NEAS[.]de848cf4bc535365f32fa4fef920d280[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.de848cf4bc535365f32fa4fef920d280.exe
Size

1.0MB
MD5

de848cf4bc535365f32fa4fef920d280
SHA1

3a7277e0fccc799652fc0afecce98eb679eb4a26
SHA256

0bd4d0f8efc061dd967687a5330f5586f1aa2f0d9d2f344d03a6a3067c90994e
SHA512

c71323917f9f45f8d6967329f7b9a92a9a865809ee8a63269cc500b27dbce9ff495eadb4ad713e19b3a64c44d14160a3a94018805bd6d53f053b4f6d6b48d3f0
SSDEEP

12288:8/szMdN7Ztt0lzaWN0nzKD1Y26JnnHNj1q:8/fdN7ZtOFanKD+nnHX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.de848cf4bc535365f32fa4fef920d280.exe

Files

NEAS.de848cf4bc535365f32fa4fef920d280.exe
.exe windows:6 windows x64

38622cdb8ebecda42309d1216efca7f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcp140

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAK@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?uncaught_exception@std@@YA_NXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@V?$fpos@U_Mbstatet@@@2@@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??Bid@locale@std@@QEAA_KXZ
?_Xout_of_range@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
_Mbrtowc
?_Xbad_alloc@std@@YAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

mfc140u

ord11929
ord8084
ord7393
ord8167
ord6615
ord984
ord1451
ord4446
ord8158
ord2725
ord12685
ord11582
ord13846
ord8665
ord8899
ord8176
ord13937
ord12264
ord4335
ord491
ord1122
ord5382
ord5665
ord7888
ord4561
ord4578
ord12183
ord6404
ord636
ord2824
ord14122
ord2059
ord10857
ord3114
ord11881
ord6627
ord11845
ord10687
ord4175
ord8845
ord2921
ord9489
ord7690
ord7661
ord9859
ord9236
ord9291
ord9396
ord9354
ord11914
ord2913
ord8542
ord1230
ord4758
ord4748
ord4812
ord4858
ord4781
ord4836
ord4852
ord4793
ord4799
ord4805
ord4787
ord4842
ord4773
ord1754
ord1727
ord1713
ord5818
ord1641
ord5674
ord1537
ord1975
ord1901
ord5385
ord6250
ord6407
ord641
ord1233
ord12512
ord9435
ord9674
ord9365
ord9304
ord9355
ord4674
ord11572
ord9686
ord3309
ord3528
ord9733
ord8848
ord8860
ord9082
ord10992
ord8886
ord11038
ord11936
ord5950
ord7490
ord2036
ord2055
ord3188
ord9161
ord7579
ord13976
ord8035
ord8601
ord10942
ord13736
ord14328
ord8000
ord10727
ord640
ord4256
ord4238
ord13127
ord13750
ord1936
ord4449
ord2134
ord1504
ord3697
ord990
ord14128
ord11902
ord5916
ord6588
ord3164
ord4095
ord1424
ord8826
ord4448
ord13780
ord12283
ord878
ord1369
ord3599
ord13761
ord4343
ord6596
ord3167
ord3273
ord4098
ord1432
ord8829
ord5904
ord12513
ord874
ord4675
ord12443
ord1665
ord1670
ord1667
ord2350
ord12442
ord286
ord13869
ord7244
ord6001
ord13399
ord8603
ord8611
ord11858
ord3080
ord9219
ord10194
ord1127
ord499
ord6878
ord7234
ord13398
ord11443
ord2580
ord1090
ord3072
ord449
ord6286
ord1425
ord13448
ord13283
ord956
ord9107
ord13613
ord13612
ord14199
ord11760
ord11780
ord11853
ord10124
ord3810
ord7883
ord12139
ord8037
ord3722
ord4114
ord4144
ord4110
ord4068
ord4038
ord3972
ord2598
ord2571
ord7911
ord7367
ord8916
ord12544
ord8944
ord2543
ord11899
ord1389
ord10189
ord3967
ord4876
ord6029
ord3145
ord912
ord910
ord7120
ord7366
ord11898
ord10689
ord1386
ord6083
ord11623
ord11622
ord11624
ord11621
ord10858
ord10260
ord11022
ord8733
ord10710
ord10924
ord8668
ord904
ord902
ord905
ord7119
ord2270
ord5971
ord5401
ord2187
ord10967
ord10964
ord7518
ord10806
ord2627
ord13573
ord11770
ord11805
ord8917
ord6630
ord9739
ord9738
ord10835
ord8702
ord10811
ord11435
ord9217
ord9682
ord9677
ord9205
ord9215
ord9200
ord8003
ord7173
ord7233
ord11813
ord6000
ord13397
ord2697
ord8901
ord11854
ord1089
ord8731
ord10704
ord11085
ord10163
ord3951
ord446
ord3307
ord3308
ord3071
ord448
ord6848
ord6002
ord13401
ord3212
ord3209
ord9946
ord7913
ord2698
ord14360
ord9976
ord9978
ord9977
ord9975
ord9979
ord5451
ord11414
ord11415
ord8830
ord11771
ord3718
ord3713
ord11625
ord14209
ord8656
ord6729
ord9159
ord10691
ord8947
ord4863
ord4864
ord4868
ord4865
ord4866
ord3173
ord13513
ord11944
ord11940
ord1700
ord1722
ord1748
ord1734
ord1755
ord4776
ord4843
ord4788
ord4806
ord4800
ord4794
ord4853
ord4837
ord4782
ord4859
ord4814
ord4752
ord4767
ord4828
ord4360
ord5582
ord9384
ord4352
ord2967
ord12473
ord14211
ord7651
ord14217
ord6631
ord11406
ord13864
ord12706
ord13758
ord7541
ord8507
ord13354
ord5723
ord13767
ord5240
ord2629
ord11806
ord3812
ord3278
ord3279
ord3172
ord11850
ord8468
ord6724
ord5080
ord5363
ord5552
ord7716
ord9041
ord5339
ord5083
ord5229
ord5062
ord7460
ord7461
ord8681
ord12606
ord7450
ord5227
ord7922
ord8900
ord1086
ord4499
ord438
ord3825
ord2473
ord6566
ord3756
ord2475
ord4722
ord6320
ord14278
ord12087
ord14225
ord12030
ord4656
ord8023
ord5183
ord10070
ord2439
ord1503
ord12223
ord12222
ord1033
ord14210
ord7650
ord296
ord7928
ord6505
ord14216
ord9089
ord4011
ord2340
ord12625
ord2344
ord2346
ord7668
ord2011
ord11665
ord11664
ord266
ord14088
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord13545
ord3731
ord5706
ord265
ord1489
ord2222
ord8043
ord4726
ord11921
ord7920
ord11933
ord11901
ord5555
ord9941
ord14027
ord8161
ord12600
ord8452
ord8451
ord14031
ord14033
ord14039
ord8409
ord2212
ord4510
ord12265
ord2903
ord12926
ord12240
ord4946
ord4913
ord4181
ord8058
ord8416
ord4511
ord5709
ord1491
ord1501
ord280
ord2966
ord285
ord4350
ord2370

kernel32

ActivateActCtx
CreateActCtxW
GetModuleHandleExW
DeactivateActCtx
FindActCtxSectionStringW
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetCurrentProcessId
QueryActCtxW
MulDiv
OutputDebugStringW
FreeLibrary
GetProcAddress
LoadLibraryW
GetLastError
GetPrivateProfileStringW
WideCharToMultiByte
GetFileAttributesW
GetFullPathNameW
GetModuleFileNameW
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateFileW
WriteFile
CloseHandle
VerSetConditionMask
GetWindowsDirectoryW
LoadLibraryExW
WinExec
lstrcpyW
lstrcatW
lstrlenW
VerifyVersionInfoW
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetPrivateProfileStringA
MultiByteToWideChar
CompareFileTime
DeleteFileW
CreateDirectoryW
CopyFileW
ReadFile
SetFilePointer
GetLongPathNameW
SetFileAttributesW
WritePrivateProfileStructW
MoveFileExW
GetACP
DecodePointer
RaiseException
LocalFree
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentThreadId
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlCaptureContext
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
OutputDebugStringA
SetLastError
InitializeCriticalSectionAndSpinCount

user32

OffsetRect
InflateRect
SetRect
GetSysColorBrush
GetSysColor
GetWindowRect
GetClientRect
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
EnableWindow
GetDlgItem
MoveWindow
IsWindow
SendMessageW
GetLastActivePopup
FindWindowW
GetActiveWindow
GetWindow
GetWindowThreadProcessId
EnumThreadWindows
EnumWindows
GetParent
LoadStringW
GetClassLongPtrW
CreateDialogIndirectParamW
DialogBoxIndirectParamW
EndDialog
SetFocus
SetTimer
KillTimer
GetSystemMenu
EnableMenuItem
DrawStateW
SetForegroundWindow
BeginPaint
EndPaint
AdjustWindowRectEx
MessageBeep
GetCursorPos
ScreenToClient
GetWindowLongW
SetWindowLongW
SetWindowLongPtrW
WinHelpW
SendMessageA
PostMessageW
DrawIcon
UnregisterClassW
GetSystemMetrics
GetClassNameW
LoadIconW
IsIconic
MessageBoxW
FillRect
DestroyIcon
CreateIconIndirect
CopyIcon
IsWindowVisible
SetCursor
LoadCursorW
DestroyCursor
LoadImageW
GetIconInfo
SystemParametersInfoW
DrawEdge
CallWindowProcW
CreateWindowExW
DestroyWindow
GetWindowLongPtrW
SetWindowPos

gdi32

CreateDIBSection
GetTextColor
GetStockObject
TextOutW
CombineRgn
CreateRectRgn
CreateRectRgnIndirect
FillRgn
GetDeviceCaps
SetRectRgn
BitBlt
CreateCompatibleDC
DeleteDC
DeleteObject
SelectObject
CreateBitmap
CreateCompatibleBitmap
CreatePen
CreateSolidBrush
LineTo
StretchBlt
SetTextColor
GetObjectW
MoveToEx
CreateFontIndirectW
GetTextExtentPoint32W
SetBkColor
SetBkMode
SetTextJustification
GetTextMetricsW

comdlg32

GetFileTitleW

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegEnumValueW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegCloseKey

shell32

SHGetMalloc
SHCreateDirectoryExW
SHGetDesktopFolder
SHGetFolderPathW
SHGetSpecialFolderLocation
ShellExecuteW

comctl32

ImageList_GetIcon
ImageList_AddMasked
ImageList_GetImageCount
ImageList_Create
InitCommonControlsEx
ord17

shlwapi

PathFileExistsW

ole32

CLSIDFromProgID
CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize
StringFromCLSID
CoTaskMemAlloc

oleaut32

SysAllocString
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysStringLen
GetErrorInfo
VariantInit
VariantChangeType
SetErrorInfo
CreateErrorInfo
SysFreeString

gdiplus

GdiplusShutdown

vcruntime140

wcsstr
__RTDynamicCast
memcpy
memset
wcschr
__std_exception_copy
__std_exception_destroy
_CxxThrowException
_purecall
memmove
wcsrchr
__std_terminate
__C_specific_handler
__current_exception
__current_exception_context
__std_type_info_destroy_list

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
_errno
_exit
exit
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_invalid_parameter_noinfo_noreturn
_set_app_type
_seh_filter_exe

api-ms-win-crt-stdio-l1-1-0

setvbuf
__p__commode
_fseeki64
fsetpos
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
_set_fmode
__stdio_common_vswprintf_s
__stdio_common_vfprintf
__acrt_iob_func
ungetc
fwrite

api-ms-win-crt-convert-l1-1-0

wcstoul
wcstoull
_wtoi
atoi
_itow_s

api-ms-win-crt-string-l1-1-0

wcsncpy_s
wcscpy_s
_wcsicmp
wcscat_s
wcsnlen
towlower

api-ms-win-crt-time-l1-1-0

_mktime64

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

__setusermatherr
lround

api-ms-win-crt-heap-l1-1-0

free
calloc
_set_new_mode
_recalloc

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

api-ms-win-crt-filesystem-l1-1-0

_wstat64i32
_lock_file
_unlock_file
_wsplitpath_s
_wsplitpath
_wmakepath_s

Sections

.text
Size: 601KB - Virtual size: 601KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 373B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38622cdb8ebecda42309d1216efca7f4

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

mfc140u

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

gdiplus

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

Sections

.text Size: 601KB - Virtual size: 601KB

.rdata Size: 171KB - Virtual size: 171KB

.data Size: 6KB - Virtual size: 12KB

.pdata Size: 19KB - Virtual size: 19KB

.idata Size: 32KB - Virtual size: 32KB

.tls Size: 1024B - Virtual size: 777B

.00cfg Size: 512B - Virtual size: 373B

.rsrc Size: 194KB - Virtual size: 194KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 601KB - Virtual size: 601KB

.rdata
Size: 171KB - Virtual size: 171KB

.data
Size: 6KB - Virtual size: 12KB

.pdata
Size: 19KB - Virtual size: 19KB

.idata
Size: 32KB - Virtual size: 32KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 373B

.rsrc
Size: 194KB - Virtual size: 194KB

.reloc
Size: 8KB - Virtual size: 8KB