PESCAN.IO - Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

PE Chart Code

Header PE (light blue)

Executable sections (pink)

Non-executable sections (black)

External injected code (red)

File Structure in red = malformed or corrupted header

Chart Code For Other Files

Printable characters (blue)

Non-printable characters (black)

Information

Icon:

Size: 4,55 MB
SHA-256 Hash: 037A1E906B60E7D8DD98E2BBBE38956B9B81D1EC96445EFBB650842DCC7418DB
SHA-1 Hash: ABE4A9E773627CED229AB6CE344CA798B1B24695
MD5 Hash: AE9581CB7DFD9FC1C6A4806D7C67B923
Imphash: 46CE5C12B293FEBBEB513B196AA7F843
MajorOSVersion: 4
MinorOSVersion: 0
CheckSum: 00493708
EntryPoint (rva): 369F
SizeOfHeaders: 400
SizeOfImage: 1EB000
ImageBase: 400000
Architecture: x86
ImportTable: 84FC
IAT: 8000
Characteristics: 10F
TimeDateStamp: 67CCCD30
Date: 08/03/2025 23:05:20
File Type: EXE
Number Of Sections: 5
ASLR: Enabled
Section Names: .text, .rdata, .data, .ndata, .rsrc
Number Of Executable Sections: 1
Subsystem: Windows GUI
UAC Execution Level Manifest: asInvoker

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
.text	0x60000020 Code Executable Readable	400	6800	1000	6711	6.4541	200416.27
.rdata	0x40000040 Initialized Data Readable	6C00	1400	8000	1358	5.0997	139135.8
.data	0xC0000040 Initialized Data Readable Writeable	8000	600	A000	62378	4.1204	80452
.ndata	0xC0000080 Uninitialized Data Readable Writeable	0	0	6D000	160000	N/A	N/A
.rsrc	0x40000040 Initialized Data Readable	8600	1DA00	1CD000	1D880	7.1281	1019343.53

Description

OriginalFilename: CrystalDiskInfoPortable_9.8.0.paf.exe
CompanyName: PortableApps.com
LegalCopyright: 2007-2026 PortableApps.com, PortableApps.com Installer 3.9.9.0
LegalTrademarks: PortableApps.com is a registered trademark of Rare Ideas, LLC.
ProductName: CrystalDiskInfo Portable
FileVersion: 9.8.0.0
FileDescription: CrystalDiskInfo Portable
ProductVersion: 9.8.0.0
Comments: For additional details, visit PortableApps.com
Language: English (United States) (ID=0x409)
CodePage: Unicode (UTF-16 LE) (0x4B0)

Binder/Joiner/Crypter

Dropper code detected (EOF) - 2,63 MB

Entry Point

The section number (1) - (.text) have the Entry Point
Information -> EntryPoint (calculated) - 2A9F
Code -> 81ECF80300005556576A205F33ED6801800000896C2420C744241830A24000896C2414FF159C8040008B35A08040008D4424

Assembler

|SUB ESP, 0X3F8

|PUSH EBP

|PUSH ESI

|PUSH EDI

|PUSH 0X20

|POP EDI

|XOR EBP, EBP

|PUSH 0X8001

|MOV DWORD PTR [ESP + 0X20], EBP

|MOV DWORD PTR [ESP + 0X18], 0X40A230

|MOV DWORD PTR [ESP + 0X14], EBP

|CALL DWORD PTR [0X40809C]

|MOV ESI, DWORD PTR [0X4080A0]

Signatures

Rich Signature Analyzer:
Code -> AD312081E9504ED2E9504ED2E9504ED22A5F11D2EB504ED2E9504FD24A504ED22A5F13D2E6504ED2BD737ED2E3504ED22E5648D2E8504ED252696368E9504ED2
Footprint md5 Hash -> 082F1D2C935AFD7F2772501AF0260BC8
• The Rich header apparently has not been modified
Certificate - Digital Signature:
• The file is signed and the signature is correct

Packer/Compiler

Compiler: Nullsoft Install System - Version: v3.11
Detect It Easy (die)
• PE: installer: Nullsoft Scriptable Install System(3.11)[lzma,solid]
• PE: linker: Microsoft Linker(6.0*)[-]
• PE: overlay: NSIS data(-)[-]
• Entropy: 7.99508

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	GetModuleHandleA	Retrieves a handle to the specified module.
KERNEL32.DLL	CopyFileW	Copies an existing file to a new file.
KERNEL32.DLL	WriteFile	Writes data to a specified file or input/output (I/O) device.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
SHELL32.DLL	ShellExecuteExW	Performs a run operation on a specific file.

Windows REG (UNICODE)

Software\Microsoft\Windows\CurrentVersion

File Access

Nullsoft.NSIS.exe
KERNEL32.dll
GDI32.dll
USER32.dll
COMCTL32.dll
ole32.dll
SHELL32.dll
ADVAPI32.dll
@.dat
Temp

File Access (UNICODE)

paf.exe
%s%S.dll
Temp

Interest's Words

exec
attrib
shutdown
ping
expand

Interest's Words (UNICODE)

shutdown

URLs

http://schemas.microsoft.com/SMI/2005/WindowsSettings
http://ocsp.globalsign.com/rootr30;
http://secure.globalsign.com/cacert/root-r3.crt
http://crl.globalsign.com/root-r3.crl
http://ocsp.globalsign.com/codesigningrootr450F
http://secure.globalsign.com/cacert/codesigningrootr45.crt
http://crl.globalsign.com/codesigningrootr45.crl
http://secure.globalsign.com/cacert/gsgccr45codesignca2020.crt
http://ocsp.globalsign.com/gsgccr45codesignca20200V
http://crl.globalsign.com/gsgccr45codesignca2020.crl
http://ocsp.globalsign.com/gsoffliner45timestampca20250O
http://secure.globalsign.com/cacert/gsoffliner45timestampca2025.crt
http://crl.globalsign.com/gsoffliner45timestampca2025.crl
http://ocsp.globalsign.com/timestamprootr450D
http://secure.globalsign.com/cacert/timestamprootr45.crt
http://crl.globalsign.com/timestamprootr45.crl
http://ocsp2.globalsign.com/rootr60;
http://secure.globalsign.com/cacert/root-r6.crt
http://crl.globalsign.com/root-r6.crl
https://www.globalsign.com/repository/

URLs (UNICODE)

http://nsis.sf.net/NSIS_Error

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	Registry (RegCreateKeyEx)
Text	Ascii	Registry (RegOpenKeyEx)
Text	Ascii	Registry (RegSetValueEx)
Text	Ascii	Registry (RegDeleteKeyEx)
Text	Ascii	File (GetTempPath)
Text	Ascii	File (CopyFile)
Text	Ascii	File (CreateFile)
Text	Ascii	File (WriteFile)
Text	Ascii	File (ReadFile)
Text	Ascii	Anti-Analysis VM (GetVersion)
Text	Ascii	Reconnaissance (FindFirstFileW)
Text	Ascii	Reconnaissance (FindNextFileW)
Text	Ascii	Reconnaissance (FindClose)
Text	Ascii	Stealth (CloseHandle)
Text	Ascii	Execution (CreateProcessW)
Text	Ascii	Execution (ShellExecute)
Text	Unicode	Privileges (SeShutdownPrivilege)
Text	Ascii	Stealer malware focused on obtaining CVV codes to conduct unauthorized transactions (CVV)

