AsusSystemAnalysis[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

AsusSystemAnalysis.exe
Size

3.4MB
MD5

6234c360f1113f3b0621e4f78062af9a
SHA1

bd85609d99a6ef5845c4ddd1baed99cb96776a27
SHA256

6f805e8a3ae167ea6e987b12bb8b4d995a6d2841a26fabdd4ba285a95654a850
SHA512

4c752c29692afe9f6cdfe4d8f05ed7f533a0cd8ac4f7584775813922fbc345f125f640329bc2e31ce29d6640739144cf6a0ec6691b8c95522cfb6e85138d62f2
SSDEEP

49152:pcfIuSWAIHrv0q6KDW2ny2nwHR8obsw8VPWM26z2C5PkZHhSE4BV+rdl+y8gQ:uS4ntC2nyxHRrbsJbaiPNEnvQ

Score

N/A

Malware Config

Signatures

Files

AsusSystemAnalysis.exe
.exe windows x64

19226aed0d0edc4ec167247cca2ed1d5

Code Sign

07:20:7b:3a:1a:cb:44:e4:dc:39:eb:d3:89:a9:6d:65
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/05/2021, 00:00

Not After

08/05/2024, 23:59

Subject

SERIALNUMBER=23638777,CN=ASUSTeK COMPUTER INC.,OU=SYS BG-PC BU-SW RD Ctr,O=ASUSTeK COMPUTER INC.,L=Beitou District,ST=Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/06/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

10/03/2022, 19:58

Not After

08/03/2023, 19:58

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:23:27:38:01:56:e5:de:c7:7f:25:bb:a4:b2:24:1a:38:65:a1:2d:2f:9d:40:9c:78:c9:96:34:3b:35:45:86
Signer

Actual PE Digest

02:23:27:38:01:56:e5:de:c7:7f:25:bb:a4:b2:24:1a:38:65:a1:2d:2f:9d:40:9c:78:c9:96:34:3b:35:45:86

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

29/09/2022, 18:54
Valid: false

02:23:27:38:01:56:e5:de:c7:7f:25:bb:a4:b2:24:1a:38:65:a1:2d:2f:9d:40:9c:78:c9:96:34:3b:35:45:86
Signer

Actual PE Digest

02:23:27:38:01:56:e5:de:c7:7f:25:bb:a4:b2:24:1a:38:65:a1:2d:2f:9d:40:9c:78:c9:96:34:3b:35:45:86

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=23638777,CN=ASUSTeK COMPUTER INC.,OU=SYS BG-PC BU-SW RD Ctr,O=ASUSTeK COMPUTER INC.,L=Beitou District,ST=Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

29/07/2022, 07:09
Valid: true

Chain 1

SERIALNUMBER=23638777,CN=ASUSTeK COMPUTER INC.,OU=SYS BG-PC BU-SW RD Ctr,O=ASUSTeK COMPUTER INC.,L=Beitou District,ST=Taipei City,C=TW,1.3.6.1.4.1.311.60.2.1.3=#13025457,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

rpcrt4

NdrServerCallAll
RpcServerUseProtseqEpW
UuidToStringW
UuidCreate
RpcStringFreeW
NdrClientCall3
RpcBindingVectorFree
RpcServerInqBindings
RpcServerInqCallAttributesW
RpcEpUnregister
RpcEpRegisterW
NdrServerCall2
RpcServerUnregisterIf
RpcServerRegisterIf3
RpcServerListen

kernel32

InitializeSListHead
GetCurrentProcessId
CloseThreadpoolTimer
CreateDirectoryW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
GetSystemTimeAsFileTime
GetCurrentThreadId
FormatMessageA
CreateThreadpoolWork
SubmitThreadpoolWork
WideCharToMultiByte
CreateProcessW
GetStringTypeW
GetFileAttributesW
OpenProcess
QueryPerformanceFrequency
GetSystemTimePreciseAsFileTime
Sleep
RtlLookupFunctionEntry
GetCPInfo
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
IsDebuggerPresent
RtlCaptureContext
K32GetModuleFileNameExW
GetStdHandle
FindClose
MoveFileW
GetLocaleInfoW
GetUserGeoID
GetUserDefaultUILanguage
GetUserDefaultLCID
WaitForSingleObjectEx
RtlUnwindEx
GetPackagesByPackageFamily
CompareStringEx
GetLocaleInfoEx
InterlockedPushEntrySList
InterlockedFlushSList
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringEx
WTSGetActiveConsoleSessionId
lstrlenW
FormatMessageW
CreateFileW
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
GetVolumeInformationW
DeviceIoControl
GlobalMemoryStatusEx
OutputDebugStringA
OutputDebugStringW
LocalFree
LocalSize
SwitchToThread
LocalAlloc
GetModuleFileNameW
ExitProcess
GetCurrentProcess
CreatePipe
GetFileAttributesA
SetHandleInformation
CloseHandle
ReadFile
GetExitCodeProcess
GetExitCodeThread
K32GetModuleBaseNameW
K32EnumProcessModules
GetStartupInfoW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
FlushFileBuffers
SetEndOfFile
SetFilePointer
WriteFile
SetLastError
GetModuleHandleW
EncodePointer
RtlCaptureStackBackTrace
GetModuleHandleExW
CloseThreadpoolWork
FreeLibraryWhenCallbackReturns
InitOnceComplete
InitOnceBeginInitialize
SleepConditionVariableCS
WakeConditionVariable
InitializeConditionVariable
TryEnterCriticalSection
TryAcquireSRWLockExclusive
DeleteVolumeMountPointW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetFileSize
GetFileTime
GetLogicalDrives
QueryDosDeviceW
RemoveDirectoryW
GetVolumeNameForVolumeMountPointW
SetVolumeMountPointW
GetUserDefaultLangID
InitializeSRWLock
RaiseException
RtlPcToFileHeader
ReleaseMutex
CreateMutexW
K32EnumProcesses
HeapAlloc
QueryPerformanceCounter
CreateEventW
HeapFree
MultiByteToWideChar
SystemTimeToTzSpecificLocalTime
SetThreadpoolTimer
CreateThreadpoolTimer
GetSystemTime
DecodePointer
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
TerminateProcess
GetProcessId
GetSystemDirectoryW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
CreateThread
WaitForSingleObject
GetLastError
__C_specific_handler
LoadLibraryW
GetProcAddress
FreeLibrary
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcessHeap
FileTimeToSystemTime
SystemTimeToFileTime
GetNativeSystemInfo

advapi32

CryptAcquireContextA
SetNamedSecurityInfoW
GetNamedSecurityInfoW
StartServiceW
QueryServiceConfigW
LookupAccountSidW
IsValidSid
InitializeAcl
GetLengthSid
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
GetAclInformation
GetAce
CopySid
AddAce
RegGetValueW
RegSetKeyValueW
RegDeleteKeyValueW
RegSetValueExW
RegNotifyChangeKeyValue
RegDeleteKeyW
RegEnumKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDecrypt
CryptEncrypt
CryptImportKey
CreateProcessAsUserW
OpenProcessToken
CryptSetKeyParam
AdjustTokenPrivileges
DuplicateTokenEx
SetTokenInformation
CryptDestroyKey
EventWriteTransfer
EventSetInformation
DeleteService
CreateServiceW
LookupPrivilegeValueW
ControlService
EventWriteString
EventUnregister
EventRegister
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
CloseServiceHandle
ChangeServiceConfig2W
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
QueryServiceStatus
OpenServiceW
OpenSCManagerW

ole32

CoInitializeEx
CoCreateInstance
StringFromCLSID
CoCreateGuid
CoTaskMemFree
CoUninitialize
CoSetProxyBlanket

oleaut32

SafeArrayGetUBound
GetErrorInfo
VariantInit
SysFreeString
SysAllocString
SafeArrayGetLBound
SafeArrayGetElement
SetErrorInfo
VariantChangeType
CreateErrorInfo
VariantClear
SysStringLen

iphlpapi

GetAdaptersAddresses

user32

RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetWindowThreadProcessId
MessageBoxW
wsprintfW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

api-ms-win-power-base-l1-1-0

GetPwrCapabilities

winhttp

WinHttpQueryHeaders
WinHttpSendRequest
WinHttpSetTimeouts
WinHttpSetOption
WinHttpReadData
WinHttpCrackUrl
WinHttpConnect
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpOpen

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shell32

ShellExecuteExW
SHGetKnownFolderPath

bcrypt

BCryptFinishHash
BCryptHashData
BCryptDestroyHash
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptOpenAlgorithmProvider

shlwapi

PathFileExistsW

api-ms-win-crt-runtime-l1-1-0

_get_initial_wide_environment
terminate
exit
_beginthreadex
_initterm_e
_register_thread_local_exe_atexit_callback
abort
_exit
_configure_wide_argv
_wassert
_set_app_type
_seh_filter_exe
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
__p___argc
__p___wargv
_invalid_parameter_noinfo
_c_exit
_initialize_wide_environment
_errno
_invalid_parameter_noinfo_noreturn
_endthreadex
_initterm

api-ms-win-crt-string-l1-1-0

memset
wcscpy_s
__strncnt
strcpy_s
strtok_s
strcmp
_wcsicmp
islower
strcspn
iswalpha
isupper
strcat_s
iswupper
towlower
wcsnlen
tolower
wcsncpy_s
isspace
wcstok_s
strncmp
_wcsupr_s
wcscat_s
strncpy_s
isdigit
_wcsdup

