??4_Init_locks@std@@QAEAAV01@ABV01@@Z
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d2e8c4ed584f74e7b11b0a98168c4cb6ff99e46bf8e403bcb0777cc6668258c6.exe
Resource
win7-20230712-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
d2e8c4ed584f74e7b11b0a98168c4cb6ff99e46bf8e403bcb0777cc6668258c6.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
d2e8c4ed584f74e7b11b0a98168c4cb6ff99e46bf8e403bcb0777cc6668258c6
-
Size
1.6MB
-
MD5
c22c79e3bb389694e2186352326be2bb
-
SHA1
28f2fb09682b9ffe0870fa898df141425c576120
-
SHA256
d2e8c4ed584f74e7b11b0a98168c4cb6ff99e46bf8e403bcb0777cc6668258c6
-
SHA512
16fb8a232b8609d13fa6b342d52ebd4d1ae095ea8abeb971f3738694b934026a2cf40b3e101b08ea3accb4ffe3633733f9be3f4798e33fd7de6a0577a8e757c9
-
SSDEEP
24576:NEII3fzDe2YA203nSef7D8acsqjnhMgeiCl7G0nehbGZpbD:m7D/YA203nSeqDmg27RnWGj
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d2e8c4ed584f74e7b11b0a98168c4cb6ff99e46bf8e403bcb0777cc6668258c6
Files
-
d2e8c4ed584f74e7b11b0a98168c4cb6ff99e46bf8e403bcb0777cc6668258c6.exe windows x86
8a79d0920b934d5635746d55c1bbaf1d
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
uilogic
CreateUiLogic
CreateUiPolicyPtr
GetRecordObj
GetScheduleObj
userenv
CreateEnvironmentBlock
DestroyEnvironmentBlock
GetUserProfileDirectoryW
UnloadUserProfile
LoadUserProfileW
wtsapi32
WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsW
WTSEnumerateProcessesW
WTSRegisterSessionNotification
rpcrt4
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
NdrServerCall2
RpcServerUseProtseqEpW
RpcStringFreeW
RpcServerUnregisterIf
RpcBindingFromStringBindingW
RpcServerRegisterIf
RpcMgmtStopServerListening
NdrClientCall2
RpcBindingFree
RpcStringBindingComposeW
comn
GetObjectSys
GetObjectLang
GetObjectLog
ws2_32
accept
bind
inet_ntoa
send
recv
sendto
setsockopt
WSAIoctl
getsockopt
getsockname
select
htonl
recvfrom
inet_addr
WSACleanup
listen
connect
closesocket
WSAStartup
socket
WSAGetLastError
gethostbyname
htons
encrypt
CreateEncryptObject
StrToHex
HexToStr
diskmgr
CreateDdmManager
shlwapi
PathFileExistsW
amnet
?ToInteger@Amnet@@YAKPA_W@Z
?InitAdapter@Amnet@@YAX_N@Z
?Sendto@Amnet@@YA_NHPADI0H_N@Z
?Disconnect@Amnet@@YA_NH_N@Z
?Install@Amnet@@YA_NXZ
?GetLastError@Amnet@@YAHXZ
?Uninstall@Amnet@@YAXXZ
?GetAdapterCount@Amnet@@YAHXZ
?GetHostName@Amnet@@YAXPAD@Z
?CleanVirtualAdapter@Amnet@@YAXXZ
?ToCharacter@Amnet@@YAPADK@Z
?GetAdapterAt@Amnet@@YA_NIAAUTAdapter@1@@Z
?ToInteger@Amnet@@YAKPAD@Z
ntlog
?CloseLog@NTLOG@@YAXH@Z
?WriteLog@NTLOG@@YAHHIPB_WZZ
?OpenLog@NTLOG@@YAHIPA_W@Z
nthelp
?Wchartochar@Help32@@YAXPB_WPADH@Z
?Compress@Help32@@YAHPAEI@Z
?FileIsExist@Help32@@YAHPA_W@Z
?GUIDToString@Help32@@YAXAAU_GUID@@PA_WH@Z
?IsValidUserAndHasAdmin@Help32@@YAHPA_WAAH@Z
?IsEmpty@Help32@@YAHPAD@Z
?IsEmpty@Help32@@YAHPA_W@Z
?Decrypto@Help32@@YAXPAEK@Z
?SplitString@Help32@@YAXPA_W_WAAV?$vector@PA_WV?$allocator@PA_W@std@@@std@@@Z
?StringToGUID@Help32@@YAXPA_WAAU_GUID@@@Z
?Encrypto@Help32@@YAXPAEK@Z
?InternetCheckResult@Help32@@YAHPBDH@Z
?GetIPv4InAddr@Help32@@YAKPBD@Z
?GetIPv4InAddr@Help32@@YAKPB_W@Z
?WriteFile@Help32@@YAKPA_WKPAXK@Z
?Expansion@Help32@@YAXPAEIPADI@Z
?CopyString@Help32@@YAPA_WPA_W@Z
?CopyString@Help32@@YAXPAD0@Z
?CopyString@Help32@@YAXPA_W0@Z
?CheckWindowsUserAndPasswordIsValid@Help32@@YAHPA_W0@Z
?GetAddrInIPv4@Help32@@YAXKPA_W@Z
?Chartowchar@Help32@@YAXPBDPA_WH@Z
?GetModuleFilePath@Help32@@YAXPA_W@Z
?GetModuleFilePath@Help32@@YAXPAD@Z
?EqualString@Help32@@YAHPA_WPAD@Z
?EqualString@Help32@@YAHPA_W0@Z
?ReadFile@Help32@@YAKPA_WKPAXK@Z
?MakeGUID@Help32@@YAXAAU_GUID@@@Z
usbdetect
?RegisterNotification@USBDriveDetector@@QAE_NPAUSERVICE_STATUS_HANDLE__@@PAVHandler@1@@Z
?EventHandler@USBDriveDetector@@QAEXKKPAX@Z
?GetCurRemovablePartitions@DeviceUtil@@SAXPAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@DU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@D@std@@@2@@std@@@Z
?Get@USBDriveDetector@@SAAAV1@XZ
?GetCurRemovableDrives@DeviceUtil@@SAXPAV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
funclogic
CreateEnumDisk
kernel32
HeapFree
GetProcessHeap
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedCompareExchange
LocalAlloc
LocalFree
GenerateConsoleCtrlEvent
GetCurrentThread
GetVersion
GetStdHandle
WriteConsoleA
SetLastError
WriteConsoleW
DeviceIoControl
PeekNamedPipe
CreatePipe
GetVersionExA
FlushFileBuffers
GetWindowsDirectoryW
QueryPerformanceCounter
GetSystemDirectoryW
FindClose
WaitForSingleObject
GetCurrentProcess
GetTickCount
Sleep
ReleaseMutex
SetEvent
SetSystemPowerState
GetLocalTime
CreateEventW
FindFirstFileW
LeaveCriticalSection
CloseHandle
QueueUserWorkItem
lstrcpyW
EnterCriticalSection
GetModuleFileNameW
CreateMutexW
GetLastError
DeleteCriticalSection
CreateThread
InitializeCriticalSection
DeleteFileW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetProcAddress
LoadLibraryW
GetVersionExW
Process32FirstW
SetFilePointer
ReadFile
GetPrivateProfileStringW
GetModuleFileNameA
WTSGetActiveConsoleSessionId
CreateFileW
WriteFile
CreateDirectoryW
MultiByteToWideChar
GetExitCodeProcess
FreeLibrary
GetStartupInfoW
CreateProcessW
WritePrivateProfileStringW
WideCharToMultiByte
GetFileAttributesW
GetPrivateProfileIntW
TerminateProcess
SetProcessPriorityBoost
SetPriorityClass
InterlockedIncrement
CreateMutexA
OutputDebugStringW
InterlockedExchange
OpenEventW
GetDriveTypeW
GetModuleHandleW
FindNextFileW
GetEnvironmentVariableW
InterlockedDecrement
LoadLibraryA
GetCurrentProcessId
OpenMutexW
RemoveDirectoryW
GetCurrentThreadId
OutputDebugStringA
GetLogicalDriveStringsW
GetSystemInfo
SetUnhandledExceptionFilter
WritePrivateProfileStructW
GetPrivateProfileStringA
GetPrivateProfileStructW
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateFileA
GetFileSize
TerminateThread
GetComputerNameW
GetFileAttributesA
CreateDirectoryA
IsBadReadPtr
IsBadWritePtr
lstrlenW
GetFileSizeEx
SetFilePointerEx
MoveFileW
GetSystemTimeAsFileTime
user32
GetWindowLongW
SetProcessWindowStation
SetThreadDesktop
CloseWindowStation
OpenWindowStationW
ExitWindowsEx
wsprintfW
wvsprintfW
CreateWindowExW
DispatchMessageW
PostQuitMessage
UnregisterDeviceNotification
DefWindowProcW
TranslateMessage
GetMessageW
RegisterDeviceNotificationW
SetWindowLongW
RegisterClassExW
LoadCursorW
SendMessageW
GetProcessWindowStation
GetUserObjectSecurity
GetThreadDesktop
OpenDesktopW
SetUserObjectSecurity
CloseDesktop
advapi32
GetAce
OpenThreadToken
ImpersonateLoggedOnUser
CopySid
InitializeSecurityDescriptor
RegDeleteKeyA
GetAclInformation
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
RevertToSelf
LogonUserW
RegOpenKeyExA
InitializeAcl
AddAccessAllowedAce
GetLengthSid
RegEnumKeyW
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExA
RegFlushKey
RegOpenKeyW
RegOpenKeyA
LookupAccountSidW
RegQueryValueExW
ChangeServiceConfig2W
DeleteService
CloseServiceHandle
OpenServiceW
CreateServiceW
QueryServiceStatus
OpenSCManagerW
ControlService
DeregisterEventSource
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
SetTokenInformation
LookupPrivilegeValueW
CreateProcessAsUserW
OpenProcessToken
DuplicateTokenEx
AdjustTokenPrivileges
GetTokenInformation
AddAce
shell32
SHGetFolderPathA
SHGetFolderPathW
ShellExecuteExW
ole32
CoUninitialize
StringFromCLSID
CoInitializeEx
CoInitialize
CoTaskMemFree
CLSIDFromString
CoCreateInstance
oleaut32
SysFreeString
SysStringLen
SysAllocString
msvcp80
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?width@ios_base@std@@QAEHH@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?max_size@?$allocator@_W@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?width@ios_base@std@@QBEHXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flags@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
activeds
ord9
msvcr80
ftell
fread
_fsopen
fseek
_CIpow
_vsnprintf_s
fputc
ferror
isspace
isalnum
tolower
_purecall
_beginthread
fprintf
printf
wcscpy_s
malloc
wcscat_s
sprintf
??0exception@std@@QAE@ABV01@@Z
_time64
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@XZ
strrchr
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??2@YAPAXI@Z
memmove_s
wcstombs
_swprintf
wcsncmp
swprintf_s
_wfsopen
memmove
_strnicmp
_itoa
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CxxFrameHandler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
fclose
_wcsicmp
fopen_s
wcsrchr
strchr
_itow
fopen
_wcsnicmp
wcschr
atoi
_mktime64
strstr
_wtoi
_vsnwprintf
wprintf
towupper
wcsncpy
fgets
vswprintf_s
sscanf_s
atol
feof
_beginthreadex
__winitenv
strncpy
_wcsupr
srand
_endthreadex
strncmp
mbstowcs
strcpy_s
wcsstr
_vsnprintf
strtol
calloc
strftime
rand
toupper
_vscprintf
_vscwprintf
vsprintf
gets
wcscpy
strcpy
wcscmp
strcmp
memcpy
strlen
div
memset
_CxxThrowException
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
strtok
isalpha
exit
_localtime64_s
??_V@YAXPAX@Z
??3@YAXPAX@Z
free
swscanf_s
_invalid_parameter_noinfo
_localtime64
_vswprintf
iphlpapi
AddIPAddress
GetAdaptersInfo
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
winhttp
WinHttpQueryDataAvailable
WinHttpCrackUrl
WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest
WinHttpOpen
WinHttpConnect
WinHttpReadData
enumfolder
CreateEnumRemoteFolder
Exports
Exports
Sections
.text Size: 628KB - Virtual size: 626KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 112KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 864KB - Virtual size: 868KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE