PREMIUM PESCAN.IO - Analysis Report |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 933,00 KB SHA-256 Hash: 47FD32C1162647A95963771473C2CE9D13867DE6F672A8C67B7B1F2EF8DF8842 SHA-1 Hash: 635C9819C8F639A6960A528ED7D32F80B2C009B3 MD5 Hash: 9B35C2D72F2126143A25470DADCAFC51 Imphash: D73AEEA5C530BBE127B514C40C8055E9 MajorOSVersion: 5 MinorOSVersion: 1 CheckSum: 000F0429 EntryPoint (rva): 869DF SizeOfHeaders: 400 SizeOfImage: F0000 ImageBase: 10000000 Architecture: x86 ExportTable: DB550 ImportTable: DAA5C IAT: AD000 Characteristics: 2102 TimeDateStamp: 5161B6FF Date: 07/04/2013 18:12:15 File Type: DLL Number Of Sections: 5 ASLR: Enabled Section Names: .text, .rdata, .data, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
400 | ABE00 | 1000 | ABDD0 |
|
|
| .rdata | 0x40000040 Initialized Data Readable |
AC200 | 30E00 | AD000 | 30D58 |
|
|
| .data | 0xC0000040 Initialized Data Readable Writeable |
DD000 | 2A00 | DE000 | 6B44 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
DFA00 | 200 | E5000 | 1B4 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
DFC00 | 9800 | E6000 | 97B8 |
|
|
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 85DDF Code -> 8BFF558BEC837D0C017505E882970000FF75088B4D108B550CE8ECFEFFFF595DC20C008BFF558BEC683C840D10FF1544D10A Assembler |MOV EDI, EDI |PUSH EBP |MOV EBP, ESP |CMP DWORD PTR [EBP + 0XC], 1 |JNE 0X1010 |CALL 0XA792 |PUSH DWORD PTR [EBP + 8] |MOV ECX, DWORD PTR [EBP + 0X10] |MOV EDX, DWORD PTR [EBP + 0XC] |CALL 0XF0A |POP ECX |POP EBP |RET 0XC |MOV EDI, EDI |PUSH EBP |MOV EBP, ESP |PUSH 0X100D843C |
| Signatures |
| Rich Signature Analyzer: Code -> D9CB98F19DAAF6A29DAAF6A29DAAF6A20EE46EA29BAAF6A2F2DC5DA2B4AAF6A2F2DC68A283AAF6A2BA6C8BA289AAF6A2AB8CFCA2E4ABF6A29DAAF7A202AAF6A294D265A290AAF6A2F2DC5CA253AAF6A2F2DC6DA29CAAF6A2F2DC6BA29CAAF6A2526963689DAAF6A2 Footprint md5 Hash -> 8C444A0743BB44E4F5FCA6A8E45B2B8E • The Rich header apparently has not been modified Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Detect It Easy (die) • PE: compiler: EP:Microsoft Visual C/C++(2008-2010)[DLL32] • PE: compiler: Microsoft Visual C/C++(2010)[libcmt] • PE: linker: Microsoft Linker(10.0)[-] • Entropy: 6.75829 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | CreateToolhelp32Snapshot | Creates a snapshot of the specified processes, heaps, threads, and modules. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| KERNEL32.DLL | DeleteFileA | Deletes an existing file. |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| Ws2_32.DLL | socket | Create a communication endpoint for networking applications. |
| Ws2_32.DLL | connect | Establish a connection to a specified socket. |
| ET Functions (carving) |
| Original Name -> ssh.dll buffer_free buffer_get buffer_get_len buffer_new channel_accept_x11 channel_change_pty_size channel_close channel_forward_accept channel_forward_cancel channel_forward_listen channel_free channel_get_exit_status channel_get_session channel_is_closed channel_is_eof channel_is_open channel_new channel_open_forward channel_open_session channel_poll channel_read channel_read_buffer channel_read_nonblocking channel_request_env channel_request_exec channel_request_pty channel_request_pty_size channel_request_send_signal channel_request_sftp channel_request_shell channel_request_subsystem channel_request_x11 channel_select channel_send_eof channel_set_blocking channel_write channel_write_stderr privatekey_free privatekey_from_file publickey_free publickey_from_file publickey_from_privatekey publickey_to_string sftp_async_read sftp_async_read_begin sftp_attributes_free sftp_canonicalize_path sftp_chmod sftp_chown sftp_close sftp_closedir sftp_dir_eof sftp_extension_supported sftp_extensions_get_count sftp_extensions_get_data sftp_extensions_get_name sftp_file_set_blocking sftp_file_set_nonblocking sftp_free sftp_fstat sftp_fstatvfs sftp_get_error sftp_init sftp_lstat sftp_mkdir sftp_new sftp_open sftp_opendir sftp_read sftp_readdir sftp_readlink sftp_rename sftp_rewind sftp_rmdir sftp_seek sftp_seek64 sftp_server_init sftp_server_new sftp_server_version sftp_setstat sftp_stat sftp_statvfs sftp_statvfs_free sftp_symlink sftp_tell sftp_tell64 sftp_unlink sftp_utimes sftp_write ssh_accept ssh_auth_list ssh_basename ssh_bind_accept ssh_bind_accept_fd ssh_bind_fd_toaccept ssh_bind_free ssh_bind_get_fd ssh_bind_listen ssh_bind_new ssh_bind_options_set ssh_bind_set_blocking ssh_bind_set_callbacks ssh_bind_set_fd ssh_blocking_flush ssh_buffer_free ssh_buffer_get_begin ssh_buffer_get_len ssh_buffer_new ssh_channel_accept_x11 ssh_channel_change_pty_size ssh_channel_close ssh_channel_free ssh_channel_get_exit_status ssh_channel_get_session ssh_channel_is_closed ssh_channel_is_eof ssh_channel_is_open ssh_channel_new ssh_channel_open_forward ssh_channel_open_reverse_forward ssh_channel_open_session ssh_channel_open_x11 ssh_channel_poll ssh_channel_poll_timeout ssh_channel_read ssh_channel_read_nonblocking ssh_channel_request_env ssh_channel_request_exec ssh_channel_request_pty ssh_channel_request_pty_size ssh_channel_request_send_exit_signal ssh_channel_request_send_exit_status ssh_channel_request_send_signal ssh_channel_request_sftp ssh_channel_request_shell ssh_channel_request_subsystem ssh_channel_request_x11 ssh_channel_select ssh_channel_send_eof ssh_channel_set_blocking ssh_channel_window_size ssh_channel_write ssh_channel_write_stderr ssh_clean_pubkey_hash ssh_connect ssh_copyright ssh_dirname ssh_disconnect ssh_event_add_fd ssh_event_add_session ssh_event_dopoll ssh_event_free ssh_event_new ssh_event_remove_fd ssh_event_remove_session ssh_execute_message_callbacks ssh_finalize ssh_forward_accept ssh_forward_cancel ssh_forward_listen ssh_free ssh_get_disconnect_message ssh_get_error ssh_get_error_code ssh_get_fd ssh_get_hexa ssh_get_issue_banner ssh_get_openssh_version ssh_get_pubkey ssh_get_pubkey_hash ssh_get_publickey ssh_get_random ssh_get_serverbanner ssh_get_status ssh_get_version ssh_getpass ssh_handle_key_exchange ssh_init ssh_is_blocking ssh_is_connected ssh_is_server_known ssh_key_cmp ssh_key_free ssh_key_is_private ssh_key_is_public ssh_key_new ssh_key_type ssh_key_type_from_name ssh_key_type_to_char ssh_log ssh_message_auth_interactive_request ssh_message_auth_kbdint_is_response ssh_message_auth_password ssh_message_auth_pubkey ssh_message_auth_publickey ssh_message_auth_publickey_state ssh_message_auth_reply_pk_ok ssh_message_auth_reply_pk_ok_simple ssh_message_auth_reply_success ssh_message_auth_set_methods ssh_message_auth_user ssh_message_channel_request_channel ssh_message_channel_request_command ssh_message_channel_request_env_name ssh_message_channel_request_env_value ssh_message_channel_request_open_destination ssh_message_channel_request_open_destination_port ssh_message_channel_request_open_originator ssh_message_channel_request_open_originator_port ssh_message_channel_request_open_reply_accept ssh_message_channel_request_pty_height ssh_message_channel_request_pty_pxheight ssh_message_channel_request_pty_pxwidth ssh_message_channel_request_pty_term ssh_message_channel_request_pty_width ssh_message_channel_request_reply_success ssh_message_channel_request_subsystem ssh_message_channel_request_x11_auth_cookie ssh_message_channel_request_x11_auth_protocol ssh_message_channel_request_x11_screen_number ssh_message_channel_request_x11_single_connection ssh_message_free ssh_message_get ssh_message_global_request_address ssh_message_global_request_port ssh_message_global_request_reply_success ssh_message_reply_default ssh_message_retrieve ssh_message_service_reply_success ssh_message_service_service ssh_message_subtype ssh_message_type ssh_mkdir ssh_new ssh_options_copy ssh_options_get ssh_options_get_port ssh_options_getopt ssh_options_parse_config ssh_options_set ssh_pcap_file_close ssh_pcap_file_free ssh_pcap_file_new ssh_pcap_file_open ssh_pki_export_privkey_to_pubkey ssh_pki_export_pubkey_base64 ssh_pki_export_pubkey_file ssh_pki_generate ssh_pki_import_privkey_base64 ssh_pki_import_privkey_file ssh_pki_import_pubkey_base64 ssh_pki_import_pubkey_file ssh_print_hexa ssh_privatekey_type ssh_publickey_to_file ssh_scp_accept_request ssh_scp_close ssh_scp_deny_request ssh_scp_free ssh_scp_init ssh_scp_leave_directory ssh_scp_new ssh_scp_pull_request ssh_scp_push_directory ssh_scp_push_file ssh_scp_push_file64 ssh_scp_read ssh_scp_request_get_filename ssh_scp_request_get_permissions ssh_scp_request_get_size ssh_scp_request_get_size64 ssh_scp_request_get_warning ssh_scp_write ssh_select ssh_send_debug ssh_send_ignore ssh_service_request ssh_set_blocking ssh_set_callbacks ssh_set_channel_callbacks ssh_set_fd_except ssh_set_fd_toread ssh_set_fd_towrite ssh_set_message_callback ssh_set_pcap_file ssh_silent_disconnect ssh_string_burn ssh_string_copy ssh_string_data ssh_string_fill ssh_string_free ssh_string_free_char ssh_string_from_char ssh_string_get_char ssh_string_len ssh_string_new ssh_string_to_char ssh_threads_get_noop ssh_threads_set_callbacks ssh_try_publickey_from_file ssh_userauth_autopubkey ssh_userauth_kbdint ssh_userauth_kbdint_getanswer ssh_userauth_kbdint_getinstruction ssh_userauth_kbdint_getname ssh_userauth_kbdint_getnanswers ssh_userauth_kbdint_getnprompts ssh_userauth_kbdint_getprompt ssh_userauth_kbdint_setanswer ssh_userauth_list ssh_userauth_none ssh_userauth_offer_pubkey ssh_userauth_password ssh_userauth_privatekey_file ssh_userauth_pubkey ssh_userauth_publickey ssh_userauth_publickey_auto ssh_userauth_try_publickey ssh_version ssh_write_knownhost string_burn string_copy string_data string_fill string_free string_from_char string_len string_new string_to_char |
| File Access |
| .exe ssh.dll ADVAPI32.dll SHELL32.dll USER32.dll KERNEL32.dll WS2_32.dll %s.dll NETAPI32.DLL .bat d.dat @.dat Temp |
| File Access (UNICODE) |
| GetLastActivePopupGetActiveWindowMessageBoxWUSER32.DLL KERNEL32.DLL CorExitProcessmscoree.dll Temp |
| Interest's Words |
| PADDINGX Encrypt Decrypt Encryption PassWord pcap_ exec attrib start cipher hostname netstat certreq ping expand route |
| URLs |
| http://www.openssl.org/support/faq.html |
| Emails |
| appro@openssl.org |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (bind) |
| Text | Ascii | WinAPI Sockets (listen) |
| Text | Ascii | WinAPI Sockets (accept) |
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Ascii | WinAPI Sockets (send) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Encryption (Blowfish) |
| Text | Unicode | Encryption (Intel Hardware Cryptographic Service Provider) |
| Text | Ascii | Encryption API (CryptAcquireContext) |
| Text | Ascii | Encryption API (CryptReleaseContext) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Anti-Analysis VM (CreateToolhelp32Snapshot) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealer malware focused on obtaining CVV codes to conduct unauthorized transactions (CVV) |
| Text | Ascii | Malicious rerouting of traffic to an attacker-controlled site (Redirect) |
| Entry Point | Hex Pattern | Microsoft Visual C++ v7.0 |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \24\2\1033 | E5058 | 15A | DFA58 | 3C617373656D626C7920786D6C6E733D2275726E3A736368656D61732D6D6963726F736F66742D636F6D3A61736D2E763122 | <assembly xmlns="urn:schemas-microsoft-com:asm.v1" |
| Intelligent String |
| • KERNEL32.DLL • %s.pub • keepalive@openssh.com • (core dumped) • C:\master\master\src\misc.cssh_options_set_algo • ~/.ssh • ssh_options_get/etc/ssh/ssh_config%d/config • zlib@openssh.com • fstatvfs@openssh.com • @@.\crypto\rand\md_rand.cYou need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html • Microsoft Smartcardlogin • msSmartcardLogin • NETAPI32.DLL • ADVAPI32.DLL • value.set • d.ori • d.crl • value.bag • %s.dll • mscoree.dll • .com • .bat • .cmd • .exe • ADVAPI32.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 19ED | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 1CE0 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 2B5F | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 314C | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 3306 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 3689 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 39EA | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 3AA1 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 3CFA | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 3D21 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 3D40 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 4076 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 46E1 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 47A0 | 100AD04C | .text | CALL [static] | Indirect call to absolute memory address |
| 4AD5 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 4B24 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 4BD1 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 58B5 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 5952 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 5CE4 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 69FB | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 76F9 | 100AD228 | .text | CALL [static] | Indirect call to absolute memory address |
| 77A7 | 100AD220 | .text | CALL [static] | Indirect call to absolute memory address |
| 7834 | 100AD224 | .text | CALL [static] | Indirect call to absolute memory address |
| 7C08 | 100AD214 | .text | CALL [static] | Indirect call to absolute memory address |
| 7D7F | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 7DBC | 100AD21C | .text | CALL [static] | Indirect call to absolute memory address |
| 7ECB | 100AD22C | .text | CALL [static] | Indirect call to absolute memory address |
| 7EF7 | 100AD20C | .text | CALL [static] | Indirect call to absolute memory address |
| 7F0C | 100AD22C | .text | CALL [static] | Indirect call to absolute memory address |
| 7F88 | 100AD210 | .text | CALL [static] | Indirect call to absolute memory address |
| 7FB8 | 100AD224 | .text | CALL [static] | Indirect call to absolute memory address |
| 8008 | 100AD21C | .text | CALL [static] | Indirect call to absolute memory address |
| 811F | 100AD060 | .text | CALL [static] | Indirect call to absolute memory address |
| 8314 | 100AD208 | .text | CALL [static] | Indirect call to absolute memory address |
| 8371 | 100AD050 | .text | CALL [static] | Indirect call to absolute memory address |
| 83BC | 100AD1F4 | .text | CALL [static] | Indirect call to absolute memory address |
| 840A | 100AD1F8 | .text | CALL [static] | Indirect call to absolute memory address |
| 8467 | 100AD204 | .text | CALL [static] | Indirect call to absolute memory address |
| 8496 | 100AD050 | .text | CALL [static] | Indirect call to absolute memory address |
| 84D4 | 100AD1FC | .text | CALL [static] | Indirect call to absolute memory address |
| A080 | 100AD06C | .text | CALL [static] | Indirect call to absolute memory address |
| A08E | 100AD0E8 | .text | CALL [static] | Indirect call to absolute memory address |
| A0A8 | 100AD0CC | .text | CALL [static] | Indirect call to absolute memory address |
| A0C9 | 100AD0CC | .text | CALL [static] | Indirect call to absolute memory address |
| AE11 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| BEC5 | 100AD1EC | .text | CALL [static] | Indirect call to absolute memory address |
| D5F3 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| D743 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| D85D | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| DF77 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| E7B7 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| EC08 | 100AD1A0 | .text | CALL [static] | Indirect call to absolute memory address |
| ECA9 | 100AD070 | .text | CALL [static] | Indirect call to absolute memory address |
| F478 | 100AD1EC | .text | CALL [static] | Indirect call to absolute memory address |
| F7A9 | 100AD070 | .text | CALL [static] | Indirect call to absolute memory address |
| F8EA | 100AD070 | .text | CALL [static] | Indirect call to absolute memory address |
| 109E7 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 10B6D | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 10C7C | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 10D24 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 117FA | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 11944 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 11A32 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 11D61 | 100AD1E0 | .text | CALL [static] | Indirect call to absolute memory address |
| 11D93 | 100AD1E4 | .text | CALL [static] | Indirect call to absolute memory address |
| 13168 | 100AD1EC | .text | CALL [static] | Indirect call to absolute memory address |
| 13A16 | 100AD1D8 | .text | CALL [static] | Indirect call to absolute memory address |
| 13DDD | 100E093C | .text | CALL [static] | Indirect call to absolute memory address |
| 161C3 | 100AD1D4 | .text | CALL [static] | Indirect call to absolute memory address |
| 1621E | 100AD1D0 | .text | CALL [static] | Indirect call to absolute memory address |
| 163A8 | 100AD1DC | .text | CALL [static] | Indirect call to absolute memory address |
| 163BF | 100AD224 | .text | CALL [static] | Indirect call to absolute memory address |
| 163F9 | 100AD1CC | .text | CALL [static] | Indirect call to absolute memory address |
| 16411 | 100AD224 | .text | CALL [static] | Indirect call to absolute memory address |
| 16517 | 100AD1C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 1652D | 100AD204 | .text | CALL [static] | Indirect call to absolute memory address |
| 16533 | 100AD224 | .text | CALL [static] | Indirect call to absolute memory address |
| 1670F | 100AD200 | .text | CALL [static] | Indirect call to absolute memory address |
| 168F3 | 100AD1C8 | .text | CALL [static] | Indirect call to absolute memory address |
| 16BB5 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 16C15 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 16C49 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 16C53 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 16C70 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 16C91 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 16CF1 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 16D19 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 16D5C | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 16DAE | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 1931E | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 194F4 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 197F6 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 198E5 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 1A455 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 1A460 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 1A896 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 1AF16 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 1B2B7 | 100AD230 | .text | CALL [static] | Indirect call to absolute memory address |
| 1B6E3 | 100AD234 | .text | CALL [static] | Indirect call to absolute memory address |
| 96504-9653F | N/A | .text | Unusual BP Cave, count: 60 |
| 9A653-9A67F | N/A | .text | Unusual BP Cave, count: 45 |
| 9E650-9E67F | N/A | .text | Unusual BP Cave, count: 48 |
| 9EA42-9EA7F | N/A | .text | Unusual BP Cave, count: 62 |
| 9FFA2-9FFBF | N/A | .text | Unusual BP Cave, count: 30 |
| A0F20-A0F3F | N/A | .text | Unusual BP Cave, count: 32 |
| A1B42-A1B7F | N/A | .text | Unusual BP Cave, count: 62 |
| A6B96-A6BBF | N/A | .text | Unusual BP Cave, count: 42 |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 588857 | 61,6351% |
| Null Byte Code | 132115 | 13,8284% |
| NOP Cave Found | 0x9090909090 | Block Count: 2330 | Total: 0,6097% |
© 2026 All rights reserved.