PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
Icon: Size: 717,50 KBSHA-256 Hash: 5B5A46E9B0BDD2C6397F2E4BF55F22DD7F8ED05991821A4DC2697589D6FADE84 SHA-1 Hash: F0CE344D453075C9C1B70E520EC7ADB0AA79957D MD5 Hash: A6342B64F433F8703807EADF2BA30167 Imphash: BB858A13F039E1E8A314E22CC0C5FE13 MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 94A34 SizeOfHeaders: 400 SizeOfImage: 338B4000 ImageBase: 400000 Architecture: x86 ImportTable: 33893000 Characteristics: 818E TimeDateStamp: 2A425E19 Date: 19/06/1992 22:22:17 File Type: EXE Number Of Sections: 8 ASLR: Disabled Section Names: CODE, DATA, BSS, .idata, .tls, .rdata, .reloc, .rsrc Number Of Executable Sections: 1 Subsystem: Windows GUI [Incomplete Binary or Compressor Packer - 824,00 MB Missing] |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| CODE | 0x60000020 Code Executable Readable |
400 | 93C00 | 1000 | 93AC0 |
|
|
| DATA | 0xC0000040 Initialized Data Readable Writeable |
94000 | 2000 | 95000 | 1F0C |
|
|
| BSS | 0xC0000000 Readable Writeable |
96000 | 0 | 97000 | 337FBA71 |
|
|
| .idata | 0xC0000040 Initialized Data Readable Writeable |
96000 | 2800 | 33893000 | 2690 |
|
|
| .tls | 0xC0000000 Readable Writeable |
98800 | 0 | 33896000 | 10 |
|
|
| .rdata | 0x50000040 Initialized Data Discardable Readable |
98800 | 200 | 33897000 | 18 |
|
|
| .reloc | 0x50000040 Initialized Data Discardable Readable |
98A00 | B600 | 33898000 | B538 |
|
|
| .rsrc | 0x50000040 Initialized Data Discardable Readable |
A4000 | F600 | 338A4000 | F600 |
|
|
| Entry Point |
The section number (1) - (CODE) have the Entry Point Information -> EntryPoint (calculated) - 93E34 Code -> 558BEC83C4F053B8A4464900E87B24F7FF8B1D746C49008B03E8F2A9FCFF8B0D286E49008B038B15F4FD4800E8F7A9FCFF8B Assembler |PUSH EBP |MOV EBP, ESP |ADD ESP, -0X10 |PUSH EBX |MOV EAX, 0X4946A4 |CALL 0XFFF7348C |MOV EBX, DWORD PTR [0X496C74] |MOV EAX, DWORD PTR [EBX] |CALL 0XFFFCBA10 |MOV ECX, DWORD PTR [0X496E28] |MOV EAX, DWORD PTR [EBX] |MOV EDX, DWORD PTR [0X48FDF4] |CALL 0XFFFCBA28 |
| Signatures |
| Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Borland Delphi 7 Detect It Easy (die) • PE: compiler: Borland Delphi(7)[-] • PE: linker: Turbo Linker(2.25*,Delphi)[-] • Entropy: 6.6302 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| Ws2_32.DLL | socket | Possible Call API By Name | Create a communication endpoint for networking applications. |
| Ws2_32.DLL | connect | Possible Call API By Name | Establish a connection to a specified socket. |
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | VirtualAlloc | Reserve, commit, or both, a region of memory within the virtual address space of a process. |
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryA | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | CreateFileA | Creates or opens a file or I/O device. |
| USER32.DLL | CallWindowProcA | Invokes the window procedure for the specified window and messages. |
| Ws2_32.DLL | socket | Create a communication endpoint for networking applications. |
| Ws2_32.DLL | connect | Establish a connection to a specified socket. |
| SHELL32.DLL | ShellExecuteA | Performs a run operation on a specific file. |
| Windows REG |
| SOFTWARE\Borland\Delphi\RTL Software\Borland\Locales Software\Borland\Delphi\Locales System\CurrentControlSet\Control\Keyboard Layouts\%.8x |
| File Access |
| kernel32.dll shell32.dll comctl32.dll oleaut32.dll user32.dll gdi32.dll version.dll advapi32.dll ssleay32.dll libeay32.dll WS2_32.DLL RICHED32.DLL MAPI32.DLL vcltest3.dll imm32.dll uxtheme.dll .txt REY.txt settings.txt Temp |
| File Access (UNICODE) |
| Temp |
| Interest's Words |
| Encrypt PassWord exec attrib start cipher hostname shutdown systeminfo replace |
| Interest's Words (UNICODE) |
| ToolBar PassWord start cipher hostname expand route |
| IP Addresses |
| 127.0.0.1 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (WSACleanup) |
| Text | Ascii | WinAPI Sockets (bind) |
| Text | Unicode | WinAPI Sockets (bind) |
| Text | Ascii | WinAPI Sockets (listen) |
| Text | Ascii | WinAPI Sockets (accept) |
| Text | Unicode | WinAPI Sockets (accept) |
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Unicode | WinAPI Sockets (connect) |
| Text | Ascii | WinAPI Sockets (recv) |
| Text | Ascii | WinAPI Sockets (send) |
| Text | Unicode | WinAPI Sockets (send) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Reconnaissance (FindFirstFileA) |
| Text | Ascii | Reconnaissance (FindNextFileA) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (ExitThread) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (VirtualAlloc) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Execution (ResumeThread) |
| Text | Ascii | Execution (CreateEventA) |
| Text | Unicode | Keyboard Key (Alt+) |
| Text | Ascii | Keyboard Key (Scroll) |
| Text | Unicode | Keyboard Key (Scroll) |
| Text | Ascii | Keyboard Key (UpArrow) |
| Text | Ascii | Unauthorized movement of funds or data (Transfer) |
| Text | Ascii | Malicious rerouting of traffic to an attacker-controlled site (Redirect) |
| Text | Ascii | Technique used to capture communications between systems (Intercept) |
| Entry Point | Hex Pattern | Borland Delphi 4.0 |
| Entry Point | Hex Pattern | Borland Delphi v3.0 |
| Entry Point | Hex Pattern | Borland Delphi v6.0 - v7.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 - Debug |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8.0 (MFC) |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \CURSOR\1\0 | 338A4DD4 | 134 | A4DD4 | 070001002800000020000000400000000100010000000000000200000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\2\0 | 338A4F08 | 134 | A4F08 | 000000002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\3\0 | 338A503C | 134 | A503C | 000000002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\4\0 | 338A5170 | 134 | A5170 | 0E000C002800000020000000400000000100010000000000800000000000000000000000020000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\5\0 | 338A52A4 | 134 | A52A4 | 10000E002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\6\0 | 338A53D8 | 134 | A53D8 | 000000002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \CURSOR\7\0 | 338A550C | 134 | A550C | 020002002800000020000000400000000100010000000000800000000000000000000000000000000000000000000000FFFF | ....(... ...@..................................... |
| \BITMAP\BBABORT\0 | 338A5640 | 1D0 | A5640 | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBALL\0 | 338A5810 | 1E4 | A5810 | 28000000240000001300000001000400000000007C0100000000000000000000100000000000000000000000000080000080 | (...$...............|............................. |
| \BITMAP\BBCANCEL\0 | 338A59F4 | 1D0 | A59F4 | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBCLOSE\0 | 338A5BC4 | 1D0 | A5BC4 | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBHELP\0 | 338A5D94 | 1D0 | A5D94 | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBIGNORE\0 | 338A5F64 | 1D0 | A5F64 | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBNO\0 | 338A6134 | 1D0 | A6134 | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBOK\0 | 338A6304 | 1D0 | A6304 | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBRETRY\0 | 338A64D4 | 1D0 | A64D4 | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\BBYES\0 | 338A66A4 | 1D0 | A66A4 | 2800000024000000120000000100040000000000680100000000000000000000100000000000000000000000000080000080 | (...$...............h............................. |
| \BITMAP\PREVIEWGLYPH\1049 | 338A6874 | E8 | A6874 | 2800000010000000100000000100040000000000800000000000000000000000000000000000000000000000000080000080 | (................................................. |
| \ICON\1\1049 | 338A695C | 3228 | A695C | 28000000400000008000000001001800000000000030000000000000000000000000000000000000EFF1F2EEF0F1EEF0F1ED | (...@................0............................ |
| \DIALOG\DLGTEMPLATE\0 | 338A9B84 | 52 | A9B84 | 44040054000000000100000000003C014C0000000000000008004D0053002000530061006E00730020005300650072006900660000000000000002400000000000000000CC004C005F04FFFF820000000000 | D..T..........<.L.........M.S. .S.a.n.s. .S.e.r.i.f........@..........L._......... |
| \STRING\4072\0 | 338A9BD8 | 1B0 | A9BD8 | 21004500720072006F0072002000620069006E00640069006E00670020006400610074006100200074006F00200053005300 | !.E.r.r.o.r. .b.i.n.d.i.n.g. .d.a.t.a. .t.o. .S.S. |
| \STRING\4073\0 | 338A9D88 | 368 | A9D88 | 1D00470065006E006500720061006C00200053004F0043004B00530020007300650072007600650072002000660061006900 | ..G.e.n.e.r.a.l. .S.O.C.K.S. .s.e.r.v.e.r. .f.a.i. |
| \STRING\4074\0 | 338AA0F0 | 3F8 | AA0F0 | 230054006F006F0020006D0061006E00790020007200650066006500720065006E006300650073002C002000630061006E00 | .T.o.o. .m.a.n.y. .r.e.f.e.r.e.n.c.e.s.,. .c.a.n. |
| \STRING\4075\0 | 338AA4E8 | 3EC | AA4E8 | 1700500072006F0074006F0063006F006C0020006E006F007400200073007500700070006F0072007400650064002E001A00 | ..P.r.o.t.o.c.o.l. .n.o.t. .s.u.p.p.o.r.t.e.d..... |
| \STRING\4076\0 | 338AA8D4 | 310 | AA8D4 | 150053006F0063006B006500740020004500720072006F007200200023002000250064000D000A00250073001D0025007300 | ..S.o.c.k.e.t. .E.r.r.o.r. .. .%.d.....%.s...%.s. |
| \STRING\4077\0 | 338AABE4 | 340 | AABE4 | 2400430061006E0020006E006F0074002000620069006E006400200069006E00200070006F00720074002000720061006E00 | $.C.a.n. .n.o.t. .b.i.n.d. .i.n. .p.o.r.t. .r.a.n. |
| \STRING\4078\0 | 338AAF24 | 430 | AAF24 | 15004600610069006C0065006400200074006F00200053006100760065002000530074007200650061006D00450025006400 | ..F.a.i.l.e.d. .t.o. .S.a.v.e. .S.t.r.e.a.m.E.%.d. |
| \STRING\4079\0 | 338AB354 | 360 | AB354 | 0A005300630072006F006C006C0020004200610072000E003300440020004400610072006B00200053006800610064006F00 | ..S.c.r.o.l.l. .B.a.r...3.D. .D.a.r.k. .S.h.a.d.o. |
| \STRING\4080\0 | 338AB6B4 | 1DC | AB6B4 | 100042007500740074006F006E00200048006900670068006C0069006700680074000D0042007500740074006F006E002000 | ..B.u.t.t.o.n. .H.i.g.h.l.i.g.h.t...B.u.t.t.o.n. . |
| \STRING\4081\0 | 338AB890 | 154 | AB890 | 030052006500640004004C0069006D0065000600590065006C006C006F007700040042006C00750065000700460075006300 | ..R.e.d...L.i.m.e...Y.e.l.l.o.w...B.l.u.e...F.u.c. |
| \STRING\4082\0 | 338AB9E4 | 268 | AB9E4 | 1B0020002D00200044006F0063006B0020007A006F006E006500200068006100730020006E006F00200063006F006E007400 | .. .-. .D.o.c.k. .z.o.n.e. .h.a.s. .n.o. .c.o.n.t. |
| \STRING\4083\0 | 338ABC4C | 2DC | ABC4C | 040044006F0077006E00030049006E0073000300440065006C000600530068006900660074002B0005004300740072006C00 | ..D.o.w.n...I.n.s...D.e.l...S.h.i.f.t.+...C.t.r.l. |
| \STRING\4084\0 | 338ABF28 | DC | ABF28 | 07002600490067006E006F00720065000400260041006C006C000A004E0026006F00200074006F00200041006C006C000B00 | ..&.I.g.n.o.r.e...&.A.l.l...N.&.o. .t.o. .A.l.l... |
| \STRING\4085\0 | 338AC004 | 18C | AC004 | 120045006E00680061006E0063006500640020004D00650074006100660069006C00650073000500490063006F006E007300 | ..E.n.h.a.n.c.e.d. .M.e.t.a.f.i.l.e.s...I.c.o.n.s. |
| \STRING\4086\0 | 338AC190 | 224 | AC190 | 08002500730020006F006E002000250073004000470072006F007500700049006E006400650078002000630061006E006E00 | ..%.s. .o.n. .%.s.@.G.r.o.u.p.I.n.d.e.x. .c.a.n.n. |
| \STRING\4087\0 | 338AC3B4 | 404 | AC3B4 | 28004600610069006C0065006400200074006F00200077007200690074006500200049006D006100670065004C0069007300 | (.F.a.i.l.e.d. .t.o. .w.r.i.t.e. .I.m.a.g.e.L.i.s. |
| \STRING\4088\0 | 338AC7B8 | 3B4 | AC7B8 | 1200530074007200650061006D0020007700720069007400650020006500720072006F007200190054006800720065006100 | ..S.t.r.e.a.m. .w.r.i.t.e. .e.r.r.o.r...T.h.r.e.a. |
| \STRING\4089\0 | 338ACB6C | 3C4 | ACB6C | 150049006E00760061006C00690064002000700072006F007000650072007400790020007000610074006800160049006E00 | ..I.n.v.a.l.i.d. .p.r.o.p.e.r.t.y. .p.a.t.h...I.n. |
| \STRING\4090\0 | 338ACF30 | 480 | ACF30 | 2A00430061006E0027007400200077007200690074006500200074006F0020006100200072006500610064002D006F006E00 | *.C.a.n.'.t. .w.r.i.t.e. .t.o. .a. .r.e.a.d.-.o.n. |
| \STRING\4091\0 | 338AD3B0 | 160 | AD3B0 | 03004D006F006E00030054007500650003005700650064000300540068007500030046007200690003005300610074000600 | ..M.o.n...T.u.e...W.e.d...T.h.u...F.r.i...S.a.t... |
| \STRING\4092\0 | 338AD510 | EC | AD510 | 03004F006300740003004E006F007600030044006500630007004A0061006E00750061007200790008004600650062007200 | ..O.c.t...N.o.v...D.e.c...J.a.n.u.a.r.y...F.e.b.r. |
| \STRING\4093\0 | 338AD5FC | 20C | AD5FC | 170049006E00740065007200660061006300650020006E006F007400200073007500700070006F0072007400650064001C00 | ..I.n.t.e.r.f.a.c.e. .n.o.t. .s.u.p.p.o.r.t.e.d... |
| \STRING\4094\0 | 338AD808 | 3D0 | AD808 | 05005700720069007400650024004500720072006F00720020006300720065006100740069006E0067002000760061007200 | ..W.r.i.t.e.$.E.r.r.o.r. .c.r.e.a.t.i.n.g. .v.a.r. |
| \STRING\4095\0 | 338ADBD8 | 374 | ADBD8 | 1F0046006C006F006100740069006E006700200070006F0069006E00740020006400690076006900730069006F006E002000 | ..F.l.o.a.t.i.n.g. .p.o.i.n.t. .d.i.v.i.s.i.o.n. . |
| \STRING\4096\0 | 338ADF4C | 2C4 | ADF4C | 2100270025007300270020006900730020006E006F007400200061002000760061006C0069006400200069006E0074006500 | !.'.%.s.'. .i.s. .n.o.t. .a. .v.a.l.i.d. .i.n.t.e. |
| \RCDATA\DVCLAL\0 | 338AE210 | 10 | AE210 | 263D4F38C28237B8F3244203179B3A83 | &=O8..7..$B...:. |
| \RCDATA\PACKAGEINFO\0 | 338AE220 | 568 | AE220 | 010000CC0000000071000000013750726F6A656374310010BA556E6974360000EE556E6974310000F8556E69743200109145 | ........q....7Project1...Unit6...Unit1...Unit2...E |
| \RCDATA\TFORM1\0 | 338AE788 | 3895 | AE788 | 545046300654466F726D3105466F726D31044C656674026603546F7003870005576964746803D70206486569676874030802 | TPF0.TForm1.Form1.Left.f.Top....Width....Height... |
| \RCDATA\TFORM2\0 | 338B2020 | 247 | B2020 | 545046300654466F726D3205466F726D32044C656674034C0103546F7003F8000557696474680353010648656967687403E0 | TPF0.TForm2.Form2.Left.L..Top....Width.S..Height.. |
| \RCDATA\TFORM4\0 | 338B2268 | 1E1 | B2268 | 545046300654466F726D3405466F726D34044C65667403E90003546F7003C4000557696474680391020648656967687403B7 | TPF0.TForm4.Form4.Left....Top....Width....Height.. |
| \RCDATA\TFORM5\0 | 338B244C | 640 | B244C | 545046300654466F726D3505466F726D35044C65667403DC0003546F70038D000557696474680383020648656967687403BB | TPF0.TForm5.Form5.Left....Top....Width....Height.. |
| \RCDATA\TFORM6\0 | 338B2A8C | 333 | B2A8C | 545046300654466F726D3605466F726D36044C65667403800103546F7002770557696474680353010648656967687403AB00 | TPF0.TForm6.Form6.Left....Top.w.Width.S..Height... |
| \RCDATA\TFORM7\0 | 338B2DC0 | 2B8 | B2DC0 | 545046300654466F726D3705466F726D37044C656674030D0103546F70026205576964746803480106486569676874036A01 | TPF0.TForm7.Form7.Left....Top.b.Width.H..Height.j. |
| \GROUP_CURSOR\32761\0 | 338B3078 | 14 | B3078 | 0000020001002000400001000100340100000100 | ...... .@.....4..... |
| \GROUP_CURSOR\32762\0 | 338B308C | 14 | B308C | 0000020001002000400001000100340100000200 | ...... .@.....4..... |
| \GROUP_CURSOR\32763\0 | 338B30A0 | 14 | B30A0 | 0000020001002000400001000100340100000300 | ...... .@.....4..... |
| \GROUP_CURSOR\32764\0 | 338B30B4 | 14 | B30B4 | 0000020001002000400001000100340100000400 | ...... .@.....4..... |
| \GROUP_CURSOR\32765\0 | 338B30C8 | 14 | B30C8 | 0000020001002000400001000100340100000500 | ...... .@.....4..... |
| \GROUP_CURSOR\32766\0 | 338B30DC | 14 | B30DC | 0000020001002000400001000100340100000600 | ...... .@.....4..... |
| \GROUP_CURSOR\32767\0 | 338B30F0 | 14 | B30F0 | 0000020001002000400001000100340100000700 | ...... .@.....4..... |
| \GROUP_ICON\MAINICON\1049 | 338B3104 | 14 | B3104 | 0000010001004040000001001800283200000100 | ......@@......(2.... |
| \24\1\1049 | 338B3118 | 2F0 | B3118 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • kernel32.dll • .txt • settings.txt • comctl32.dll • .tls • oleaut32.dll • .wmf • USER32.DLL • vcltest3.dll • User32.dll • MAPI32.DLL • RICHED32.DLL • WS2_32.DLL • 127.0.0.1 • libeay32.dll • ssleay32.dll • SSL_CTX_set_default_passwd_cb • SSL_CTX_set_default_passwd_cb_userdata • CloseHandleuser32.dll • CharNextAadvapi32.dll • RegCloseKeyoleaut32.dll • advapi32.dll • RegCloseKeykernel32.dll • CloseHandleversion.dll • user32.dll • Sleepoleaut32.dll • VariantInitcomctl32.dll • winspool.drv • shell32.dll • ShellExecuteAkernel32.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 61C | 33C93208 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 624 | 33C93204 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 62C | 33C93200 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 634 | 33C931FC | CODE | JMP [static] | Indirect jump to absolute memory address |
| 63C | 33C931F8 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 644 | 33C931F4 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 64C | 33C931F0 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 654 | 33C931EC | CODE | JMP [static] | Indirect jump to absolute memory address |
| 65C | 33C931E8 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 664 | 33C931E4 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 66C | 33C931E0 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 674 | 33C931DC | CODE | JMP [static] | Indirect jump to absolute memory address |
| 67C | 33C9321C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 684 | 33C931D8 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 68C | 33C931D4 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 694 | 33C931D0 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 69C | 33C93218 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6A4 | 33C931CC | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6AC | 33C931C8 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6B4 | 33C931C4 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6BC | 33C931C0 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6C4 | 33C931BC | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6CC | 33C931B8 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6D4 | 33C931B4 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6DC | 33C931B0 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6E4 | 33C931AC | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6EC | 33C931A8 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6F4 | 33C931A4 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6FC | 33C931A0 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 704 | 33C93214 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 70C | 33C9319C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 714 | 33C93198 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 71C | 33C93194 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 724 | 33C9322C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 72C | 33C93228 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 734 | 33C93224 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 73C | 33C93190 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 744 | 33C9318C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 74C | 33C9323C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 754 | 33C93238 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 75C | 33C93234 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 764 | 33C93188 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 76C | 33C93184 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 774 | 33C93180 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 77C | 33C9317C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 784 | 33C93178 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 78C | 33C93174 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 7B8 | 33C93170 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 7C0 | 33C9316C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 7C8 | 33C93168 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 7D0 | 33C93164 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 7D8 | 33C93160 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 7E0 | 33C9315C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 7E8 | 33C93158 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 7F0 | 33C93154 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 19E0 | 3D800040 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 1EBA | 495044 | CODE | CALL [static] | Indirect call to absolute memory address |
| 1EE5 | 495048 | CODE | CALL [static] | Indirect call to absolute memory address |
| 1F0D | 49504C | CODE | CALL [static] | Indirect call to absolute memory address |
| 1F26 | 495048 | CODE | CALL [static] | Indirect call to absolute memory address |
| 1F3F | 495044 | CODE | CALL [static] | Indirect call to absolute memory address |
| 1FFA | 497008 | CODE | CALL [static] | Indirect call to absolute memory address |
| 235D | 497028 | CODE | CALL [static] | Indirect call to absolute memory address |
| 3060 | 33C93210 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 307D | FF00 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 35E8 | 497014 | CODE | CALL [static] | Indirect call to absolute memory address |
| 3606 | 497014 | CODE | CALL [static] | Indirect call to absolute memory address |
| 361E | 497014 | CODE | CALL [static] | Indirect call to absolute memory address |
| 3690 | 497014 | CODE | CALL [static] | Indirect call to absolute memory address |
| 36B0 | 497014 | CODE | CALL [static] | Indirect call to absolute memory address |
| 36CD | 497014 | CODE | CALL [static] | Indirect call to absolute memory address |
| 37AA | 497018 | CODE | CALL [static] | Indirect call to absolute memory address |
| 38AF | 497010 | CODE | CALL [static] | Indirect call to absolute memory address |
| 3932 | 497018 | CODE | CALL [static] | Indirect call to absolute memory address |
| 39E5 | 497014 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 3B16 | FF | CODE | JMP [static] | Indirect jump to absolute memory address |
| 3B68 | 497018 | CODE | CALL [static] | Indirect call to absolute memory address |
| 3E4F | 497234 | CODE | CALL [static] | Indirect call to absolute memory address |
| 3F6F | 497024 | CODE | CALL [static] | Indirect call to absolute memory address |
| 4B39 | 495010 | CODE | CALL [static] | Indirect call to absolute memory address |
| 4C79 | 495014 | CODE | CALL [static] | Indirect call to absolute memory address |
| 4D51 | 495018 | CODE | CALL [static] | Indirect call to absolute memory address |
| 618F | 495018 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 61A0 | FF | CODE | JMP [static] | Indirect jump to absolute memory address |
| 61E4 | 33C93250 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 61EC | 33C9324C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 61F4 | 33C93248 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 61FC | 33C93244 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6510 | 33C93260 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6518 | 33C9325C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6520 | 33C93258 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6528 | 33C93390 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6530 | 33C9338C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6538 | 33C93388 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6540 | 33C93384 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6548 | 33C93380 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6550 | 33C9337C | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6558 | 33C93378 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6560 | 33C93374 | CODE | JMP [static] | Indirect jump to absolute memory address |
| 6568 | 33C93370 | CODE | JMP [static] | Indirect jump to absolute memory address |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 439861 | 59,8678% |
| Null Byte Code | 110603 | 15,0538% |
© 2026 All rights reserved.