public sealed class EntryPointFlowAnalyzer : IPeAnalyzer
{
    private readonly IDisassembler _disassembler;

    public EntryPointFlowAnalyzer(IDisassembler disassembler)
    {
        _disassembler = disassembler;
    }

    public string Name => nameof(EntryPointFlowAnalyzer);

    public async Task<IReadOnlyList<AnalysisFinding>> AnalyzeAsync(PeImageInfo peInfo, CancellationToken cancellationToken)
    {
        var findings = new List<AnalysisFinding>();
        var instructions = await _disassembler.DisassembleEntryPointAsync(peInfo, 16, cancellationToken).ConfigureAwait(false);

        var branchCount = 0;
        foreach (var instruction in instructions)
        {
            if (instruction.Mnemonic is "jmp" or "call" or "ret")
            {
                branchCount++;
            }
        }

        if (branchCount >= 5)
        {
            findings.Add(new AnalysisFinding(Name, FindingSeverity.Warning, "Suspicious control flow", "Entry-point has unusually branch-heavy flow."));
        }

        return findings;
    }
}