2020-01-14-malware-and-artifacts-from-Emotet-epoch-2-infection-with-Trickbot-gtag-mor75[.]zip

Resubmissions

28-12-2022 03:05

221228-dk91fahc93 10

20-12-2022 19:37

221220-ycbswsea2x 10

Sharing

Copy URL

Twitter E-mail

General

Target

2020-01-14-malware-and-artifacts-from-Emotet-epoch-2-infection-with-Trickbot-gtag-mor75.zip
Size

22.5MB
MD5

58fd4df914ef17cd19f0bb03e709c5b9
SHA1

fcb4c01c970f5b97076a5c93c9ebcc35358215bc
SHA256

7a5d773aa6ef4cf71a18234e4037788e635a3f8aeefef0e9898d69453bc53025
SHA512

b17f997d75597cfec942efdad3ac9e971d3c4a3e26a21a3a213d0235880b716882e45bdbb6b126b797350a42a73acc216512128421202575119975978766866d
SSDEEP

393216:J3CH9KWwLtfI2nfIkuBvF6sbP5HlqjUGO0hXCYwLHOfitxfU3:5qxwpfI2nfIkuB0sbRYjUGvdwLUitVU3

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

Processes:

resource
static1/unpack001/client/2020-01-14-Word-doc-with-macro-for-Emotet-epoch-2.doc

Files

2020-01-14-malware-and-artifacts-from-Emotet-epoch-2-infection-with-Trickbot-gtag-mor75.zip
.zip

Password: infected
client/2020-01-14-Trickbot-gtag-mor75-retrieved-by-Emotet-infected-host.exe
.exe windows x86

Password: infected

35f4c90dc3c507b6ed0bba604da7a69d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapFree
RaiseException
TerminateProcess
GetTimeZoneInformation
HeapSize
HeapReAlloc
GetACP
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
RtlUnwind
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
LoadLibraryA
GetVersionExA
GetModuleFileNameA
LoadLibraryW
GetTempPathA
lstrlenW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageA
GetProcAddress
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
MulDiv
SetLastError
GlobalUnlock
GlobalLock
GetCurrentThread
lstrcmpA
GlobalAlloc
CloseHandle
GetProfileStringA
GetTickCount
SetErrorMode
GetFileSize
SizeofResource
WritePrivateProfileStringA
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetLastError
lstrcpynA
GlobalFree

user32

LoadStringA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
CharNextA
CharUpperA
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
GetCursorPos
SetCursor
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
FindWindowA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
SetActiveWindow
SetFocus
ScreenToClient
CopyRect
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
DestroyMenu
GetDesktopWindow
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
IsWindow
AdjustWindowRectEx
GetFocus
GetSystemMetrics
GetClientRect
DrawIcon
InvalidateRect
IsZoomed
IsIconic
GetDC
LoadIconA
LoadStringW
CallWindowProcW
CallWindowProcA
keybd_event
PostMessageA
KillTimer
FindWindowExA
SetTimer
GetWindowRect
GetKeyState
SendMessageA
EnableWindow
GetSysColor

gdi32

GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
SelectObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
GetMapMode
PatBlt
GetTextExtentPointA
RestoreDC
SaveDC
DeleteDC
DPtoLP
LPtoDP
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
EnumFontFamiliesA
BitBlt
CreateCompatibleDC
CreateDIBitmap
CreateFontA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

VariantTimeToSystemTime
SysAllocStringByteLen
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantCopy
SysAllocString
VariantClear
SysStringLen
SysFreeString
SysAllocStringLen

Sections

.text
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
client/2020-01-14-Word-doc-with-macro-for-Emotet-epoch-2.doc
.doc windows office2003

Tbtzrchnmg

Fvcjcvibfdajn

Nkyoffriorkp
client/2020-01-14-follow-up-Emotet-binary-after-initial-infection.exe
.exe windows x86

a4e0347cbe5b367e305f6ccaae227862

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
GetFileTime
GetTickCount
HeapAlloc
HeapFree
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
RaiseException
GetCommandLineA
GetProcessHeap
GetStartupInfoA
ExitProcess
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
WritePrivateProfileStringA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FileTimeToSystemTime
InterlockedDecrement
GetModuleFileNameW
GetThreadLocale
InterlockedIncrement
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
SetLastError
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryW
lstrlenA
CompareStringW
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
Sleep
InterlockedExchange

user32

GetNextDlgGroupItem
MessageBeep
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
CharNextA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
InvalidateRgn
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
CharUpperA
DrawIcon
AppendMenuA
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
ReleaseCapture
SetPropA
SetCapture
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
EnableWindow
LoadIconA
GetSystemMetrics
IsWindow
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
SendDlgItemMessageA

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
OffsetViewportOrgEx
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetTextColor
GetBkColor
GetStockObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
SysAllocStringByteLen
SysAllocString
VariantClear

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
client/2020-01-14-initial-Emotet-binary-retrieved-by-Word-macro.exe
.exe windows x86

af10730eb37a87ffd6c2bb276575081a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RtlUnwind
GetStartupInfoA
GetCommandLineA
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetUnhandledExceptionFilter
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualQuery
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
GetTickCount
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
WritePrivateProfileStringA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FileTimeToSystemTime
InterlockedDecrement
FreeResource
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
CloseHandle
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryW
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SetHandleCount
InterlockedExchange

user32

PostThreadMessageA
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
PostMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
IsWindow
GetSystemMetrics
RegisterClipboardFormatA
LoadIconA
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
CharUpperA
CallWindowProcA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
wsprintfA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA

gdi32

DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteDC
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
StgOpenStorageOnILockBytes
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize

oleaut32

VariantClear
VariantInit
SysAllocStringLen
SysFreeString
VariantCopy
SafeArrayDestroy
SysStringLen
SystemTimeToVariantTime
SysAllocString
SysAllocStringByteLen
OleCreateFontIndirect
VariantChangeType

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
client/2020-01-14-registry-update-for-Emotet.txt
client/2020-01-14-scheduled-task-for-Trickbot-on-client.txt
client/gpuhealth/GƆCCKX ↀↂ;;;;;;;;;;;;;;;;;;;ж;;;;;;;;;;;яЫФЦйвЫФв003423C.exe
.exe windows x86

35f4c90dc3c507b6ed0bba604da7a69d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapFree
RaiseException
TerminateProcess
GetTimeZoneInformation
HeapSize
HeapReAlloc
GetACP
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
RtlUnwind
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
LoadLibraryA
GetVersionExA
GetModuleFileNameA
LoadLibraryW
GetTempPathA
lstrlenW
InterlockedIncrement
InterlockedDecrement
LocalFree
FormatMessageA
GetProcAddress
GetModuleHandleA
lstrcpyA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
lstrcmpiA
GlobalGetAtomNameA
GetCurrentThreadId
lstrcatA
GetVersion
LockResource
LoadResource
FindResourceA
MulDiv
SetLastError
GlobalUnlock
GlobalLock
GetCurrentThread
lstrcmpA
GlobalAlloc
CloseHandle
GetProfileStringA
GetTickCount
SetErrorMode
GetFileSize
SizeofResource
WritePrivateProfileStringA
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GetProcessVersion
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
GetLastError
lstrcpynA
GlobalFree

user32

LoadStringA
GetClassNameA
PtInRect
LoadCursorA
GetSysColorBrush
CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
CharNextA
CharUpperA
MapDialogRect
SetWindowContextHelpId
EndDialog
CreateDialogIndirectParamA
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
GetCursorPos
SetCursor
PostQuitMessage
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
FindWindowA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
PeekMessageA
DispatchMessageA
SetActiveWindow
SetFocus
ScreenToClient
CopyRect
IsWindowVisible
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
MessageBoxA
IsChild
GetParent
GetCapture
WinHelpA
wsprintfA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetDlgItem
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
DestroyWindow
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
DestroyMenu
GetDesktopWindow
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
IsWindow
AdjustWindowRectEx
GetFocus
GetSystemMetrics
GetClientRect
DrawIcon
InvalidateRect
IsZoomed
IsIconic
GetDC
LoadIconA
LoadStringW
CallWindowProcW
CallWindowProcA
keybd_event
PostMessageA
KillTimer
FindWindowExA
SetTimer
GetWindowRect
GetKeyState
SendMessageA
EnableWindow
GetSysColor

gdi32

GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
SelectObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
GetMapMode
PatBlt
GetTextExtentPointA
RestoreDC
SaveDC
DeleteDC
DPtoLP
LPtoDP
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
EnumFontFamiliesA
BitBlt
CreateCompatibleDC
CreateDIBitmap
CreateFontA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA

shell32

ShellExecuteA

comctl32

ord17

oledlg

ord8

ole32

OleInitialize
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard

olepro32

ord253

oleaut32

VariantTimeToSystemTime
SysAllocStringByteLen
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantCopy
SysAllocString
VariantClear
SysStringLen
SysFreeString
SysAllocStringLen

Sections

.text
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 216KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
client/gpuhealth/data/importDll64
client/gpuhealth/data/injectDll64
client/gpuhealth/data/injectDll64_configs/dinj
client/gpuhealth/data/injectDll64_configs/dpost
client/gpuhealth/data/injectDll64_configs/sinj
client/gpuhealth/data/mshareDll64
client/gpuhealth/data/mwormDll64
client/gpuhealth/data/networkDll64
client/gpuhealth/data/networkDll64_configs/dpost
client/gpuhealth/data/pwgrab64
client/gpuhealth/data/pwgrab64_configs/dpost
client/gpuhealth/data/tabDll64
client/gpuhealth/data/tabDll64_configs/dpost
client/gpuhealth/settings.ini
client/gpuhealth/syrecrt.exe
.exe windows x86

d4848ec48b7ce9c2e15ea21654b55b72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

GetTextColor

user32

GetSysColor
GetSystemMetrics
GetParent

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord588
__vbaGosubReturn
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
ord698
__vbaRaiseEvent
__vbaGetFxStr3
__vbaFreeObjList
__vbaGetFxStr4
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaResume
__vbaCopyBytes
__vbaStrCat
ord660
__vbaLsetFixstr
ord554
__vbaSetSystemError
ord661
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
ord592
__vbaForEachCollObj
__vbaExitProc
ord300
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord305
ord306
ord520
__vbaStrFixstr
__vbaBoolVar
ord309
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
ord709
__vbaNextEachCollObj
__vbaVargVarMove
__vbaVarZero
ord632
__vbaVarCmpGt
ord525
__vbaChkstk
ord526
__vbaFileClose
__vbaGosubFree
EVENT_SINK_AddRef
ord528
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord313
__vbaInputFile
__vbaStrToUnicode
__vbaR4ErrVar
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
__vbaI2Str
__vbaGosub
ord608
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
ord535
__vbaI2Var
__vbaLsetFixstrFree
ord644
_CIlog
__vbaFileOpen
ord648
ord570
__vbaInStr
__vbaVar2Vec
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaVerifyVarObj
__vbaFpI4
__vbaVarCopy
ord616
__vbaVarLateMemCallLd
ord617
__vbaLateMemCallLd
_CIatan
ord618
__vbaStrMove
__vbaCastObj
ord619
__vbaStrVarCopy
_allmul
__vbaLateIdSt
ord652
_CItan
ord546
__vbaUI1Var
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaRecAssign
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 436KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
dc/2020-01-14-scheduled-task-for-Trickbot-on-DC.txt
dc/gpuhealth/data/NewBCtestnDll64
dc/gpuhealth/data/NewBCtestnDll64_configs/bcconfig3
dc/gpuhealth/data/importDll64
dc/gpuhealth/data/injectDll64
dc/gpuhealth/data/injectDll64_configs/dinj
dc/gpuhealth/data/injectDll64_configs/dpost
dc/gpuhealth/data/injectDll64_configs/sinj
dc/gpuhealth/data/mshareDll64
dc/gpuhealth/data/mwormDll64
dc/gpuhealth/data/networkDll64
dc/gpuhealth/data/networkDll64_configs/dpost
dc/gpuhealth/data/pwgrab64
dc/gpuhealth/data/pwgrab64_configs/dpost
dc/gpuhealth/data/tabDll64
dc/gpuhealth/data/tabDll64_configs/dpost
dc/gpuhealth/settings.ini
dc/gpuhealth/syrecrt.exe
.exe windows x86

d4848ec48b7ce9c2e15ea21654b55b72

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

gdi32

GetTextColor

user32

GetSysColor
GetSystemMetrics
GetParent

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
__vbaStrVarMove
__vbaLenBstr
ord588
__vbaGosubReturn
__vbaFreeVarList
_adj_fdiv_m64
__vbaPut4
ord698
__vbaRaiseEvent
__vbaGetFxStr3
__vbaFreeObjList
__vbaGetFxStr4
ord516
__vbaStrErrVarCopy
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaResume
__vbaCopyBytes
__vbaStrCat
ord660
__vbaLsetFixstr
ord554
__vbaSetSystemError
ord661
__vbaLenBstrB
__vbaHresultCheckObj
__vbaLenVar
_adj_fdiv_m32
__vbaAryDestruct
ord592
__vbaForEachCollObj
__vbaExitProc
ord300
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord305
ord306
ord520
__vbaStrFixstr
__vbaBoolVar
ord309
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaErase
ord709
__vbaNextEachCollObj
__vbaVargVarMove
__vbaVarZero
ord632
__vbaVarCmpGt
ord525
__vbaChkstk
ord526
__vbaFileClose
__vbaGosubFree
EVENT_SINK_AddRef
ord528
ord529
__vbaStrCmp
__vbaPutOwner3
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner4
__vbaObjVar
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
ord569
__vbaLateIdCallLd
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaExceptHandler
ord313
__vbaInputFile
__vbaStrToUnicode
__vbaR4ErrVar
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaVarDiv
__vbaI2Str
__vbaGosub
ord608
__vbaFPException
ord717
__vbaInStrVar
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
ord535
__vbaI2Var
__vbaLsetFixstrFree
ord644
_CIlog
__vbaFileOpen
ord648
ord570
__vbaInStr
__vbaVar2Vec
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
ord613
__vbaVerifyVarObj
__vbaFpI4
__vbaVarCopy
ord616
__vbaVarLateMemCallLd
ord617
__vbaLateMemCallLd
_CIatan
ord618
__vbaStrMove
__vbaCastObj
ord619
__vbaStrVarCopy
_allmul
__vbaLateIdSt
ord652
_CItan
ord546
__vbaUI1Var
__vbaFPInt
__vbaAryUnlock
_CIexp
__vbaRecAssign
__vbaI4ErrVar
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 436KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

35f4c90dc3c507b6ed0bba604da7a69d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

Sections

.text Size: 232KB - Virtual size: 229KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 16KB - Virtual size: 29KB

.rsrc Size: 216KB - Virtual size: 213KB

Tbtzrchnmg

Fvcjcvibfdajn

Nkyoffriorkp

a4e0347cbe5b367e305f6ccaae227862

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 232KB - Virtual size: 228KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 80KB - Virtual size: 94KB

.rsrc Size: 116KB - Virtual size: 113KB

af10730eb37a87ffd6c2bb276575081a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 172KB - Virtual size: 170KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 80KB - Virtual size: 91KB

.rsrc Size: 48KB - Virtual size: 45KB

35f4c90dc3c507b6ed0bba604da7a69d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

.text
Size: 232KB - Virtual size: 229KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 216KB - Virtual size: 213KB

.text
Size: 232KB - Virtual size: 228KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 80KB - Virtual size: 94KB

.rsrc
Size: 116KB - Virtual size: 113KB

.text
Size: 172KB - Virtual size: 170KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 80KB - Virtual size: 91KB

.rsrc
Size: 48KB - Virtual size: 45KB

.text
Size: 232KB - Virtual size: 229KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 16KB - Virtual size: 29KB

.rsrc
Size: 216KB - Virtual size: 213KB

.text
Size: 436KB - Virtual size: 433KB

.data
Size: 4KB - Virtual size: 22KB

.rsrc
Size: 192KB - Virtual size: 191KB

.text
Size: 436KB - Virtual size: 433KB

.data
Size: 4KB - Virtual size: 22KB

.rsrc
Size: 192KB - Virtual size: 191KB