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\ICON\1\1033	1CDB98	12524	9198	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A8660000FFFF4944415478DAECBD07981CD775	.PNG........IHDR.............\r.f....IDATx.......u
\ICON\2\1033	1E00C0	25A8	1B6C0	2800000030000000600000000100200000000000000000000000000000000000000000000000000000000000000000000000	(...0........ ...................................
\ICON\3\1033	1E2668	10A8	1DC68	2800000020000000400000000100200000000000000000000000000000000000000000000000000000000000000000000000	(... ...@..... ...................................
\ICON\4\1033	1E3710	EA8	1ED10	2800000030000000600000000100080000000000000000000000000000000000000000000000000000000000010119001716	(...0............................................
\ICON\5\1033	1E45B8	988	1FBB8	2800000018000000300000000100200000000000000000000000000000000000000000000000000000000000000000000000	(.......0..... ...................................
\ICON\6\1033	1E4F40	8A8	20540	280000002000000040000000010008000000000000000000000000000000000000000000000000000000000019191D00090C	(... ...@.........................................
\ICON\7\1033	1E57E8	568	20DE8	280000001000000020000000010008000000000000000000000000000000000000000000000000000000000046403400181C	(....... ...................................F@4...
\ICON\8\1033	1E5D50	468	21350	2800000010000000200000000100200000000000000000000000000000000000000000000000000000000000000000000000	(....... ..... ...................................
\DIALOG\103\1033	1E61B8	120	217B8	0100FFFF0000000000000000480400400700000000002C018C000000000000000800000000014D0053002000530068006500	............H..@......,...............M.S. .S.h.e.
\DIALOG\105\1033	1E62D8	200	218D8	0100FFFF00000000000000004808CA800E00000000004B01DE000000000000000800000000014D0053002000530068006500	............H.........K...............M.S. .S.h.e.
\DIALOG\106\1033	1E64D8	F8	21AD8	0100FFFF0000000000000000480400400400000000002C018C000000000000000800000000014D0053002000530068006500	............H..@......,...............M.S. .S.h.e.
\DIALOG\111\1033	1E65D0	EE	21BD0	0100FFFF0000000000000000C8080080030000000000A7002B000000000000000800000000014D0053002000530068006500	........................+.............M.S. .S.h.e.
\DIALOG\203\1033	1E66C0	120	21CC0	0100FFFF0000000000700000480400400700000000002C018C000000000000000800000000014D0053002000530068006500	.........p..H..@......,...............M.S. .S.h.e.
\DIALOG\205\1033	1E67E0	200	21DE0	0100FFFF00000000007000004808CA800E00000000004B01DE000000000000000800000000014D0053002000530068006500	.........p..H.........K...............M.S. .S.h.e.
\DIALOG\206\1033	1E69E0	F8	21FE0	0100FFFF0000000000700000480400400400000000002C018C000000000000000800000000014D0053002000530068006500	.........p..H..@......,...............M.S. .S.h.e.
\DIALOG\211\1033	1E6AD8	EE	220D8	0100FFFF0000000000700000C8080080030000000000A7002B000000000000000800000000014D0053002000530068006500	.........p..............+.............M.S. .S.h.e.
\DIALOG\303\1033	1E6BC8	120	221C8	0100FFFF0000000000700000480400400700000000002C018C000000000000000800000000014D0053002000530068006500	.........p..H..@......,...............M.S. .S.h.e.
\DIALOG\305\1033	1E6CE8	200	222E8	0100FFFF00000000007000004808CA800E00000000004B01DE000000000000000800000000014D0053002000530068006500	.........p..H.........K...............M.S. .S.h.e.
\DIALOG\306\1033	1E6EE8	F8	224E8	0100FFFF0000000000700000480400400400000000002C018C000000000000000800000000014D0053002000530068006500	.........p..H..@......,...............M.S. .S.h.e.
\DIALOG\311\1033	1E6FE0	EE	225E0	0100FFFF0000000000700000C8080080030000000000A7002B000000000000000800000000014D0053002000530068006500	.........p..............+.............M.S. .S.h.e.
\DIALOG\403\1033	1E70D0	120	226D0	0100FFFF0000000000700000480400400700000000002C018C000000000000000800000000014D0053002000530068006500	.........p..H..@......,...............M.S. .S.h.e.
\DIALOG\405\1033	1E71F0	200	227F0	0100FFFF00000000007000004808CA800E00000000004B01DE000000000000000800000000014D0053002000530068006500	.........p..H.........K...............M.S. .S.h.e.
\DIALOG\406\1033	1E73F0	F8	229F0	0100FFFF0000000000700000480400400400000000002C018C000000000000000800000000014D0053002000530068006500	.........p..H..@......,...............M.S. .S.h.e.
\DIALOG\411\1033	1E74E8	EE	22AE8	0100FFFF0000000000700000C8080080030000000000A7002B000000000000000800000000014D0053002000530068006500	.........p..............+.............M.S. .S.h.e.
\DIALOG\503\1033	1E75D8	118	22BD8	0100FFFF0000000000000000400400400700000000002C018C000000000000000900000000012DFF33FF200030FFB430B730	............@..@......,...............-.3. .0..0.0
\DIALOG\505\1033	1E76F0	1F8	22CF0	0100FFFF00000000000000004008CA800E00000000004B01DE000000000000000900000000012DFF33FF200030FFB430B730	............@.........K...............-.3. .0..0.0
\DIALOG\506\1033	1E78E8	F0	22EE8	0100FFFF0000000000000000400400400400000000002C018C000000000000000900000000012DFF33FF200030FFB430B730	............@..@......,...............-.3. .0..0.0
\DIALOG\511\1033	1E79D8	E6	22FD8	0100FFFF0000000000000000C0080080030000000000A7002B000000000000000900000000012DFF33FF200030FFB430B730	........................+.............-.3. .0..0.0
\DIALOG\603\1033	1E7AC0	10C	230C0	0100FFFF0000000000000000400400400700000000002C018C0000000000000009000000000174ADBCB90000000000000000	............@..@......,...............t...........
\DIALOG\605\1033	1E7BD0	1EC	231D0	0100FFFF00000000000000004008CA800E00000000004B01DE0000000000000009000000000174ADBCB90000000000000000	............@.........K...............t...........
\DIALOG\606\1033	1E7DC0	E4	233C0	0100FFFF0000000000000000400400400400000000002C018C0000000000000009000000000174ADBCB90000000000000000	............@..@......,...............t...........
\DIALOG\611\1033	1E7EA8	DA	234A8	0100FFFF0000000000000000C0080080030000000000A7002B0000000000000009000000000174ADBCB90000000000000000	........................+.............t...........
\DIALOG\703\1033	1E7F88	120	23588	0100FFFF0000000000700000480400400700000000002C018C000000000000000800000000014D0053002000530068006500	.........p..H..@......,...............M.S. .S.h.e.
\DIALOG\705\1033	1E80A8	200	236A8	0100FFFF00000000007000004808CA800E00000000004B01DE000000000000000800000000014D0053002000530068006500	.........p..H.........K...............M.S. .S.h.e.
\DIALOG\706\1033	1E82A8	F8	238A8	0100FFFF0000000000700000480400400400000000002C018C000000000000000800000000014D0053002000530068006500	.........p..H..@......,...............M.S. .S.h.e.
\DIALOG\711\1033	1E83A0	EE	239A0	0100FFFF0000000000700000C8080080030000000000A7002B000000000000000800000000014D0053002000530068006500	.........p..............+.............M.S. .S.h.e.
\DIALOG\803\1033	1E8490	10C	23A90	0100FFFF0000000000000000400400400700000000002C018C000000000000000900000000018B5B534F0000000000000000	............@..@......,................[SO........
\DIALOG\805\1033	1E85A0	1EC	23BA0	0100FFFF00000000000000004008CA800E00000000004B01DE000000000000000900000000018B5B534F0000000000000000	............@.........K................[SO........
\DIALOG\806\1033	1E8790	E4	23D90	0100FFFF0000000000000000400400400400000000002C018C000000000000000900000000018B5B534F0000000000000000	............@..@......,................[SO........
\DIALOG\811\1033	1E8878	DA	23E78	0100FFFF0000000000000000C0080080030000000000A7002B000000000000000900000000018B5B534F0000000000000000	........................+..............[SO........
\DIALOG\903\1033	1E8958	110	23F58	0100FFFF0000000000000000400400400700000000002C018C00000000000000090000000001B065307D0E66D49A00000000	............@..@......,................e0}.f......
\DIALOG\905\1033	1E8A68	1F0	24068	0100FFFF00000000000000004008CA800E00000000004B01DE00000000000000090000000001B065307D0E66D49A00000000	............@.........K................e0}.f......
\DIALOG\906\1033	1E8C58	E8	24258	0100FFFF0000000000000000400400400400000000002C018C00000000000000090000000001B065307D0E66D49A00000000	............@..@......,................e0}.f......
\DIALOG\911\1033	1E8D40	DE	24340	0100FFFF0000000000000000C0080080030000000000A7002B00000000000000090000000001B065307D0E66D49A00000000	........................+..............e0}.f......
\DIALOG\1003\1033	1E8E20	130	24420	0100FFFF0000000000000000400400400700000000002C018C000000000000000800000000014C0075006300690064006100	............@..@......,...............L.u.c.i.d.a.
\DIALOG\1005\1033	1E8F50	210	24550	0100FFFF00000000000000004008CA800E00000000004B01DE000000000000000800000000014C0075006300690064006100	............@.........K...............L.u.c.i.d.a.
\DIALOG\1006\1033	1E9160	108	24760	0100FFFF0000000000000000400400400400000000002C018C000000000000000800000000014C0075006300690064006100	............@..@......,...............L.u.c.i.d.a.
\DIALOG\1011\1033	1E9268	FE	24868	0100FFFF0000000000000000C0080080030000000000A7002B000000000000000800000000014C0075006300690064006100	........................+.............L.u.c.i.d.a.
\DIALOG\1103\1033	1E9368	120	24968	0100FFFF0000000000700000480400400700000000002C018C000000000000000800000000014D0053002000530068006500	.........p..H..@......,...............M.S. .S.h.e.
\DIALOG\1105\1033	1E9488	200	24A88	0100FFFF00000000007000004808CA800E00000000004B01DE000000000000000800000000014D0053002000530068006500	.........p..H.........K...............M.S. .S.h.e.
\DIALOG\1106\1033	1E9688	F8	24C88	0100FFFF0000000000700000480400400400000000002C018C000000000000000800000000014D0053002000530068006500	.........p..H..@......,...............M.S. .S.h.e.
\DIALOG\1111\1033	1E9780	EE	24D80	0100FFFF0000000000700000C8080080030000000000A7002B000000000000000800000000014D0053002000530068006500	.........p..............+.............M.S. .S.h.e.
\DIALOG\1203\1033	1E9870	114	24E70	0100FFFF0000000000700000400400400700000000002C018C0000000000000009000000000141007200690061006C000000	.........p..@..@......,...............A.r.i.a.l...
\DIALOG\1205\1033	1E9988	1F4	24F88	0100FFFF00000000007000004008CA800E00000000004B01DE0000000000000009000000000141007200690061006C000000	.........p..@.........K...............A.r.i.a.l...
\DIALOG\1206\1033	1E9B80	EC	25180	0100FFFF0000000000700000400400400400000000002C018C0000000000000009000000000141007200690061006C000000	.........p..@..@......,...............A.r.i.a.l...
\DIALOG\1211\1033	1E9C70	E2	25270	0100FFFF0000000000700000C0080080030000000000A7002B0000000000000009000000000141007200690061006C000000	.........p..............+.............A.r.i.a.l...
\GROUP_ICON\103\1033	1E9D58	76	25358	0000010008003030000001000800A80E000004002020000001000800A8080000060010100000010008006805000007000000	......00............ ....................h.......
\VERSION\1\1033	1E9DD0	5C8	253D0	C80534000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000000000800	..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\1033	1EA398	4E1	25998	3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279	<?xml version="1.0" encoding="UTF-8" standalone="y

