??4_Init_locks@std@@QAEAAV01@ABV01@@Z
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
94007175faf79a276b4b19e1222989ff25ed73c856da735c3e06ac6f52edb8a4.exe
Resource
win7-20231020-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
94007175faf79a276b4b19e1222989ff25ed73c856da735c3e06ac6f52edb8a4.exe
Resource
win10v2004-20231023-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
94007175faf79a276b4b19e1222989ff25ed73c856da735c3e06ac6f52edb8a4
-
Size
835KB
-
MD5
d581ed1f8961be82e6ccfad29abb5558
-
SHA1
207d035bc8b9422e6a300faec8b13bee9c6d1b61
-
SHA256
94007175faf79a276b4b19e1222989ff25ed73c856da735c3e06ac6f52edb8a4
-
SHA512
e9e0c9f2bfd8aff461d44a4bcab20fb3d6b520b4130e6ee178936c8e03dcb127d18486cc1942cfdf44b269c440fc01db13eda0bdba76bad71f2acc7b2d2944ab
-
SSDEEP
12288:oIMfUWWWFyH+JmY2L3PhuIaP+814fSpCmAq:UfUb7L3PQIaPPj6q
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 94007175faf79a276b4b19e1222989ff25ed73c856da735c3e06ac6f52edb8a4
Files
-
94007175faf79a276b4b19e1222989ff25ed73c856da735c3e06ac6f52edb8a4.exe windows:4 windows x86 arch:x86
c06f39b4f8a5fe1243462c196751b689
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
qtcore4
?free@QString@@CAXPAUData@1@@Z
??0QString@@QAE@ABV0@@Z
?toStdWString@QString@@QBE?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
?replace@QString@@QAEAAV1@ABV1@0W4CaseSensitivity@Qt@@@Z
?fromAscii_helper@QString@@CAPAUData@1@PBDH@Z
?arg@QString@@QBE?AV1@ABV1@HABVQChar@@@Z
?fromWCharArray@QString@@SA?AV1@PBGH@Z
??0QChar@@QAE@UQLatin1Char@@@Z
?windowsVersion@QSysInfo@@SA?AW4WinVersion@1@XZ
?arg@QString@@QBE?AV1@DHABVQChar@@@Z
??4QString@@QAEAAV0@ABV0@@Z
?shared_null@QString@@0UData@1@A
?exists@QFile@@SA_NABVQString@@@Z
?toStdString@QString@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?tr@QObject@@SA?AVQString@@PBD0@Z
?toWCharArray@QString@@QBEHPAG@Z
?number@QString@@SA?AV1@HH@Z
?fromLocal8Bit@QString@@SA?AV1@PBDH@Z
??1QVariant@@QAE@XZ
?toInt@QVariant@@QBEHPA_N@Z
?value@QSettings@@QBE?AVQVariant@@ABVQString@@ABV2@@Z
??0QVariant@@QAE@PBD@Z
??0QSettings@@QAE@ABVQString@@W4Format@0@PAVQObject@@@Z
??YQString@@QAEAAV0@PBD@Z
?metaObject@QSettings@@UBEPBUQMetaObject@@XZ
?qt_metacast@QSettings@@UAEPAXPBD@Z
?qt_metacall@QSettings@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?event@QSettings@@MAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?connectNotify@QObject@@MAEXPBD@Z
?disconnectNotify@QObject@@MAEXPBD@Z
??1QSettings@@UAE@XZ
?append@QString@@QAEAAV1@ABV1@@Z
?remove@QFile@@SA_NABVQString@@@Z
?fromStdString@QString@@SA?AV1@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??8QString@@QBE_NPBD@Z
??9QString@@QBE_NPBD@Z
?fromAscii@QString@@SA?AV1@PBDH@Z
??1QByteArray@@QAE@XZ
??1QTextStream@@UAE@XZ
?qFree@@YAXPAX@Z
?close@QFile@@UAEXXZ
?right@QString@@QBE?AV1@H@Z
?indexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z
??0QTextStream@@QAE@PAVQIODevice@@@Z
??1QFile@@UAE@XZ
?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??0QFile@@QAE@ABVQString@@@Z
?toUtf8@QString@@QBE?AVQByteArray@@XZ
??8QString@@QBE_NABV0@@Z
??4QString@@QAEAAV0@PBD@Z
?lastIndexOf@QString@@QBEHABV1@HW4CaseSensitivity@Qt@@@Z
?utf16@QString@@QBEPBGXZ
?detach@QByteArray@@QAEXXZ
?toAscii@QString@@QBE?AVQByteArray@@XZ
??0QChar@@QAE@D@Z
??AQString@@QAE?AVQCharRef@@H@Z
?count@QString@@QBEHABV1@W4CaseSensitivity@Qt@@@Z
??4QCharRef@@QAEAAV0@ABV0@@Z
??4QCharRef@@QAEAAV0@ABVQChar@@@Z
?fromAscii@QChar@@SA?AV1@D@Z
??0QVariant@@QAE@ABVQString@@@Z
?fromUtf8@QString@@SA?AV1@PBDH@Z
?setCodec@QTextStream@@QAEXPBD@Z
??1QString@@QAE@XZ
?left@QString@@QBE?AV1@H@Z
qtxml4
?nextSibling@QDomNode@@QBE?AV1@XZ
??1QDomDocument@@QAE@XZ
??1QDomNode@@QAE@XZ
?toElement@QDomNode@@QBE?AVQDomElement@@XZ
?attribute@QDomElement@@QBE?AVQString@@ABV2@0@Z
?isNull@QDomNode@@QBE_NXZ
?firstChild@QDomNode@@QBE?AV1@XZ
?documentElement@QDomDocument@@QBE?AVQDomElement@@XZ
?setContent@QDomDocument@@QAE_NPAVQIODevice@@PAVQString@@PAH2@Z
??0QDomDocument@@QAE@XZ
??1QDomAttr@@QAE@XZ
?save@QDomNode@@QBEXAAVQTextStream@@HW4EncodingPolicy@1@@Z
?appendChild@QDomNode@@QAE?AV1@ABV1@@Z
?setAttributeNode@QDomElement@@QAE?AVQDomAttr@@ABV2@@Z
?setValue@QDomAttr@@QAEXABVQString@@@Z
?createAttribute@QDomDocument@@QAE?AVQDomAttr@@ABVQString@@@Z
?createElement@QDomDocument@@QAE?AVQDomElement@@ABVQString@@@Z
?firstChildElement@QDomNode@@QBE?AVQDomElement@@ABVQString@@@Z
?setAttribute@QDomElement@@QAEXABVQString@@0@Z
??4QDomNode@@QAEAAV0@ABV0@@Z
??1QDomElement@@QAE@XZ
comn
GetObjectLog
GetObjectSys
GetObjectLang
GetObjectVol
uilogic
CreateUiLogic
CreateUiPolicyPtr
msvcr80
ftell
fputc
strstr
fclose
ferror
_vsnprintf_s
isspace
_itoa
strchr
isalnum
memmove
_strnicmp
wcsncpy
strcpy_s
mbstowcs
wcscpy_s
wcstombs
wcsstr
malloc
vsprintf
strrchr
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
__CxxFrameHandler3
wprintf
memset
_itow
memcpy
_invalid_parameter_noinfo
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
strncpy_s
strncat_s
??2@YAPAXI@Z
memmove_s
sprintf
tolower
printf
??_V@YAXPAX@Z
wcschr
atoi
strtol
_vsnprintf
_purecall
_vsnwprintf
_localtime64
??_U@YAPAXI@Z
_wtoi
setlocale
isalpha
isdigit
_vswprintf_c_l
strftime
_vswprintf
_vscwprintf
_vscprintf
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
__initenv
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
srand
rand
calloc
free
_time64
_mktime64
exit
strncmp
__iob_func
fprintf
strncpy
toupper
_swprintf
_wcsnicmp
signal
_beginthread
fopen
fread
fseek
wcsrchr
_fsopen
ntdll
RtlInitUnicodeString
ZwCreateFile
ZwClose
enumfolder
CreateEnumRemoteFolder
encrypt
StrToHex
CreateEncryptObject
HexToStr
ws2_32
gethostbyname
WSAStartup
WSACleanup
inet_ntoa
WSAGetLastError
kernel32
CreateDirectoryA
OutputDebugStringA
WriteConsoleW
WriteConsoleA
OutputDebugStringW
GetSystemInfo
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
lstrlenW
GetWindowsDirectoryW
GetVersionExA
GetSystemDirectoryW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateFileA
SetLastError
ReleaseMutex
IsBadWritePtr
PeekNamedPipe
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetModuleHandleW
MoveFileW
GetVersionExW
GetExitCodeProcess
CreateDirectoryW
ReadFile
WriteFile
WideCharToMultiByte
GetLogicalDrives
SetCurrentDirectoryA
GetCurrentDirectoryA
SetUnhandledExceptionFilter
GetPrivateProfileStringA
CreateProcessA
GetCurrentThreadId
CreatePipe
GetStartupInfoW
CreateProcessW
GetFileAttributesA
CopyFileW
GetCurrentProcessId
GetCurrentProcess
SetFileAttributesW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameA
GetModuleFileNameW
CreateFileW
CloseHandle
DeleteFileW
CreateMutexW
GetLastError
LoadLibraryW
GetProcAddress
GetConsoleWindow
GetStdHandle
SetConsoleScreenBufferSize
CreateThread
WaitForSingleObject
MultiByteToWideChar
GetFileAttributesW
Sleep
GetPrivateProfileIntW
WritePrivateProfileStringW
GetDriveTypeW
FreeLibrary
DeviceIoControl
IsBadReadPtr
user32
wsprintfW
advapi32
OpenSCManagerW
OpenServiceW
RegOpenKeyExW
RegEnumKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegQueryValueExA
RegFlushKey
RegSetValueExW
RegSetValueExA
RegOpenKeyA
RegCloseKey
RegOpenKeyW
RegQueryValueExW
CloseServiceHandle
shell32
SHGetFolderPathA
SHGetFolderPathW
msvcp80
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?clear@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?deallocate@?$allocator@G@std@@QAEXPAGI@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AV?$_String_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@2@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?wcin@std@@3V?$basic_istream@GU?$char_traits@G@std@@@1@A
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIGI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?allocate@?$allocator@G@std@@QAEPAGI@Z
shlwapi
PathRemoveFileSpecA
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
winhttp
WinHttpConnect
WinHttpOpen
WinHttpSetTimeouts
WinHttpReadData
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpCrackUrl
WinHttpReceiveResponse
Exports
Exports
Sections
.text Size: 376KB - Virtual size: 375KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 60KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 88KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 372KB - Virtual size: 372KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE