PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 1,11 MBSHA-256 Hash: 3C22BD65762299F5FBDF377DDF104952BB46F27721B301665DCA4C62BEDB8542 SHA-1 Hash: FC8F0A2ADF7D6C58F12C3883FB3BE333462A9C27 MD5 Hash: 8A683D7229647F7C1AACB390E414E85E Imphash: B78ECF47C0A3E24A6F4AF114E2D1F5DE MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 00128CF3 EntryPoint (rva): 31A3 SizeOfHeaders: 400 SizeOfImage: A3000 ImageBase: 400000 Architecture: x86 ImportTable: 8534 IAT: 8000 Characteristics: 10F TimeDateStamp: 584DCA3C Date: 11/12/2016 21:50:52 File Type: EXE Number Of Sections: 5 ASLR: Enabled Section Names: .text, .rdata, .data, .ndata, .rsrc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: requireAdministrator |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | 6200 | 1000 | 6071 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
6600 | 1400 | 8000 | 1352 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
7A00 | 600 | A000 | 254F8 |
|
|
| .ndata | 0xC0000080 Uninitialized Data Readable Writeable |
0 | 0 | 30000 | 16000 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
8000 | 5CE00 | 46000 | 5CCB8 |
|
|
| Description |
| CompanyName: DigitalVolcano Software Ltd LegalCopyright: (c)2017 DigitalVolcano Software Ltd ProductName: Hash Tool FileVersion: 1.2.1 FileDescription: Hash Tool Setup Comments: Installer for Hash Tool Language: English (United States) (ID=0x409) CodePage: Unknown (0x0) (0x0) |
| Binder/Joiner/Crypter |
| Dropper code detected (EOF) - 486,48 KB |
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 25A3 Code -> 81EC8401000053565733DB6801800000895C2418C744241098A14000895C2420C644241420FF15A8804000FF15A480400066 Assembler |SUB ESP, 0X184 |PUSH EBX |PUSH ESI |PUSH EDI |XOR EBX, EBX |PUSH 0X8001 |MOV DWORD PTR [ESP + 0X18], EBX |MOV DWORD PTR [ESP + 0X10], 0X40A198 |MOV DWORD PTR [ESP + 0X20], EBX |MOV BYTE PTR [ESP + 0X14], 0X20 |CALL DWORD PTR [0X4080A8] |CALL DWORD PTR [0X4080A4] |
| Signatures |
| Rich Signature Analyzer: Code -> ADB12881E9D046D2E9D046D2E9D046D22ADF19D2EBD046D2E9D047D276D046D22ADF1BD2E6D046D2BDF376D2E3D046D22ED640D2E8D046D252696368E9D046D2 Footprint md5 Hash -> C0C16CCAE8729C2E83743F702ACDFC4E • The Rich header apparently has not been modified Certificate - Digital Signature: • The file is signed and the signature is correct |
| Packer/Compiler |
| Compiler: Nullsoft Install System - Version: v3.01 Detect It Easy (die) • PE: installer: Nullsoft Scriptable Install System(3.01)[zlib] • PE: linker: Microsoft Linker(6.0*)[-] • PE: overlay: NSIS data(-)[-] • Entropy: 7.61296 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | CopyFileA | Copies an existing file to a new file. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| KERNEL32.DLL | DeleteFileA | Deletes an existing file. |
| USER32.DLL | CallWindowProcA | Invokes the window procedure for the specified window and messages. |
| ADVAPI32.DLL | RegCreateKeyExA | Creates a new registry key or opens an existing one. |
| ADVAPI32.DLL | RegDeleteKeyA | Used to delete a subkey and its values from the Windows registry. |
| ADVAPI32.DLL | RegSetValueExA | Sets the data and type of a specified value under a registry key. |
| ADVAPI32.DLL | RegDeleteValueA | Removes a named value from the specified registry key. Note that value names are not case sensitive. |
| SHELL32.DLL | ShellExecuteA | Performs a run operation on a specific file. |
| Windows REG |
| Software\Microsoft\Windows\CurrentVersion |
| File Access |
| Nullsoft.NSIS.exe .exe %s%s.dll ole32.dll COMCTL32.dll ADVAPI32.dll SHELL32.dll GDI32.dll USER32.dll KERNEL32.dll @.dat Temp |
| Interest's Words |
| exec attrib shutdown ping expand |
| URLs |
| http://nsis.sf.net/NSIS_Error http://www.usertrust.com10 http://crl.usertrust.com/UTN-USERFirst-Object.crl http://ocsp.usertrust.com http://crl.comodoca.com/COMODORSACodeSigningCA.crl http://crt.comodoca.com/COMODORSACodeSigningCA.crt http://ocsp.comodoca.com http://crl.comodoca.com/COMODORSACertificationAuthority.crl http://crt.comodoca.com/COMODORSAAddTrustCA.crt https://secure.comodo.net/CPS0C |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | Registry (RegCreateKeyEx) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | Registry (RegDeleteKeyEx) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (CopyFile) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Reconnaissance (FindFirstFileA) |
| Text | Ascii | Reconnaissance (FindNextFileA) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Execution (CreateProcessA) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Antivirus Software (comodo) |
| Text | Ascii | Privileges (SeShutdownPrivilege) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \BITMAP\110\1033 | 46850 | 666 | 8850 | 280000006000000010000000010008000000000002060000340B0000340B00000F0000000F000000FF00FF008080000021A5 | (......................4...4...................!. |
| \ICON\1\1033 | 46EB8 | 10828 | 8EB8 | 2800000080000000000100000100200000000000000801000000000000000000000000000000000000000000000000000000 | (............. ................................... |
| \ICON\2\1033 | 576E0 | C221 | 196E0 | 89504E470D0A1A0A0000000D49484452000003000000030008060000009381008E000000097048597300000EC300000EC301 | .PNG........IHDR.....................pHYs......... |
| \ICON\3\1033 | 63908 | 9F9F | 25908 | 89504E470D0A1A0A0000000D4948445200000200000002000806000000F478D4FA000000097048597300000EC300000EC301 | .PNG........IHDR..............x......pHYs......... |
| \ICON\4\1033 | 6D8A8 | 94A8 | 2F8A8 | 2800000060000000C00000000100200000000000809400000000000000000000000000000000000000000000000000000000 | (............ ................................... |
| \ICON\5\1033 | 76D50 | 67E8 | 38D50 | 2800000050000000A00000000100200000000000C06700000000000000000000000000000000000000000000000000000000 | (...P......... ......g............................ |
| \ICON\6\1033 | 7D538 | 5E21 | 3F538 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000000097048597300000EC300000EC301 | .PNG........IHDR.............\r.f....pHYs......... |
| \ICON\7\1033 | 83360 | 5488 | 45360 | 2800000048000000900000000100200000000000605400000000000000000000000000000000000000000000000000000000 | (...H......... .....T............................ |
| \ICON\8\1033 | 887E8 | 495C | 4A7E8 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000000097048597300000EC300000EC301 | .PNG........IHDR.............\r.f....pHYs......... |
| \ICON\9\1033 | 8D148 | 4228 | 4F148 | 2800000040000000800000000100200000000000004200000000000000000000000000000000000000000000000000000000 | (...@......... ......B............................ |
| \ICON\10\1033 | 91370 | 410C | 53370 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000000097048597300000EC300000EC301 | .PNG........IHDR.............\r.f....pHYs......... |
| \ICON\11\1033 | 95480 | 3A48 | 57480 | 280000003C000000780000000100200000000000203A00000000000000000000000000000000000000000000000000000000 | (...<...x..... ..... :............................ |
| \ICON\12\1033 | 98EC8 | 25A8 | 5AEC8 | 2800000030000000600000000100200000000000802500000000000000000000000000000000000000000000000000000000 | (...0........ ......%............................ |
| \ICON\13\1033 | 9B470 | 1A68 | 5D470 | 2800000028000000500000000100200000000000401A00000000000000000000000000000000000000000000000000000000 | (...(...P..... .....@............................. |
| \ICON\14\1033 | 9CED8 | 10A8 | 5EED8 | 2800000020000000400000000100200000000000801000000000000000000000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\15\1033 | 9DF80 | EA8 | 5FF80 | 2800000030000000600000000100080000000000000900000000000000000000000100000001000000000000009412000295 | (...0............................................ |
| \ICON\16\1033 | 9EE28 | 8A8 | 60E28 | 2800000020000000400000000100080000000000000400000000000000000000000100000001000000000000009412000295 | (... ...@......................................... |
| \ICON\17\1033 | 9F6D0 | 6B8 | 616D0 | 2800000014000000280000000100200000000000900600000000000000000000000000000000000000000000000000000000 | (.......(..... ................................... |
| \ICON\18\1033 | 9FD88 | 668 | 61D88 | 2800000030000000600000000100040000000000800400000000000000000000000000000000000000000000000080000080 | (...0............................................ |
| \ICON\19\1033 | A03F0 | 568 | 623F0 | 2800000010000000200000000100080000000000000100000000000000000000000100000001000000000000009412000294 | (....... ......................................... |
| \ICON\20\1033 | A0958 | 468 | 62958 | 2800000010000000200000000100200000000000400400000000000000000000000000000000000000000000000000000000 | (....... ..... .....@............................. |
| \ICON\21\1033 | A0DC0 | 2E8 | 62DC0 | 2800000020000000400000000100040000000000000200000000000000000000000000000000000000000000000080000080 | (... ...@......................................... |
| \ICON\22\1033 | A10A8 | 128 | 630A8 | 2800000010000000200000000100040000000000800000000000000000000000000000000000000000000000000080000080 | (....... ......................................... |
| \DIALOG\103\1033 | A11D0 | 120 | 631D0 | 0100FFFF0000000000000000480400400700000000002C018C000000000000000800000000014D0053002000530068006500 | ............H..@......,...............M.S. .S.h.e. |
| \DIALOG\104\1033 | A12F0 | 158 | 632F0 | 0100FFFF0000000000000000480400400800000000002C018C000000000000000800000000014D0053002000530068006500 | ............H..@......,...............M.S. .S.h.e. |
| \DIALOG\105\1033 | A1448 | 202 | 63448 | 0100FFFF00000000000000004808CA800E00000000004B01DE000000000000000800000000014D0053002000530068006500 | ............H.........K...............M.S. .S.h.e. |
| \DIALOG\106\1033 | A1650 | F8 | 63650 | 0100FFFF0000000000000000480400400400000000002C018C000000000000000800000000014D0053002000530068006500 | ............H..@......,...............M.S. .S.h.e. |
| \DIALOG\111\1033 | A1748 | EE | 63748 | 0100FFFF0000000000000000C8080080030000000000A7002A000000000000000800000000014D0053002000530068006500 | ........................*.............M.S. .S.h.e. |
| \DIALOG\203\1033 | A1838 | 10C | 63838 | 0100FFFF0000000000000000400400400700000000002C018C000000000000000900000000018B5B534F0000000000000000 | ............@..@......,................[SO........ |
| \DIALOG\204\1033 | A1948 | 144 | 63948 | 0100FFFF0000000000000000400400400800000000002C018C000000000000000900000000018B5B534F0000000000000000 | ............@..@......,................[SO........ |
| \DIALOG\205\1033 | A1A90 | 1EE | 63A90 | 0100FFFF00000000000000004008CA800E00000000004B01DE000000000000000900000000018B5B534F0000000000000000 | ............@.........K................[SO........ |
| \DIALOG\206\1033 | A1C80 | E4 | 63C80 | 0100FFFF0000000000000000400400400400000000002C018C000000000000000900000000018B5B534F0000000000000000 | ............@..@......,................[SO........ |
| \DIALOG\211\1033 | A1D68 | DA | 63D68 | 0100FFFF0000000000000000C0080080030000000000A7002A000000000000000900000000018B5B534F0000000000000000 | ........................*..............[SO........ |
| \DIALOG\303\1033 | A1E48 | 118 | 63E48 | 0100FFFF0000000000000000400400400700000000002C018C000000000000000900000000012DFF33FF200030FFB430B730 | ............@..@......,...............-.3. .0..0.0 |
| \DIALOG\304\1033 | A1F60 | 150 | 63F60 | 0100FFFF0000000000000000400400400800000000002C018C000000000000000900000000012DFF33FF200030FFB430B730 | ............@..@......,...............-.3. .0..0.0 |
| \DIALOG\305\1033 | A20B0 | 1FA | 640B0 | 0100FFFF00000000000000004008CA800E00000000004B01DE000000000000000900000000012DFF33FF200030FFB430B730 | ............@.........K...............-.3. .0..0.0 |
| \DIALOG\306\1033 | A22B0 | F0 | 642B0 | 0100FFFF0000000000000000400400400400000000002C018C000000000000000900000000012DFF33FF200030FFB430B730 | ............@..@......,...............-.3. .0..0.0 |
| \DIALOG\311\1033 | A23A0 | E6 | 643A0 | 0100FFFF0000000000000000C0080080030000000000A7002A000000000000000900000000012DFF33FF200030FFB430B730 | ........................*.............-.3. .0..0.0 |
| \GROUP_ICON\103\1033 | A2488 | 13A | 64488 | 0000010016000000100001000400215E0000060030301000010004006806000012002020100001000400E802000015001010 | ..............!....00......h..... .............. |
| \VERSION\1\1033 | A25C8 | 2BC | 645C8 | BC0234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000000000200 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\1\1033 | A2888 | 42E | 64888 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • KERNEL32.dll • USER32.dll • ADVAPI32.dll • COMCTL32.dll • http://nsis.sf.net/NSIS_ErrorError launching installer • .tmp • C@_Nb.exe • %s%s.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 42C | 408204 | .text | CALL [static] | Indirect call to absolute memory address |
| 447 | 408208 | .text | CALL [static] | Indirect call to absolute memory address |
| 45B | 40820C | .text | CALL [static] | Indirect call to absolute memory address |
| 4CF | 408064 | .text | CALL [static] | Indirect call to absolute memory address |
| 4E4 | 408210 | .text | CALL [static] | Indirect call to absolute memory address |
| 505 | 408054 | .text | CALL [static] | Indirect call to absolute memory address |
| 526 | 408050 | .text | CALL [static] | Indirect call to absolute memory address |
| 530 | 408058 | .text | CALL [static] | Indirect call to absolute memory address |
| 556 | 408214 | .text | CALL [static] | Indirect call to absolute memory address |
| 56E | 40826C | .text | CALL [static] | Indirect call to absolute memory address |
| 7E4 | 408148 | .text | CALL [static] | Indirect call to absolute memory address |
| 7F4 | 408200 | .text | CALL [static] | Indirect call to absolute memory address |
| 8AC | 4081C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 8E9 | 408074 | .text | CALL [static] | Indirect call to absolute memory address |
| 8F7 | 40824C | .text | CALL [static] | Indirect call to absolute memory address |
| 9A8 | 408090 | .text | CALL [static] | Indirect call to absolute memory address |
| A0D | 40808C | .text | CALL [static] | Indirect call to absolute memory address |
| A3C | 4080F8 | .text | CALL [static] | Indirect call to absolute memory address |
| A85 | 4080FC | .text | CALL [static] | Indirect call to absolute memory address |
| ACE | 4080B4 | .text | CALL [static] | Indirect call to absolute memory address |
| B14 | 408104 | .text | CALL [static] | Indirect call to absolute memory address |
| B33 | 408108 | .text | CALL [static] | Indirect call to absolute memory address |
| BC2 | 408100 | .text | CALL [static] | Indirect call to absolute memory address |
| CBB | 408110 | .text | CALL [static] | Indirect call to absolute memory address |
| CC4 | 4080F4 | .text | CALL [static] | Indirect call to absolute memory address |
| E04 | 40810C | .text | CALL [static] | Indirect call to absolute memory address |
| E16 | 408114 | .text | CALL [static] | Indirect call to absolute memory address |
| E31 | 408118 | .text | CALL [static] | Indirect call to absolute memory address |
| E44 | 408114 | .text | CALL [static] | Indirect call to absolute memory address |
| F4F | 408274 | .text | CALL [static] | Indirect call to absolute memory address |
| FCC | 408124 | .text | CALL [static] | Indirect call to absolute memory address |
| FDE | 408160 | .text | CALL [static] | Indirect call to absolute memory address |
| 1074 | 408258 | .text | CALL [static] | Indirect call to absolute memory address |
| 108C | 408200 | .text | CALL [static] | Indirect call to absolute memory address |
| 10BA | 40825C | .text | CALL [static] | Indirect call to absolute memory address |
| 10DF | 408254 | .text | CALL [static] | Indirect call to absolute memory address |
| 110F | 408244 | .text | CALL [static] | Indirect call to absolute memory address |
| 1130 | 408248 | .text | CALL [static] | Indirect call to absolute memory address |
| 113F | 408244 | .text | CALL [static] | Indirect call to absolute memory address |
| 114C | 40820C | .text | CALL [static] | Indirect call to absolute memory address |
| 116D | 408250 | .text | CALL [static] | Indirect call to absolute memory address |
| 117B | 408200 | .text | CALL [static] | Indirect call to absolute memory address |
| 118A | 40805C | .text | CALL [static] | Indirect call to absolute memory address |
| 1198 | 408238 | .text | CALL [static] | Indirect call to absolute memory address |
| 11B2 | 408060 | .text | CALL [static] | Indirect call to absolute memory address |
| 11BA | 408148 | .text | CALL [static] | Indirect call to absolute memory address |
| 11CB | 4081F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 121A | 408054 | .text | CALL [static] | Indirect call to absolute memory address |
| 1243 | 408278 | .text | CALL [static] | Indirect call to absolute memory address |
| 124E | 4081F8 | .text | CALL [static] | Indirect call to absolute memory address |
| 129F | 408178 | .text | CALL [static] | Indirect call to absolute memory address |
| 12FD | 408158 | .text | CALL [static] | Indirect call to absolute memory address |
| 1322 | 4080F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 138E | 408160 | .text | CALL [static] | Indirect call to absolute memory address |
| 142A | 408154 | .text | CALL [static] | Indirect call to absolute memory address |
| 143A | 408150 | .text | CALL [static] | Indirect call to absolute memory address |
| 14B4 | 408144 | .text | CALL [static] | Indirect call to absolute memory address |
| 154C | 408290 | .text | CALL [static] | Indirect call to absolute memory address |
| 15F8 | 408140 | .text | CALL [static] | Indirect call to absolute memory address |
| 16B3 | 40817C | .text | CALL [static] | Indirect call to absolute memory address |
| 172B | 40814C | .text | CALL [static] | Indirect call to absolute memory address |
| 1769 | 408138 | .text | CALL [static] | Indirect call to absolute memory address |
| 1796 | 40801C | .text | CALL [static] | Indirect call to absolute memory address |
| 179F | 408020 | .text | CALL [static] | Indirect call to absolute memory address |
| 1811 | 408024 | .text | CALL [static] | Indirect call to absolute memory address |
| 186E | 408028 | .text | CALL [static] | Indirect call to absolute memory address |
| 18B3 | 40802C | .text | CALL [static] | Indirect call to absolute memory address |
| 1927 | 408030 | .text | CALL [static] | Indirect call to absolute memory address |
| 193A | 408018 | .text | CALL [static] | Indirect call to absolute memory address |
| 194F | 408020 | .text | CALL [static] | Indirect call to absolute memory address |
| 1A7F | 408134 | .text | CALL [static] | Indirect call to absolute memory address |
| 1AB3 | 408134 | .text | CALL [static] | Indirect call to absolute memory address |
| 1AD6 | 40813C | .text | CALL [static] | Indirect call to absolute memory address |
| 1AF3 | 40812C | .text | CALL [static] | Indirect call to absolute memory address |
| 1B1A | 408128 | .text | CALL [static] | Indirect call to absolute memory address |
| 1BF2 | 408124 | .text | CALL [static] | Indirect call to absolute memory address |
| 1C05 | 408124 | .text | CALL [static] | Indirect call to absolute memory address |
| 1C1D | 4080F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1C31 | 408130 | .text | CALL [static] | Indirect call to absolute memory address |
| 1D48 | 408200 | .text | CALL [static] | Indirect call to absolute memory address |
| 1D58 | 4081FC | .text | CALL [static] | Indirect call to absolute memory address |
| 1F2F | 408014 | .text | CALL [static] | Indirect call to absolute memory address |
| 1F74 | 408020 | .text | CALL [static] | Indirect call to absolute memory address |
| 1F99 | 408020 | .text | CALL [static] | Indirect call to absolute memory address |
| 1FB7 | 408000 | .text | CALL [static] | Indirect call to absolute memory address |
| 2000 | 408014 | .text | CALL [static] | Indirect call to absolute memory address |
| 202E | 408240 | .text | CALL [static] | Indirect call to absolute memory address |
| 2059 | 408148 | .text | CALL [static] | Indirect call to absolute memory address |
| 2069 | 408274 | .text | CALL [static] | Indirect call to absolute memory address |
| 2079 | 40827C | .text | CALL [static] | Indirect call to absolute memory address |
| 20A9 | 408270 | .text | CALL [static] | Indirect call to absolute memory address |
| 20C7 | 408078 | .text | CALL [static] | Indirect call to absolute memory address |
| 20E4 | 40823C | .text | CALL [static] | Indirect call to absolute memory address |
| 20F2 | 408278 | .text | CALL [static] | Indirect call to absolute memory address |
| 210B | 408078 | .text | CALL [static] | Indirect call to absolute memory address |
| 2127 | 408080 | .text | CALL [static] | Indirect call to absolute memory address |
| 2173 | 40807C | .text | CALL [static] | Indirect call to absolute memory address |
| 22AB | 408160 | .text | CALL [static] | Indirect call to absolute memory address |
| 2311 | 408134 | .text | CALL [static] | Indirect call to absolute memory address |
| 246A | 408148 | .text | CALL [static] | Indirect call to absolute memory address |
| 64E00 | N/A | *Overlay* | 00000000EFBEADDE4E756C6C736F6674496E7374 | ........NullsoftInst |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 691272 | 59,2955% |
| Null Byte Code | 91285 | 7,8302% |
© 2026 All rights reserved.