InitializeModule
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
NEAS.518ab885b29156743ffad2532aa3f740.dll
Resource
win7-20231020-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
NEAS.518ab885b29156743ffad2532aa3f740.dll
Resource
win10v2004-20231020-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
NEAS.518ab885b29156743ffad2532aa3f740.exe
-
Size
157KB
-
MD5
518ab885b29156743ffad2532aa3f740
-
SHA1
d7c734e1e912047e2b7fba89b75064cf4688df67
-
SHA256
6ce7e2492066eb98322c5f0e52549902b51ba7cb47e9de6a60d1e5c45688d98a
-
SHA512
a19d4afd87b0473f876e5542fcafe36f7f895a8a469ca06f2b721f31943311f3960cc4c31efb9af1467d527c37d98938a1d53c8e4907f5d400c9daf0ac35b287
-
SSDEEP
3072:ElHw7up1DspskiX8oCihURrVZmtAeh726O9caMFHt1BWg9RkkBz:CQ/ndepnRZUmR/
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.518ab885b29156743ffad2532aa3f740.exe
Files
-
NEAS.518ab885b29156743ffad2532aa3f740.exe.dll windows:6 windows x64
bca51767c30ee46e9cd3f56342038aa4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
factorygame-rendercore
?kServiceFileName@FDumpParameters@IDumpGPUUploadServiceProvider@@2QEB_WEB
??0IDumpGPUUploadServiceProvider@@QEAA@XZ
??0FDumpParameters@IDumpGPUUploadServiceProvider@@QEAA@AEBU01@@Z
??1FDumpParameters@IDumpGPUUploadServiceProvider@@QEAA@XZ
?DumpServiceParametersFileContent@FDumpParameters@IDumpGPUUploadServiceProvider@@QEBA?AVFString@@XZ
?GProvider@IDumpGPUUploadServiceProvider@@2PEAV1@EA
factorygame-json
?AsObject@FJsonValue@@UEBAAEBV?$TSharedPtr@VFJsonObject@@$00@@XZ
?TryGetNumber@FJsonValue@@UEBA_NAEAG@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAE@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAF@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAC@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAM@Z
?TryGetNumber@FJsonValue@@UEBA_NAEA_K@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAI@Z
?TryGetNumber@FJsonValue@@UEBA_NAEA_J@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAH@Z
?GetType@FJsonValueNull@@MEBA?AVFString@@XZ
?GetType@FJsonValueObject@@MEBA?AVFString@@XZ
?TryGetObject@FJsonValueObject@@UEAA_NAEAPEAV?$TSharedPtr@VFJsonObject@@$00@@@Z
?TryGetObject@FJsonValueObject@@UEBA_NAEAPEBV?$TSharedPtr@VFJsonObject@@$00@@@Z
?GetType@FJsonValueArray@@MEBA?AVFString@@XZ
?TryGetArray@FJsonValueArray@@UEAA_NAEAPEAV?$TArray@V?$TSharedPtr@VFJsonValue@@$00@@V?$TSizedDefaultAllocator@$0CA@@@@@@Z
?TryGetArray@FJsonValueArray@@UEBA_NAEAPEBV?$TArray@V?$TSharedPtr@VFJsonValue@@$00@@V?$TSizedDefaultAllocator@$0CA@@@@@@Z
?GetType@FJsonValueBoolean@@MEBA?AVFString@@XZ
?TryGetString@FJsonValueBoolean@@UEBA_NAEAVFString@@@Z
?TryGetBool@FJsonValueBoolean@@UEBA_NAEA_N@Z
?TryGetNumber@FJsonValueBoolean@@UEBA_NAEAN@Z
?GetType@FJsonValueNumberString@@MEBA?AVFString@@XZ
?TryGetBool@FJsonValueNumberString@@UEBA_NAEA_N@Z
?TryGetNumber@FJsonValueNumberString@@UEBA_NAEA_K@Z
?TryGetNumber@FJsonValueNumberString@@UEBA_NAEAI@Z
?TryGetNumber@FJsonValueNumberString@@UEBA_NAEAG@Z
?TryGetNumber@FJsonValueNumberString@@UEBA_NAEAE@Z
?TryGetNumber@FJsonValueNumberString@@UEBA_NAEA_J@Z
?TryGetNumber@FJsonValueNumberString@@UEBA_NAEAH@Z
?TryGetNumber@FJsonValueNumberString@@UEBA_NAEAF@Z
?TryGetNumber@FJsonValueNumberString@@UEBA_NAEAC@Z
?TryGetNumber@FJsonValueNumberString@@UEBA_NAEAM@Z
?TryGetNumber@FJsonValueNumberString@@UEBA_NAEAN@Z
?TryGetString@FJsonValueNumberString@@UEBA_NAEAVFString@@@Z
?GetType@FJsonValueNumber@@MEBA?AVFString@@XZ
?TryGetString@FJsonValueNumber@@UEBA_NAEAVFString@@@Z
?TryGetBool@FJsonValueNumber@@UEBA_NAEA_N@Z
?TryGetNumber@FJsonValueNumber@@UEBA_NAEAN@Z
?GetType@FJsonValueString@@MEBA?AVFString@@XZ
?TryGetBool@FJsonValueString@@UEBA_NAEA_N@Z
?TryGetNumber@FJsonValueString@@UEBA_NAEA_K@Z
?TryGetNumber@FJsonValueString@@UEBA_NAEA_J@Z
?TryGetNumber@FJsonValueString@@UEBA_NAEAI@Z
?TryGetNumber@FJsonValueString@@UEBA_NAEAH@Z
?TryGetNumber@FJsonValueString@@UEBA_NAEAN@Z
?TryGetString@FJsonValueString@@UEBA_NAEAVFString@@@Z
?TryGetObject@FJsonValue@@UEAA_NAEAPEAV?$TSharedPtr@VFJsonObject@@$00@@@Z
?TryGetObject@FJsonValue@@UEBA_NAEAPEBV?$TSharedPtr@VFJsonObject@@$00@@@Z
?TryGetArray@FJsonValue@@UEAA_NAEAPEAV?$TArray@V?$TSharedPtr@VFJsonValue@@$00@@V?$TSizedDefaultAllocator@$0CA@@@@@@Z
?TryGetArray@FJsonValue@@UEBA_NAEAPEBV?$TArray@V?$TSharedPtr@VFJsonValue@@$00@@V?$TSizedDefaultAllocator@$0CA@@@@@@Z
?TryGetBool@FJsonValue@@UEBA_NAEA_N@Z
?TryGetString@FJsonValue@@UEBA_NAEAVFString@@@Z
?TryGetNumber@FJsonValue@@UEBA_NAEAN@Z
??1FJsonObject@@QEAA@XZ
??0FJsonObject@@QEAA@XZ
?SetField@FJsonObject@@QEAAXAEBVFString@@AEBV?$TSharedPtr@VFJsonValue@@$00@@@Z
??1FJsonValueNull@@UEAA@XZ
??0FJsonValueNull@@QEAA@XZ
??1FJsonValueObject@@UEAA@XZ
??0FJsonValueObject@@QEAA@V?$TSharedPtr@VFJsonObject@@$00@@@Z
??1FJsonValueArray@@UEAA@XZ
??0FJsonValueArray@@QEAA@AEBV?$TArray@V?$TSharedPtr@VFJsonValue@@$00@@V?$TSizedDefaultAllocator@$0CA@@@@@@Z
??1FJsonValueBoolean@@UEAA@XZ
??0FJsonValueBoolean@@QEAA@_N@Z
??1FJsonValueNumberString@@UEAA@XZ
??0FJsonValueNumberString@@QEAA@AEBVFString@@@Z
??1FJsonValueNumber@@UEAA@XZ
??0FJsonValueNumber@@QEAA@N@Z
??1FJsonValueString@@UEAA@XZ
??0FJsonValueString@@QEAA@AEBVFString@@@Z
factorygame-http
?Get@FHttpModule@@SAAEAV1@XZ
factorygame-core
?AnsiMalloc@@YAPEAX_KI@Z
?bPrimaryDisableForever@FThreadStats@@0_NA
?bPrimaryEnable@FThreadStats@@0_NA
?TlsSlot@FThreadStats@@0IA
?TStatId_NAME_None@TStatId@@0UTStatIdData@@A
?bIsDisabled@FLowLevelMemTracker@@2_NA
?LinkAllocator@FLockFreeLinkPolicy@@2V?$TLockFreeAllocOnceIndexedAllocator@UFIndexedLockFreeLink@@$0EAAAAAA@$0EAAA@@@A
?GTestCriticalStalls@@3HA
?GShouldEmitVerboseNamedEvents@@3_NA
?GCycleStatsShouldEmitNamedEvents@@3HA
?GInternalProjectName@@3PA_WA
?GEngineIni@@3VFString@@A
?GConfig@@3PEAVFConfigCacheIni@@EA
?GIgnoreDebugger@@3_NA
?CpuChannel@@3AEAVFChannel@Trace@UE@@EA
?PopFileRegionType@FArchive@@UEAAXXZ
?PushFileRegionType@FArchive@@UEAAXW4EFileRegionType@@@Z
?AttachExternalReadDependency@FArchive@@UEAA_NAEAV?$TFunction@$$A6A_NN@Z@@@Z
?PopSerializedProperty@FArchive@@UEAAXPEAVFProperty@@_N@Z
?PushSerializedProperty@FArchive@@UEAAXPEAVFProperty@@_N@Z
?GetCacheableArchive@FArchive@@UEAAPEAV1@XZ
?UsingCustomVersion@FArchive@@UEAAXAEBUFGuid@@@Z
?MarkSearchableName@FArchive@@UEBAXPEBVUObject@@AEBVFName@@@Z
?MarkScriptSerializationEnd@FArchive@@UEAAXPEBVUObject@@@Z
?MarkScriptSerializationStart@FArchive@@UEAAXPEBVUObject@@@Z
?Flush@FArchive@@UEAAXXZ
?SetCompressionMap@FArchive@@UEAA_NPEAV?$TArray@UFCompressedChunk@@V?$TSizedDefaultAllocator@$0CA@@@@@W4ECompressionFlags@@@Z
?FlushCache@FArchive@@UEAAXXZ
?Precache@FArchive@@UEAA_N_J0@Z
?IsProxyOf@FArchive@@UEBA_NPEAV1@@Z
?SerializeBulkData@FArchive@@UEAA_NAEAVFBulkData@@AEBUFBulkDataSerializationParams@@@Z
?DetachBulkData@FArchive@@UEAAXPEAVFBulkData@@_N@Z
?DetachBulkData@FArchive@@UEAAXPEAVFEditorBulkData@Serialization@UE@@_N@Z
?AttachBulkData@FArchive@@UEAAXPEAVUObject@@PEAVFBulkData@@@Z
?AttachBulkData@FArchive@@UEAAXPEAVFEditorBulkData@Serialization@UE@@@Z
?Preload@FArchive@@UEAAXPEAVUObject@@@Z
?SerializeIntPacked@FArchive@@UEAAXAEAI@Z
?SerializeInt@FArchive@@UEAAXAEAII@Z
?SerializeBits@FArchive@@UEAAXPEAX_J@Z
?ForceBlueprintFinalization@FArchive@@UEAAXXZ
??6FArchive@@UEAAAEAV0@AEAVFName@@@Z
??6FArchive@@UEAAAEAV0@AEAVFText@@@Z
??6FArchive@@UEAAAEAV0@AEAPEAVUObject@@@Z
??6FArchive@@UEAAAEAV0@AEAPEAVFField@@@Z
??6FArchive@@UEAAAEAV0@AEAUFLazyObjectPtr@@@Z
??6FArchive@@UEAAAEAV0@AEAUFObjectPtr@@@Z
??6FArchive@@UEAAAEAV0@AEAUFSoftObjectPtr@@@Z
??6FArchive@@UEAAAEAV0@AEAUFSoftObjectPath@@@Z
??6FArchive@@UEAAAEAV0@AEAUFWeakObjectPtr@@@Z
?SetGameNetVer@FArchiveState@@UEAAXI@Z
?SetEngineNetVer@FArchiveState@@UEAAXI@Z
?SetEngineVer@FArchiveState@@UEAAXAEBVFEngineVersionBase@@@Z
?SetLicenseeUEVer@FArchiveState@@UEAAXH@Z
?SetUEVer@FArchiveState@@UEAAXUFPackageFileVersion@@@Z
?SetIsPersistent@FArchiveState@@UEAAX_N@Z
?SetForceUnicode@FArchiveState@@UEAAX_N@Z
?SetUseUnversionedPropertySerialization@FArchiveState@@UEAAX_N@Z
?SetWantBinaryPropertySerialization@FArchiveState@@UEAAX_N@Z
?SetIsTextFormat@FArchiveState@@UEAAX_N@Z
?SetIsTransacting@FArchiveState@@UEAAX_N@Z
?SetIsSaving@FArchiveState@@UEAAX_N@Z
?SetIsLoadingFromCookedPackage@FArchiveState@@UEAAX_N@Z
?SetIsLoading@FArchiveState@@UEAAX_N@Z
?Reset@FArchiveState@@UEAAXXZ
?GetSerializeContext@FArchiveState@@UEAAPEAUFUObjectSerializeContext@@XZ
?SetSerializeContext@FArchiveState@@UEAAXPEAUFUObjectSerializeContext@@@Z
?SetSerializedPropertyChain@FArchiveState@@UEAAXPEBUFArchiveSerializedPropertyChain@@PEAVFProperty@@@Z
?SetSerializedProperty@FArchiveState@@UEAAXPEAVFProperty@@@Z
?ShouldSkipProperty@FArchiveState@@UEBA_NPEBVFProperty@@@Z
?UseToResolveEnumerators@FArchiveState@@UEBA_NXZ
?SetFilterEditorOnly@FArchiveState@@UEAAX_N@Z
?ResetCustomVersions@FArchiveState@@UEAAXXZ
?SetCustomVersions@FArchiveState@@UEAAXAEBVFCustomVersionContainer@@@Z
?GetCustomVersions@FArchiveState@@UEBAAEBVFCustomVersionContainer@@XZ
?GetArchetypeFromLoader@FArchiveState@@UEAAPEAVUObject@@PEBV2@@Z
?GetLinker@FArchiveState@@UEAAPEAVFLinker@@XZ
?CountBytes@FArchiveState@@UEAAX_K0@Z
?GetInnermostState@FArchiveState@@UEAAAEAU1@XZ
?IsMatch@FWildcardString@@SA_NPEB_W0@Z
?LoadFileToString@FFileHelper@@SA_NAEAVFString@@PEB_WW4EHashOptions@1@I@Z
?GCoreObjectArrayForDebugVisualizers@@3PEAVFChunkedFixedUObjectArray@@EA
?GCoreComplexObjectPathDebug@@3PEAUFStoredObjectPath@Private@CoreUObject@UE@@EA
?GCoreObjectHandlePackageDebug@@3PEAUFObjectHandlePackageDebugData@Private@CoreUObject@UE@@EA
?Stricmp@FGenericPlatformStricmp@@SAHPEB_W0@Z
?Memcpy@FGenericPlatformString@@CAPEAXPEAXPEBX_K@Z
?HandleAtomicsFailure@FWindowsPlatformAtomics@@KAXPEB_WZZ
?IsEnsureAllowed@FGenericPlatformMisc@@SA_NXZ
?IsDebuggerPresent@FWindowsPlatformMisc@@SA_NXZ
?BeginNamedEvent@FWindowsPlatformMisc@@SAXAEBUFColor@@PEBD@Z
?EndNamedEvent@FWindowsPlatformMisc@@SAXXZ
?PromptForRemoteDebugging@FWindowsPlatformMisc@@SAX_N@Z
?OutputBeginDynamicEvent@FCpuProfilerTrace@@SAXPEBD0I@Z
?OutputEndEvent@FCpuProfilerTrace@@SAXXZ
?CheckVerifyFailedImpl@FDebug@@SAXPEBD0HPEAXPEB_WZZ
?OptionallyLogFormattedEnsureMessageReturningFalseImpl@FDebug@@CA_N_NPEBD1HPEAXPEB_WZZ
?Malloc@FMemory@@SAPEAX_KI@Z
?Realloc@FMemory@@SAPEAXPEAX_KI@Z
?Free@FMemory@@SAXPEAX@Z
?QuantizeSize@FMemory@@SA_K_KI@Z
??1FArchiveState@@EEAA@XZ
??0FArchive@@QEAA@XZ
?OnInvalidArrayNum@UE4Array_Private@@YAXPEB_W_K@Z
??0FString@@QEAA@XZ
??0FString@@QEAA@$$QEAV0@@Z
??0FString@@QEAA@AEBV0@@Z
??4FString@@QEAAAEAV0@$$QEAV0@@Z
??4FString@@QEAAAEAV0@AEBV0@@Z
??0FString@@QEAA@PEBD@Z
??0FString@@QEAA@PEB_W@Z
??0FString@@QEAA@HPEB_W@Z
?AssignRange@FString@@AEAAXPEB_WH@Z
?Empty@FString@@QEAAXXZ
?AppendChar@FString@@QEAAAEAV1@_W@Z
?PathAppend@FString@@QEAAXPEB_WH@Z
?ConcatFF@FString@@CA?AV1@AEBV1@$$QEAV1@@Z
?PrintfImpl@FString@@CA?AV1@PEB_WZZ
?StartsWith@FString@@QEBA_NPEB_WW4Type@ESearchCase@@@Z
?ReplaceInline@FString@@QEAAHPEB_W0W4Type@ESearchCase@@@Z
??1FString@@QEAA@XZ
?InlineCombineSurrogates@StringConv@@YAXAEAVFString@@@Z
??1?$TStringBuilderBase@_W@@QEAA@XZ
?Extend@?$TStringBuilderBase@_W@@IEAAX_K@Z
?FromValidEName@FNameEntryId@@CA?AU1@W4EName@@@Z
??0FName@@QEAA@PEB_WW4EFindName@@@Z
?GetBlocks@FNameDebugVisualizer@@SAPEAPEAEXZ
?CompressMemoryBound@FCompression@@SAHVFName@@HW4ECompressionFlags@@H@Z
?CompressMemory@FCompression@@SA_NVFName@@PEAXAEAHPEBXHW4ECompressionFlags@@H@Z
??0FLogCategoryBase@@QEAA@AEBVFName@@W4Type@ELogVerbosity@@1@Z
??1FLogCategoryBase@@QEAA@XZ
?BasicLog@Private@Logging@UE@@YAXAEBUFLogCategoryBase@@PEBUFStaticBasicLogRecord@123@ZZ
?IsInGameThread@@YA_NXZ
?GenerateNewID@FDelegateHandle@@CA_KXZ
?DoTestCriticalStall@@YAXXZ
?LockFreeTagCounterHasOverflowed@@YAXXZ
?AllocLockFreeLink@FLockFreeLinkPolicy@@SAIXZ
?FreeLockFreeLink@FLockFreeLinkPolicy@@SAXI@Z
?MemoryTrace_GetActiveTag@@YAHXZ
??0FMemScope@@QEAA@W4ELLMTag@@_N@Z
??1FMemScope@@QEAA@XZ
?Get@FLowLevelMemTracker@@SAAEAV1@XZ
?OnLowLevelAlloc@FLowLevelMemTracker@@QEAAXW4ELLMTracker@@PEBX_KW4ELLMTag@@W4ELLMAllocType@@_N@Z
?OnLowLevelFree@FLowLevelMemTracker@@QEAAXW4ELLMTracker@@PEBXW4ELLMAllocType@@_N@Z
?GetActiveTagData@FLowLevelMemTracker@@QEAAPEBVFTagData@LLMPrivate@UE@@W4ELLMTracker@@W4ELLMTagSet@@@Z
??0FLLMScope@@QEAA@W4ELLMTag@@_NW4ELLMTagSet@@W4ELLMTracker@@1@Z
?Destruct@FLLMScope@@IEAAXXZ
?Get@FThreadStatsPool@@SAAEAU1@XZ
?GetFromPool@FThreadStatsPool@@QEAAPEAVFThreadStats@@XZ
?Flush@FThreadStats@@QEAAX_N0@Z
?FlushRawStats@FThreadStats@@QEAAX_N0@Z
?SaveStack@FMetadataTrace@@SAIXZ
?LoadFileToArray@FFileHelper@@SA_NAEAV?$TArray@EV?$TSizedDefaultAllocator@$0CA@@@@@PEB_WI@Z
?AnsiFree@@YAXPEAX@Z
?MemoryTrace_Alloc@@YAX_K0II@Z
?MemoryTrace_Free@@YAX_KI@Z
?GenerateTaskId@TaskTrace@@YA_KXZ
?Launched@TaskTrace@@YAX_KPEB_W_NW4Type@ENamedThreads@@@Z
?Scheduled@TaskTrace@@YAX_K@Z
?SubsequentAdded@TaskTrace@@YAX_K0@Z
??0FTaskTimingEventScope@TaskTrace@@QEAA@_K@Z
??1FTaskTimingEventScope@TaskTrace@@QEAA@XZ
?Get@FTaskGraphInterface@@SAAEAV1@XZ
?CreateGraphEvent@FGraphEvent@@SA?AV?$TRefCountPtr@VFGraphEvent@@@@XZ
?DispatchSubsequents@FGraphEvent@@QEAAXAEAV?$TArray@PEAVFBaseGraphTask@@V?$TSizedDefaultAllocator@$0CA@@@@@W4Type@ENamedThreads@@@Z
?Recycle@FGraphEvent@@CAXPEAV1@@Z
?GetPlatformPhysical@IPlatformFile@@SAAEAV1@XZ
?Get@IFileManager@@SAAEAV1@XZ
?MakePathRelativeTo@FPaths@@SA_NAEAVFString@@PEB_W@Z
?GetString@FConfigCacheIni@@QEAA_NPEB_W0AEAVFString@@AEBV2@@Z
?bIsRawStatsActive@FThreadStats@@0_NA
kernel32
QueryPerformanceCounter
TlsGetValue
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
vcruntime140
memmove
memset
__std_type_info_destroy_list
__C_specific_handler
__current_exception
memcpy
_purecall
__current_exception_context
vcruntime140_1
__CxxFrameHandler4
api-ms-win-crt-convert-l1-1-0
wcstod
api-ms-win-crt-math-l1-1-0
powf
api-ms-win-crt-runtime-l1-1-0
_seh_filter_dll
terminate
_initterm_e
_initterm
_configure_narrow_argv
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_cexit
api-ms-win-crt-heap-l1-1-0
malloc
free
Exports
Exports
Sections
.text Size: 49KB - Virtual size: 48KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.uedbg Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 59KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