PESCAN.IO - Analysis Report Basic |
|||||||
| File Structure |
|
| Information |
Icon: Size: 2,97 MBSHA-256 Hash: E6A27C4D4CF3FC09A8D77AD06844A6B69E9070D73178FC19225E6C5D1A80AC94 SHA-1 Hash: 69FAE5EB8AE369CE750F71D02E34BA158E5024EB MD5 Hash: FEF9C1875A38CC3C656B21B6606B3F0B Imphash: FCF1390E9CE472C7270447FC5C61A0C1 MajorOSVersion: 5 MinorOSVersion: 1 CheckSum: 00305962 EntryPoint (rva): 1EEF0 SizeOfHeaders: 400 SizeOfImage: 74000 ImageBase: 400000 Architecture: x86 ExportTable: 3C830 ImportTable: 3C864 IAT: 33000 Characteristics: 102 TimeDateStamp: 60C329FF Date: 11/06/2021 9:16:47 File Type: EXE Number Of Sections: 6 ASLR: Enabled Section Names: .text, .rdata, .data, .didat, .rsrc, .reloc Number Of Executable Sections: 1 Subsystem: Windows GUI UAC Execution Level Manifest: asInvoker |
| Sections Info |
| Section Name | Flags | ROffset | RSize | VOffset | VSize | Entropy | Chi2 |
|---|---|---|---|---|---|---|---|
| .text | 60000020 (Code, Executable, Readable) | 400 | 31400 | 1000 | 313BA | 6,7098 | 1049157,18 |
| .rdata | 40000040 (Initialized Data, Readable) | 31800 | A800 | 33000 | A622 | 5,2227 | 1757142,23 |
| .data | C0000040 (Initialized Data, Readable, Writeable) | 3C000 | 1000 | 3E000 | 23728 | 3,7088 | 389502,25 |
| .didat | C0000040 (Initialized Data, Readable, Writeable) | 3D000 | 200 | 62000 | 18C | 3,3554 | 33190,00 |
| .rsrc | 40000040 (Initialized Data, Readable) | 3D200 | E000 | 63000 | DFD0 | 6,6368 | 852291,10 |
| .reloc | 42000040 (Initialized Data, GP-Relative, Readable) | 4B200 | 2400 | 71000 | 227C | 6,5642 | 46491,94 |
| Binder/Joiner/Crypter |
| Dropper code detected (EOF) - 2,52 MB |
| Entry Point |
| The section number (1) - (.text) have the Entry Point Information -> EntryPoint (calculated) - 1E2F0 Code -> E864040000E988FEFFFF3B0D68E64300F27502F2C3F2E9E8050000CCCCCCCCCC558BEC56FF75088BF1E8022EFFFFC7068055 • CALL 0X1469 • JMP 0XE92 • CMP ECX, DWORD PTR [0X43E668] • BND JNE 0X1015 • BND RET • BND JMP 0X1603 • INT3 • INT3 • INT3 • INT3 • INT3 • PUSH EBP • MOV EBP, ESP • PUSH ESI • PUSH DWORD PTR [EBP + 8] • MOV ESI, ECX • CALL 0XFFFF3E30 |
| Signatures |
| Rich Signature Analyzer: Code -> 6260F793260199C0260199C0260199C0929D68C02B0199C0929D6AC0AB0199C0929D6BC03E0199C0B8A15EC0240199C01D5F9AC1300199C01D5F9DC1350199C01D5F9CC10A0199C02F791AC02C0199C02F790AC0230199C0260198C02B0099C0B15F9CC1170199C0B15F99C1270199C0B45F66C0270199C0B15F9BC1270199C052696368260199C0 Footprint md5 Hash -> 553F336D0022DED84058D90EDA671DDC • The Rich header apparently has not been modified Certificate - Digital Signature: • The file is signed and the signature is correct |
| Packer/Compiler |
| Compiler: Microsoft Visual Studio Detect It Easy (die) • PE: sfx: WinRAR(-)[-] • PE: compiler: EP:Microsoft Visual C/C++(2013-2017)[EXE32] • PE: compiler: Microsoft Visual C/C++(2015 v.14.0)[-] • PE: linker: Microsoft Linker(14.0, Visual Studio 2015 14.0*)[-] • PE: overlay: RAR archive(-)[-] • PE: archive: RAR(5)[-] • Entropy: 7.96412 |
| Suspicious Functions |
| Library | Function | Description |
|---|---|---|
| KERNEL32.DLL | GetModuleFileNameA | Retrieve the fully qualified path for the executable file of a specified module. |
| KERNEL32.DLL | WriteFile | Writes data to a specified file or input/output (I/O) device. |
| KERNEL32.DLL | LoadLibraryW | Loads the specified module into the address space of the calling process. |
| KERNEL32.DLL | GetProcAddress | Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL). |
| KERNEL32.DLL | IsDebuggerPresent | Determines if the calling process is being debugged by a user-mode debugger. |
| SHELL32.DLL | ShellExecuteExW | Performs a run operation on a specific file. |
| Windows REG (UNICODE) |
| Software\Microsoft\Windows\CurrentVersion Software\WinRAR SFX |
| File Access |
| package/setup.exe sfxrar.exe gdiplus.dll KERNEL32.dll COMCTL32.dll SHLWAPI.dll ole32.dll SHELL32.dll ADVAPI32.dll COMDLG32.dll GDI32.dll USER32.dll start.bat package/Click To Run.bat .dat @.dat @E.PDF Temp |
| File Access (UNICODE) |
| mscoree.dll KERNEL32.DLL riched20.dll uxtheme.dll peerdist.dll dsrole.dll aclui.dll RpcRtRemote.dll cryptsp.dll linkinfo.dll XmlLite.dll dhcpcsvc.dll dhcpcsvc6.dll rasadhlp.dll browcli.dll dfscli.dll wkscli.dll samlib.dll samcli.dll mlang.dll propsys.dll devrtl.dll mpr.dll netutils.dll WINNSI.DLL iphlpapi.DLL dnsapi.DLL imageres.dll slc.dll cscapi.dll srvcli.dll WindowsCodecs.dll profapi.dll ntmarta.dll oleaccrc.dll cabinet.dll secur32.dll shell32.dll wintrust.dll cryptui.dll msasn1.dll crypt32.dll shdocvw.dll netapi32.dll userenv.dll apphelp.dll setupapi.dll atl.dll ntshrui.dll ieframe.dll psapi.dll ws2help.dll ws2_32.dll comres.dll clbcatq.dll usp10.dll lpk.dll cryptbase.dll dwmapi.dll UXTheme.dll rsaenh.dll SSPICLI.DLL sfc_os.dll DXGIDebug.dll version.dll Crypt32.dll Temp ProgramFiles |
| Interest's Words |
| PassWord exec attrib start pause shutdown systeminfo ping expand replace |
| Interest's Words (UNICODE) |
| Encrypt Encryption PassWord <html <head <meta start pause ping replace |
| URLs |
| http://schemas.microsoft.com/SMI/2005/WindowsSettings http://crl.comodoca.com/AAACertificateServices.crl http://ocsp.comodoca.com http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0 http://ocsp.sectigo.com http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt http://crl.sectigo.com/SectigoRSATimeStampingCA.crl http://crt.sectigo.com/SectigoRSATimeStampingCA.crt http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt http://ocsp.usertrust.com https://sectigo.com/CPS0 |
| Strings/Hex Code Found With The File Rules |
| Rule Type | Encoding | Matched (Word) |
|---|---|---|
| Text | Ascii | Registry (RegCreateKeyEx) |
| Text | Ascii | Registry (RegOpenKeyEx) |
| Text | Ascii | Registry (RegSetValueEx) |
| Text | Ascii | File (GetTempPath) |
| Text | Ascii | File (CreateFile) |
| Text | Ascii | File (WriteFile) |
| Text | Ascii | File (ReadFile) |
| Text | Ascii | Anti-Analysis VM (IsDebuggerPresent) |
| Text | Ascii | Anti-Analysis VM (GetSystemInfo) |
| Text | Ascii | Anti-Analysis VM (GetVersion) |
| Text | Ascii | Reconnaissance (FindNextFileA) |
| Text | Ascii | Reconnaissance (FindFirstFileW) |
| Text | Ascii | Reconnaissance (FindNextFileW) |
| Text | Ascii | Reconnaissance (FindClose) |
| Text | Ascii | Stealth (ReleaseSemaphore) |
| Text | Ascii | Stealth (CloseHandle) |
| Text | Ascii | Stealth (UnmapViewOfFile) |
| Text | Ascii | Stealth (MapViewOfFile) |
| Text | Ascii | Stealth (CreateFileMappingW) |
| Text | Ascii | Stealth (VirtualProtect) |
| Text | Ascii | Execution (ShellExecute) |
| Text | Ascii | Execution (CreateSemaphoreW) |
| Text | Ascii | Execution (CreateEventW) |
| Text | Ascii | Antivirus Software (comodo) |
| Text | Unicode | Privileges (SeCreateSymbolicLinkPrivilege) |
| Text | Unicode | Privileges (SeRestorePrivilege) |
| Text | Unicode | Privileges (SeSecurityPrivilege) |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | Microsoft Visual C++ 8 |
| Entry Point | Hex Pattern | VC8 - Microsoft Corporation |
| Resources |
| Path | DataRVA | Size | FileOffset | Code | Text |
|---|---|---|---|---|---|
| \PNG\101\1033 | 63650 | B45 | 3D850 | 89504E470D0A1A0A0000000D494844520000005D0000012E080200000063D2894F0000000467414D410000B18F0BFC610500 | .PNG........IHDR...].........c..O....gAMA......a.. |
| \PNG\102\1033 | 64198 | 15A9 | 3E398 | 89504E470D0A1A0A0000000D49484452000000BA0000025C0802000000C1EE29100000000467414D410000B18F0BFC610500 | .PNG........IHDR.......\.......).....gAMA......a.. |
| \ICON\1\1033 | 65748 | 568 | 3F948 | 280000001000000020000000010008000000000000010000120B0000120B000000010000000100000000000024349B002735 | (....... ...................................$4..'5 |
| \ICON\2\1033 | 65CB0 | 8A8 | 3FEB0 | 280000002000000040000000010008000000000000040000120B0000120B00000001000000010000000000003F110F000A06 | (... ...@...................................?..... |
| \ICON\3\1033 | 66558 | EA8 | 40758 | 280000003000000060000000010008000000000000090000120B0000120B0000000100000001000000000000103E05000D07 | (...0.......................................>.... |
| \ICON\4\1033 | 67400 | 468 | 41600 | 280000001000000020000000010020000000000000040000120B0000120B0000000000000000000000000000000000000000 | (....... ..... ................................... |
| \ICON\5\1033 | 67868 | 10A8 | 41A68 | 280000002000000040000000010020000000000000100000120B0000120B0000000000000000000000000000000000000000 | (... ...@..... ................................... |
| \ICON\6\1033 | 68910 | 25A8 | 42B10 | 280000003000000060000000010020000000000000240000120B0000120B0000000000000000000000000000000000000000 | (...0........ ......$............................ |
| \ICON\7\1033 | 6AEB8 | 3D71 | 450B8 | 89504E470D0A1A0A0000000D49484452000001000000010008060000005C72A86600003D384944415478DAEDBD6BB4644956 | .PNG........IHDR.............\r.f..=8IDATx...k.dIV |
| \DIALOG\ASKNEXTVOL\1033 | 6F588 | 286 | 49788 | C000C8900000000007003B004B00C2008B00000000004E00650078007400200076006F006C0075006D006500200069007300 | ..........;.K.........N.e.x.t. .v.o.l.u.m.e. .i.s. |
| \DIALOG\GETPASSWORD1\1033 | 6F358 | 13A | 49558 | C008C89000000000050026002E00B70043000000000045006E007400650072002000700061007300730077006F0072006400 | ..........&.....C.....E.n.t.e.r. .p.a.s.s.w.o.r.d. |
| \DIALOG\LICENSEDLG\1033 | 6F498 | EC | 49698 | C008CA900000000005001B002F005B01E000000000004C006900630065006E0073006500000008004D005300200053006800 | ............/.[.......L.i.c.e.n.s.e.....M.S. .S.h. |
| \DIALOG\RENAMEDLG\1033 | 6F228 | 12E | 49428 | C000C890000000000700600052009E005D0000000000520065006E0061006D006500000008004D0053002000530068006500 | ...........R...].....R.e.n.a.m.e.....M.S. .S.h.e. |
| \DIALOG\REPLACEFILEDLG\1033 | 6EEF0 | 338 | 490F0 | C000C8900000000011006E003500DE00AD000000000043006F006E006600690072006D002000660069006C00650020007200 | ..........n.5.........C.o.n.f.i.r.m. .f.i.l.e. .r. |
| \DIALOG\STARTDLG\1033 | 6EC98 | 252 | 48E98 | C008CA90000000000B001B002F005B01E00000000000570069006E005200410052002000730065006C0066002D0065007800 | ............/.[.......W.i.n.R.A.R. .s.e.l.f.-.e.x. |
| \STRING\7\1033 | 6FF68 | 1E2 | 4A168 | 00000000000000001900530065006C006500630074002000640065007300740069006E006100740069006F006E0020006600 | ..........S.e.l.e.c.t. .d.e.s.t.i.n.a.t.i.o.n. .f. |
| \STRING\8\1033 | 70150 | 1CC | 4A350 | 11004E006F007400200065006E006F0075006700680020006D0065006D006F0072007900140055006E006B006E006F007700 | ..N.o.t. .e.n.o.u.g.h. .m.e.m.o.r.y...U.n.k.n.o.w. |
| \STRING\9\1033 | 70320 | 1B8 | 4A520 | 0000000000001A005700720069007400650020006500720072006F007200200069006E002000740068006500200066006900 | ........W.r.i.t.e. .e.r.r.o.r. .i.n. .t.h.e. .f.i. |
| \STRING\10\1033 | 704D8 | 146 | 4A6D8 | 050043006C006F00730065000000000000000000000005004500720072006F00720061004500720072006F00720073002000 | ..C.l.o.s.e.............E.r.r.o.r.a.E.r.r.o.r.s. . |
| \STRING\11\1033 | 70620 | 446 | 4A820 | 6C0053006F006D0065002000660069006C0065007300200063006F0075006C00640020006E006F0074002000620065002000 | l.S.o.m.e. .f.i.l.e.s. .c.o.u.l.d. .n.o.t. .b.e. . |
| \STRING\12\1033 | 70A68 | 166 | 4AC68 | 3200630072006500610074006500640020006100750074006F006D00610074006900630061006C006C007900200062006500 | 2.c.r.e.a.t.e.d. .a.u.t.o.m.a.t.i.c.a.l.l.y. .b.e. |
| \STRING\13\1033 | 70BD0 | 152 | 4ADD0 | 0000000000003D0054006F00740061006C0020007000610074006800200061006E0064002000660069006C00650020006E00 | ......=.T.o.t.a.l. .p.a.t.h. .a.n.d. .f.i.l.e. .n. |
| \STRING\14\1033 | 70D28 | 10A | 4AF28 | 000000001500430061006E006E006F007400200063006F0070007900200025007300200074006F002000250073002E000000 | ......C.a.n.n.o.t. .c.o.p.y. .%.s. .t.o. .%.s..... |
| \STRING\15\1033 | 70E38 | BC | 4B038 | 0000410059006F00750020006D006100790020006E00650065006400200074006F002000720075006E002000740068006900 | ..A.Y.o.u. .m.a.y. .n.e.e.d. .t.o. .r.u.n. .t.h.i. |
| \STRING\16\1033 | 70EF8 | D6 | 4B0F8 | 10005300650063007500720069007400790020007700610072006E0069006E0067004B0050006C0065006100730065002000 | ..S.e.c.u.r.i.t.y. .w.a.r.n.i.n.g.K.P.l.e.a.s.e. . |
| \GROUP_ICON\100\1033 | 6EC30 | 68 | 48E30 | 00000100070010100000010008006805000001002020000001000800A808000002003030000001000800A80E000003001010 | ..............h..... ............00.............. |
| \24\1\1033 | 6F810 | 753 | 49A10 | 3C3F786D6C2076657273696F6E3D22312E302220656E636F64696E673D225554462D3822207374616E64616C6F6E653D2279 | <?xml version="1.0" encoding="UTF-8" standalone="y |
| Intelligent String |
| • 3package/setup.exe • .rar • .exe • .sfx • Crypt32.dll • version.dll • sfc_os.dll • SSPICLI.DLL • rsaenh.dll • UXTheme.dll • dwmapi.dll • cryptbase.dll • lpk.dll • usp10.dll • clbcatq.dll • comres.dll • ws2_32.dll • ws2help.dll • psapi.dll • ieframe.dll • ntshrui.dll • atl.dll • setupapi.dll • apphelp.dll • userenv.dll • netapi32.dll • shdocvw.dll • crypt32.dll • msasn1.dll • cryptui.dll • wintrust.dll • shell32.dll • secur32.dll • cabinet.dll • oleaccrc.dll • ntmarta.dll • profapi.dll • WindowsCodecs.dll • srvcli.dll • cscapi.dll • slc.dll • imageres.dll • WINNSI.DLL • netutils.dll • mpr.dll • devrtl.dll • propsys.dll • mlang.dll • samcli.dll • samlib.dll • wkscli.dll • dfscli.dll • browcli.dll • rasadhlp.dll • dhcpcsvc6.dll • dhcpcsvc.dll • XmlLite.dll • linkinfo.dll • cryptsp.dll • RpcRtRemote.dll • aclui.dll • dsrole.dll • peerdist.dll • uxtheme.dll • riched20.dll • winrarsfxmappingfile.tmp • runas • %s.%d.tmp • .lnk • .inf • USER32.dll • GDI32.dll • COMDLG32.dll • ADVAPI32.dll • ole32.dll • KERNEL32.DLL • SHLWAPI.dll • COMCTL32.dll • mscoree.dll • D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb • .bss • sfxrar.exe • KERNEL32.dll • <asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"> • Setup=start.bat • 0package/Click To Run.bat • package/configuration.xml • +0U 00U 0g0KUD0B0@><:http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0{+o0m0F+0:http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0+0http://ocsp.sectigo.com0*H_6rZ-9JZBJ |
| Flow Anomalies |
| Offset | RVA | Section | Description |
|---|---|---|---|
| 5F5 | 46203C | .text | CALL [static] | Indirect call to absolute memory address |
| 5FD | 462044 | .text | CALL [static] | Indirect call to absolute memory address |
| 609 | 462040 | .text | CALL [static] | Indirect call to absolute memory address |
| 623 | 46203C | .text | CALL [static] | Indirect call to absolute memory address |
| 62B | 462044 | .text | CALL [static] | Indirect call to absolute memory address |
| 64E | 462088 | .text | CALL [static] | Indirect call to absolute memory address |
| 688 | 46208C | .text | CALL [static] | Indirect call to absolute memory address |
| 69D | 462090 | .text | CALL [static] | Indirect call to absolute memory address |
| 6B1 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 6D6 | 462164 | .text | CALL [static] | Indirect call to absolute memory address |
| 6DD | 462160 | .text | CALL [static] | Indirect call to absolute memory address |
| 6FB | 462164 | .text | CALL [static] | Indirect call to absolute memory address |
| 702 | 46216C | .text | CALL [static] | Indirect call to absolute memory address |
| 73F | 462158 | .text | CALL [static] | Indirect call to absolute memory address |
| 74F | 462164 | .text | CALL [static] | Indirect call to absolute memory address |
| 765 | 46215C | .text | CALL [static] | Indirect call to absolute memory address |
| CD6 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| D0F | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| D8C | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| DB3 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| DF6 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| E37 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| E4C | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| E73 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| E8F | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| F18 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| F3C | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| F95 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 108F | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 1174 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 1313 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 139F | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 1BDF | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 2230 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 2572 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 258A | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 2678 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 2E49 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 319A | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 62A8 | 433000 | .text | CALL [static] | Indirect call to absolute memory address |
| 62C9 | 433008 | .text | CALL [static] | Indirect call to absolute memory address |
| 677E | 433024 | .text | CALL [static] | Indirect call to absolute memory address |
| 679A | 433018 | .text | CALL [static] | Indirect call to absolute memory address |
| 681A | 43301C | .text | CALL [static] | Indirect call to absolute memory address |
| 68C9 | 433024 | .text | CALL [static] | Indirect call to absolute memory address |
| 690A | 433010 | .text | CALL [static] | Indirect call to absolute memory address |
| 6917 | 433018 | .text | CALL [static] | Indirect call to absolute memory address |
| 6926 | 433000 | .text | CALL [static] | Indirect call to absolute memory address |
| 6974 | 433020 | .text | CALL [static] | Indirect call to absolute memory address |
| 697F | 433028 | .text | CALL [static] | Indirect call to absolute memory address |
| 6AC1 | 462000 | .text | CALL [static] | Indirect call to absolute memory address |
| 6AEC | 462000 | .text | CALL [static] | Indirect call to absolute memory address |
| 6B04 | 433000 | .text | CALL [static] | Indirect call to absolute memory address |
| 6BC2 | 43302C | .text | CALL [static] | Indirect call to absolute memory address |
| 6D9B | 433014 | .text | CALL [static] | Indirect call to absolute memory address |
| 70AE | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 70D3 | 43300C | .text | CALL [static] | Indirect call to absolute memory address |
| 70DA | 462008 | .text | CALL [static] | Indirect call to absolute memory address |
| 70FA | 462014 | .text | CALL [static] | Indirect call to absolute memory address |
| 710F | 46200C | .text | CALL [static] | Indirect call to absolute memory address |
| 7119 | 433000 | .text | CALL [static] | Indirect call to absolute memory address |
| 7128 | 433018 | .text | CALL [static] | Indirect call to absolute memory address |
| 7BE9 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 7D76 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 8A08 | 433034 | .text | CALL [static] | Indirect call to absolute memory address |
| 8A27 | 433030 | .text | CALL [static] | Indirect call to absolute memory address |
| 8B32 | 433038 | .text | CALL [static] | Indirect call to absolute memory address |
| 8B72 | 433038 | .text | CALL [static] | Indirect call to absolute memory address |
| 8C8B | 433018 | .text | CALL [static] | Indirect call to absolute memory address |
| 8D46 | 433024 | .text | CALL [static] | Indirect call to absolute memory address |
| 8D7B | 433024 | .text | CALL [static] | Indirect call to absolute memory address |
| 8DD2 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 8DFE | 433040 | .text | CALL [static] | Indirect call to absolute memory address |
| 8E16 | 433048 | .text | CALL [static] | Indirect call to absolute memory address |
| 8E48 | 433000 | .text | CALL [static] | Indirect call to absolute memory address |
| 8E67 | 433000 | .text | CALL [static] | Indirect call to absolute memory address |
| 8E98 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 8EB5 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 8EC6 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 8EE6 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 8F16 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 8F35 | 43303C | .text | CALL [static] | Indirect call to absolute memory address |
| 8FEC | 433024 | .text | CALL [static] | Indirect call to absolute memory address |
| 8FF9 | 433000 | .text | CALL [static] | Indirect call to absolute memory address |
| 902E | 433024 | .text | CALL [static] | Indirect call to absolute memory address |
| 9036 | 433000 | .text | CALL [static] | Indirect call to absolute memory address |
| 907B | 433014 | .text | CALL [static] | Indirect call to absolute memory address |
| 90EA | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 912D | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 9160 | 433054 | .text | CALL [static] | Indirect call to absolute memory address |
| 916D | 433000 | .text | CALL [static] | Indirect call to absolute memory address |
| 91BE | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 927F | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 931C | 43304C | .text | CALL [static] | Indirect call to absolute memory address |
| 93CC | 433014 | .text | CALL [static] | Indirect call to absolute memory address |
| 9416 | 433054 | .text | CALL [static] | Indirect call to absolute memory address |
| 9422 | 433000 | .text | CALL [static] | Indirect call to absolute memory address |
| 9462 | 433050 | .text | CALL [static] | Indirect call to absolute memory address |
| 94A8 | 433260 | .text | CALL [static] | Indirect call to absolute memory address |
| 94EC | 433040 | .text | CALL [static] | Indirect call to absolute memory address |
| 4D600 | N/A | *Overlay* | 526172211A070100FADE7E150C01050800070101 | Rar!......~......... |
| Extra Analysis |
| Metric | Value | Percentage |
|---|---|---|
| Ascii Code | 2106557 | 67,6094% |
| Null Byte Code | 67249 | 2,1583% |
| NOP Cave Found | 0x9090909090 | Block Count: 1 | Total: 0,0001% |
© 2025 All rights reserved.