Intelligent String

• 9.8.0.0
• COMCTL32.dll
• USER32.dll
• http://nsis.sf.net/NSIS_Error
• ~nsu%X.tmp
• .exe
• %s%S.dll
• For additional details, visit PortableApps.com
• PortableApps.com
• 2007-2026 PortableApps.com, PortableApps.com Installer 3.9.9.0
• CrystalDiskInfoPortable_9.8.0.paf.exe
• 3.9.9.0
• +0U00Uw;1twHcU;0U0Fw{9p.m0+007+0+http://ocsp.globalsign.com/timestamprootr450D+08http://secure.globalsign.com/cacert/timestamprootr45.crt0?U8060420.http://crl.globalsign.com/timestamprootr45.crl0U

Flow Anomalies

Offset	RVA	Section	Description
42C	40825C	.text	CALL [static] \| Indirect call to absolute memory address
447	408260	.text	CALL [static] \| Indirect call to absolute memory address
45B	408264	.text	CALL [static] \| Indirect call to absolute memory address
4CF	408058	.text	CALL [static] \| Indirect call to absolute memory address
4E4	408268	.text	CALL [static] \| Indirect call to absolute memory address
505	40805C	.text	CALL [static] \| Indirect call to absolute memory address
526	408060	.text	CALL [static] \| Indirect call to absolute memory address
530	408064	.text	CALL [static] \| Indirect call to absolute memory address
556	40826C	.text	CALL [static] \| Indirect call to absolute memory address
56E	408270	.text	CALL [static] \| Indirect call to absolute memory address
7E4	408148	.text	CALL [static] \| Indirect call to absolute memory address
7F4	408258	.text	CALL [static] \| Indirect call to absolute memory address
8AD	408220	.text	CALL [static] \| Indirect call to absolute memory address
8EA	4080D4	.text	CALL [static] \| Indirect call to absolute memory address
8F8	408224	.text	CALL [static] \| Indirect call to absolute memory address
9D3	4080D8	.text	CALL [static] \| Indirect call to absolute memory address
A46	4080DC	.text	CALL [static] \| Indirect call to absolute memory address
A79	4080E0	.text	CALL [static] \| Indirect call to absolute memory address
AC2	4080E4	.text	CALL [static] \| Indirect call to absolute memory address
B0E	4080E8	.text	CALL [static] \| Indirect call to absolute memory address
B56	4080EC	.text	CALL [static] \| Indirect call to absolute memory address
B75	4080F0	.text	CALL [static] \| Indirect call to absolute memory address
C01	4080F4	.text	CALL [static] \| Indirect call to absolute memory address
CF6	4080F8	.text	CALL [static] \| Indirect call to absolute memory address
CFF	4080FC	.text	CALL [static] \| Indirect call to absolute memory address
E42	408100	.text	CALL [static] \| Indirect call to absolute memory address
E54	408104	.text	CALL [static] \| Indirect call to absolute memory address
E6F	408108	.text	CALL [static] \| Indirect call to absolute memory address
E82	408104	.text	CALL [static] \| Indirect call to absolute memory address
FB9	40822C	.text	CALL [static] \| Indirect call to absolute memory address
1037	40810C	.text	CALL [static] \| Indirect call to absolute memory address
1049	408110	.text	CALL [static] \| Indirect call to absolute memory address
10DF	408230	.text	CALL [static] \| Indirect call to absolute memory address
10F7	408258	.text	CALL [static] \| Indirect call to absolute memory address
1129	408234	.text	CALL [static] \| Indirect call to absolute memory address
114E	408238	.text	CALL [static] \| Indirect call to absolute memory address
117E	40823C	.text	CALL [static] \| Indirect call to absolute memory address
11A2	408240	.text	CALL [static] \| Indirect call to absolute memory address
11C6	40823C	.text	CALL [static] \| Indirect call to absolute memory address
1211	408264	.text	CALL [static] \| Indirect call to absolute memory address
1241	408244	.text	CALL [static] \| Indirect call to absolute memory address
1255	408258	.text	CALL [static] \| Indirect call to absolute memory address
1265	408054	.text	CALL [static] \| Indirect call to absolute memory address
127D	408248	.text	CALL [static] \| Indirect call to absolute memory address
1297	408048	.text	CALL [static] \| Indirect call to absolute memory address
129F	408148	.text	CALL [static] \| Indirect call to absolute memory address
12B0	40824C	.text	CALL [static] \| Indirect call to absolute memory address
12FF	40805C	.text	CALL [static] \| Indirect call to absolute memory address
1328	408228	.text	CALL [static] \| Indirect call to absolute memory address
1333	408250	.text	CALL [static] \| Indirect call to absolute memory address
1417	4080FC	.text	CALL [static] \| Indirect call to absolute memory address
148B	408110	.text	CALL [static] \| Indirect call to absolute memory address
152F	408114	.text	CALL [static] \| Indirect call to absolute memory address
1540	408118	.text	CALL [static] \| Indirect call to absolute memory address
15BD	40811C	.text	CALL [static] \| Indirect call to absolute memory address
1655	408290	.text	CALL [static] \| Indirect call to absolute memory address
179F	408180	.text	CALL [static] \| Indirect call to absolute memory address
1815	408120	.text	CALL [static] \| Indirect call to absolute memory address
1851	408124	.text	CALL [static] \| Indirect call to absolute memory address
1882	408014	.text	CALL [static] \| Indirect call to absolute memory address
188B	408010	.text	CALL [static] \| Indirect call to absolute memory address
1941	40800C	.text	CALL [static] \| Indirect call to absolute memory address
1987	408008	.text	CALL [static] \| Indirect call to absolute memory address
19FD	408004	.text	CALL [static] \| Indirect call to absolute memory address
1A10	408000	.text	CALL [static] \| Indirect call to absolute memory address
1A29	408010	.text	CALL [static] \| Indirect call to absolute memory address
1AC1	408128	.text	CALL [static] \| Indirect call to absolute memory address
1B84	408130	.text	CALL [static] \| Indirect call to absolute memory address
1BE2	408134	.text	CALL [static] \| Indirect call to absolute memory address
1CA4	408134	.text	CALL [static] \| Indirect call to absolute memory address
1CDB	408134	.text	CALL [static] \| Indirect call to absolute memory address
1CFF	408138	.text	CALL [static] \| Indirect call to absolute memory address
1D1E	40813C	.text	CALL [static] \| Indirect call to absolute memory address
1D46	408140	.text	CALL [static] \| Indirect call to absolute memory address
1E32	40810C	.text	CALL [static] \| Indirect call to absolute memory address
1E45	40810C	.text	CALL [static] \| Indirect call to absolute memory address
1E61	4080FC	.text	CALL [static] \| Indirect call to absolute memory address
1E74	408144	.text	CALL [static] \| Indirect call to absolute memory address
1FF0	40829C	.text	CALL [static] \| Indirect call to absolute memory address
201A	4082A0	.text	CALL [static] \| Indirect call to absolute memory address
2040	408258	.text	CALL [static] \| Indirect call to absolute memory address
2050	408254	.text	CALL [static] \| Indirect call to absolute memory address
2329	408000	.text	CALL [static] \| Indirect call to absolute memory address
237E	408010	.text	CALL [static] \| Indirect call to absolute memory address
2395	408018	.text	CALL [static] \| Indirect call to absolute memory address
23A0	408010	.text	CALL [static] \| Indirect call to absolute memory address
23DD	408218	.text	CALL [static] \| Indirect call to absolute memory address
2411	40822C	.text	CALL [static] \| Indirect call to absolute memory address
2421	40821C	.text	CALL [static] \| Indirect call to absolute memory address
2453	408148	.text	CALL [static] \| Indirect call to absolute memory address
2475	408210	.text	CALL [static] \| Indirect call to absolute memory address
2493	4080D0	.text	CALL [static] \| Indirect call to absolute memory address
24C1	40822C	.text	CALL [static] \| Indirect call to absolute memory address
24E5	408214	.text	CALL [static] \| Indirect call to absolute memory address
24F3	408228	.text	CALL [static] \| Indirect call to absolute memory address
2513	4080D0	.text	CALL [static] \| Indirect call to absolute memory address
252F	4080C0	.text	CALL [static] \| Indirect call to absolute memory address
253C	4080C4	.text	CALL [static] \| Indirect call to absolute memory address
255D	4080D4	.text	CALL [static] \| Indirect call to absolute memory address
259A	4080C8	.text	CALL [static] \| Indirect call to absolute memory address
26000	N/A	Overlay	00000000EFBEADDE4E756C6C736F6674496E7374 \| ........NullsoftInst

Extra Analysis

Metric	Value	Percentage
Ascii Code	3258657	68,3496%
Null Byte Code	46993	0,9857%

PESCAN.IO - Analysis Report Basic