PESCAN.IO — Analysis Report

PESCAN.IO - Analysis Report Basic

File Structure

Information

Icon:

Size: 619,16 KB
SHA-256 Hash: 567D2B873737A41274E0739874495C77792AF38090ABDD2CE5D0A494ED60B53B
SHA-1 Hash: 2E7046EEB2FBB4BCD23C5E5A84C4C47EC6802807
MD5 Hash: C4380B0B1CF48EB80E9349E5642D747E
Imphash: E99728C84BB420080CD5BCDD0D7993ED
MajorOSVersion: 5
MinorOSVersion: 0
CheckSum: 00000000
EntryPoint (rva): 162120
SizeOfHeaders: 1000
SizeOfImage: 16A000
ImageBase: 400000
Architecture: x86
ImportTable: 168FBC
Characteristics: 81AF
TimeDateStamp: 69294EDC
Date: 28/11/2025 7:27:24
File Type: EXE
Number Of Sections: 3
ASLR: Disabled
Section Names: UPX0, UPX1, .rsrc
Number Of Executable Sections: 2
Subsystem: Windows GUI
[Incomplete Binary or Compressor Packer - 828,84 KB Missing]

Sections Info

Section Name	Flags	ROffset	RSize	VOffset	VSize	Entropy	Chi2
UPX0	E0000080 (Uninitialized Data, Executable, Readable, Writeable)	400	0	1000	F8000	N/A	N/A
UPX1	E0000040 (Initialized Data, Executable, Readable, Writeable)	400	69E00	F9000	6A000	7,9990	611,72
.rsrc	C0000040 (Initialized Data, Readable, Writeable)	6A200	6400	163000	7000	5,9943	363932,78

Description

CompanyName: Developer Express Inc.
FileVersion: 1.0.0.0
ProductVersion: 1.0.0.0

Entry Point

The section number (2) - (UPX1) have the Entry Point
Information -> EntryPoint (calculated) - 69520
Code -> 60BE00904F008DBE0080F0FF5789E58D9C2480C1FFFF31C05039DC75FB46465368340316005783C3045368109106005683C3
• PUSHAD
• MOV ESI, 0X4F9000
• LEA EDI, [ESI - 0XF8000]
• PUSH EDI
• MOV EBP, ESP
• LEA EBX, [ESP - 0X3E80]
• XOR EAX, EAX
• PUSH EAX
• CMP ESP, EBX
• JNE 0X1018
• INC ESI
• INC ESI
• PUSH EBX
• PUSH 0X160334
• PUSH EDI
• ADD EBX, 4
• PUSH EBX
• PUSH 0X69110
• PUSH ESI

Signatures

Certificate - Digital Signature:
• The file is signed and the signature is correct

Packer/Compiler

Compression: UPX - Version: 3.00
Detect It Easy (die)
• PE: packer: UPX(3.00)[LZMA,brute]
• PE: compiler: Borland Delphi(-)[-]
• PE: linker: Turbo Linker(2.25*,Delphi)[-]
• Entropy: 7.80198

Suspicious Functions

Library	Function	Description
KERNEL32.DLL	VirtualAlloc	Reserve, commit, or both, a region of memory within the virtual address space of a process.
KERNEL32.DLL	LoadLibraryA	Loads the specified module into the address space of the calling process.
KERNEL32.DLL	GetProcAddress	Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
SHELL32.DLL	ShellExecuteW	Performs a run operation on a specific file.

File Access

0 1r.exe
&-2.dll
jZion.v25.2.dll
1 @UI.dll
~&Design.dll
-%pmosUpdater.dll
wininet.dll
version.dll
user32.dll
SHFolder.dll
shell32.dll
oleaut32.dll
ole32.dll
Crypt32.dll
advapi32.dll
KERNEL32.DLL
&oK.Dat
X Y.Dat
x.Dat
q$.Dat
&!o/blob/main/LICENSE.TXT
(0-release.pdf
(p?-release.pdf
)_focs.Pdf
&,.Pdf
Do4ocs.Pdf
nHIonic.Zip
Temp

Interest's Words

zombie
ToolBar
exec
ping
replace

URLs

http://schemas.microsoft.com/SMI/2016/WindowsSettings
http://www.w3.org/2001/XMLSchema-instance
http://www.c
http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
http://www.digicert.com/CPS0
http://ocsp.digicert.com
http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
http://crl3.digicert.com/DigiCertTrustedRootG4.crl
http://cacerts.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crt
http://crl3.digicert.com/DigiCertTrustedG4TimeStampingRSA4096SHA2562025CA1.crl
http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt
http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
https://go.devexpress.com/Install-25.2.3-DXperience.aspx;DevExpressNETComponentsSetup-25.2.3.exe
https://go.deve
https://www.deve
https://github.com/
https://github.com/dotnet/r
https://www.devexpress.com/

Emails

info@ndiscovered.com

Strings/Hex Code Found With The File Rules

Rule Type	Encoding	Matched (Word)
Text	Ascii	WinAPI Sockets (bind)
Text	Ascii	WinAPI Sockets (accept)
Text	Ascii	WinAPI Sockets (send)
Text	Ascii	Stealth (VirtualAlloc)
Text	Ascii	Stealth (VirtualProtect)
Text	Ascii	Execution (ShellExecute)
Entry Point	Hex Pattern	UPX - www.upx.sourceforge.net
Entry Point	Hex Pattern	UPX 2.93 (LZMA)
Entry Point	Hex Pattern	UPX v3.0 (EXE_LZMA) - Markus Oberhumer & Laszlo Molnar & John Reiser

Resources

Path	DataRVA	Size	FileOffset	Code	Text
\ICON\1\1033	1635C0	25A8	6A7C0	28000000300000006000000001002000000000000000000000000000000000000000000000000000000000002323231B2323	(...0........ ..............................
\ICON\2\1033	165B6C	10A8	6CD6C	2800000020000000400000000100200000000000000000000000000000000000000000000000000023232306232323912323	(... ...@..... ...........................
\ICON\3\1033	166C18	468	6DE18	2800000010000000200000000100200000000000000000000000000000000000000000000000000023232348232323E72323	(....... ..... .........................H.
\ICON\4\1033	167084	142A	6E284	89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A866000013F14944415478DAEDDD7B58D475BE	.PNG........IHDR.............\r.f....IDATx...{X.u.
\STRING\7\1033	1684B4	6C	6F6B4	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4086\0	B250C	2D4	B190C	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4087\0	B27E0	4D4	B1BE0	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4088\0	B2CB4	428	B20B4	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4089\0	B30DC	390	B24DC	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4090\0	B346C	3EC	B286C	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4091\0	B3858	148	B2C58	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4092\0	B39A0	CC	B2DA0	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4093\0	B3A6C	200	B2E6C	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4094\0	B3C6C	3B0	B306C	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4095\0	B401C	34C	B341C	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\STRING\4096\0	B4368	2B4	B3768	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\RCDATA\CHARTABLE\1033	B461C	82E8	B3A1C	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\RCDATA\DVCLAL\0	BC904	10	BBD04	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\RCDATA\PACKAGEINFO\0	BC914	3B4	BBD14	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\RCDATA\5\1033	BCCC8	16A00	BC0C8	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\RCDATA\6\1033	D36C8	2A800	D2AC8	000000000000000011004C006900630065006E00730065002000410067007200650065006D0065006E007400100044006500	..........L.i.c.e.n.s.e. .A.g.r.e.e.m.e.n.t...D.e.
\RCDATA\7\1033	FDEC8	60C00	52C8	F32CAC0D8E6D77636811A734CAC6E337109B7C47E3C4058ACEBBCFB7805EEE894182089CC18BD5DA093396C8CDF27FE9178D	.,...mwch..4...7..\|G...........A........3........
\GROUP_ICON\MAINICON\1033	168524	3E	6F724	0000010004003030000001002000A825000001002020000001002000A81000000200101000000100200068040000030000000000010020002A1400000400	......00.... ..%.... .... ............. .h........... .*.....
\VERSION\VS_VERSION_INFO\1033	168568	284	6F768	840234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000	..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O...............
\24\1\0	1687F0	7C9	6F9F0	3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279	<?xml version="1.0" encoding="UTF-8" standalone="y

Intelligent String

• 1.0.0.0
• <dpiAwareness xmlns="http://schemas.microsoft.com/SMI/2016/WindowsSettings">PerMonitorV2, PerMonitor, unaware</dpiAwareness>
• ';https://go.devexpress.com/Install-25.2.3-DXperience.aspx;DevExpressNETComponentsSetup-25.2.3.exe
• <Setup xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance") VdB V" FileCount="211322" UseHelpTokens="false" Full="true" NetCore( <>
• Lib\css\*.css* /fonts\*.** Bicon+ 3js\dx.*.j' Vjs\aspnet\- 4loc)uo. :vectormap-data8 <utils' s*!z.AspNet0xk- <MvcAxe
• https://github.com/dotnet/r&!o/blob/main/LICENSE.TXT%>RNTLR 3 C0!iBSD9!i2011 The & _P&2oK!_antlr% &rcs(!ster)!txt
• Arima Font0JSIL %\% =4T2015&!g% e'!g Authors (info@ndiscovered.com)5ONDISCOVER/%!P-Font-!wOFL*!ssapZ!r6&Ysap2!qomnibus.type@gmail:!sO& L-Type/Asap:!p''mWeb Stack0'4Apache 2.0@'3L%Cspnet/&nSWeb%!:=%Kblob-streamL(v2014 Devon Govett6(Qevong% @%(N'!)4&|%&xBootstrapO!K1-&%$witter, Inc6*"twbs/b(!&>!HwatchO"t3 Thomas Park6!B% @park&!H%!&;"quncy Castle0-6The . A5-DC) 2000-2020%+Legion(Fu.!&:P/?M0!&&=us&J\support X.509, CMS (RFC 3852)&I4Time Stam%)@tocol' D161)6.Nbcgit/bc-cshar5$M.md%,pcanvgO'?0 - present Gabe Lerner (gabel% ,@*n%!7% &g9'S'$[WindsorG*e2004-2017(%:(.F- http://www.c%%V'C7.org/7!f+ G/'!I9)Cclip%v!.jsO*q8 Zeno Rocha (hi@zenorocha:0$) C/,!9:NodeMirr2J?,M7 by Marijn Haverbeke (m% 2h+/w*Fvs6%4odem%!B/dev25D'!gmforta[3d&5K* i13h45Alexeiva/c(!@),
• %YDR'7Z&56Name ")!g"7611 p94?core-Q%r4&,5Denis Pushkarev6%iloirock/'!*90dES6-Promis1-qA21Yehuda Katz, Tom Dale, Stefan Penner'Xf*;A5;+s% Sp% R/es6-p&!S92[DefinitelyTyped>="3<</ / 0d93s%:eAwesome CodP58%;Gic%Y:93xFort'!%/Font-( -%>$6.x1<C-!XFont1,.B<K!cHighlight3-k>?i06, Ivan SagalaevKAEis' T/h+!@98sjQuery JavaScript)4_KCD' e/CF(Z,?(+jquery& 'y3C5(AU'!jMouse Wheel Plugin-E.1E OpenJSB!\,%3;s://openjsf:32-!r-mousewheel=CT'i*o4!~?G,Jorn Zaefferer;N-v)p*1 2n<8J&$-.qrcode<5e8G"Jerome Etienne&V://je& 1.com6%G% X' F(\&!H-G,MIT-1%[&$*ajax-unobtrusiv1=Q;CS)KZ>echnologie',WQCd7!T>%d0$]W".aEa=!I>'gs-beautify (>Eb07-%:vEinar Lielmanis, Liam Newman&iS,3O7@-&!4ier/+!B79?Json%Q*MGQ07 James Newton-King5P'% FNK/& H%QoJs?)7sPDFHQv
• (Ac&DT&!VHall*,d+QVMrRio/%!") Z5&E.yWorks GmbH*-?www.yworks%R55RJ+ t:0zsPDF-AutoT%sXPK>Simon Bengtsson5"<simonb( C/jspdf-auto%ox69:0 S-!f=RwJSZip_3+Stuart Knightley, David Duponchel, Franz Buchinger, Antonio Afonso5V[Stuk/jszi)Q2+VWmarkdown%T|Knockout_53%HBSteven Sander%$Dthe (!".js team,j*,=Y(G,k'!Rj;&Q( D) M6PD
• Less%F{'S@'ZW5SH2009&HgAlexis Selli'?C&C_re Less Team([Cd under%}e.!&6Zwless/l&!X8!wmalihu custom scrollbar pQ5dManos M% ptsaki'7Z://manos.&!+.g66 &!I& 'u-&!P-)!P-&!P=[=ModernizOIC2&\}* Tea65j)!!) *7LO
• parallaxLS%ZB14 Matthew Wagerfield - @w) .5gU* ?/(!<8.\PS!\(SPixelCog:|pixelcog)!G<UIPDFKi1g>barfoliojs/pdfk6*F&!?opperRXC6 Federico ZivoloFPnvusion/p(!6<]LRe%~kng.Im%wPZ%Developer Express:cODev' D/0!79e$&oK.Data.SQLite (2 4, 2 H.EF62o{)DyPublic3S&www.sqlite%]ec(p?-release.pdf%mWtslib4o3Zero Claus7cd-FBCorpor&i{64$(rG/%!2=o+URIRj1 Rodney Reh6INmedialize/&!!&r-gh-pages,pQ &t_2 WinForm'1U?tBcl.Numerics,*I>% 8AsyncInterface- ?+u7AI.Abstra%vo: F: _Open9 @Ca%>_D!$D)vInj&x>I JnD"%2wb7"tLoggG!uPrimitiv9Vector%)G.h')aBuffer* 0Diagnostics+ ,&yC))nMemory. /y%*L)*1(%V.Tens%T80 9&!Z*!J'z.ComplierServices.Unsaf*++Text.Encodings.Web. ;J%FF( Mhreading.Channel*"Z* ;Tasks+|,),6ValueTuple=|,%g2b|- |.zure SDK for&}O(% 4,(D& 1Cor*.ZClientModelM~Q%{!)J5~)%!S/azure-sdk-for-69o'86rhrhrh*rh&-2.dllOD<&>XAI*kWopenai:=& @' G9>O
• ASP%uA%g>SignalR;x+QFe6FO'!)' (R;IbabeOAA14)bSebastian McKenzie7Q7uiabel% &3=l&@BootstrapMI{2011&wPTwitter'{8/1.5) H%Fx(!,'b+6J,twbs/b(!X7wWcanv1c]AoD- (f8Gabe Lerner (gabel% ,@gmail:E*%!7% &g9uLcldr-core1M2199%77 Unicode%~O6Lru& B-%Yfldr-j+xw+$f&('%!4dates-full!:."L>d=1OwRafael Xavier de Souza(s r% >.x% >.blog.b6o=r& Ds%"~6q-+"|number"~0~\*/w (,HDataMS&6aB6Rf+aC*12'F5%a%7%-!jExcelJSOz[30&25:!}3-42019 Guyon RocheA"Cdeve&3U-exceljs-fork8xM+$-Qui2P6BSD 3-c%b95"/0,9eO2jD, Slab4l, Jason Chen3{i3, salesforce.com
• l&?k-log4ne<K%.I~0%jf7&{=&yuSoftware+}%6{3%zD//!::P1ono: &}I.js,( +wasm H~a%x!>5Omono/mo*bf/wG&E'.d2l/?gS4%0GAI ((aopenai:w;& @' G-'HR5KE&lans'OcSIL OPEN FONT ({?Version 1.1 - 26 February%b/Nx'6x* z'T*)zj)"'1U+fonts%">sans+yWopenfontl''/org/documents/OFL(Qpprop-typeOk813(~i, Facebook;Vzf' C/*!07|])L&.Im%8xN|h89qH>uT0!79|b(Hcata.SQLite (2 4*I+* H.EF61B*Public Domain+~8www.sqlit&$\c(0-release.pdf%mWCF - Windows Communic&jK+jV'XP&w.ies)!u(EU'IJ.GZ4 5- J.Duplex6 <3L*- \SecurityD@Dwcf6D{'Rz6 Dashboard<Rz5O$=G:1VG;6~l'U7aspnetcor4G?(U>{G@JI-?GUBJhBJD3HJQ'oS17 Mike BostockLL>3/d39nnd3-f%cbO|D7 Jake Zateck6|Hjakez& @/)!'=n)CPHwOICQ'wUyBgyBododD?m
• (3kF3>,ur%3E& '6u.%yKb3II2w2Wa2W&eP7 Blazor UI )]8s2e[.]k]kx]kGfN]x]x]x8ynBootstrapMf2011-2022 Twit%dv%Vy/ 9 H%\(!,(E,6xKwbs/b(!X7HO]m]m]m]mn;CevExtreme ASP%|RDataLxVH$*!9.AspNet%onD!hQui2O&BSD 3-c%|34z@0,9Il2<6, Slab3hQ4, Jason Chen4LH, salesforce.com
• Ij+K deve&$5-quil5=/bKbKbK*Vnreedom Conservancy'dFd>uhtml2canvaPQr2 Niklas von Hertze6XPn% Gvh/+!,9g[%}0n%~pal+8J%nWUnicod1l[' 7-35\K16%Ylate) b'gg)e}'r&R&r&R=r&u'!.org/icu7Y.ehe d=d=d=d=KDPLi1b;?wz7 G%\t LLCKydlit/li5_.
• :060U00Uq]dL.g?O0U0E1-Q!m0U0y+m0k0$+0http://ocsp.digicert.com0C+07http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0EU>0<0:864http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0U

Flow Anomalies

Offset	RVA	Section	Description
C3D3	23C903A1	UPX1	JMP [static] \| Indirect jump to absolute memory address
281F1	23C903A1	UPX1	JMP [static] \| Indirect jump to absolute memory address
2AF92	6FBD4401	UPX1	JMP [static] \| Indirect jump to absolute memory address
335BC	6FBD4401	UPX1	CALL [static] \| Indirect call to absolute memory address
36818	6FBD4401	UPX1	CALL [static] \| Indirect call to absolute memory address
43653	6FBD4401	UPX1	JMP [static] \| Indirect jump to absolute memory address
5060D	6FBD4401	UPX1	JMP [static] \| Indirect jump to absolute memory address
59BAF	6FBD4401	UPX1	CALL [static] \| Indirect call to absolute memory address
6BFE7	25FFFA8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6BFEB	25FFFA8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6BFEF	25FFFA8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6BFF3	25FFFA8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6BFF7	24FFFA8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6BFFF	25FFFA8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C003	24FFFB8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C00F	24FFFA8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C023	33FFFA8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0A7	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0AB	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0AF	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0B3	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0B7	25FFFA8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0BB	25FFFA8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0BF	25FFFB8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0C3	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0C7	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0CB	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0CF	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0D3	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0D7	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0DB	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0DF	25FFFA8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0E3	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0E7	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C0EB	33FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C167	25FFFA8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C16B	25FFFA8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C16F	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C173	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C177	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C17B	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C17F	25FFFA8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C183	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C187	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C18B	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C18F	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C193	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C197	25FFFA8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C19B	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C19F	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C1A3	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C1A7	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C1AB	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C1AF	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C1B3	25FFFA8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C1B7	69FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C227	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C22B	26FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C237	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C23B	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C23F	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C243	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C247	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C24B	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C24F	26FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C257	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C25B	26FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C263	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C267	25FFFA8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C26B	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C26F	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C273	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C277	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C27B	25FFFA8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C27F	40FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C2E7	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C2EB	26FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C2F3	26FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C2FB	26FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C307	25FFFB8D	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C30B	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C30F	25FFFB8D	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C313	25FFFB8D	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C317	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C31B	25FFFB8D	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C31F	26FFFB8D	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C327	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C32B	26FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C343	25FFFB8C	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6C347	26FFFB8D	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6D817	24FFFB8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6D827	24FFFB8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6D82F	24FFFA89	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6D83B	5BFFFA8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6D893	25FFFB8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6D897	25FFFA8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6D89B	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6D89F	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6D8A3	25FFFB8B	.rsrc	JMP [static] \| Indirect jump to absolute memory address
6D8A7	25FFFB8A	.rsrc	JMP [static] \| Indirect jump to absolute memory address
400-6A1FF	F9000	UPX1	Executable section anomaly, first bytes: 1A030002048BB3F4
70600	N/A	Overlay	0B4B6CEEAD335652A669C182AF2A933401000000 \| .Kl..3VR.i...*.4....

Extra Analysis

Metric	Value	Percentage
Ascii Code	476414	75,1423%
Null Byte Code	6286	0,9915%
NOP Cave Found	0x9090909090	Block Count: 1 \| Total: 0,0004%

PESCAN.IO - Analysis Report Basic