NEAS[.]d4b2465235d5cd6167e8b107f822b0b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d4b2465235d5cd6167e8b107f822b0b0.exe
Size

1.5MB
MD5

d4b2465235d5cd6167e8b107f822b0b0
SHA1

74baf4d74b37f6ca4d7abafb6a889090232cb65f
SHA256

92f7ca657699ab1cf028d763a63f43ea46891fc22c25e6d10f0b25cb418b7409
SHA512

7af6d2e6d7efcd93da737c88bbf53fb40dce5b8d21f407031a135501ebe87fa37f900df5d23b517e29ce48124029ae6dea9785c28ea1209f17c9b22c9711a8c1
SSDEEP

49152:MsS77NTaRJmy+bWg4nW64vn9phd8hxVGES7bCMseAYJKvp:Mp77laRJmy+bWg4nW64vn9phihxVGESM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d4b2465235d5cd6167e8b107f822b0b0.exe

Files

NEAS.d4b2465235d5cd6167e8b107f822b0b0.exe
.exe windows:6 windows x86

1fd18203b0f8680531443e5e988b4924

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140u

ord801
ord8694
ord8695
ord8699
ord3821
ord12872
ord5839
ord5798
ord13318
ord12737
ord2701
ord12876
ord7903
ord14395
ord12222
ord8845
ord11367
ord10362
ord11890
ord9087
ord9106
ord2656
ord4181
ord4194
ord2249
ord1731
ord9984
ord9506
ord9511
ord9521
ord8864
ord4713
ord2094
ord4269
ord3330
ord9382
ord4371
ord9023
ord1984
ord14173
ord2659
ord8938
ord12971
ord8426
ord14254
ord7176
ord7512
ord559
ord1189
ord1790
ord12181
ord12107
ord9305
ord9175
ord6263
ord10731
ord14364
ord3164
ord1111
ord1405
ord5033
ord3643
ord12462
ord967
ord7810
ord11651
ord11544
ord13924
ord13379
ord5932
ord9213
ord3940
ord5934
ord13700
ord9237
ord2557
ord4495
ord3834
ord12081
ord8209
ord3174
ord8400
ord5034
ord6130
ord7692
ord13709
ord5939
ord13707
ord5938
ord11432
ord5956
ord8831
ord9352
ord11795
ord5369
ord3843
ord4587
ord11495
ord10402
ord3191
ord11797
ord8318
ord2071
ord10841
ord12538
ord5643
ord5642
ord14726
ord14544
ord7019
ord11135
ord11649
ord11650
ord7020
ord5450
ord14021
ord1796
ord14020
ord9278
ord4396
ord8585
ord9299
ord11535
ord11372
ord9420
ord12175
ord14251
ord14198
ord5154
ord11662
ord13122
ord4915
ord4905
ord1733
ord8175
ord8340
ord8218
ord7111
ord8225
ord5436
ord2694
ord4048
ord8994
ord8939
ord14440
ord11755
ord11321
ord2634
ord4112
ord4043
ord8143
ord9000
ord8957
ord14361
ord3064
ord11484
ord9666
ord8954
ord4014
ord4507
ord14296
ord3167
ord3166
ord3340
ord7890
ord2685
ord5438
ord2543
ord3631
ord4049
ord4034
ord14473
ord13268
ord3132
ord14303
ord4182
ord2098
ord11728
ord14282
ord13326
ord2762
ord2784
ord11597
ord7107
ord458
ord3359
ord3237
ord6801
ord7493
ord10472
ord9040
ord8163
ord4485
ord9210
ord12172
ord2760
ord13752
ord6218
ord3403
ord3404
ord11396
ord11015
ord12131
ord7109
ord462
ord3162
ord6526
ord1105
ord1113
ord3696
ord3801
ord3686
ord7495
ord14055
ord7656
ord10394
ord9365
ord9235
ord12173
ord624
ord4926
ord4362
ord14734
ord4394
ord3797
ord13646
ord8062
ord5813
ord3805
ord3691
ord3693
ord8067
ord13337
ord5173
ord594
ord1213
ord13366
ord14056
ord469
ord1116
ord7496
ord8455
ord13000
ord11129
ord7418
ord4239
ord3366
ord3260
ord9138
ord6117
ord6842
ord1454
ord7642
ord7212
ord634
ord1240
ord7544
ord10644
ord11707
ord12195
ord8445
ord12989
ord2640
ord2672
ord3200
ord3348
ord12826
ord6467
ord12874
ord11365
ord9085
ord2655
ord4711
ord2088
ord11313
ord8281
ord2658
ord3387
ord2590
ord10667
ord2008
ord4724
ord6805
ord4223
ord3342
ord3175
ord9130
ord6570
ord1162
ord4466
ord8773
ord3171
ord6882
ord6977
ord14328
ord11080
ord6853
ord3370
ord5816
ord5842
ord7427
ord6122
ord6851
ord1464
ord7647
ord5852
ord8345
ord3347
ord6311
ord7179
ord7515
ord2132
ord562
ord1191
ord779
ord1319
ord754
ord1302
ord582
ord1207
ord9306
ord8554
ord4374
ord13737
ord8026
ord3215
ord13627
ord4386
ord4027
ord13474
ord4351
ord4478
ord4436
ord8529
ord8690
ord8372
ord14101
ord5035
ord8896
ord362
ord1068
ord13808
ord13794
ord13807
ord13798
ord13713
ord14522
ord3835
ord2345
ord12109
ord9472
ord12183
ord13442
ord7307
ord7310
ord8527
ord7313
ord7308
ord7311
ord7312
ord7314
ord7309
ord13994
ord8402
ord7735
ord11804
ord789
ord4471
ord1917
ord11686
ord8565
ord9177
ord8072
ord13648
ord10512
ord12463
ord11463
ord14029
ord3194
ord14189
ord13857
ord9217
ord14592
ord7919
ord9240
ord1788
ord13710
ord13708
ord11433
ord5955
ord8833
ord9354
ord11799
ord3845
ord3278
ord2072
ord10842
ord11493
ord3057
ord14337
ord11416
ord11510
ord1854
ord9205
ord9720
ord11504
ord2062
ord8427
ord12961
ord3325
ord3437
ord5748
ord12584
ord3970
ord2534
ord14042
ord10913
ord9513
ord9525
ord10626
ord10601
ord7032
ord4170
ord842
ord1368
ord2614
ord4076
ord8070
ord7288
ord758
ord1306
ord7583
ord5174
ord13345
ord277
ord4977
ord11713
ord3580
ord8545
ord11771
ord1521
ord9990
ord12887
ord5781
ord5961
ord6495
ord9468
ord5717
ord8754
ord7891
ord5837
ord13602
ord6973
ord12526
ord1374
ord853
ord1693
ord7787
ord10048
ord10047
ord11146
ord9011
ord11122
ord11746
ord8912
ord8955
ord9526
ord9991
ord9986
ord9514
ord9524
ord9509
ord11278
ord11275
ord8304
ord6219
ord13754
ord12088
ord5024
ord5025
ord5029
ord5026
ord5027
ord6876
ord2680
ord3173
ord9226
ord8920
ord12176
ord9291
ord11581
ord13235
ord4477
ord9467
ord2029
ord14507
ord14239
ord13940
ord13106
ord10504

kernel32

CopyFileW
OutputDebugStringW
LocalFileTimeToFileTime
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CompareStringEx
lstrcmpW
GetSystemTime
GetLocalTime
GetCurrentDirectoryW
SetCurrentDirectoryW
FindCloseChangeNotification
FindFirstChangeNotificationW
WaitForMultipleObjects
FindNextChangeNotification
ReadDirectoryChangesW
GetOverlappedResult
GetDiskFreeSpaceExW
SetThreadPriority
GlobalGetAtomNameW
GlobalDeleteAtom
GetFileSize
CreateProcessW
GetTickCount64
LoadLibraryExW
VirtualProtect
WideCharToMultiByte
InitializeCriticalSectionEx
CreateMutexW
ResetEvent
SetEvent
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FindFirstStreamW
CreateThreadpool
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
SetThreadpoolThreadMinimum
CloseThreadpoolCleanupGroup
CloseThreadpool
CloseThreadpoolCleanupGroupMembers
TrySubmitThreadpoolCallback
CreateThreadpoolWork
CloseThreadpoolWork
SubmitThreadpoolWork
LocalAlloc
RaiseException
GetSystemInfo
VirtualQuery
LoadLibraryExA
GetShortPathNameW
GetLongPathNameW
CompareFileTime
FindNextFileW
GetCurrentProcessId
K32GetModuleFileNameExW
K32EnumProcessModules
OpenProcess
ExpandEnvironmentStringsW
QueryDosDeviceW
DeleteFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetFileSizeEx
TerminateProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
ReadFile
FindNextStreamW
TryEnterCriticalSection
GetPrivateProfileIntW
GetNativeSystemInfo
EnterCriticalSection
LeaveCriticalSection
OpenMutexW
SetEnvironmentVariableW
FileTimeToLocalFileTime
GetExitCodeProcess
GetTempFileNameW
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GetModuleHandleW
GetTimeFormatEx
GetCurrentProcess
GetTempPathW
lstrlenW
lstrcatW
WaitForThreadpoolWorkCallbacks
lstrcpyW
CreateEventW
GetDateFormatEx
WaitForSingleObject
SetFileAttributesW
GlobalFree
GetLogicalDrives
LocalFree
FormatMessageW
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
CreateFileW
SystemTimeToFileTime
FileTimeToSystemTime
GetFileAttributesW
FindFirstFileW
FindFirstFileExW
FindClose
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
CloseHandle

user32

UpdateWindow
InvalidateRect
SetMenuItemInfoW
ReleaseDC
GetDC
GetClassNameW
GetActiveWindow
CheckMenuItem
AppendMenuW
FindWindowExW
GetWindow
GetDesktopWindow
EnumWindows
GetWindowTextW
IsWindow
IsWindowEnabled
PostMessageW
DrawTextW
GetClientRect
EnableWindow
keybd_event
MapVirtualKeyW
DestroyMenu
CreatePopupMenu
GetSysColor
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
IsIconic
IsWindowVisible
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SetForegroundWindow
FindWindowW
ShowWindow
SendMessageW
GetKeyState
GetSystemMetrics
GetWindowPlacement
IsZoomed
MoveWindow
MessageBoxW
WaitForInputIdle
RemoveMenu
ModifyMenuW
DestroyIcon
CopyImage
SetProcessDPIAware
RegisterClipboardFormatW
LoadBitmapW
PrivateExtractIconsW
DrawEdge
EnableMenuItem
FillRect
LoadCursorW
ClientToScreen
ScreenToClient
GetParent
SetCursor
SetCapture
GetWindowRect
ReleaseCapture
OffsetRect
wsprintfW
RedrawWindow
GetMenuStringW
IsMenu
GetMenuItemCount
SetCursorPos
SystemParametersInfoW
GetCursorPos
DrawTextA
GetMenuItemID
GetMenuDefaultItem
CreateIconIndirect
GetWindowDC
DrawIcon
GetWindowLongW
CopyRect
DrawFocusRect
SetTimer
KillTimer
InsertMenuW
GetFocus
SetFocus
IsClipboardFormatAvailable
EndDialog
SetWindowPos
SetRectEmpty
PeekMessageW
TranslateMessage
DispatchMessageW
CheckMenuRadioItem
DeleteMenu
GetMenuItemInfoW
PtInRect
SetWindowLongW
GetMessagePos
DestroyAcceleratorTable
AllowSetForegroundWindow
AddClipboardFormatListener
CreateAcceleratorTableW
GetClassInfoW
RemoveClipboardFormatListener
ShutdownBlockReasonCreate
ShutdownBlockReasonDestroy
TrackPopupMenu
SetLayeredWindowAttributes
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetAncestor
WindowFromPoint
SetWindowPlacement
CallWindowProcW
InsertMenuItemW
BeginPaint
EndPaint
DrawFrameControl
DestroyWindow

gdi32

StretchBlt
CreateDIBSection
SetBkMode
BitBlt
SetStretchBltMode
SetTextColor
CreateCompatibleBitmap
GetObjectW
CreateCompatibleDC
SetDIBColorTable
DeleteDC
CreateFontIndirectW
Rectangle
CreatePen
CreateSolidBrush
DeleteObject
ExtTextOutW
SetBkColor
GetTextExtentPoint32W
SelectObject
GetDeviceCaps
RoundRect

msimg32

AlphaBlend
TransparentBlt
GradientFill

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetUserNameW
RegEnumValueW
OpenProcessToken
GetTokenInformation
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupPrivilegeNameW
LookupPrivilegeDisplayNameW

shell32

ExtractIconExW
ord165
SHGetSpecialFolderLocation
SHCreateItemInKnownFolder
SHGetMalloc
SHCreateItemFromParsingName
ord155
SHBrowseForFolderW
SHChangeNotify
SHGetFileInfoW
SHBindToParent
SHGetDesktopFolder
SHCreateItemFromIDList
Shell_NotifyIconW
ord18
ord25
ord190
DragQueryFileW
ord2
ord4
SHGetSpecialFolderPathW
ord727
SHAddToRecentDocs
ord77
ord645
ord644
SHCreateShellItemArrayFromIDLists
ord88
SHGetStockIconInfo
SHGetDataFromIDListW
ShellExecuteW
ord21
ord17
SHCreateShellItem
SHEmptyRecycleBinW
ShellExecuteExW
SHGetPathFromIDListEx

comctl32

ImageList_GetBkColor
ImageList_Draw
ImageList_LoadImageW
ImageList_Destroy
ImageList_GetImageCount
ImageList_Read
ImageList_Write
_TrackMouseEvent
ImageList_DrawEx
ImageList_GetIconSize
ImageList_DrawIndirect
ImageList_GetIcon
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_Remove

shlwapi

ord172
PathGetDriveNumberW
ord156
PathFindExtensionW
ord158
PathIsUNCServerShareW
StrCpyNW
StrCmpLogicalW
StrCpyW
StrCmpIW
PathIsRootW
PathIsNetworkPathW
SHCreateStreamOnFileW
PathFileExistsW
StrCmpW
StrStrNW

uxtheme

OpenThemeData
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeBackground
CloseThemeData
SetWindowTheme

ole32

RevokeDragDrop
CoFreeUnusedLibrariesEx
OleGetClipboard
RegisterDragDrop
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CreateBindCtx
CoTaskMemFree
CoCreateInstance
CLSIDFromString

oleaut32

SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
VarUdateFromDate
VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocStringByteLen
SysStringLen

gdiplus

GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdiplusStartup
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??1_Facet_base@std@@UAE@XZ
??_7_Facet_base@std@@6B@
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Incref@facet@locale@std@@UAEXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??1_Locinfo@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??0_Lockit@std@@QAE@H@Z
??1facet@locale@std@@MAE@XZ
??_7facet@locale@std@@6B@
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?id@?$collate@_W@std@@2V0locale@2@A
_Wcsxfrm
_Wcscoll
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z

concrt140

?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?PPLParallelForeachEventGuid@Concurrency@@3U_GUID@@B
??1_StructuredTaskCollection@details@Concurrency@@QAE@XZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?Free@Concurrency@@YAXPAX@Z
?_GetNumberOfVirtualProcessors@_CurrentScheduler@details@Concurrency@@SAIXZ
?_Confirm_cancel@_Cancellation_beacon@details@Concurrency@@QAE_NXZ
?_Yield@_Context@details@Concurrency@@SAXXZ
?_IsSynchronouslyBlocked@_Context@details@Concurrency@@QBE_NXZ
?PPLParallelForEventGuid@Concurrency@@3U_GUID@@B
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_CurrentContext@_Context@details@Concurrency@@SA?AV123@XZ
??0_Cancellation_beacon@details@Concurrency@@QAE@XZ
??1_Cancellation_beacon@details@Concurrency@@QAE@XZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z

dwmapi

DwmSetWindowAttribute

iphlpapi

IcmpSendEcho
Icmp6CreateFile
IcmpCreateFile
IcmpCloseHandle
Icmp6SendEcho2

ws2_32

freeaddrinfo
inet_pton
getnameinfo
getaddrinfo
WSAStartup
WSACleanup

vcruntime140

memcpy
_CxxThrowException
memmove
_except_handler4_common
__current_exception_context
__current_exception
memset
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
wcsstr
strchr
wcschr
_purecall

api-ms-win-crt-runtime-l1-1-0

_resetstkoflw
_invalid_parameter_noinfo
_errno
_invalid_parameter_noinfo_noreturn
_controlfp_s
terminate
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_set_app_type
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv

api-ms-win-crt-stdio-l1-1-0

__p__commode
fputws
fputs
fclose
fread
_set_fmode
_wsopen_s
_filelength
_read
_close
_wfsopen
fgetws
fwrite

api-ms-win-crt-string-l1-1-0

isalpha
wcscpy_s
isxdigit
isdigit
wcsncpy_s
towlower
_stricmp
_wcsicoll
isspace
strcpy_s
_wcsnicmp
_wcsicmp
wcsnlen

api-ms-win-crt-heap-l1-1-0

malloc
calloc
_recalloc
free
realloc
_set_new_mode

api-ms-win-crt-convert-l1-1-0

_wtoll
_wtoi64
wcstol
_wtoi
wcstod
_wtof

api-ms-win-crt-filesystem-l1-1-0

_wfullpath
_wrename

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-time-l1-1-0

wcsftime
_time64
_localtime64_s

api-ms-win-crt-locale-l1-1-0

_wsetlocale
_configthreadlocale

api-ms-win-crt-math-l1-1-0

_CIfmod
__setusermatherr
ceil

vcomp140

_vcomp_for_static_simple_init
_vcomp_fork
_vcomp_sections_next
_vcomp_sections_init
_vcomp_for_static_end

Sections

.text
Size: 934KB - Virtual size: 933KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fd18203b0f8680531443e5e988b4924

Headers

DLL Characteristics

File Characteristics

Imports

mfc140u

kernel32

user32

gdi32

msimg32

comdlg32

advapi32

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

gdiplus

msvcp140

concrt140

dwmapi

iphlpapi

ws2_32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

vcomp140

Sections

.text Size: 934KB - Virtual size: 933KB

.rdata Size: 270KB - Virtual size: 270KB

.data Size: 13KB - Virtual size: 20KB

.rsrc Size: 348KB - Virtual size: 347KB

.text
Size: 934KB - Virtual size: 933KB

.rdata
Size: 270KB - Virtual size: 270KB

.data
Size: 13KB - Virtual size: 20KB

.rsrc
Size: 348KB - Virtual size: 347KB