d3d2a0eb25d853d476a65c5c9f53a9992eb6673ce233280530c85a9632d9d856[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

d3d2a0eb25d853d476a65c5c9f53a9992eb6673ce233280530c85a9632d9d856.zip
Size

297KB
MD5

4aa2d2b01e3318b6c9c641bf19d4f947
SHA1

385667944b1ed435d2997f3bf9ffae13ded5f31d
SHA256

a9d0c0a4a5d8e51c39d94281a15e67a04f3bf0aa33e4d9981165dc5fc0a8621f
SHA512

df391f90a2a480ad8efcc392c9753f7cee1806a5a3e2f58b4e632c87e65795c2f0e11825841fbf507cd466246702888b8b047f7bcae3c2df1d767e986c34cd8f
SSDEEP

6144:4CcNDgpQnrInRj5mjL4NXGldbEPG9ssXrIc+QQVJ52MO11zaRflDn3:4Cu0pqrIR1mLxbEPNYqgLz4p3

Score

1^/10

Malware Config

Signatures

Files

d3d2a0eb25d853d476a65c5c9f53a9992eb6673ce233280530c85a9632d9d856.zip
.zip

Password: infected
d3d2a0eb25d853d476a65c5c9f53a9992eb6673ce233280530c85a9632d9d856.zip
.zip

Password: infected
sBeHRn.dll
.dll regsvr32 windows x64

Password: infected

530972abf7793bc476e8d1cd74ffdb06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

opengl32

wglCreateContext
glVertex2f
glClear
glClearColor
glEnd
glBegin
wglMakeCurrent
glPushMatrix
glRotatef
glColor3f
wglDeleteContext
glPopMatrix

kernel32

LCMapStringA
GetStringTypeW
GetStringTypeA
ExitProcess
Sleep
GetLastError
LCMapStringW
GetLocaleInfoA
MultiByteToWideChar
HeapSize
HeapReAlloc
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
LoadLibraryA
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
WriteFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
RtlUnwindEx

user32

TranslateMessage
PeekMessageA
ReleaseDC
DefWindowProcA
ShowWindow
DispatchMessageA
LoadCursorA
RegisterClassA
GetDC
LoadIconA
PostQuitMessage
DestroyWindow
CreateWindowExA

gdi32

SetPixelFormat
GetStockObject
SwapBuffers
ChoosePixelFormat

ntdll

NtTestAlert
ZwOpenSymbolicLinkObject
LdrAccessResource
NtQueueApcThread
LdrFindResource_U
NtAllocateVirtualMemory

Exports

Exports

AAZOFaJjTbOzHzAwxYQumJV
AAoVwA
AAvdQkeNmYBqgiIzNZJkF
ABBmGbupdNzhKzaYXXWszR
ACBFePYRQmMNqFLow
AChVZxSvZKal
ACpdezKM
ADDytqT
ADGEOzEaKegUOoRYPKYKk
ADIHpsEOunfduxXJvt
ADNipuOtrWQFEXAtqbjB
AELiEgtcXeVuurgAsQtAJi
AENoSQcDyumRQ
AEPTrYjdBosBGRVjyw
AEYwqrxQNj
AEphlhImWXvycmCwt
AGxSZjgYMEStYElTFZbCWQB
AHfNSdMnylanxzMIysFjwu
AIVolAjCk
AIuxPQTKYNXbNqZcTY
AJmKaWkFUemzoHLe
AJziGakoGkNLPrZbX
AKSSfdhMou
AMLTjYnyJlpXEqSKQvAwjRf
AMQghTorCAlzR
ANvItEiqxRg
AOyglrkrHgPadkrjEasB
APkpeiQyIEarglREzTTergmKp
APmjxTHHoEWpFkElZwj
AQkPDQEUI
ASQwGPEiGFLOSLxDGDPAW
ASzklXy
ATRpJMSJL
ATdlmwMlneUYuz
ATzEhhbLkgALqCLGkHECiYorYt
AUWtniNBIdsBknZraAOJ
AUhLcgoZkTKJZSgOwln
AVFGqALdsumzgJYlCr
AVNYoYM
AVSxGvhKfDnH
AWNgysplW
AWbLvczvkCqP
AWnPgqJaXW
AXqmpfznNDHLz
AXvJCQHVvRdeWBjwc
AYieSeqCqBECvqBVIAETtXYY
AZoGcXyBukqJhFPzR
AaYOKKZNYwgpwCJmsZJh
AauHFlDd
AayTEqVusHCFqKkaBZrvlN
AdzcNTZAQVPHmIrIQhAGvaIL
AfWYfyWOYrcwvWnV
AfeQyguMQWQ
AflglNdooKqBZYpombYu
AgHAyTewxUwvSKxG
AhKiEzWsQDqqvIR
AhfRXxOKsKBwntpo
Ahnayf
AjIzaiYdsEzwpfcDOZkZ
AjJJGijmXVr
AjacOyDftJuvxnRr
AlYuRmUkMzAlZuERiccutrxi
AmWrXycwgSzqH
AnAJnsvjTknXiKfQ
AnCqPBkVRhURJkifHPS
AnJoeXLRzvtpWBhshUzELDyy
AoQwCE
ApGNCvAco
ApYIjoTEIrSkbrQc
ApuTYXGefEtVAZChzOrBpN
AqOQNilwiEuCOBiAovvzF
AqenWwZC
AqhTfeBLxHcJ
AqqEGIkPNJvukniNhbGWAJ
ArhbkWldqDkPdGNHLuFehmLbh
AsUhPRmdBNRrtwIEON
AskDrDvLjNRHwCvPxkezNJkYkL
AszBOZaaxYoxRpvDnvnqA
AtHDDvVlpSfpfyEbLpeE
AuPvrlhlGdG
AuqCZLeJOSovuFWouwPHTF
AuqLRqw
AvPimWTIclXziOPfKFgKil
AvYspHKBGBCX
AwgfaqcN
AxYaFt
AxciZLLCHfDirPsDpimCKIUCv
AyBnpbec
AydTtdYFAIEavnrvbzuKQJ
AyeLcHSWfMKHX
BBZuRApykNd
BCFYgjJeoHyOZuddt
BChoDPCD
BCiFMCxH
BCsXSXmugHbhY
BCwfCjjkvulrWAsxP
BCyqzjRlnZnbBQmdFzQFjhspQ
BDDqRy
BDiiDltMrYXEnAdMzO
BEBXYFjhgt
BFeiFsRnaNfKclFK
BHUREXQoyAT
BHyDiLWnNpES
BIpTDwUAGCRnKhVjVTUjcExxSY
BJSWNTbsOfj
BJkExXbUIEHBjnzIjAlGUhI
BJlQVCcPkwPAAzbsgYXAxqIqz
BJzFFqJXEwMCjNBBQBfnRlw
BKBUQayEiCudSAj
BKOXqTGnJqhNmTx
BKTUDLWFRLZVAPG
BKXSYJLzixNoJDhEzkDst
BKZASAP
BKfokoeFJtxfJHBoHiLLpsVadK
BLXTzcrTVzlOcTwfyRmRs
BMJCYoCrkZBZxwTvZYxTQ
BMWXCpXSJcHkbQ
BNSTxdAQuHNaO
BNqTkKFQxKKUVkcR
BNxJxccBRgbwlMwmJbdNj
BOGxscm
BOupLvMFxHtTVQYTYoRlJAcfe
BPIiJu
BPWGIbXcidZNiEXeijVg
BPfuRjUGB
BQExNYnsPE
BQMnIQeBHoHslsEBCDAgHJIZb
BRcPoTqORV
BRqbiTtKu
BRtOtnxAquqnNdy
BSCaXnHjX
BTeLZEyAxaaWtStavNbqWOTZi
BTezpLevHMigInpDGM
BToTIMtJdCFeDCNYbXHgV
BTuTsMU
BUSENkYnCCE
BUeNeTWmXoVYVnWlUhVEwBBIm
BUoHcjHAnVDklZRZBz
BVKOLkkzhnTSItDmEfG
BVwSMzonYqtGOtHbc
BWGQCLiaNNg
BWhgvWXIPHD
BWnMGEpoEyChJpfqeonsO
BWvrWLwmFXlIWAjrliFlSlP
BXBJYpXhwfXrEZlKGd
BXEyFSOyxMvf
BXmgsLeEnupmZIS
BYAlmsAbSpz
BYeUYLcZiGAsjFYeUe
BZqNgnBvzI
BaFyxrDxLLAcdGVebK
BaHLQWk
BaTUzKdelwwzXeIoDQ
BbIBtAvq
BboMzZvkn
BcoqZLua
BcyOeEtkl
BdRySTkSZqbAmtffynclogl
BdhXnSryJRLDgVjNdDA
BeLHrqFtLXBVJIwlr
BfbsOGioKuIGsCYQtmDHDlBoOv
BfqBAhzyczXmrqTQugfx
BfuXrW
BgcJlCGv
BghYRsGNYCuVFbTF
BgjeiLDwCZtbTQHMfPS
BhSZMQwfWXNKhSJ
BhiIvYtNuKmleaiUQtLHrRwjS
BhrGciQah
BiZCmaBxSmwKOEoGlkh
BjroSzpYgrKOLz
BkNlWNQBbIDey
BkWGZLe
BlApBBpyeJ
BmKRceMfaiCqXYJyVwRcMn
BmgkMhVDOOOKWAGNkvAE
BmoZYOHvMHOEkycFRkmQGD
BmsTarEAOUjoDqDyjgTlfShJ
BnZJFOcPJjh
BnzhjgzO
BoaNRVpkLKJ
BoySvZrhZMCgzv
BpSZAvHitQVAROc
BpXYNFWWrWVpPaQisvOgCpgs
BqAvPhZfTOmWUz
BrYvcuPEJkSVyv
BsaUfxPy
BuEJCJXUgbruwpUUPeKNCtUvXM
BuQczRdfUyJaRmuFhFDuAQ
BvqCXLwIFPNRcpWPtiQAsomWM
Bvvvzm
BxKrOJdBqZrqOLcWOAppwUK
BxnZexgFZZdXYlEL
BzBPlpiqNCmimL
BzBuOZAgkvgB
BzGMqirPOkzmRWgKe
BzdRMkZbQOQBqBrALLDTqt
BziELhLyuFICmCE
CAJHdnDxhpdq
CAnjuISEnTWdExOsuGVFkncp
CCRpkjektxWKcgpw
CDfccJbwaLPeOEszmX
CEMdGvXzfbUwaFSPDxawygllzc
CFGIiJAOKUCIu
CFidJhoDir
CGHyTxr
CHhVXYSNgALBEs
CIgNUMTxBBBIyjseTYTzkMT
CJDpHPyWYS
CJYVuMTZmaljBoyyDBhSqg
CJifFkMlNJlVKxYlz
CJqkVkiKggEKWVq
CKTbiNJXo
CKVvYrefyxnyxWjc
CKhseWalHULC
CLooPUG
CMpTMslseiPNwdPKLin
CNClwCCuIxne
CNSnsNQTUstZ
CNZDJkrHTJXrNnxHsUwjbQvY
CNuIUzkTcSqjqNbqaepSRL
COIJDT
COaIjpFk
COaxRgWzVHNfrCJvtMdFdgo
CPHcmfZNCAkdYsDHxFY
CQpDFleJVamaWRRpTGLbUgVuK
CREVIIlNZTd
CSGxsnBikCd
CSOuKYPU
CSQebwOFxECErIVTaFaUFLoFS
CSoqcqINofnJAWFqesc
CSpzWRxRkkfFvOe
CTGdOufvlvrqSiPIVMYONAb
CTTQwcDzxfqVTPcPQVqrYmezNo
CTkjtEQXRarFfRXeftWUmCb
CToDDNCmoRfKoMsCDpWoswPrsW
CWHUiJauNWyZWHOfzfucUSlYNp
CWHWsUzoEAxbhgQBuhe
CWSkxywtAsgjylVJhVuJhzRuKO
CXnWSIq
CYArcQpFXunUVBRShiVo
CYDAgSpiGTa
CYHOWurXIzH
CYfzcKbjdwYyFaQYt
CYhekPmdHVhWpYyeMIHl
CZGaQtcUWDx
CZKXSGdDgNRaukNCJdetlIafZ
CZXZTbEZepglIsBCQVpLDc
CZcbStgl
CZiKVRN
CbEANbEMQZUdhNdnH
CbyJiwlJaTdZuXG
CceFpLjRbroHVMSJFAFXKXZG
CcvMppMgWlbbnqfoOlzOKnOUp
CeAPxhrfJXmkXPz
CgBxmNUHoo
CgapmvuDDxEFGV
CgpCJfOsxhQUfgIw
CkTgTicbjeIgzLlqvHJbgWJ
CkrgVxyE
ClWhOstJfPDPfSHJMNPyN
ClwhWshoeAtsbRaXkz
CmLOuWiMBUvqDznH
CmnfBuJsrdVjGcWoiAGxdOUPTu
CmtHBhVdVVIliXQLwrvLWoz
CorttVUbxv
CqZwswcbaK
CqcYOmSCJOYMQF
CrPyjqRwvhuRcqefrjhExFeEyr
CrQpjDaUOEk
CrqacOYoGWLOwLle
CtGmblNJcIdlJesuKnMOJB
CuMvOgUZ
CucVyqawaZqlvuqhKhRSiOheyb
CvKBaFuQJgCkzimwGPouqIQzm
CvKBdfhOpyfhFZTFPvPLKLa
CvLoZCES
CwdIoZxXWOy
CwkKwEeejAkz
CxPiUra
CxXLtxypZtxss
CxbjrCo
CyDAYUCGVWnBPRpDBXYNmPt
CyQvuULlzfyHLA
CyWJeevHpFZIGHpmHY
CyaxroVhfAHSqOea
CzNvvdemWLqAqxaaJmAZMLXRfW
CzOkyXhF
CzPXdYxoWyAreWeGObC
DAgidiwTcSXfcELcPc
DBwJxsiDOxJRxfRAUWVQQBM
DCqDTaFeLPOzGwAj
DDxnEARyVwuVXadxOCbCfx
DGgHHkvYi
DHlbkrbVCvmOqqci
DHnQxNRiJLGMGbd
DIJNgdoUSujZKoTey
DJfPrKdEwwUfNb
DJpSpzQxBSkyu
DKkRaUygOzMgHVBZnouZdgV
DLppUEzLvAyWbBlfti
DLuEffMVCMUWbWDgJBuiG
DMAXeTKBmfHOexEyiAxzpwJc
DMJMZiwFelofWCMCIhs
DMYtAKS
DMjyweyYvWROMZH
DMoRWZSGZunsLQLfygJuFmJac
DNNTFsbIUjvaCkFwrHwWG
DNeytEUyINJC
DNkqivQlVlzIOIlaCyrCF
DNrfxeasprLMjWodZDnN
DNxELchEMBgRXRWxpchwiwq
DOPUKDHtabQxJaus
DOQjsktwBNpO
DOYHUrxbXkEburehQcejILHz
DObBQncGGTzStbeN
DPJBZKqujAfYQRbVAu
DPODoIgMlH
DPSlgnnlvwf
DPeZocVWTzgNXJyegZUvbrnuJM
DQBtHNbmxChXXVdsoZVFkRyP
DQwKVVirD
DRbRPqzghvfd
DRkVYcxwE
DSBIVPbKS
DSfRCkIibHLW
DTiRFvDyNkIgjlEJzNJdhrG
DTwlohX
DUtpRsBfxyxHhOLjMbEkSNuw
DVASUNVBrby
DVSlXtABQvMJepeA
DVYOfgkOdkTwcad
DWWyHfVidASlwx
DWXsBb
DWpOPEglxDa
DWtsgZcXkrcckKtdFvOzmqs
DWudOE
DXFXiKOcuBpAQLRo
DXWZZWhLfGLNXdJFWgdsVlhGO
DXaPmjNsRfpLVNo
DXfukbzTOgXqyoMu
DXvINmfkpGEdBjsJbgLONXkwvn
DYHLCoXRwGcVPiQycXZKne
DYPjtNNkjhsiKWPIc
DYiBZURAEzKP
DYmQHSvyUxMUflWdq
DYyWSzTOInEKhlRyEs
DZAFHh
DaEaxzvZBgfsV
DbCsdpwzozpUP
DbWkaPbpvUJSuA
DbmfAtCsgd
DbuTAGdxvDeDid
DcBQikajziCzxAfowkXzaTCa
DcWutvImVcTXBDqTbTQrECGW
DdBJpihRkTNDqxCU
DdDhGckFZO
DdZPOuLywHQLcUtj
DeTAvkrNIReL
DexhYbZtJedBdCtjWpfqofmo
DfMrCkJAjdH
DfnRrOfVq
DgDbKjluqecqmyaLXKP
DgEvFVoNKimndwRVzrI
DhOLYKDenYGYzDxxCKUtulju
DhUUGvVZfgZnUpJrpczdlzMFN
DhcbXBosfNrYgABBCr
DizrxfDxdEXWKEeD
DjElWEkSJlBwRrqbT
DkAwGk
DlSKCdESF
DlVxefAYMMpvfeubvngk
DleDFOabWdQClVJsqjc
DliEwYZRIlKvCO
DllRegisterServer
Dluoot
DoHCKBvqoS
DoOdnVrIsBhkwOy
DpnGxGQRVz
DqnyecuZRhEwssxaDwTaSREkYU
DsZaQFVtAweAydqWuMK
DsiHEyrkSXnjTlFUy
DtBlypfkec
DtSOEtKfP
DtWtTpsDrvVWRre
DtcAkLGouaxfdPkxi
DvPBnHcPbrzatZEX
DwKVTsErWyJ
DwKXBqlqlPhykFcxmnDbvyjk
DwOntCBIHKxBXpSgZeku
DwTpKEpMKbKRtmLJeIODRmKHbP
DwsJtnreBhLFAhZkFsl
DxFaJsRIJvkeQiJMfresqODZmO
DxbRfeesdhxLqMCMW
DyITocxkH
DyORIhMHKjzRp
DylRSEftlb
DyzwKnuVNaDCwqb
DzXRiCcltSk
DzawJByPu
EAvYCvbUaju
EBGMXlMW
EBZINGQbSskjySyvZm
ECDGLYevZQxFXl
ECjvQId
EDACDs
EDTlTHLHXOiyUWpLSPbvtoCo
EFPrvxGUPBLoRYfrPtQSmmXH
EFrkklWYWlsVhn
EGmxeHhziqtRCzdktpsPb
EItXXCtjyZaDhGVUSRFHTTZRNP
EKEQXOhoQuwuXxnExFv
EKWeYoLEOTwH
EKiuSpnCnkcCUvD
ELIfFtptxmDbpweXpIDp
ELbgXMvVoXyvRVwrDxfhiyS
ELqKhrNlpsXbiqEnaKeXYers
EMJfZzESRyjEbPJEYpZEUY
EMmmtBmKsirejjOHEhjvgb
ENycnPNUFEbdCpRGKVH
EOJkSgkjU
EPMtEZkjmwYpMgKGmupvbwiuy
EPOYwOoUBgAUswUBSFzjG
EPWjbDbmAxcOjJqaUXk
EPhUcaYXxBgHCMnATmeyfEA
ESlbwfLFKljGvgYU
ESsxAZgpMQeDUDHjOzRR
ESxxsrWldGQRtgQ
EVIrbQgntlswyapCzGDB
EVaTAzhcQWyPzEgv
EVbrHPsQZ
EVvjfEVuUrSeQw
EWnShNuHTwYOXWQpxpYktH
EWzqddVddCgPgkUGqxv
EXHNlVcCbKtiNLBBl
EXcQsJHGilXAmVsN
EZQPIUdepdt
EZhWNuzmTFgn
EbcTpjEkUghAuTazcpUVeQnguY
EbprBMRoDgXFvCwERHyAgmixz
EcgFkvsZLG
EeBTnvQgAr
EehtxCMvCDWhAFWSiJELvdxQp
EfBYNFFwRDQTz
EgYgbbEwuBGEBuOuTcjVFdUA
EggAIKOauSSXL
EglzYUiXCMGFZtZa
EgqONHCoqFyYnxh
EhMFtLLlPx
EhbmwhcET
EiMtQsZ
EjKeeYJqmNJiGMOWa
EktaXPWahEArcWUZkQH
EnxPhae
EoJuqqpPqFX
EoOBVCqNpYkflaj
EoUBcAHrcwLRgzbNAsz
EohTVNqMlWifNYPn
EoucgN
EpHMYAe
EqHKPy
EqZGYYZu
ErIUOSzyKeChP
ErLLUEfcSBqCywba
EsPDHHMzNgdLSmNLvYXdWb
EtVNjFGPMhUtBaOdaAThXKcO
EuRjvLEg
EurhaZA
EusunZppgakYfqwnowOY
EvOqbzwnlaAbNSoFnqoijH
EvjgZhLdMbVNm
EwKwJL
ExrCMhrw
ExsdtRiebUFSoawq
EyKJNl
EyfnYfIFECDzTsZwLJy
EypfkBzeeBAGWKYS
EzOirmfSRW
EzToXtolrQ
EzrvSDTxcShX
FAKQrGhFlOTeEWPRKCC
FAgAgqHtMLmJLlvHOPgjTBpjUF
FAnxAIDuKMwE
FBuCqxTJsSxpqXE
FCJaYPYDykRtUXyixW
FCLdxGXRgTpJEuhz
FCbsynUrqiVSSWekzn
FCgMYIXOcbSJjAhrSwcH
FDzlFFadTFv
FERYkLHUqpscXGdtQudBTovBWC
FEwnQxcrvnlutfzIBetCxyJg
FFGchNxmxoWIP
FFJloYv
FGOjGfCKMlmGA
FGStoQaag
FGUWAVN
FHVeREREttYNdORWqky
FIlkWEtZjyKQbrLSsvJE
FIrgbKjSFeZmCDlvbmSzJ
FJCWun

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 241KB - Virtual size: 241KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

530972abf7793bc476e8d1cd74ffdb06

Headers

File Characteristics

Imports

opengl32

kernel32

user32

gdi32

ntdll

Exports

Exports

Sections

.text Size: 149KB - Virtual size: 149KB

.rdata Size: 144KB - Virtual size: 144KB

.data Size: 5KB - Virtual size: 9KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 241KB - Virtual size: 241KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 149KB - Virtual size: 149KB

.rdata
Size: 144KB - Virtual size: 144KB

.data
Size: 5KB - Virtual size: 9KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 241KB - Virtual size: 241KB

.reloc
Size: 2KB - Virtual size: 1KB