Csgo[.]rar | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Csgo.rar
Size

1.7MB
MD5

156b517a717737338829c957abc77b7f
SHA1

e420f4f36351d0aa14c68416969f9a15d037e940
SHA256

34a9913d47671510b485468674e61ec9d6aee760b68e0eb44e8f4288ac368ead
SHA512

27c22027158dda35e5e2ef0ce8ffd8fd60a84ff87e2d8ad777a451652cac110454b0efceb53dc8f818bab4831b8be2bca4f3464910551d436eb3efd04dd0e983
SSDEEP

24576:YzytriVPR4Wfgj7wetf0RDvmFg2WH/2DgmJYKiw5dEcr9OkhNPd8DQvzx1iWuaHS:c6cPNgXRMuSwYwrDa0vzx1eIqqF4wM

Score

N/A

Malware Config

Signatures

Files

Csgo.rar
.rar
CSGhost.exe
.exe windows x86

108c6edea2305b1b83fd390f20149efe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AreFileApisANSI
GetLastError
LocalFree
FormatMessageA
SetCurrentDirectoryW
CloseHandle
GetModuleHandleA
OpenProcess
GetModuleHandleW
WaitForSingleObject
GetProcAddress
Sleep
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
UnhandledExceptionFilter
InitializeSListHead
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime

user32

GetAsyncKeyState
BeginPaint
GetCursorPos
InvalidateRect
RegisterClassExA
GetDesktopWindow
PostQuitMessage
LoadCursorW
LoadIconW
TranslateMessage
CreateWindowExA
DefWindowProcA
GetMessageA
DispatchMessageA
GetWindowRect
SetWindowPos
FillRect
MessageBoxA
SetTimer
DrawTextA
EndPaint

gdi32

BitBlt
CreateCompatibleBitmap
CreateFontA
SelectObject
CreateCompatibleDC
DeleteDC
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
SetTextAlign

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
GetUserNameA
RegQueryValueExA

msvcp140

?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xlength_error@std@@YAXPBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_detach
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z

winmm

PlaySoundW

vcruntime140

memset
__current_exception_context
__current_exception
_CxxThrowException
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy
__CxxFrameHandler3
memmove
memcpy
_except_handler4_common

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_exit
_initterm_e
exit
_get_narrow_winmain_command_line
_c_exit
_set_app_type
_register_thread_local_exe_atexit_callback
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_exe
_controlfp_s
_initterm
system
_invalid_parameter_noinfo_noreturn
terminate

api-ms-win-crt-heap-l1-1-0

_callnewh
malloc
free
_set_new_mode

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
___lc_codepage_func

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
new_weave.dll
.dll windows x86

f7cd4b67627c01b8b34289569783007a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcessId
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetModuleFileNameA
FindClose
FindFirstFileA
FindNextFileA
GetFullPathNameA
CreateDirectoryW
GetVolumeInformationA
GetComputerNameA
GetModuleFileNameW
WaitForSingleObject
ExitThread
GlobalFree
GetProcAddress
WriteProcessMemory
VirtualProtect
GetCurrentProcess
lstrcpyA
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GlobalLock
UnhandledExceptionFilter
CreateEventW
ResetEvent
SetEvent
VirtualFree
GetSystemTimeAsFileTime
GlobalUnlock
GlobalAlloc
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FormatMessageW
CreateMutexA
LoadLibraryA
WaitForSingleObjectEx
ReleaseMutex
GetCurrentThread
GetCurrentDirectoryW
EnterCriticalSection
WriteConsoleW
GetConsoleMode
GetStdHandle
GetEnvironmentVariableW
TlsAlloc
InitializeCriticalSection
TlsSetValue
DeleteCriticalSection
LeaveCriticalSection
SetLastError
TlsGetValue
WriteFile
GetProcessHeap
VirtualQuery
VirtualAlloc
Sleep
InitializeCriticalSectionAndSpinCount
LoadLibraryW
GetSystemTimePreciseAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemDefaultLangID
FreeLibraryAndExitThread
CreateThread
GetLastError
GetModuleHandleA
GetFileAttributesA
CreateDirectoryA
SetUnhandledExceptionFilter

user32

GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
GetClientRect
SetCursorPos
SetCursor
GetCursorPos
ClientToScreen
ScreenToClient
LoadCursorA
GetAsyncKeyState
SetWindowLongA
IsChild
CallWindowProcA
EmptyClipboard
GetClipboardData
SetClipboardData
CloseClipboard
OpenClipboard
FindWindowA
GetKeyState

advapi32

RegSetValueExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
SystemFunction036
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteA
SHGetFolderPathA
SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitializeSecurity

oleaut32

SysAllocString
SysFreeString

msvcp140

?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?id@?$ctype@D@std@@2V0locale@2@A
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bios_base@std@@QBE_NXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?uncaught_exceptions@std@@YAHXZ
??7ios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
_Mtx_trylock
_Thrd_sleep
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?_Throw_C_error@std@@YAXH@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_function_call@std@@YAXXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Xinvalid_argument@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Xlength_error@std@@YAXPBD@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?setf@ios_base@std@@QAEHHH@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?_Xbad_alloc@std@@YAXXZ

d3dx9_43

D3DXCreateTextureFromFileInMemory

vcruntime140

strchr
_setjmp3
longjmp
memcmp
__std_type_info_compare
__CxxFrameHandler3
memchr
_purecall
_CxxThrowException
__std_exception_destroy
__std_exception_copy
strrchr
memset
memmove
memcpy
_except_handler4_common
__std_type_info_destroy_list
strstr

ntdll

NtQueryInformationThread
RtlCaptureContext

vcomp140

omp_get_num_threads
omp_get_thread_num

ws2_32

shutdown
connect
WSACleanup
closesocket
recv
getaddrinfo
socket
freeaddrinfo
send
WSAStartup

winhttp

WinHttpConnect
WinHttpCloseHandle
WinHttpOpen
WinHttpReadData
WinHttpSetOption
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse

winmm

PlaySoundA

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext

xinput1_3

ord4
ord2

wintrust

WinVerifyTrust

api-ms-win-crt-runtime-l1-1-0

_cexit
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
abort
_beginthreadex
terminate
_errno
_crt_atexit

api-ms-win-crt-string-l1-1-0

strcat
tolower
_stricmp
strncpy
strcpy_s
towlower
toupper
strcmp
wcslen
strncmp
strlen
_wcsicmp
strcpy

api-ms-win-crt-heap-l1-1-0

malloc
_aligned_malloc
_aligned_free
_callnewh
free
realloc
calloc

api-ms-win-crt-utility-l1-1-0

abs
rand
srand
qsort

api-ms-win-crt-math-l1-1-0

log10
tan
cbrt
floor
modf
pow
log
trunc
_isnan
_dtest
sqrt
_dclass
_dsign
log2
acos
asin
atan2
ceil
fmaxf
cos
atan
exp
fabs
fmod
sin
_finite
_hypotf

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
clock

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vsprintf_s
fopen
_wfopen
fclose
fflush
ungetc
setvbuf
_fseeki64
fsetpos
fputc
fgetpos
fgetc
_ftelli64
fread
fwrite
ftell
fseek

api-ms-win-crt-convert-l1-1-0

atoi
wcstol
_wtoi
strtoul
_itoa_s
strtol
atof

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_wremove
remove

api-ms-win-crt-locale-l1-1-0

localeconv

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 481KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 47.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

108c6edea2305b1b83fd390f20149efe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

msvcp140

winmm

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 47KB - Virtual size: 46KB

.reloc Size: 2KB - Virtual size: 2KB

f7cd4b67627c01b8b34289569783007a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

d3dx9_43

vcruntime140

ntdll

vcomp140

ws2_32

winhttp

winmm

imm32

xinput1_3

wintrust

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 3.5MB - Virtual size: 3.5MB

.rdata Size: 481KB - Virtual size: 480KB

.data Size: 1.7MB - Virtual size: 47.0MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 97KB - Virtual size: 97KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 47KB - Virtual size: 46KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 3.5MB - Virtual size: 3.5MB

.rdata
Size: 481KB - Virtual size: 480KB

.data
Size: 1.7MB - Virtual size: 47.0MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 97KB - Virtual size: 97KB