PREMIUM PESCAN.IO - Analysis Report |
|||||||
| File Structure |
|
PE Chart Code
Header PE (light blue)
Executable sections (pink)
Non-executable sections (black)
External injected code (red)
File Structure in red = malformed or corrupted header
Chart Code For Other Files
Printable characters (blue)
Non-printable characters (black)
| Information |
| Size: 1,56 MB SHA-256 Hash: E87DF996786FF1613B8550ABF66DE6456FAAF7E1A26E9217CD17A2F5A6CAAD50 SHA-1 Hash: 2DF125D457121E46323AB36F5A60D3AA6AD48972 MD5 Hash: FACFF72B6A876D605B1854BE16F21D44 Imphash: DAE02F32A21E03CE65412F6E56942DAA MajorOSVersion: 4 MinorOSVersion: 0 CheckSum: 00000000 EntryPoint (rva): 18FFB2 SizeOfHeaders: 200 SizeOfImage: 194000 ImageBase: 10000000 Architecture: x86 ImportTable: 18FF5D IAT: 2000 Characteristics: 2022 TimeDateStamp: 8A7C1335 Date: 17/08/2043 1:19:49 File Type: DLL Number Of Sections: 3 ASLR: Disabled Section Names: .text, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows Console UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 0x60000020 Code Executable Readable |
200 | 18E000 | 2000 | 18DFC8 |
|
|
| .rsrc | 0x40000040 Initialized Data Readable |
18E200 | 600 | 190000 | 524 |
|
|
| .reloc | 0x42000040 Initialized Data GP-Relative Readable |
18E800 | 200 | 192000 | C |
|
|
| Description |
| OriginalFilename: xrd_engine.exe CompanyName: Microsoft Corporation LegalCopyright: xrd. All rights reserved. ProductName: Microsoft Windows Operating System FileVersion: 1.0.0.1 FileDescription: Windows Core Services Helper ProductVersion: 10.0.19041.1 Language: Unknown (ID=0x0) CodePage: Unicode (UTF-16 LE) (0x4B0) |
| Binder/Joiner/Crypter |
| 2 Executable files found |
| Entry Point |
The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 18E1B2 Code -> FF25002000104B6573685872645F323032365F53656300000000000000000000000000000000000000000000000000000000 Assembler |JMP DWORD PTR [0X10002000] |DEC EBX |JAE 0X1072 |POP EAX |JB 0X1071 |POP EDI |XOR DH, BYTE PTR [EAX] |XOR DH, BYTE PTR [ESI] |POP EDI |PUSH EBX |ARPL WORD PTR GS:[EAX], AX |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |ADD BYTE PTR [EAX], AL |
| Signatures |
| Certificate - Digital Signature Not Found: • The file is not signed |
| Packer/Compiler |
| Compiler: Microsoft Visual .NET - (You can use a decompiler for this...) • AnyCPU: True • Version: v4.0 Detect It Easy (die) • PE: library: .NET(v4.0.30319)[-] • PE: linker: Microsoft Linker(48.0)[-] • Entropy: 7.69784 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleHandleA | Retrieves a handle to the specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | ReadProcessMemory | Reads data from an area of memory in a specified process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| Windows REG (UNICODE) |
| Software\Classes\ms-settings\Shell\Open\commandDelegateExecute Software\Classes\ms-settings)ComputerDefaults.exe Software\Classes\mscfile\shell\open\command Software\Classes\mscfile Software\Classes\exefile\shell\runas\command Software\Classes\exefile Software\Brave-Browser\User Data7Opera Software\Opera Stable Software\Opera Stable Software\Opera GX Stable Software\Brave-Browser\User Data\Local Stateopera Software\Opera Stable\Local State Software\Opera GX Stable\Local State SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\App Paths\ SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Beta SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Beta SOFTWARE\Clients\StartMenuInternet\Google Chrome Beta\shell\open\command SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Edge SOFTWARE\Clients\StartMenuInternet\Microsoft Edge\shell\open\command SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BraveSoftware Brave-Browser SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BraveSoftware Brave-Browser SOFTWARE\Clients\StartMenuInternet\Brave\shell\open\command SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera Stable SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera Stable SOFTWARE\Clients\StartMenuInternet\OperaStable\shell\open\command SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Opera GX SOFTWARE\Clients\StartMenuInternet\Opera GX\shell\open\command SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\YandexBrowser SOFTWARE\Clients\StartMenuInternet\Yandex\shell\open\command SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Comet SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Perplexity Comet SOFTWARE\Clients\StartMenuInternet\Comet\shell\open\command SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vivaldi SOFTWARE\Clients\StartMenuInternet\Vivaldi\shell\open\command Software\Brave-Browser\Application\brave.exe Software\Microsoft\Windows\CurrentVersion\App Paths\ |
| File Access |
| .exe comet.exe brave.exe vivaldi.exe browser.exe opera.exe BrowserExtractor.Resources.xrd_engine.exe mscoree.dll KERNEL32.dll ole32.dll ADVAPI32.dll SHELL32.dll VERSION.dll keshxrd.dll user32.dll .dat .BrowserExtractor.Browsers.Dat System.Dat 0BrowserExtractor.IO.Zip 3BrowserExtractor.IO.Zip Temp |
| File Access (UNICODE) |
| //browsers.zip keshxrd.dll xrd_engine.exe \Program Files\Vivaldi\Application\vivaldi.exe \Program Files\Opera GX\opera.exe \Program Files (x86)\Opera\opera.exe \Program Files\Opera\opera.exe Vivaldivivaldi.exe Firefoxfirefox.exe comet.exe browser.exe opera.exe brave.exe msedge.exe chrome.exe canxrd.exe )BrowserExtractor.exe keshxrd.exe slui.exe cleanmgr.exe eventvwr.exe )ComputerDefaults.exe fodhelper.exe -MicrosoftEdgeSetup.exe \windows\system32\VBoxControl.exe \windows\system32\vboxtray.exe \windows\system32\vboxservice.exe ntdll.dll IsWow64Process2kernel32.dll mscoree.dll keshxrd.dll user32.dll kernel32.dll *.dll \windows\system32\vboxoglpassthroughspu.dll \windows\system32\vboxoglerrorspu.dll \windows\system32\vboxhook.dll \windows\system32\vboxdisp.dll \windows\system32\drivers\VBoxGuest.sys \windows\system32\drivers\VBoxMouse.sys \windows\system32\drivers\vmhgfs.sys \windows\system32\drivers\vmmouse.sys build.dat Creating build.dat *.log /cards.txt /bookmarks.txt /history.txt /pasavord.txt /cuckiee.txt tokens.txt pasavord.txt cuckiee.txt browsers.zip |
| SQL Queries |
| SELECT * FROM Win32_ComputerSystem SELECT * FROM Win32_Processor SELECT * FROM Win32_VideoController SELECT origin_url, username_value, password_value FROM logins SELECT url, title, visit_count, last_visit_time FROM urls ORDER BY last_visit_time DESC LIMIT 1000 SELECT name_on_card, card_number_encrypted, expiration_month, expiration_year FROM credit_cards SELECT host, name, value, expiry FROM moz_cookies SELECT url, title, visit_count, last_visit_date FROM moz_places ORDER BY last_visit_date DESC LIMIT 1000 SELECT url, title FROM moz_places WHERE url IS NOT NULL AND title IS NOT NULL SELECT host_key, name, encrypted_value, expires_utc FROM cookies |
| Interest's Words |
| Encrypt Decrypt PassWord <div <footer <main exec attrib start cipher systeminfo expand replace |
| Interest's Words (UNICODE) |
| Encrypt PassWord exec start hostname cleanmgr |
| Anti-VM/Sandbox/Debug Tricks (UNICODE) |
| LabTools - wireshark LabTools - filemon LabTools - procexp LabTools - procmon LabTools - regmon VMWare - vmmouse.sys VirtualBox Service - VBoxService.exe |
| URLs (UNICODE) |
| https://discord.com/api/webhooks/1494401199510786209/Vs2LmjE5H-Fh02CI2kNpAtDuXTM1_2JleEDkBYqQBLp4AjQsjxbHeP9aGWyr9G3w7-sB5 https://discord.com/api/v9 https://api.ipify.org https://discord.com/api/v9/users/ https://discord.com/api/v9/users/@me/relationships https://discord.com/api/v9/users/@me https://discord.com/api/v9/users/@me/billing/payment-sources"id" https://cdn.discordapp.com/avatars/ https://cdn.discordapp.com/embed/avatars/0.png |
| IP Addresses |
| 1.3.175.42 |
| PE Carving |
| Start Offset Header | End Offset | Size (Bytes) |
|---|---|---|
| 0 | 20E80 | 20E80 |
| 20E80 | 18EA00 | 16DB80 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | WinAPI Sockets (connect) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Encryption (CipherMode) |
| Text | Ascii | Encryption (CreateDecryptor) |
| Text | Ascii | Encryption (CryptoStream) |
| Text | Ascii | Encryption (CryptoStreamMode) |
| Text | Ascii | Encryption (FromBase64String) |
| Text | Unicode | Encryption (FromBase64String) |
| Text | Ascii | Encryption (ICryptoTransform) |
| Text | Ascii | Encryption (ToBase64String) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Stealth (ReadProcessMemory) |
| Text | Ascii | Execution (CreateProcessW) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Malicious code executed after exploiting a vulnerability (Payload) |
| Text | Unicode | Malicious code executed after exploiting a vulnerability (Payload) |
| Text | Ascii | Malware that injects malicious code into a process (Injector) |
| Text | Ascii | Technique used to insert malicious code into legitimate processes (Inject) |
| Text | Ascii | Malicious rerouting of traffic to an attacker-controlled site (Redirect) |
| Text | Ascii | Technique used to circumvent security measures (Bypass) |
| Entry Point | Hex Pattern | TrueVision Targa Graphics format |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \VERSION\1\0 | 190090 | 2AC | 18E290 | AC0234000000560053005F00560045005200530049004F004E005F0049004E0046004F0000000000BD04EFFE000001000000 | ..4...V.S._.V.E.R.S.I.O.N._.I.N.F.O............... |
| \24\2\0 | 19034C | 1D4 | 18E54C | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D227574662D38223F3E0D0A3C617373656D626C7920 | <?xml version="1.0" encoding="utf-8"?>..<assembly |
| Intelligent String |
| • keshxrd.dll • 1.0.0.0 • xrd_engine.exe • comet.exe • browser.exe • opera.exe • brave.exe • .exe • %rV.pou • %r.pou • C:\windows\system32\drivers\vmmouse.sys • C:\windows\system32\drivers\vmhgfs.sys • C:\windows\system32\drivers\VBoxMouse.sys • C:\windows\system32\drivers\VBoxGuest.sys • C:\windows\system32\vboxdisp.dll • C:\windows\system32\vboxhook.dll • C:\windows\system32\vboxoglerrorspu.dll • C:\windows\system32\vboxoglpassthroughspu.dll • C:\windows\system32\vboxservice.exe • C:\windows\system32\vboxtray.exe • C:\windows\system32\VBoxControl.exe • runas • *.dll • -MicrosoftEdgeSetup.exe • fodhelper.exe • )ComputerDefaults.exe • eventvwr.exe • YSoftware\Classes\exefile\shell\runas\command • cleanmgr.exe • slui.exe • *.ldb • *.log • https://discord.com/api/webhooks/1494401199510786209/Vs2LmjE5H-Fh02CI2kNpAtDuXTM1_2JleEDkBYqQBLp4AjQsjxbHeP9aGWyr9G3w7-sB • https://discord.com/api/v9 • https://api.ipify.org • https://media.discordapp.net/attachments/1480281277482402046/1481111141177360445/ima42342ge.png?ex=69b21fbd&is=69b0ce3d&hm=d86782775da931f5ccd9d63e080eb53a24030df80852eb2eb07c5f03adaa5353&=&format=webp&quality=lossless • cuckiee.txt • pasavord.txt • tokens.txt • keshxrd.exe • )BrowserExtractor.exe • canxrd.exe • .enc • build.dat • https://discord.com/api/v9/users/@me/relationships • https://discord.com/api/v9/users/@me • https://discord.com/api/v9/users/@me/billing/payment-sources • 3attachment://browsers.zip • browsers.zip • https://cdn.discordapp.com/embed/avatars/0.png • .png • .gif • "},{"type":14,"divider":true,"spacing":1},{"type":13,"file":{"url":"attachment://browsers.zip"},"spoiler":false},{"type":14,"divider":true,"spacing":1},{"type":10,"content":"- Noface Project"}]}]} • {SELECT origin_url, username_value, password_value FROM logins • logins • /cuckiee.txt • Login Data • /pasavord.txt • /history.txt • /bookmarks.txt • /cards.txt • logins.json • SBrowserExtractor.Resources.xrd_engine.exe • mscoree.dll • Usage: xrd_engine.exe [options] <chrome|chrome-beta|edge|brave|all> • chrome.exe • msedge.exe • Firefoxfirefox.exe • Vivaldivivaldi.exe • C:\Program Files\Opera\opera.exe • C:\Program Files (x86)\Opera\opera.exe • C:\Program Files\Opera GX\opera.exe • C:\Program Files\Yandex\YandexBrowser\Application\browser.exe • C:\Program Files (x86)\Yandex\YandexBrowser\Application\browser.exe • vivaldi.exe • C:\Program Files\Vivaldi\Application\vivaldi.exe • C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe • C:\Program Files\Perplexity\Comet\Application\comet.exe • C:\Program Files (x86)\Perplexity\Comet\Application\comet.exe • C:\Program Files • C:\Program Files (x86) • IsWow64Process2kernel32.dll • ntdll.dll • .bss • 1.0.0.1 • _CorDllMainmscoree.dll |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 3623B | 4C0E7 | .text | CALL [static] | Indirect call to absolute memory address |
| 36297 | 4C08B | .text | CALL [static] | Indirect call to absolute memory address |
| 362F4 | 4C00E | .text | CALL [static] | Indirect call to absolute memory address |
| 36305 | 4BFED | .text | CALL [static] | Indirect call to absolute memory address |
| 36334 | 4BFC6 | .text | JMP [static] | Indirect jump to absolute memory address |
| 36398 | 4BF62 | .text | CALL [static] | Indirect call to absolute memory address |
| 363C3 | 4BF37 | .text | CALL [static] | Indirect call to absolute memory address |
| 364B8 | 4BE42 | .text | CALL [static] | Indirect call to absolute memory address |
| 364E3 | 4BE17 | .text | CALL [static] | Indirect call to absolute memory address |
| 365D8 | 4BD22 | .text | CALL [static] | Indirect call to absolute memory address |
| 36603 | 4BCF7 | .text | CALL [static] | Indirect call to absolute memory address |
| 366BA | 4BC40 | .text | CALL [static] | Indirect call to absolute memory address |
| 366DB | 4BC1F | .text | CALL [static] | Indirect call to absolute memory address |
| 3670D | 4BBED | .text | CALL [static] | Indirect call to absolute memory address |
| 3675A | 4BBA0 | .text | CALL [static] | Indirect call to absolute memory address |
| 36777 | 4BB83 | .text | CALL [static] | Indirect call to absolute memory address |
| 367B0 | 4BB4A | .text | CALL [static] | Indirect call to absolute memory address |
| 367CD | 4BB2D | .text | CALL [static] | Indirect call to absolute memory address |
| 367F3 | 4BB07 | .text | CALL [static] | Indirect call to absolute memory address |
| 36817 | 4BAE3 | .text | CALL [static] | Indirect call to absolute memory address |
| 368E0 | 4BA1A | .text | CALL [static] | Indirect call to absolute memory address |
| 36950 | 4B9AA | .text | CALL [static] | Indirect call to absolute memory address |
| 3698C | 4B96E | .text | CALL [static] | Indirect call to absolute memory address |
| 36B81 | 4B779 | .text | CALL [static] | Indirect call to absolute memory address |
| 36BFE | 4B6FC | .text | CALL [static] | Indirect call to absolute memory address |
| 36C2D | 4B6CD | .text | CALL [static] | Indirect call to absolute memory address |
| 36C71 | 4B689 | .text | CALL [static] | Indirect call to absolute memory address |
| 36C9A | 4B660 | .text | CALL [static] | Indirect call to absolute memory address |
| 36D1F | 4B5DB | .text | JMP [static] | Indirect jump to absolute memory address |
| 36F3D | 4B3D5 | .text | CALL [static] | Indirect call to absolute memory address |
| 371B7 | 4B193 | .text | CALL [static] | Indirect call to absolute memory address |
| 371E7 | 4B133 | .text | CALL [static] | Indirect call to absolute memory address |
| 3720F | 4B10B | .text | CALL [static] | Indirect call to absolute memory address |
| 37236 | 4B11C | .text | CALL [static] | Indirect call to absolute memory address |
| 37246 | 4B0FC | .text | CALL [static] | Indirect call to absolute memory address |
| 373CB | 4AF9F | .text | CALL [static] | Indirect call to absolute memory address |
| 373EE | 4AF2C | .text | CALL [static] | Indirect call to absolute memory address |
| 3758E | 4AE14 | .text | CALL [static] | Indirect call to absolute memory address |
| 375A7 | 4AE13 | .text | CALL [static] | Indirect call to absolute memory address |
| 375BF | 4ADF3 | .text | CALL [static] | Indirect call to absolute memory address |
| 375D1 | 4ADD9 | .text | CALL [static] | Indirect call to absolute memory address |
| 375E0 | 4ADBA | .text | CALL [static] | Indirect call to absolute memory address |
| 37C60 | 4A732 | .text | CALL [static] | Indirect call to absolute memory address |
| 37C6A | 4A6D0 | .text | CALL [static] | Indirect call to absolute memory address |
| 37DB8 | 4A55A | .text | CALL [static] | Indirect call to absolute memory address |
| 37E6B | 4A4A7 | .text | CALL [static] | Indirect call to absolute memory address |
| 37EAA | 4A468 | .text | CALL [static] | Indirect call to absolute memory address |
| 37F1B | 4A3F7 | .text | CALL [static] | Indirect call to absolute memory address |
| 37F82 | 4A408 | .text | CALL [static] | Indirect call to absolute memory address |
| 37F9E | 4A364 | .text | CALL [static] | Indirect call to absolute memory address |
| 37FBA | 4A338 | .text | CALL [static] | Indirect call to absolute memory address |
| 37FEC | 4A39E | .text | CALL [static] | Indirect call to absolute memory address |
| 38030 | 4A342 | .text | CALL [static] | Indirect call to absolute memory address |
| 3803C | 4A2FE | .text | CALL [static] | Indirect call to absolute memory address |
| 38055 | 4A2BD | .text | CALL [static] | Indirect call to absolute memory address |
| 38081 | 4A2D9 | .text | CALL [static] | Indirect call to absolute memory address |
| 383D4 | 49F26 | .text | CALL [static] | Indirect call to absolute memory address |
| 3840F | 49EEB | .text | CALL [static] | Indirect call to absolute memory address |
| 3844F | 49EAB | .text | CALL [static] | Indirect call to absolute memory address |
| 3857C | 49D7E | .text | CALL [static] | Indirect call to absolute memory address |
| 385B7 | 49D43 | .text | CALL [static] | Indirect call to absolute memory address |
| 385DC | 49D1E | .text | CALL [static] | Indirect call to absolute memory address |
| 385F9 | 49D01 | .text | CALL [static] | Indirect call to absolute memory address |
| 38639 | 49CC1 | .text | CALL [static] | Indirect call to absolute memory address |
| 38ED9 | 49421 | .text | CALL [static] | Indirect call to absolute memory address |
| 38F54 | 493A6 | .text | CALL [static] | Indirect call to absolute memory address |
| 38F83 | 49377 | .text | CALL [static] | Indirect call to absolute memory address |
| 39237 | 49103 | .text | CALL [static] | Indirect call to absolute memory address |
| 3924C | 490AE | .text | CALL [static] | Indirect call to absolute memory address |
| 3948D | 48E8D | .text | CALL [static] | Indirect call to absolute memory address |
| 39507 | 48E33 | .text | CALL [static] | Indirect call to absolute memory address |
| 3972F | 48C0B | .text | CALL [static] | Indirect call to absolute memory address |
| 398C9 | 48A71 | .text | CALL [static] | Indirect call to absolute memory address |
| 399B7 | 48963 | .text | CALL [static] | Indirect call to absolute memory address |
| 39A5E | 488AC | .text | CALL [static] | Indirect call to absolute memory address |
| 39E5E | 484A4 | .text | CALL [static] | Indirect call to absolute memory address |
| 39E73 | 4847F | .text | CALL [static] | Indirect call to absolute memory address |
| 39F63 | 483EF | .text | CALL [static] | Indirect call to absolute memory address |
| 3B01D | 472DD | .text | CALL [static] | Indirect call to absolute memory address |
| 3B02E | 472CC | .text | CALL [static] | Indirect call to absolute memory address |
| 3C139 | 461E1 | .text | CALL [static] | Indirect call to absolute memory address |
| 41832 | 40AF8 | .text | CALL [static] | Indirect call to absolute memory address |
| 4190B | 40A0F | .text | CALL [static] | Indirect call to absolute memory address |
| 425CF | 3FD5B | .text | CALL [static] | Indirect call to absolute memory address |
| 42706 | 3FC14 | .text | CALL [static] | Indirect call to absolute memory address |
| 42A6D | 3FB75 | .text | CALL [static] | Indirect call to absolute memory address |
| 42A9C | 3FB76 | .text | CALL [static] | Indirect call to absolute memory address |
| 44658 | 3DC22 | .text | CALL [static] | Indirect call to absolute memory address |
| 446FA | 3DB88 | .text | CALL [static] | Indirect call to absolute memory address |
| 4470A | 3DB80 | .text | CALL [static] | Indirect call to absolute memory address |
| 44787 | 3DBA3 | .text | CALL [static] | Indirect call to absolute memory address |
| 44BE7 | 3DA0B | .text | CALL [static] | Indirect call to absolute memory address |
| 44C33 | 3D9C7 | .text | CALL [static] | Indirect call to absolute memory address |
| 44C60 | 3D9A2 | .text | CALL [static] | Indirect call to absolute memory address |
| 46ABB | 3B85F | .text | CALL [static] | Indirect call to absolute memory address |
| 473D6 | 3AF44 | .text | CALL [static] | Indirect call to absolute memory address |
| 47B7F | 3A79B | .text | CALL [static] | Indirect call to absolute memory address |
| 47DA6 | 3A574 | .text | CALL [static] | Indirect call to absolute memory address |
| 4809B | 3A27F | .text | CALL [static] | Indirect call to absolute memory address |
| 480B5 | 3A27D | .text | CALL [static] | Indirect call to absolute memory address |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 1063099 | 65,1102% |
| Null Byte Code | 123302 | 7,5517% |
© 2026 All rights reserved.