 346E8 | 31A6F | .text | TLS Callback | Pointer to 431A6F - 0x30E6F .text |
| 346EC | FFC0002F | .text | TLS Callback | Pointer to 2F *Memory* |
| 346F0 | 31A79 | .text | TLS Callback | Pointer to 431A79 - 0x30E79 .text |
| 346F4 | 19530520 | .text | TLS Callback | Pointer to 19930520 *Memory* |
| 346F8 | FFC00032 | .text | TLS Callback | Pointer to 32 *Memory* |
| 346FC | 35164 | .text | TLS Callback | Pointer to 435164 - 0x34564 .text |
| 53000 | N/A | *Overlay* | 458538B1D8A037BCE28DA879A974EE22 | E.8...7....y.t." |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 167888 | 49,3811% |
| Null Byte Code | 86804 | 25,5318% |
© 2026 All rights reserved.