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s
_wfsopen
_fsopen
ungetc
setvbuf
fwrite
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
__stdio_common_vfwprintf
__acrt_iob_func
_set_fmode
fopen_s
__stdio_common_vswprintf
__stdio_common_vsscanf
__stdio_common_vfprintf
fputs
getc
ftell
fseek
__p__commode
__stdio_common_vswprintf_s
putc

api-ms-win-crt-convert-l1-1-0

atof
atol
strtoull
strtoll
wcstoll
strtof
strtol
wcstol
_wtoi
mbstowcs_s
atoi
mbsrtowcs_s
wcstoul
strtod

api-ms-win-crt-math-l1-1-0

frexp
powf
ldexp
_dsign
pow
_dclass
__setusermatherr

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
calloc
_recalloc
_set_new_mode
malloc
free

api-ms-win-crt-time-l1-1-0

_difftime64
strftime
_Getdays
_time64
_gmtime64_s
_mktime64
_Strftime
_Gettnames
_Wcsftime
_W_Gettnames
_W_Getmonths
_W_Getdays
_Getmonths
_localtime64_s

api-ms-win-crt-locale-l1-1-0

_lock_locales
__pctype_func
___lc_collate_cp_func
localeconv
___mb_cur_max_func
setlocale
_configthreadlocale
___lc_codepage_func
___lc_locale_name_func
_unlock_locales

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_stat64i32
_mkdir
_rmdir
rename
remove

api-ms-win-crt-utility-l1-1-0

rand_s
rand
srand

winsqlite3

sqlite3_errmsg
sqlite3_open
sqlite3_free
sqlite3_exec
sqlite3_close
sqlite3_prepare_v2
sqlite3_step
sqlite3_bind_text
sqlite3_bind_null
sqlite3_bind_int
sqlite3_bind_double
sqlite3_finalize

wininet

InternetGetConnectedState

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 519KB - Virtual size: 526KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19226aed0d0edc4ec167247cca2ed1d5

Code Sign

07:20:7b:3a:1a:cb:44:e4:dc:39:eb:d3:89:a9:6d:65Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0Certificate

Extended Key Usages

Key Usages

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dcCertificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

02:23:27:38:01:56:e5:de:c7:7f:25:bb:a4:b2:24:1a:38:65:a1:2d:2f:9d:40:9c:78:c9:96:34:3b:35:45:86Signer

Signature Validations

Verification

29/09/2022, 18:54 Valid: false

02:23:27:38:01:56:e5:de:c7:7f:25:bb:a4:b2:24:1a:38:65:a1:2d:2f:9d:40:9c:78:c9:96:34:3b:35:45:86Signer

Signature Validations

Verification

29/07/2022, 07:09 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

kernel32

advapi32

ole32

oleaut32

iphlpapi

user32

wtsapi32

userenv

setupapi

api-ms-win-security-base-l1-2-2

api-ms-win-power-base-l1-1-0

winhttp

version

shell32

bcrypt

shlwapi

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

winsqlite3

wininet

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 459KB - Virtual size: 458KB

.data Size: 519KB - Virtual size: 526KB

.pdata Size: 48KB - Virtual size: 47KB

_RDATA Size: 512B - Virtual size: 256B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

07:20:7b:3a:1a:cb:44:e4:dc:39:eb:d3:89:a9:6d:65
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

01:24:0a:fb:1e:38:0b:8a:16:f1:4b:71:9d:f4:d3:c0
Certificate

33:00:00:00:dc:34:1a:52:0f:bb:cf:3d:8c:00:00:00:00:00:dc
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

02:23:27:38:01:56:e5:de:c7:7f:25:bb:a4:b2:24:1a:38:65:a1:2d:2f:9d:40:9c:78:c9:96:34:3b:35:45:86
Signer

29/09/2022, 18:54
Valid: false

02:23:27:38:01:56:e5:de:c7:7f:25:bb:a4:b2:24:1a:38:65:a1:2d:2f:9d:40:9c:78:c9:96:34:3b:35:45:86
Signer

29/07/2022, 07:09
Valid: true

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 459KB - Virtual size: 458KB

.data
Size: 519KB - Virtual size: 526KB

.pdata
Size: 48KB - Virtual size: 47KB

_RDATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB