NEAS[.]062931a0e48766020932be34d0816806_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.062931a0e48766020932be34d0816806_JC.exe
Size

1.2MB
MD5

062931a0e48766020932be34d0816806
SHA1

dcc8276eff8d31526857840abb02fa29898ea613
SHA256

82bbff1d0520725f42bac7079f32732eb5e3de71ff39b2aeb4c30f4238ef7d7c
SHA512

f1627ea9100084455e8c4ef4cf499136b7b47060ef7d4717535a518eaa9c51923860f8d639378b42decfd7a94bd1022042a6a830738b6de3f53b25e6a4565eb6
SSDEEP

12288:a5A3z3NMpIzC+1QxrtCAewPR0NPyrWO2NXIFhDOIIVU3rb2o09QNQ:aWu1xgwPR0hYF5aVWrb2YNQ

Score

1^/10

Malware Config

Signatures

Files

NEAS.062931a0e48766020932be34d0816806_JC.exe
.exe windows:5 windows x86

5c6cf4550f738651859f173264767326

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:2f:9c:58:b6:1e:1d:98:33:71:9f:44:9e:43:66:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

18/05/2009, 00:00

Not After

18/05/2010, 23:59

Subject

CN=Canon Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Inkjet System Development Center,O=Canon Inc.,L=Kawasaki-shi,ST=Kanagawa,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

24:7f:c6:fd:45:48:04:a7:b2:75:7d:ef:58:cd:f0:fc:0c:df:a3:9c
Signer

Actual PE Digest

24:7f:c6:fd:45:48:04:a7:b2:75:7d:ef:58:cd:f0:fc:0c:df:a3:9c

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiDestroyDeviceInfoList
SetupCopyOEMInfW
SetupInitDefaultQueueCallbackEx
SetupOpenFileQueue
SetupInstallFilesFromInfSectionW
SetupCommitFileQueueW
SetupIterateCabinetW
SetupCloseFileQueue
SetupTermDefaultQueueCallback
SetupInstallFromInfSectionW
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiRemoveDevice
SetupDefaultQueueCallbackW
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiDestroyDriverInfoList
SetupDiDeleteDeviceInfo
SetupDiGetActualSectionToInstallW
SetupDiGetDriverInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupDiBuildDriverInfoList
SetupDiSelectBestCompatDrv
SetupDiSetDeviceRegistryPropertyW
SetupSetDirectoryIdW
SetupDiGetDeviceRegistryPropertyW
SetupOpenInfFileW
SetupGetTargetPathW
SetupCloseInfFile
SetupDiClassGuidsFromNameW
SetupDiGetClassDevsW
SetupDiOpenDevRegKey
SetupDiEnumDeviceInfo

mscms

GetColorDirectoryW
AssociateColorProfileWithDeviceW
InstallColorProfileW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

kernel32

GetTickCount
TerminateThread
SetErrorMode
ResumeThread
GetCurrentThread
ProcessIdToSessionId
OpenProcess
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
ResetEvent
CreateEventW
GetThreadLocale
ExpandEnvironmentStringsW
MulDiv
WideCharToMultiByte
GetSystemInfo
GetCommandLineW
InterlockedDecrement
GetModuleHandleA
GetCurrentProcessId
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
GetVersionExA
lstrcmpW
GetVersionExW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
SuspendThread
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
lstrlenA
GetStartupInfoW
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
ExitThread
CreateThread
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
VirtualAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapReAlloc
DeviceIoControl
HeapFree
GetProcessHeap
HeapAlloc
CreateMutexW
OpenMutexW
ReleaseMutex
MoveFileExW
FreeLibrary
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
FileTimeToLocalFileTime
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileSectionW
lstrcpyW
CompareStringW
lstrcpynW
lstrcmpiW
lstrcatW
WinExec
GetLocalTime
OutputDebugStringW
GetPrivateProfileIntW
GetStdHandle
FreeConsole
Sleep
LoadLibraryW
GetSystemDefaultLangID
GetUserDefaultLCID
GetSystemDefaultLCID
GetUserDefaultLangID
SetThreadLocale
MultiByteToWideChar
GetSystemDirectoryW
lstrlenW
GetShortPathNameW
GetTempPathW
GetTempFileNameW
GetPrivateProfileStringW
GetModuleFileNameW
FileTimeToSystemTime
GetWindowsDirectoryW
FindFirstFileW
CopyFileW
FindNextFileW
FindClose
SetFileAttributesW
DeleteFileW
RemoveDirectoryW
SystemTimeToFileTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetDiskFreeSpaceExW
GetFileSize
WriteFile
ReadFile
CreateDirectoryW
FormatMessageW
LocalFree
GetCurrentProcess
CreateFileW
GetFileTime
CloseHandle
SetLastError
GetFileAttributesW
GetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetProcAddress
LoadLibraryA

user32

GetSysColorBrush
SetCursor
GetCursorPos
ValidateRect
PostQuitMessage
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
DestroyMenu
IsDialogMessageW
SetDlgItemTextW
CheckRadioButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetForegroundWindow
SetActiveWindow
GetTopWindow
GetMessageTime
GetMessagePos
GetKeyState
IsWindowVisible
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
CallWindowProcW
SystemParametersInfoA
IsIconic
GetWindowPlacement
CharUpperW
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
ModifyMenuW
CheckMenuItem
GrayStringW
DrawTextExW
TabbedTextOutW
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetSubMenu
UpdateWindow
GetClassNameW
GetWindow
SystemParametersInfoW
MapWindowPoints
SetWindowPos
RedrawWindow
BringWindowToTop
PostMessageW
WaitForInputIdle
PostThreadMessageW
SetTimer
GetMessageW
KillTimer
CreateWindowExW
UnregisterClassW
DefWindowProcW
LoadIconW
LoadCursorW
RegisterClassExW
GetSysColor
GetSystemMetrics
EnableWindow
SetForegroundWindow
GetParent
EndPaint
BeginPaint
GetWindowRect
GetSystemMenu
EnableMenuItem
LoadBitmapW
DialogBoxParamW
CreateDialogParamW
GetWindowLongW
SetWindowLongW
DestroyWindow
PtInRect
EndDialog
FindWindowW
IsWindow
MessageBoxW
wsprintfW
SendMessageW
GetDlgItem
GetDC
GetClientRect
ShowWindow
DrawTextW
SetWindowTextW
GetWindowTextW
PeekMessageW
TranslateMessage
DispatchMessageW
GetDesktopWindow
GetWindowDC
ReleaseDC
ClientToScreen
ExitWindowsEx
GetMenuItemCount
UnregisterClassA

gdi32

PtVisible
RectVisible
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
SelectPalette
GetStockObject
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SetStretchBltMode
SetBrushOrgEx
StretchDIBits
RealizePalette
CreatePalette
GetObjectW
CreateFontIndirectW
SelectObject
DeleteObject
GetDeviceCaps
CreateBitmap
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW

comdlg32

GetFileTitleW

winspool.drv

GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryW
ord203
EnumPrintersW
ClosePrinter
SetPrinterW
GetPrinterW
OpenPrinterW
EnumPrinterDriversW
EnumPortsW
EnumMonitorsW
DocumentPropertiesW

advapi32

RegQueryValueW
RegOpenKeyW
RegLoadKeyW
RegUnLoadKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCreateKeyW
RegEnumKeyW
GetUserNameW
ImpersonateLoggedOnUser
RevertToSelf
DuplicateTokenEx
IsTokenRestricted
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceConfigW
QueryServiceStatus
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ord51
CommandLineToArgvW
SHGetSpecialFolderPathW

shlwapi

PathAddBackslashW
PathIsRelativeW
PathQuoteSpacesW
PathCanonicalizeW
PathFindExtensionW
PathUnquoteSpacesW
PathRemoveArgsW
PathGetArgsW
PathStripToRootW
PathIsUNCW
PathFindFileNameW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
VariantChangeType
VariantClear

lz32

LZClose
LZOpenFileW
LZCopy

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

??0CDeviceInf@@QAE@ABV0@@Z
??0CDeviceInf@@QAE@XZ
??0CDeviceInfSection@@QAE@ABV0@@Z
??0CDeviceInfSection@@QAE@XZ
??0CImageDriverInf@@QAE@ABV0@@Z
??0CImageDriverInf@@QAE@XZ
??0CIniSections@@QAE@ABV0@@Z
??0CIniSections@@QAE@XZ
??0CManufacturers@@QAE@ABV0@@Z
??0CManufacturers@@QAE@XZ
??0CPrinterDriverInf@@QAE@ABV0@@Z
??0CPrinterDriverInf@@QAE@XZ
??1CDeviceInf@@UAE@XZ
??1CDeviceInfSection@@UAE@XZ
??1CImageDriverInf@@UAE@XZ
??1CIniSections@@UAE@XZ
??1CManufacturers@@UAE@XZ
??1CPrinterDriverInf@@UAE@XZ
??4CDeviceInf@@QAEAAV0@ABV0@@Z
??4CDeviceInfSection@@QAEAAV0@ABV0@@Z
??4CImageDriverInf@@QAEAAV0@ABV0@@Z
??4CIniSections@@QAEAAV0@ABV0@@Z
??4CManufacturers@@QAEAAV0@ABV0@@Z
??4CPrinterDriverInf@@QAEAAV0@ABV0@@Z
??_7CDeviceInf@@6B@
??_7CDeviceInfSection@@6B@
??_7CImageDriverInf@@6B@
??_7CIniSections@@6B@
??_7CManufacturers@@6B@
??_7CPrinterDriverInf@@6B@
?AllocAndGetDependentFiles@CPrinterDriverInf@@IAEPA_WPB_W0000@Z
?AllocAndGetValue@CPrinterDriverInf@@IAEPA_WPB_W00@Z
?AllocAndGetValueEx@CPrinterDriverInf@@IAEPA_WPB_W0000@Z
?Clear@CDeviceInf@@QAEXXZ
?Clear@CDeviceInfSection@@QAEXXZ
?Clear@CIniSections@@QAEXXZ
?Clear@CManufacturers@@QAEXXZ
?Count@CDeviceInfSection@@QAEKXZ
?Count@CIniSections@@QAEKXZ
?DoInstall@CDeviceInf@@IAEHPB_W00@Z
?GetConfigFile@CPrinterDriverInf@@QAEHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
?GetDataFile@CPrinterDriverInf@@QAEHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
?GetDeviceId@CDeviceInf@@QAEPB_WK@Z
?GetDeviceIdCount@CDeviceInf@@QAEKXZ
?GetDeviceIdList@CDeviceInf@@IAEHH@Z
?GetDriverDesc@CDeviceInf@@QAEPB_WKPB_W@Z
?GetDriverFile@CPrinterDriverInf@@QAEHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
?GetDriverVer@CDeviceInf@@QAEPB_WXZ
?GetDriversCount@CDeviceInf@@QAEKPB_W@Z
?GetFileInfo@CPrinterDriverInf@@IAEHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K0@Z
?GetFilesFromCopyFilesSection@CPrinterDriverInf@@IAEHPB_W0AAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?GetFullInfo@CDeviceInf@@QAEHH@Z
?GetHelpFile@CPrinterDriverInf@@QAEHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
?GetInfClass@CDeviceInf@@QAEPB_WXZ
?GetInstallSection@CDeviceInf@@IAEKPB_W0KPAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@1@Z
?GetInstallSection@CDeviceInf@@QAEKPB_WHPA_WPAK12PAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetItem@CIniSections@@QAEPB_WK@Z
?GetKey@CDeviceInfSection@@QAEPB_WK@Z
?GetLanguageMonitorInfo@CPrinterDriverInf@@QAEHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
?GetList@CDeviceInfSection@@QAEHXZ
?GetList@CIniSections@@QAEHXZ
?GetList@CManufacturers@@QAEHXZ
?GetMfg@CDeviceInf@@QAEPB_WK@Z
?GetMfgCount@CDeviceInf@@QAEKXZ
?GetModelsSeed@CManufacturers@@QAEPB_WK@Z
?GetPrintProcessorInfo@CPrinterDriverInf@@QAEHPB_W0AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@K@Z
?GetSuitableDriverName@CDeviceInf@@QAEKPB_WHPA_WPAK@Z
?GetValue@CDeviceInfSection@@QAEPB_WK@Z
?HasSuitableDriver@CDeviceInf@@QAEKPB_W0@Z
?Init@CDeviceInf@@QAEHPB_WHH@Z
?Init@CDeviceInfSection@@QAEHPB_WPAVCInfStringTable@@0@Z
?Init@CImageDriverInf@@QAEHPB_WHH@Z
?Init@CIniSections@@QAEHPB_W@Z
?Init@CManufacturers@@QAEHPB_WPAVCInfStringTable@@0@Z
?Init@CPrinterDriverInf@@QAEHPB_WHH@Z
?InitWFN@CDeviceInfSection@@QAEHPB_WPAVCInfStringTable@@0@Z
?InstallDriver@CDeviceInf@@QAEHPB_W0K@Z
?InstallDriver@CDeviceInf@@QAEHPB_WH@Z
?IsComment@CDeviceInfSection@@IAEHPB_W@Z
?SetAltProgress@CDeviceInf@@QAEXPAUHWND__@@I@Z
?SetColorProfile@CPrinterDriverInf@@IAEHPB_W0@Z
?SetDirectoryId@CDeviceInf@@MAEHPAXPB_W1@Z
?SetDirectoryId@CPrinterDriverInf@@MAEHPAXPB_W1@Z
?SetOwner@CDeviceInf@@QAEXPAUHWND__@@@Z

Sections

.text
Size: 504KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5c6cf4550f738651859f173264767326

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

44:2f:9c:58:b6:1e:1d:98:33:71:9f:44:9e:43:66:8aCertificate

Extended Key Usages

Key Usages

24:7f:c6:fd:45:48:04:a7:b2:75:7d:ef:58:cd:f0:fc:0c:df:a3:9cSigner

Headers

DLL Characteristics

File Characteristics

Imports

setupapi

mscms

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

lz32

version

Exports

Exports

Sections

.text Size: 504KB - Virtual size: 504KB

.rdata Size: 138KB - Virtual size: 138KB

.data Size: 11KB - Virtual size: 38KB

.rsrc Size: 55KB - Virtual size: 54KB

.reloc Size: 512KB - Virtual size: 512KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

44:2f:9c:58:b6:1e:1d:98:33:71:9f:44:9e:43:66:8a
Certificate

24:7f:c6:fd:45:48:04:a7:b2:75:7d:ef:58:cd:f0:fc:0c:df:a3:9c
Signer

.text
Size: 504KB - Virtual size: 504KB

.rdata
Size: 138KB - Virtual size: 138KB

.data
Size: 11KB - Virtual size: 38KB

.rsrc
Size: 55KB - Virtual size: 54KB

.reloc
Size: 512KB - Virtual size: 512KB