WORM[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WORM.zip
Size

939KB
MD5

b044739331a13692df7792f0464978e0
SHA1

e8e12a10a23fe0187a1ccfbd93573b6f89c2f920
SHA256

c57686036647541d50fe2c74020d3ab1b51c6bbab5babc69cad0d5eac7f30ba8
SHA512

37d654265c843ec31ba6e47287e6b7ddfc90fda2d392f0d248dfd7b6d7d6909d7b05a0bb325f5e04fb073c66144cc6dcc1cff1f0dfd9a41f4c3eb02b264d8422
SSDEEP

24576:Bub7bYZExIII843jHoyj2Eb9qv6yRhNBHNNZ:BubvYOx7z4zHoyj1hqvzRhNBHTZ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/a1bd432a12e070827be599898466cb206d340fc4c1f028277b166992fdc3f178.exe	upx

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/04ac6b3736721dff4416a23607eb76389ecbca11f6ea1203fafecf07895e9b0b.exe
unpack001/0c81fba6276eaefb42e790d6c8d97112b3b67bfa94d4ea6a804d51197af652e7.exe
unpack001/1419c87a8f43e60a8e977f2a82e7aa78b77ab9fe7579646206f2dd0666e8e03c.exe
unpack001/5226a3025d2645b25328d35242ee94a050e544b5ded43a32131184e545edbe7f.exe
unpack001/522c32935eec4a145133606a5d34f9ca8344d50c1dba23cf486d8efc922d2e6e.exe
unpack001/7f04ce95d17f4b4ec178aab5e8fb8a87940648d5d4702f82c172126ebe9fc59e.exe
unpack001/a1bd432a12e070827be599898466cb206d340fc4c1f028277b166992fdc3f178.exe
unpack001/b1541d4d82d17beedc8e5f17e52ecf017c61398474d4686d8fc24f1f37c794f8.exe
unpack001/b9812b6c45542c89ee30e8e2a488d60fd014654a70498931b63c896d23889093.exe

Files

WORM.zip
.zip
04ac6b3736721dff4416a23607eb76389ecbca11f6ea1203fafecf07895e9b0b.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
0672c38ba80ed6522c61eb9b2d307f64abe02f2ab91663bbfae7945a950806f9.exe
.exe windows x86

bd51a645a9c68bd03b2e51586e5cbdcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:93:db:48:64:26:28:9a:17:60:3d:c3:15:51:3e:28
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

05/03/2012, 00:00

Not After

04/04/2013, 23:59

Subject

CN=TGSM Inc.,OU=EC Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA

Sections

.text
Size: 708KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
0c81fba6276eaefb42e790d6c8d97112b3b67bfa94d4ea6a804d51197af652e7.exe
.exe windows x86

d2cec7d4f1161fe004687a4309724e58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
??3@YAXPAX@Z
??2@YAPAXI@Z
_c_exit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
exit
__setusermatherr
_initterm
__getmainargs
__initenv
_cexit
_XcptFilter
_exit

advapi32

RegOpenKeyExA
RegCreateKeyA
RegOpenKeyA
RegisterEventSourceA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
DeregisterEventSource
ReportEventA
RegDeleteValueA
RegFlushKey
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
DeleteService
OpenSCManagerA
RegQueryValueExA
SetServiceStatus
CloseServiceHandle
ChangeServiceConfigA
QueryServiceStatus
ControlService
OpenServiceA
CreateServiceA

kernel32

lstrcatA
CloseHandle
GetProcAddress
GetModuleHandleA
OpenEventA
Sleep
GetLastError
FreeLibrary
CompareStringA
GetVersionExA
CreateProcessA
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
CreateEventA
GetTickCount
SetEvent
SetConsoleCtrlHandler
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
GetComputerNameA
lstrlenA
SetCurrentDirectoryA
AddAtomA
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
lstrcpynA
LoadLibraryExA
InterlockedIncrement
GetModuleFileNameA

user32

SetForegroundWindow
GetForegroundWindow
CreateWindowExA
EnableMenuItem
GetSubMenu
LoadMenuA
GetCursorPos
SetFocus
LoadIconA
RegisterClassA
SetTimer
SystemParametersInfoA
DefWindowProcA
GetDesktopWindow
TrackPopupMenuEx
RemoveMenu
DestroyMenu
DestroyWindow
DestroyIcon
KillTimer
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
PostQuitMessage
PeekMessageA
LoadStringA
CharNextA
wsprintfA

ole32

CoInitialize
CoGetClassObject
CoUninitialize

oleaut32

SysAllocStringByteLen
SysFreeString
SysAllocStringLen

shell32

Shell_NotifyIconA

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertOpenStore
CertCloseStore

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 54KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
1419c87a8f43e60a8e977f2a82e7aa78b77ab9fe7579646206f2dd0666e8e03c.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5226a3025d2645b25328d35242ee94a050e544b5ded43a32131184e545edbe7f.exe
.exe windows x86

bd51a645a9c68bd03b2e51586e5cbdcb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetProcAddress
LoadLibraryA

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 624B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
522c32935eec4a145133606a5d34f9ca8344d50c1dba23cf486d8efc922d2e6e.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
6db6e1cb6ee51113453f166dec11e977bb206e7cc80103803f11129a5145c230.exe
7f04ce95d17f4b4ec178aab5e8fb8a87940648d5d4702f82c172126ebe9fc59e.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
a1bd432a12e070827be599898466cb206d340fc4c1f028277b166992fdc3f178.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 639B - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
b1541d4d82d17beedc8e5f17e52ecf017c61398474d4686d8fc24f1f37c794f8.exe
.exe windows x86

09d0478591d4f788cb3e5ea416c25237

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

Sections

.text
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
b9812b6c45542c89ee30e8e2a488d60fd014654a70498931b63c896d23889093.exe
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 12KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 12KB - Virtual size: 28KB

.rsrc Size: 2KB - Virtual size: 64KB

bd51a645a9c68bd03b2e51586e5cbdcb

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

71:93:db:48:64:26:28:9a:17:60:3d:c3:15:51:3e:28Certificate

Extended Key Usages

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6dCertificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 708KB - Virtual size: 705KB

.rdata Size: 172KB - Virtual size: 168KB

.data Size: 16KB - Virtual size: 30KB

.rsrc Size: 3.0MB - Virtual size: 3.0MB

.rdata Size: 4KB - Virtual size: 4KB

d2cec7d4f1161fe004687a4309724e58

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

ole32

oleaut32

shell32

crypt32

Sections

.text Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 428B

.rsrc Size: 8KB - Virtual size: 5KB

.data Size: 72KB - Virtual size: 128KB

.text Size: 54KB - Virtual size: 1.1MB

.data Size: 8KB - Virtual size: 8KB

Headers

File Characteristics

Sections

.text Size: 12KB - Virtual size: 32KB

.rsrc Size: 2KB - Virtual size: 64KB

bd51a645a9c68bd03b2e51586e5cbdcb

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 36KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 64B

.rdata Size: 11KB - Virtual size: 11KB

.bss Size: - Virtual size: 624B

.idata Size: 2KB - Virtual size: 1KB

.rdata Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 12KB - Virtual size: 28KB

.rsrc Size: 2KB - Virtual size: 64KB

Headers

File Characteristics

.text
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 2KB - Virtual size: 64KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

71:93:db:48:64:26:28:9a:17:60:3d:c3:15:51:3e:28
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

.text
Size: 708KB - Virtual size: 705KB

.rdata
Size: 172KB - Virtual size: 168KB

.data
Size: 16KB - Virtual size: 30KB

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

.rdata
Size: 4KB - Virtual size: 4KB

.text
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 428B

.rsrc
Size: 8KB - Virtual size: 5KB

.data
Size: 72KB - Virtual size: 128KB

.text
Size: 54KB - Virtual size: 1.1MB

.data
Size: 8KB - Virtual size: 8KB

.text
Size: 12KB - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 64KB

.text
Size: 36KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 64B

.rdata
Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 624B

.idata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 2KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 2KB - Virtual size: 64KB

.text
Size: 12KB - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 64KB

UPX0
Size: - Virtual size: 16KB

UPX1
Size: 7KB - Virtual size: 8KB

UPX2
Size: 639B - Virtual size: 8KB

.text
Size: 12KB - Virtual size: 28KB

.rsrc
Size: 71KB - Virtual size: 92KB

.text
Size: 12KB - Virtual size: 32KB

.rsrc
Size: 2KB - Virtual size: 64KB