4d811843c6b2e8765aac49a28aa4b569

Sharing

Copy URL Twitter E-mail

General

Target

4d811843c6b2e8765aac49a28aa4b569
Size

4.5MB
MD5

4d811843c6b2e8765aac49a28aa4b569
SHA1

23fc41eb20ff0c0bff7d178c4a0bef4b7d86e55f
SHA256

04c96e8b74ebbb9582b67d1d6d2ffda6bc3910ca6c252d1dbb52b8aacb67fb54
SHA512

b82bc975e76a1ce4cec74df8c6bb29b659c1565cb7e72237cad4ee86a952c8c95080c9d37541220abd23dfdea173c682f66a5dfc99248abae0f4baf45db7ef76
SSDEEP

49152:vfGOpxVDScA+ePbAJP+p2OroUD13t6fAxyKeuG+MBBlsk26w1okg6NL2WHrndrf4:v5xsA+QPcJv2+CwWPsZrN68yFrWE

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iw6sp64_ship.exe
unpack001/steam_api.dll
unpack001/steam_api64.dll

Files

4d811843c6b2e8765aac49a28aa4b569
.rar
ALI213.ini
ALI213.txt
iw6sp64_ship.exe
.exe windows:6 windows x64 arch:x64

119fff86056d8234d3c2bfae716a9497

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

steam_api64

SteamUserStats
SteamUtils
SteamUser
SteamAPI_Init
SteamAPI_Shutdown
SteamApps
SteamNetworking
SteamRemoteStorage
SteamAPI_RunCallbacks
SteamAPI_UnregisterCallback
SteamAPI_GetSteamInstallPath
SteamAPI_RestartAppIfNecessary
SteamMatchmaking
SteamFriends
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallResult

bink2w64

BinkSetMemory
BinkOpenXAudio2
BinkSetSoundSystem
BinkSetError
BinkSetSoundTrack
BinkGetRealtime
BinkControlBackgroundIO
BinkSetSpeakerVolumes
BinkGetKeyFrame
BinkGoto
BinkPause
BinkClose
BinkWait
BinkNextFrame
BinkDoFrame
BinkRegisterFrameBuffers
BinkGetFrameBuffersInfo
BinkOpen
BinkGetError
BinkSetIOSize

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory

powrprof

CallNtPowerInformation

kernel32

GetVersion
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
CreateFileW
WriteConsoleW
GetFileAttributesExW
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetVersionExW
FlushConsoleInputBuffer
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetProcAddress
LoadLibraryA
SetDllDirectoryA
ReleaseMutex
WaitForSingleObject
GetCurrentThreadId
OutputDebugStringA
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetSystemInfo
ReadFileEx
GetLastError
SleepEx
CloseHandle
DuplicateHandle
RaiseException
SetEvent
ResetEvent
CreateEventA
GetCurrentProcess
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
SuspendThread
ResumeThread
GetProcessAffinityMask
SetThreadAffinityMask
CreateEventExA
WaitForMultipleObjects
GetFileAttributesA
VirtualAlloc
VirtualFree
CreateMutexA
CreateFileA
GetCurrentDirectoryA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
GlobalMemoryStatus
SetProcessAffinityMask
ReadFile
SetErrorMode
GetCurrentProcessId
SetPriorityClass
OpenProcess
FormatMessageA
GetLocaleInfoA
GetUserDefaultLCID
CreateToolhelp32Snapshot
Module32First
Module32Next
MultiByteToWideChar
GetSystemTime
SystemTimeToFileTime
MulDiv
SetThreadExecutionState
GlobalMemoryStatusEx
LocalFree
HeapSize
GetModuleFileNameW
GetStdHandle
GetProcessHeap
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
IsProcessorFeaturePresent
IsDebuggerPresent
PeekNamedPipe
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
RtlPcToFileHeader
GetCommandLineA
RtlCaptureContext
HeapReAlloc
RtlLookupFunctionEntry
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileA
FindFirstFileExA
FindClose
WideCharToMultiByte
GetSystemTimeAsFileTime
RtlUnwindEx
GetTempPathA
CreateProcessA
AreFileApisANSI
GetModuleHandleExW
ExitProcess
DecodePointer
EncodePointer
HeapAlloc
HeapFree
GetTickCount
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LoadLibraryExW
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointer
SetFilePointerEx
GetExitCodeProcess
CreatePipe
DeleteFileW
MoveFileExW
GetTimeZoneInformation
CreateDirectoryW
DeleteCriticalSection
WriteFile
ReadConsoleInputA
SetConsoleMode
DeleteFileA
FindFirstFileExW
GetDriveTypeW
LoadLibraryW
OutputDebugStringW
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
SetEnvironmentVariableA

user32

GetMonitorInfoA
MonitorFromWindow
SystemParametersInfoA
MapVirtualKeyA
MoveWindow
RegisterWindowMessageA
SetWindowLongPtrA
SetWindowTextA
CloseWindow
CallWindowProcA
SendMessageW
LoadImageA
AdjustWindowRect
UpdateWindow
SetWindowPos
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
SendMessageA
MessageBoxW
IsWindow
AdjustWindowRectEx
MonitorFromPoint
LoadIconA
LoadCursorA
MessageBoxA
GetActiveWindow
EnumDisplayMonitors
ShowWindow
RegisterClassExA
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadStringA
ScreenToClient
GetCursorPos
SetCursorPos
ShowCursor
GetForegroundWindow
SetFocus
PostMessageA
GetSystemMetrics
ChangeDisplaySettingsA
EnumThreadWindows
GetDesktopWindow
SetWindowLongA
GetWindowLongA
GetWindowTextA
ReleaseDC
GetDC
PostQuitMessage
ClientToScreen
ClipCursor
GetWindowRect
GetClientRect
GetUserObjectInformationW
GetProcessWindowStation

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectW
BitBlt
CreateDCW
DeleteObject
DeleteDC
CreateFontA
CreateSolidBrush
SetDeviceGammaRamp
GetDeviceCaps
GetBitmapBits

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegQueryValueExA
CryptAcquireContextA
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptReleaseContext

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitializeEx

xinput1_3

ord2
ord3
ord4

ws2_32

sendto
recvfrom
connect
gethostbyname
inet_addr
WSAGetLastError
socket
shutdown
setsockopt
gethostname
select
recv
ntohl
htons
ioctlsocket
closesocket
bind
__WSAFDIsSet
inet_ntoa
ntohs
send
WSASetLastError
getsockname

psapi

GetModuleBaseNameA
EnumProcessModulesEx

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.interpr
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 245KB - Virtual size: 99.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 97B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
steam_api.dll
.dll windows:5 windows x86 arch:x86

2af20c8d8785b0c98267033d9965620b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

advapi32

RegCloseKey

ws2_32

inet_ntoa

winhttp

WinHttpReceiveResponse

psapi

GetModuleBaseNameW

Exports

Exports

ALI213
GetHSteamPipe
GetHSteamUser
SteamAPI
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsRealSteamRunning
SteamAPI_IsSteamRunning
SteamAPI_MayCEGFail
SteamAPI_RealSteamIsRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTTP
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamScreenshots
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.text
Size: - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.THEGFW0
Size: - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.THEGFW1
Size: 565KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
steam_api64.dll
.dll windows:5 windows x64 arch:x64

b6cfc68ab21c6142b3fc632d7f1a170b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

IsBadWritePtr
WritePrivateProfileStructA
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
CreateFileMappingW
CreateEventW
IsDebuggerPresent
GetSystemDefaultLangID
GetCurrentThread
GetFileTime
Sleep
CreateFileW
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleA
DeleteFileW
GetVolumeInformationW
FindFirstFileA
FindClose
FindNextFileA
DeleteFileA
CloseHandle
ReadFile
GetFileAttributesA
WriteFile
GetFileSize
CreateFileA
GlobalFree
GetLastError
MultiByteToWideChar
CreateThread
GetProcAddress
GetModuleFileNameW
TerminateProcess
GetFileAttributesW
LoadLibraryW
GetModuleHandleW
GetCurrentProcess
CreateProcessW
FreeLibrary
ExitProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetProcessHeap
SetStdHandle
HeapReAlloc
WideCharToMultiByte
EncodePointer
DecodePointer
DeleteCriticalSection
GetThreadContext
SetFilePointer
VirtualQuery
SetEndOfFile
Thread32First
ReadProcessMemory
Thread32Next
SetLastError
VirtualProtectEx
Process32FirstW
OpenThread
Process32NextW
CreateToolhelp32Snapshot
GetCurrentThreadId
GetCurrentProcessId
WriteProcessMemory
ResumeThread
GetSystemTimeAsFileTime
FindFirstFileW
CreateDirectoryW
VirtualQueryEx
VirtualFree
SetThreadPriority
FlushInstructionCache
VirtualAlloc
GetSystemInfo
GetThreadPriority
SuspendThread
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
LCMapStringW
GetCPInfo
WriteConsoleW
GetFileType
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
FlsAlloc
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
GetStringTypeW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

ws2_32

inet_ntoa

winhttp

WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpWriteData
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetOption
WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpOpen
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpCrackUrl

psapi

EnumProcessModules
GetModuleBaseNameW

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

Exports

Exports

ALI213
GetHSteamPipe
GetHSteamUser
SteamAPI
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamAPI_GetSteamInstallPath
SteamAPI_Init
SteamAPI_InitSafe
SteamAPI_IsRealSteamRunning
SteamAPI_IsSteamRunning
SteamAPI_MayCEGFail
SteamAPI_RealSteamIsRunning
SteamAPI_RegisterCallResult
SteamAPI_RegisterCallback
SteamAPI_RestartAppIfNecessary
SteamAPI_RunCallbacks
SteamAPI_SetBreakpadAppID
SteamAPI_SetMiniDumpComment
SteamAPI_SetTryCatchCallbacks
SteamAPI_Shutdown
SteamAPI_UnregisterCallResult
SteamAPI_UnregisterCallback
SteamAPI_UseBreakpadCrashHandler
SteamAPI_WriteMiniDump
SteamApps
SteamClient
SteamContentServer
SteamContentServerUtils
SteamContentServer_Init
SteamContentServer_RunCallbacks
SteamContentServer_Shutdown
SteamFriends
SteamGameServer
SteamGameServerApps
SteamGameServerHTTP
SteamGameServerNetworking
SteamGameServerStats
SteamGameServerUtils
SteamGameServer_BSecure
SteamGameServer_GetHSteamPipe
SteamGameServer_GetHSteamUser
SteamGameServer_GetIPCCallCount
SteamGameServer_GetSteamID
SteamGameServer_Init
SteamGameServer_InitSafe
SteamGameServer_RunCallbacks
SteamGameServer_Shutdown
SteamHTTP
SteamMasterServerUpdater
SteamMatchmaking
SteamMatchmakingServers
SteamNetworking
SteamRemoteStorage
SteamScreenshots
SteamUnifiedMessages
SteamUser
SteamUserStats
SteamUtils
Steam_GetHSteamUserCurrent
Steam_RegisterInterfaceFuncs
Steam_RunCallbacks
g_pSteamClientGameServer

Sections

.text
Size: - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.THEGFW0
Size: - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.THEGFW1
Size: 549KB - Virtual size: 548KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
游侠网热门单机游戏.url
.url

Sharing

General

Malware Config

Signatures

Files

119fff86056d8234d3c2bfae716a9497

Headers

DLL Characteristics

File Characteristics

Imports

winmm

steam_api64

bink2w64

d3d11

dxgi

powrprof

kernel32

user32

gdi32

advapi32

shell32

ole32

xinput1_3

ws2_32

psapi

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.interpr Size: 48KB - Virtual size: 47KB

.rdata Size: 1.4MB - Virtual size: 1.4MB

.data Size: 245KB - Virtual size: 99.4MB

.pdata Size: 334KB - Virtual size: 334KB

.tls Size: 512B - Virtual size: 97B

_RDATA Size: 3KB - Virtual size: 3KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

2af20c8d8785b0c98267033d9965620b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

winhttp

psapi

Exports

Exports

Sections

.text Size: - Virtual size: 193KB

.rdata Size: - Virtual size: 80KB

.data Size: - Virtual size: 10.0MB

.THEGFW0 Size: - Virtual size: 481KB

.THEGFW1 Size: 565KB - Virtual size: 565KB

.reloc Size: 512B - Virtual size: 296B

.rsrc Size: 1KB - Virtual size: 1KB

b6cfc68ab21c6142b3fc632d7f1a170b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

winhttp

psapi

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 262KB

.rdata Size: - Virtual size: 107KB

.data Size: - Virtual size: 10.3MB

.pdata Size: - Virtual size: 13KB

.THEGFW0 Size: - Virtual size: 317KB

.THEGFW1 Size: 549KB - Virtual size: 548KB

.reloc Size: 512B - Virtual size: 36B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.interpr
Size: 48KB - Virtual size: 47KB

.rdata
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 245KB - Virtual size: 99.4MB

.pdata
Size: 334KB - Virtual size: 334KB

.tls
Size: 512B - Virtual size: 97B

_RDATA
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.text
Size: - Virtual size: 193KB

.rdata
Size: - Virtual size: 80KB

.data
Size: - Virtual size: 10.0MB

.THEGFW0
Size: - Virtual size: 481KB

.THEGFW1
Size: 565KB - Virtual size: 565KB

.reloc
Size: 512B - Virtual size: 296B

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: - Virtual size: 262KB

.rdata
Size: - Virtual size: 107KB

.data
Size: - Virtual size: 10.3MB

.pdata
Size: - Virtual size: 13KB

.THEGFW0
Size: - Virtual size: 317KB

.THEGFW1
Size: 549KB - Virtual size: 548KB

.reloc
Size: 512B - Virtual size: 36B

.rsrc
Size: 1KB - Virtual size: 1KB