IOCPAllocService
IOCPFreeService
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9e2d036fd734c12f2e39dab4188ff1783789264cdf36be7b4dd1f36959de47c3.exe
Resource
win7-20230831-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
9e2d036fd734c12f2e39dab4188ff1783789264cdf36be7b4dd1f36959de47c3.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
9e2d036fd734c12f2e39dab4188ff1783789264cdf36be7b4dd1f36959de47c3
-
Size
5.8MB
-
MD5
2184fb40e1d193c1b6d14ad2eb96eaed
-
SHA1
f48eefccee1c54bf57fba95771b42ee41f80555c
-
SHA256
9e2d036fd734c12f2e39dab4188ff1783789264cdf36be7b4dd1f36959de47c3
-
SHA512
74a836195b0379e46601a36f061a7e19db2d0b9040fc73408b0c78f73eb8ff8b9a162ee31b59028b8bd20ce1942186f70348364359c9fb427c24a835cbe32caa
-
SSDEEP
98304:OWiptH2U0TT3tf7NrHuBVW5WNZ22xVmw18bymg1CGuR3Vr:OWIuloV722Lj18GzCR3d
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9e2d036fd734c12f2e39dab4188ff1783789264cdf36be7b4dd1f36959de47c3
Files
-
9e2d036fd734c12f2e39dab4188ff1783789264cdf36be7b4dd1f36959de47c3.exe windows:6 windows x86
5fdaece8b52af3433df0ba528cf5018c
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
SizeofResource
LoadResource
FindResourceW
lstrcpynW
RemoveDirectoryW
SystemTimeToFileTime
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
SetUnhandledExceptionFilter
FindClose
FindNextFileW
FindFirstFileW
GetModuleFileNameA
OutputDebugStringA
HeapFree
WriteFile
GetProcessHeap
HeapAlloc
GlobalUnlock
CreateMutexW
K32GetProcessImageFileNameW
lstrcatW
lstrlenW
QueryDosDeviceW
lstrcmpiW
GetLogicalDriveStringsW
OpenProcess
TerminateProcess
GlobalLock
GlobalSize
GetModuleFileNameW
GetTickCount
DeleteFileW
CreateDirectoryW
GetTempPathW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CloseHandle
GetFileSize
lstrcmpW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GlobalFree
GlobalAlloc
ReadFile
WaitForSingleObject
LockResource
GetLastError
CreateFileW
LeaveCriticalSection
GetSystemInfo
FreeLibrary
LoadLibraryA
GetVersionExW
FindResourceExW
InterlockedExchangeAdd
CancelIo
PostQueuedCompletionStatus
GetCurrentThread
SuspendThread
GetQueuedCompletionStatus
GetExitCodeThread
ResumeThread
CreateIoCompletionPort
SetLastError
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
CompareFileTime
WaitForSingleObjectEx
MoveFileExW
GetSystemDirectoryW
QueryPerformanceFrequency
SleepEx
InitializeCriticalSectionEx
GetTickCount64
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
CreateEventW
SetEvent
InterlockedDecrement
InterlockedIncrement
VerifyVersionInfoW
VerSetConditionMask
FormatMessageW
LocalFree
SetFileTime
SetFilePointer
LocalFileTimeToFileTime
GetFileAttributesW
MulDiv
ExitProcess
LoadLibraryW
GetCurrentDirectoryW
FreeResource
lstrlenA
Sleep
WinExec
DeleteFileA
CreateThread
GetComputerNameW
lstrcpyW
GetVersionExA
GetModuleHandleW
GetProcAddress
GetLocalTime
GetCurrentProcess
FlushConsoleInputBuffer
GetVersion
GetModuleHandleA
GlobalMemoryStatus
GetSystemTime
HeapDestroy
HeapReAlloc
HeapSize
RaiseException
EnterCriticalSection
DeleteCriticalSection
GetCurrentProcessId
InitializeCriticalSection
user32
wsprintfA
DrawTextA
CreateAcceleratorTableW
InvalidateRgn
GetGUIThreadInfo
GetKeyboardLayout
GetKeyNameTextW
MapVirtualKeyExW
SetForegroundWindow
MoveWindow
LoadIconW
MessageBoxW
SetWindowRgn
PtInRect
IsRectEmpty
IntersectRect
GetSysColor
MapWindowPoints
ScreenToClient
GetUpdateRect
EndPaint
BeginPaint
GetDC
ReleaseCapture
SetCapture
GetKeyState
GetFocus
GetActiveWindow
IsZoomed
IsIconic
IsWindowVisible
DestroyWindow
GetMonitorInfoW
MonitorFromWindow
LoadImageW
GetWindow
GetParent
SetWindowLongW
GetWindowLongW
GetWindowTextLengthW
SetPropW
EnableWindow
SetFocus
ShowWindow
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
RegisterClassW
GetWindowTextW
GetSystemMetrics
ReleaseDC
GetWindowRect
GetClientRect
SetWindowTextW
EqualRect
CallWindowProcW
DefWindowProcW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
LoadCursorW
OffsetRect
UnionRect
InflateRect
SetCursor
CharNextW
SendMessageW
PostMessageW
PostQuitMessage
InvalidateRect
SetTimer
KillTimer
SetWindowPos
GetCursorPos
UpdateWindow
ClientToScreen
GetCaretPos
SetCaretPos
ShowCaret
HideCaret
GetCaretBlinkTime
CreateCaret
TrackPopupMenu
AppendMenuW
EnableMenuItem
DestroyMenu
CreatePopupMenu
SetRect
FillRect
DrawTextW
CharPrevW
MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetWindowRgn
IsWindowEnabled
GetPropW
UpdateLayeredWindow
gdi32
MoveToEx
GetObjectA
SetTextColor
SetBkMode
SetBkColor
ExtSelectClipRgn
SelectClipRgn
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateSolidBrush
CreateRectRgnIndirect
CreatePenIndirect
CombineRgn
CreateDIBSection
PtInRegion
TextOutW
SetStretchBltMode
StretchBlt
SetBitmapBits
GetBitmapBits
CreateRoundRectRgn
SetWindowOrgEx
GetTextMetricsW
GetObjectW
GetDeviceCaps
GetDIBits
BitBlt
SelectObject
DeleteDC
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
PlayEnhMetaFile
GetEnhMetaFileHeader
CreateEnhMetaFileW
CloseEnhMetaFile
SaveDC
RestoreDC
Rectangle
RemoveFontMemResourceEx
AddFontMemResourceEx
GetStockObject
GdiFlush
CreatePatternBrush
GetTextExtentPointA
CreateRectRgn
CreateFontIndirectW
CreatePen
CreateDIBitmap
advapi32
RegisterEventSourceA
DeregisterEventSource
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashA
CryptEnumProvidersA
ReportEventA
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
shell32
DragQueryFileW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
ole32
CoCreateGuid
CoInitialize
OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
GetHGlobalFromStream
OleLockRunning
CLSIDFromProgID
CLSIDFromString
ReleaseStgMedium
OleDuplicateData
DoDragDrop
CreateStreamOnHGlobal
oleaut32
VariantClear
DispGetParam
SysFreeString
SysAllocString
VariantInit
msvcp110
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?_Add_vtordisp1@?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
?_Winerror_map@std@@YAPBDH@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@_JH@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Syserror_map@std@@YAPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??Bid@locale@std@@QAEIXZ
?_BADOFF@std@@3_JB
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Add_vtordisp1@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ios@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp1@?$basic_istream@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Add_vtordisp2@?$basic_ostream@DU?$char_traits@D@std@@@std@@UAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
gdiplus
GdiplusStartup
GdipDrawImageRectRect
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDeletePen
GdipCreatePen1
GdipDrawLine
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSetPenEndCap
GdipSetPenStartCap
GdipCreatePen2
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipDrawImageRectI
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipDeleteStringFormat
GdipDrawString
GdipBitmapSetPixel
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream
GdipCreateHBITMAPFromBitmap
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneImage
GdipStringFormatGetGenericTypographic
GdipMeasureString
GdipCreateFontFromLogfontA
GdipAlloc
GdipDisposeImage
GdipFree
GdipCreateFontFromDC
GdipFillPath
GdipFillRectangleI
GdipDrawPath
GdiplusShutdown
GdipCreatePath
GdipDeletePath
GdipAddPathLine
GdipAddPathArc
GdipCreateMatrix
GdipDeleteMatrix
GdipTranslateMatrix
GdipDrawRectangleI
GdipResetWorldTransform
GdipSetWorldTransform
GdipSetTextRenderingHint
GdipRotateMatrix
GdipSetPenMode
GdipReleaseDC
GdipCreateFromHDC
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
ws2_32
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
send
WSAGetLastError
recv
WSACloseEvent
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
socket
WSASetLastError
WSAIoctl
__WSAFDIsSet
select
accept
htonl
listen
getaddrinfo
freeaddrinfo
recvfrom
sendto
ioctlsocket
inet_addr
ntohl
WSASocketW
WSAAccept
WSARecv
WSASend
shutdown
bind
gethostname
gethostbyname
inet_ntoa
WSAStartup
WSACleanup
getservbyname
msvcr110
atoi
sprintf_s
feof
ferror
tolower
srand
_wremove
_wrename
iswspace
memcpy
memset
strlen
wcscat
wcschr
wcscmp
wcscpy
wcslen
wcsncpy
wcsrchr
_wcslwr
realloc
_vsnwprintf
__CxxFrameHandler3
isdigit
toupper
wcsncat
wcstol
wcstoul
_wtoi
_CxxThrowException
labs
wcstod
__RTDynamicCast
strcpy
strcmp
calloc
sqrt
memcmp
abs
strtol
_lrotl
pow
ldexp
iswalnum
wcsncmp
cos
sin
strpbrk
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
?terminate@@YAXXZ
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_ismbblead
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_acmdln
_fmode
_commode
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
strncpy
_errno
qsort
fputs
strncmp
strchr
__iob_func
_wcsdup
sscanf
memchr
_wcsnicmp
_ftelli64
fopen_s
wcsstr
exit
_wsplitpath
ftell
fseek
setvbuf
fsetpos
fgetpos
_fseeki64
memcpy_s
_unlock_file
_lock_file
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
ungetc
fputc
fgetc
_splitpath_s
fflush
fprintf
_vsnprintf_s
_vscprintf
strrchr
_localtime64_s
_time64
_purecall
??8type_info@@QBE_NABV0@@Z
fread
printf
swprintf_s
free
_wcsicmp
malloc
_wfopen
rand
fclose
fwrite
fopen
sprintf
_swprintf
??_V@YAXPAX@Z
??2@YAPAXI@Z
memmove
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
strstr
strerror
strtoul
wcspbrk
_waccess
_wstat64
_access
_stat64
_strtoi64
fgets
_gmtime64
_beginthreadex
_lseeki64
_fstat64
_getpid
strcspn
strspn
__sys_nerr
wcstombs
wmemcpy_s
wcsnlen
memmove_s
_vscwprintf
vswprintf_s
_strdup
_unlink
_read
_write
_close
_open
_fileno
_setmode
isxdigit
_stat64i32
isspace
signal
_getch
getenv
_vsnprintf
raise
_strnicmp
isupper
_gmtime64_s
abort
_itow
imagehlp
MakeSureDirectoryPathExists
dbghelp
MiniDumpWriteDump
iphlpapi
GetAdaptersInfo
shlwapi
PathFileExistsW
PathFileExistsA
comctl32
ord17
InitCommonControlsEx
_TrackMouseEvent
imm32
ImmReleaseContext
ImmSetCompositionWindow
ImmGetContext
wldap32
ord142
ord167
ord127
ord27
ord26
ord117
ord41
ord208
ord216
ord14
ord46
ord219
ord145
ord133
ord147
ord301
ord79
crypt32
CertGetEnhancedKeyUsage
CertCloseStore
CertGetIntendedKeyUsage
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertFreeCertificateContext
CertFindCertificateInStore
CertDuplicateCertificateContext
CertGetCertificateContextProperty
CertOpenStore
Exports
Exports
Sections
.text Size: 1.7MB - Virtual size: 1.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 432KB - Virtual size: 432KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 48KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 17B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3.4MB - Virtual size: 3.4MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 209KB - Virtual size: 209KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