??4_Init_locks@std@@QAEAAV01@ABV01@@Z
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c64882f919f382ab903d7b6bbd43d3b72f0a36ee21155e28b7633aeb78a9b5fd.exe
Resource
win7-20230831-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
c64882f919f382ab903d7b6bbd43d3b72f0a36ee21155e28b7633aeb78a9b5fd.exe
Resource
win10v2004-20230915-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
c64882f919f382ab903d7b6bbd43d3b72f0a36ee21155e28b7633aeb78a9b5fd
-
Size
1.6MB
-
MD5
cf338d0433dd2e182a022ad488e9815c
-
SHA1
7ed8b44acb0a1b80446bb56803c0be761042fe18
-
SHA256
c64882f919f382ab903d7b6bbd43d3b72f0a36ee21155e28b7633aeb78a9b5fd
-
SHA512
fb4b7f41a66db482452d69d97a8a8c78c8937eec5d33b62aa8fa0a7b4938f20b1d066aee14a823a9d27dbef51fc060b0a1b9afb196724508a06955451e7e8c71
-
SSDEEP
24576:BP6pZp4G46N8i0yH5K9/tv0JS7mSD8aYmlbBW8sRPEbyJlTaN8D1o:BP6je/tv0JS7/FBURPcyJpaNIK
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c64882f919f382ab903d7b6bbd43d3b72f0a36ee21155e28b7633aeb78a9b5fd
Files
-
c64882f919f382ab903d7b6bbd43d3b72f0a36ee21155e28b7633aeb78a9b5fd.exe windows:4 windows x86
67ff2d754005f8c5f8645b8cf886a940
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
uilogic
CreateUiPolicyPtr
CreateUiLogic
GetRecordObj
GetScheduleObj
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
GetUserProfileDirectoryW
UnloadUserProfile
LoadUserProfileW
wtsapi32
WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSEnumerateProcessesW
WTSRegisterSessionNotification
rpcrt4
RpcServerUnregisterIf
RpcRevertToSelf
RpcImpersonateClient
NdrServerCall2
RpcServerListen
RpcStringBindingComposeW
RpcMgmtStopServerListening
RpcStringFreeW
RpcServerRegisterIf
RpcServerUseProtseqEpW
NdrClientCall2
RpcBindingFree
RpcBindingFromStringBindingW
comn
GetObjectLang
GetObjectSys
GetObjectLog
ws2_32
WSACleanup
inet_addr
listen
send
recvfrom
sendto
WSAIoctl
setsockopt
getsockopt
getsockname
select
htonl
htons
accept
WSAStartup
socket
connect
closesocket
bind
inet_ntoa
WSAGetLastError
gethostbyname
recv
encrypt
CreateEncryptObject
StrToHex
HexToStr
diskmgr
CreateDdmManager
shlwapi
PathFileExistsW
amnet
?GetLastError@Amnet@@YAHXZ
?GetAdapterCount@Amnet@@YAHXZ
?GetHostName@Amnet@@YAXPAD@Z
?CleanVirtualAdapter@Amnet@@YAXXZ
?ToCharacter@Amnet@@YAPADK@Z
?GetAdapterAt@Amnet@@YA_NIAAUTAdapter@1@@Z
?ToInteger@Amnet@@YAKPAD@Z
?ToInteger@Amnet@@YAKPA_W@Z
?InitAdapter@Amnet@@YAX_N@Z
?Sendto@Amnet@@YA_NHPADI0H_N@Z
?Disconnect@Amnet@@YA_NH_N@Z
?Install@Amnet@@YA_NXZ
?Uninstall@Amnet@@YAXXZ
ntlog
?CloseLog@NTLOG@@YAXH@Z
?WriteLog@NTLOG@@YAHHIPB_WZZ
?OpenLog@NTLOG@@YAHIPA_W@Z
nthelp
?StringToGUID@Help32@@YAXPA_WAAU_GUID@@@Z
?MakeGUID@Help32@@YAXAAU_GUID@@@Z
?ReadFile@Help32@@YAKPA_WKPAXK@Z
?EqualString@Help32@@YAHPA_W0@Z
?EqualString@Help32@@YAHPA_WPAD@Z
?GetModuleFilePath@Help32@@YAXPAD@Z
?GetModuleFilePath@Help32@@YAXPA_W@Z
?Chartowchar@Help32@@YAXPBDPA_WH@Z
?GetAddrInIPv4@Help32@@YAXKPA_W@Z
?CheckWindowsUserAndPasswordIsValid@Help32@@YAHPA_W0@Z
?SplitString@Help32@@YAXPA_W_WAAV?$vector@PA_WV?$allocator@PA_W@std@@@std@@@Z
?Decrypto@Help32@@YAXPAEK@Z
?IsEmpty@Help32@@YAHPA_W@Z
?IsEmpty@Help32@@YAHPAD@Z
?IsValidUserAndHasAdmin@Help32@@YAHPA_WAAH@Z
?GUIDToString@Help32@@YAXAAU_GUID@@PA_WH@Z
?FileIsExist@Help32@@YAHPA_W@Z
?Compress@Help32@@YAHPAEI@Z
?Wchartochar@Help32@@YAXPB_WPADH@Z
?Encrypto@Help32@@YAXPAEK@Z
?InternetCheckResult@Help32@@YAHPBDH@Z
?GetIPv4InAddr@Help32@@YAKPBD@Z
?GetIPv4InAddr@Help32@@YAKPB_W@Z
?WriteFile@Help32@@YAKPA_WKPAXK@Z
?Expansion@Help32@@YAXPAEIPADI@Z
?CopyString@Help32@@YAPA_WPA_W@Z
?CopyString@Help32@@YAXPAD0@Z
?CopyString@Help32@@YAXPA_W0@Z
usbdetect
?RegisterNotification@USBDriveDetector@@QAE_NPAUSERVICE_STATUS_HANDLE__@@PAVHandler@1@@Z
?EventHandler@USBDriveDetector@@QAEXKKPAX@Z
?GetCurRemovablePartitions@DeviceUtil@@SAXPAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@DU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@D@std@@@2@@std@@@Z
?Get@USBDriveDetector@@SAAAV1@XZ
?GetCurRemovableDrives@DeviceUtil@@SAXPAV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
funclogic
CreateEnumDisk
kernel32
HeapFree
GetProcessHeap
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedCompareExchange
LocalFree
GenerateConsoleCtrlEvent
GetCurrentThread
GetVersion
LocalAlloc
GetStdHandle
WriteConsoleA
SetLastError
WriteConsoleW
PeekNamedPipe
CreatePipe
DeviceIoControl
GetSystemDirectoryW
FlushFileBuffers
GetWindowsDirectoryW
QueryPerformanceCounter
GetVersionExA
WaitForSingleObject
CreateThread
FindFirstFileW
SetSystemPowerState
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
GetTickCount
ReleaseMutex
SetEvent
FindClose
QueueUserWorkItem
GetModuleFileNameW
CloseHandle
GetLocalTime
GetLastError
DeleteCriticalSection
Sleep
lstrcpyW
EnterCriticalSection
CreateEventW
DeleteFileW
GetCurrentProcess
LoadLibraryW
GetVersionExW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetProcAddress
FreeLibrary
CreateProcessW
GetStartupInfoW
WideCharToMultiByte
WritePrivateProfileStringW
GetFileAttributesW
GetPrivateProfileIntW
TerminateProcess
SetFilePointer
GetPrivateProfileStringW
ReadFile
GetModuleFileNameA
CreateFileW
WTSGetActiveConsoleSessionId
CreateDirectoryW
WriteFile
MultiByteToWideChar
GetExitCodeProcess
SetProcessPriorityBoost
SetPriorityClass
SetUnhandledExceptionFilter
RemoveDirectoryW
GetEnvironmentVariableW
FindNextFileW
OpenEventW
InterlockedIncrement
InterlockedExchange
GetSystemInfo
GetCurrentProcessId
GetDriveTypeW
GetCurrentThreadId
OutputDebugStringA
InterlockedDecrement
OutputDebugStringW
OpenMutexW
GetModuleHandleW
LoadLibraryA
CreateMutexA
GetLogicalDriveStringsW
GetPrivateProfileStructW
GetPrivateProfileStringA
WritePrivateProfileStructW
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateFileA
GetFileSize
TerminateThread
GetComputerNameW
GetFileAttributesA
CreateDirectoryA
IsBadReadPtr
IsBadWritePtr
lstrlenW
GetFileSizeEx
SetFilePointerEx
MoveFileW
GetSystemTimeAsFileTime
user32
SetWindowLongW
SetUserObjectSecurity
GetUserObjectSecurity
GetThreadDesktop
SetThreadDesktop
ExitWindowsEx
wsprintfW
wvsprintfW
LoadCursorW
DefWindowProcW
GetMessageW
UnregisterDeviceNotification
CreateWindowExW
TranslateMessage
RegisterClassExW
GetWindowLongW
DispatchMessageW
SendMessageW
PostQuitMessage
RegisterDeviceNotificationW
OpenDesktopW
SetProcessWindowStation
CloseDesktop
CloseWindowStation
OpenWindowStationW
GetProcessWindowStation
advapi32
RegDeleteKeyA
AddAce
GetAclInformation
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
LogonUserW
RegOpenKeyExA
InitializeAcl
AddAccessAllowedAce
GetLengthSid
GetAce
OpenThreadToken
ImpersonateLoggedOnUser
CopySid
InitializeSecurityDescriptor
RegEnumKeyW
RegQueryInfoKeyW
RegSetValueExA
RegFlushKey
RegOpenKeyW
RegOpenKeyA
RegQueryValueExA
LookupAccountSidW
RegQueryValueExW
OpenServiceW
CreateServiceW
QueryServiceStatus
OpenSCManagerW
ChangeServiceConfig2W
ControlService
DeleteService
CloseServiceHandle
SetServiceStatus
DeregisterEventSource
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ReportEventW
RegisterEventSourceW
RegDeleteValueW
SetTokenInformation
DuplicateTokenEx
RegOpenKeyExW
CreateProcessAsUserW
RegSetValueExW
RegCloseKey
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RevertToSelf
shell32
SHGetFolderPathA
SHGetFolderPathW
ShellExecuteExW
ole32
CoCreateInstance
StringFromCLSID
CLSIDFromString
CoInitialize
CoTaskMemFree
CoUninitialize
CoInitializeEx
oleaut32
SysStringLen
SysAllocString
SysFreeString
msvcp80
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?max_size@?$allocator@_W@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flags@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
activeds
ord9
msvcr80
ferror
_wfsopen
ftell
fread
_CIpow
_fsopen
fseek
_vsnprintf_s
isspace
isalnum
tolower
fopen_s
_wcsicmp
fclose
??_V@YAXPAX@Z
_vswprintf
_localtime64_s
free
malloc
wcscpy_s
_time64
memmove_s
??2@YAPAXI@Z
swprintf_s
wcscat_s
swscanf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
strrchr
_swprintf
??0exception@std@@QAE@XZ
fputc
memmove
_strnicmp
_itoa
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CxxFrameHandler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
printf
fprintf
_purecall
_beginthread
_mktime64
strstr
_wtoi
wcsrchr
strchr
_itow
_wcsnicmp
fopen
wcschr
atoi
_vsnwprintf
wprintf
fgets
strtok
vswprintf_s
wcsncpy
atol
feof
towupper
_beginthreadex
__winitenv
strncpy
_wcsupr
srand
_endthreadex
strncmp
mbstowcs
strcpy_s
wcsstr
_vsnprintf
strtol
calloc
strftime
rand
toupper
_vscprintf
_vscwprintf
vsprintf
gets
wcscpy
strcpy
wcscmp
strcmp
memcpy
strlen
div
memset
_CxxThrowException
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
sscanf_s
isalpha
exit
_invalid_parameter_noinfo
??3@YAXPAX@Z
wcsncmp
_localtime64
?what@exception@std@@UBEPBDXZ
sprintf
??1exception@std@@UAE@XZ
wcstombs
iphlpapi
AddIPAddress
GetAdaptersInfo
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
winhttp
WinHttpAddRequestHeaders
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpReadData
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpCloseHandle
enumfolder
CreateEnumRemoteFolder
Exports
Exports
Sections
.text Size: 640KB - Virtual size: 639KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 128KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 864KB - Virtual size: 868KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE