Behavioral task
behavioral1
Sample
8c00dc46a57f05efd93c147d3089f2eaea93aeb4a114be47b69dedc44ecc50da.exe
Resource
win7-20230831-en
windows7-x64
General
-
Target
8c00dc46a57f05efd93c147d3089f2eaea93aeb4a114be47b69dedc44ecc50da
-
Size
3.2MB
-
MD5
d2b31d208fe42a0fd51fda342f6c988b
-
SHA1
9dc5aadd9fe14954e4957490b83c47fdf8dd9124
-
SHA256
8c00dc46a57f05efd93c147d3089f2eaea93aeb4a114be47b69dedc44ecc50da
-
SHA512
56a3a93ae2221583dea56dc7a67fcbac9f07b7eef7909075fc1cbd71165dd86d18f317a9666f12f411b51afffde39cc434d5bdb6d27dc17db6f7eaefd7b39fc5
-
SSDEEP
49152:206eJqgNpF1I40qsR+vbI1g2srSlONyuRF44:LDJdNpFFcg2srSlOoI4
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 1 IoCs
resource yara_rule sample family_blackmoon -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 8c00dc46a57f05efd93c147d3089f2eaea93aeb4a114be47b69dedc44ecc50da
Files
-
8c00dc46a57f05efd93c147d3089f2eaea93aeb4a114be47b69dedc44ecc50da.exe windows:4 windows x86
04afdf857cf8073f5ee04152dc1c7b9b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LocalFree
LocalAlloc
TerminateProcess
VirtualAlloc
GetVolumeInformationA
LeaveCriticalSection
LoadLibraryW
DebugActiveProcess
SetThreadContext
GetThreadContext
SuspendThread
CreateEventA
GetQueuedCompletionStatus
FormatMessageA
IsDBCSLeadByteEx
OpenMutexA
FileTimeToSystemTime
GetLocalTime
HeapDestroy
CopyFileA
GetVersionExA
GetWindowsDirectoryA
GetCurrentThread
VirtualProtectEx
DeviceIoControl
CreateFileA
MapViewOfFile
SetHandleCount
GetSystemDirectoryA
ReleaseMutex
Thread32Next
Thread32First
DeleteFileA
GetLongPathNameA
Module32Next
Module32First
SetEndOfFile
SetFilePointer
GetLastError
GetModuleHandleW
VirtualQueryEx
MoveFileA
SetWaitableTimer
CreateWaitableTimerA
SetEnvironmentVariableA
CompareStringW
CompareStringA
IsBadCodePtr
SetUnhandledExceptionFilter
GlobalFree
GetStringTypeA
LCMapStringW
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStdHandle
GetFileType
SetStdHandle
HeapSize
GetACP
GetSystemTime
RaiseException
RtlUnwind
IsBadReadPtr
GetThreadTimes
CreatePipe
CreateProcessA
PeekNamedPipe
ReadFile
GetExitCodeProcess
WriteFile
GetModuleFileNameW
CreateMutexA
GetModuleFileNameA
InitializeCriticalSection
TerminateThread
RtlFillMemory
OpenEventA
InterlockedDecrement
OpenFileMappingA
CreateFileMappingA
LoadLibraryA
GetProcAddress
GetCommandLineA
GetFileAttributesA
RemoveDirectoryA
SetLocalTime
WritePrivateProfileStringA
GetStartupInfoA
SetFileAttributesA
CreateDirectoryA
FindClose
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
GetFileSize
GetOEMCP
GetCPInfo
GetProcessVersion
FindResourceA
LoadResource
LockResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalFlags
MulDiv
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
DeleteCriticalSection
FreeLibrary
LoadLibraryExA
Process32Next
Process32First
CreateToolhelp32Snapshot
OpenThread
IsDebuggerPresent
GetModuleHandleA
HeapFree
GetTimeFormatA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
WaitForSingleObject
ResumeThread
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
FlushFileBuffers
lstrcpyA
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
SetLastError
GetTimeZoneInformation
GetSystemInfo
CreateIoCompletionPort
GetUserDefaultLCID
HeapCreate
lstrcpynA
InterlockedIncrement
GetShortPathNameA
HeapReAlloc
ExitProcess
VirtualFree
GetComputerNameA
GetVersion
GlobalSize
GlobalUnlock
GlobalLock
GlobalAlloc
LCMapStringA
GetTempPathA
EnterCriticalSection
CreateThread
lstrcpyn
VirtualFreeEx
RtlMoveMemory
GetExitCodeThread
CreateRemoteThread
VirtualAllocEx
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
UnmapViewOfFile
ReadProcessMemory
OpenProcess
GetCurrentProcess
HeapAlloc
GetProcessHeap
WriteProcessMemory
lstrlenA
IsBadWritePtr
SetProcessWorkingSetSize
GetTickCount
PostQueuedCompletionStatus
GetStringTypeW
GetProcessTimes
Sleep
GetFileTime
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
DuplicateHandle
lstrcpynA
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageA
InterlockedIncrement
GetCurrentThread
GlobalFlags
GetProfileIntA
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
GetSystemTime
GetLocalTime
RaiseException
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
InterlockedDecrement
LocalFree
lstrcmpiA
GetVersion
GetSystemDirectoryA
Process32Next
Process32First
CreateToolhelp32Snapshot
SetFilePointer
GetFileSize
GetCurrentProcess
TerminateProcess
OpenProcess
SetLastError
GetTimeZoneInformation
CreateMutexA
ReleaseMutex
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
TerminateThread
SuspendThread
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
InterlockedExchange
GetProfileStringA
WriteFile
CloseHandle
WaitForSingleObject
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
GetCurrentDirectoryA
CopyFileA
GetFileAttributesA
FindClose
FindFirstFileA
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringA
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
GetLastError
LoadLibraryA
FreeLibrary
GetFullPathNameA
WideCharToMultiByte
MultiByteToWideChar
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrlenA
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
lstrlenW
ReadFile
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
lstrcmpA
WaitForMultipleObjects
user32
GetAsyncKeyState
SendMessageA
PostMessageA
CallWindowProcA
ShowWindowAsync
ClipCursor
EnableWindow
SwapMouseButton
GetKeyboardState
CharUpperA
PostThreadMessageA
TranslateMessage
GetMessageA
PeekMessageA
ReleaseCapture
CreateWindowStationA
GetKeyState
SendInput
PostQuitMessage
SetCursor
IsWindowEnabled
GetLastActivePopup
ValidateRect
GetActiveWindow
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
KillTimer
RegisterClipboardFormatA
UnregisterClassA
PtInRect
GetMenuItemCount
SetCursorPos
TabbedTextOutA
DrawTextA
GrayStringA
SendDlgItemMessageA
IsDialogMessageA
GetWindowPlacement
GetMessagePos
GetMessageTime
GetClassLongA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
AdjustWindowRectEx
GetDesktopWindow
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
CreateDialogIndirectParamA
EndDialog
SetClassLongA
LoadCursorFromFileA
InvalidateRect
CallWindowProcW
ShowWindow
keybd_event
ExitWindowsEx
FindWindowA
WindowFromPoint
IsIconic
ShowCursor
GetPropA
mouse_event
GetForegroundWindow
GetAncestor
GetWindowTextA
RemovePropA
DestroyWindow
SetPropA
CreateWindowExA
IsZoomed
UpdateLayeredWindow
ClientToScreen
IsWindow
GetDC
PrintWindow
ReleaseDC
GetDoubleClickTime
MsgWaitForMultipleObjects
GetWindow
IsWindowVisible
SetWindowLongW
GetGUIThreadInfo
SetParent
GetParent
MoveWindow
UpdateWindow
OpenIcon
GetClientRect
SetFocus
GetCursorPos
SetTimer
wvsprintfA
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetWindowInfo
EnumWindows
GetWindowTextLengthA
SetWindowLongA
EnumDisplaySettingsA
ChangeDisplaySettingsA
RegisterWindowMessageA
CharLowerA
EnumChildWindows
MapVirtualKeyA
GetSystemMetrics
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
MessageBoxA
GetClassNameA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
SendMessageTimeoutA
FindWindowExA
GetDlgItem
SetWindowPos
SetCapture
GetSysColor
GetWindowRect
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
ActivateKeyboardLayout
GetKeyboardLayout
SystemParametersInfoA
GetKeyboardLayoutList
UnloadKeyboardLayout
FlashWindow
GetDlgCtrlID
SetForegroundWindow
SetLayeredWindowAttributes
GetWindowLongA
SetActiveWindow
GetCaretPos
EnumThreadWindows
SetWindowTextA
FlashWindowEx
GetMenuCheckMarkDimensions
DefWindowProcA
DispatchMessageA
IsZoomed
GetClassInfoA
DefWindowProcA
GetSystemMenu
DeleteMenu
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture
SetCapture
GetScrollRange
SetScrollRange
SetScrollPos
SetRect
InflateRect
IntersectRect
DestroyIcon
PtInRect
OffsetRect
IsWindowVisible
EnableWindow
RedrawWindow
GetWindowLongA
SetWindowLongA
GetSysColor
SetActiveWindow
SetCursorPos
LoadCursorA
SetCursor
GetDC
FillRect
InvertRect
IsRectEmpty
ReleaseDC
IsChild
TrackPopupMenu
DestroyMenu
SetForegroundWindow
GetWindowRect
EqualRect
UpdateWindow
ValidateRect
InvalidateRect
LockWindowUpdate
GetClientRect
GetFocus
GetParent
GetTopWindow
PostMessageA
IsWindow
SetParent
DestroyCursor
SendMessageA
SetWindowPos
MessageBeep
MessageBoxA
GetCursorPos
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
SystemParametersInfoA
LoadImageA
EnumDisplaySettingsA
ClientToScreen
GetSystemMetrics
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
OpenClipboard
GetClipboardData
CloseClipboard
wsprintfA
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
TranslateMessage
LoadIconA
TabbedTextOutA
DrawTextA
GrayStringA
ClipCursor
GetCursor
GetWindowTextLengthW
SetWindowTextW
CreateWindowExW
SetWindowLongW
DefWindowProcW
CallWindowProcW
SendMessageW
GetWindowTextW
GetDoubleClickTime
FrameRect
DrawTextW
CharUpperA
BeginPaint
EndPaint
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
ShowScrollBar
SetScrollInfo
GetScrollInfo
ScrollWindow
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
wvsprintfA
LoadStringA
SetWindowsHookExA
UnhookWindowsHookEx
EnumThreadWindows
GetWindowTextLengthA
GetClassNameA
EnumChildWindows
CallNextHookEx
CallWindowProcA
GetWindowDC
GetSysColorBrush
UnregisterClassA
GetWindowTextA
GetDesktopWindow
GetWindowThreadProcessId
FindWindowA
GetDlgItem
gdi32
Escape
ExtTextOutA
RectVisible
PtVisible
GetDeviceCaps
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
GetTextExtentPointA
CreateFontIndirectA
SetBkMode
SetTextColor
TextOutA
CreateDIBSection
CreateRectRgn
GetObjectA
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
DeleteDC
DeleteObject
GetPixel
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetMapMode
ExcludeClipRect
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
CreateRectRgn
CombineRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreatePatternBrush
CreateBitmap
CreateBrushIndirect
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
SetPixel
CreateRectRgnIndirect
SetBkColor
PtVisible
RectVisible
GetTextMetricsA
TextOutA
ExtTextOutA
Escape
AbortDoc
CreateFontA
SetBrushOrgEx
GetTextExtentPoint32W
GetTextMetricsW
SetBitmapBits
GetBitmapBits
MoveToEx
LineTo
SetBkMode
SetTextColor
CreateEllipticRgnIndirect
ExtSelectClipRgn
GetViewportExtEx
CopyMetaFileA
FillRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
GetPixel
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
Arc
GetTextExtentPoint32A
GetViewportOrgEx
SelectPalette
GetDeviceCaps
comdlg32
ChooseColorA
GetSaveFileNameA
PrintDlgA
GetOpenFileNameA
GetFileTitleA
GetFileTitleA
ChooseFontA
wsock32
getsockname
WSACleanup
listen
ord1140
ord1141
ord1142
sendto
ntohs
inet_addr
accept
recvfrom
connect
getpeername
ioctlsocket
recv
setsockopt
htons
socket
send
WSAStartup
select
closesocket
bind
wininet
InternetOpenA
InternetCloseHandle
InternetConnectA
InternetSetCookieA
HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetTimeToSystemTime
FtpOpenFileA
FtpGetFileSize
InternetGetConnectedState
InternetTimeFromSystemTime
HttpOpenRequestA
shell32
SHChangeNotify
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetFileInfoA
SHGetSpecialFolderPathA
SHBrowseForFolderA
SHFileOperationA
Shell_NotifyIconA
ShellExecuteA
ole32
OleRun
CLSIDFromString
OleUninitialize
OleRun
CoCreateInstance
CreateStreamOnHGlobal
OleInitialize
CLSIDFromProgID
CoTaskMemAlloc
OleDuplicateData
RevokeDragDrop
CoLockObjectExternal
DoDragDrop
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoUninitialize
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoCreateInstance
OleUninitialize
CoInitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CoTaskMemFree
ReleaseStgMedium
dbghelp
MakeSureDirectoryPathExists
winhttp
WinHttpTimeToSystemTime
WinHttpTimeFromSystemTime
shlwapi
PathIsSystemFolderA
PathRenameExtensionA
PathFindExtensionA
PathFileExistsA
PathRemoveBlanksA
StrTrimA
PathIsDirectoryEmptyA
PathUnmakeSystemFolderA
PathIsDirectoryA
PathMakeSystemFolderA
PathFindFileNameA
oleaut32
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
VariantClear
VariantChangeType
VariantInit
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
SafeArrayCreate
RegisterTypeLi
LHashValOfNameSys
LoadTypeLi
VarR8FromBool
VarR8FromCy
SysFreeString
SafeArrayUnaccessData
SafeArrayGetElemsize
VarDateFromStr
VarBstrFromCy
GetErrorInfo
SysStringLen
SysFreeString
LoadTypeLi
RegisterTypeLi
UnRegisterTypeLi
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysAllocString
VariantInit
VariantCopyInd
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantClear
VariantCopy
version
GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA
advapi32
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
GetUserNameA
RegDeleteValueA
RegEnumValueA
RegFlushKey
RegSetValueExA
RegCreateKeyA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
CryptAcquireContextA
CryptCreateHash
CryptReleaseContext
CryptHashData
RegDeleteKeyA
LookupAccountSidA
CryptDestroyHash
CryptGetHashParam
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
RegCreateKeyExA
RegCloseKey
gdiplus
GdipDeletePath
GdipSetClipHrgn
GdiplusStartup
GdipCreatePen1
GdipDrawRectangle
GdipDrawPath
GdipSetSmoothingMode
GdipDeletePen
GdipResetClip
GdipDeleteGraphics
GdipCreateFromHDC
psapi
GetModuleFileNameExA
ws2_32
WSAWaitForMultipleEvents
WSACloseEvent
WSAEventSelect
WSASocketA
WSARecv
WSASend
WSACreateEvent
WSAEnumNetworkEvents
inet_ntoa
ntohl
accept
getpeername
recv
WSACleanup
closesocket
WSAAsyncSelect
recvfrom
ioctlsocket
oledlg
ord8
rasapi32
RasGetConnectStatusA
RasHangUpA
winspool.drv
DocumentPropertiesA
ClosePrinter
OpenPrinterA
ClosePrinter
OpenPrinterA
DocumentPropertiesA
comctl32
ord17
ImageList_AddMasked
ImageList_Draw
ImageList_GetImageInfo
_TrackMouseEvent
ord17
ImageList_Destroy
ImageList_Create
winmm
waveOutGetNumDevs
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
waveOutRestart
midiStreamOut
msimg32
GradientFill
Sections
.text Size: 2.3MB - Virtual size: 2.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 264KB - Virtual size: 263KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 568KB - Virtual size: 879KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 28KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