20231220-7E24DED7[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

20231220-7E24DED7.7z
Size

5.7MB
MD5

df477dccda6398e62e917d9412ca9cab
SHA1

21284b5b61eab860616ef1981fd02425db02843d
SHA256

508106f8c449b9a09b14326a0886026c9759ac9013c6342f2f071d0695237116
SHA512

7a85ba09a9751d587a55ae98fe6f8525c4c48b0be9c763096e38966b515ad53cdbf2eb5bb0262888cbded26847db08ecbebcbde762b6ce3dad7f580b327f0586
SSDEEP

98304:0CfRWYTEQKpduDRbMkIAlN43pYp5CuQdKy8F4uMhkL2w9DMbVYuIau2+bGB3PQ:lJCdqMXAlNWpk5CuQ8auMoL/Za0Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack003/ACE-Trace.dll
unpack003/资料详情.PDF 2190.com

Files

20231220-7E24DED7.7z
.7z

Password: infected
资料2190.exe
.exe windows:5 windows x64 arch:x64

Password: infected

4fe4cbe3f1eef29244a0a0b01016c849

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/10/2021, 00:00

Not After

23/10/2024, 23:59

Subject

SERIALNUMBER=91330000788831167A,CN=NetEase (Hangzhou) Network Co.\, Ltd,O=NetEase (Hangzhou) Network Co.\, Ltd,L=杭州市,ST=浙江省,C=CN,1.3.6.1.4.1.311.60.2.1.2=#0c09e6b599e6b19fe79c81,1.3.6.1.4.1.311.60.2.1.3=#1302434e,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:c7:2d:ab:56:e9:c2:a3:6d:e6:eb:57:6e:d3:80:3a:b7:e3:02:f0:31:6f:8f:29:f6:ed:af:0b:b7:ac:2e:82
Signer

Actual PE Digest

b6:c7:2d:ab:56:e9:c2:a3:6d:e6:eb:57:6e:d3:80:3a:b7:e3:02:f0:31:6f:8f:29:f6:ed:af:0b:b7:ac:2e:82

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileW

Sections

.text
Size: - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
资料解压查看 (1).zip
.zip

Password: infected
ACE-Trace.dll
.dll windows:5 windows x64 arch:x64

Password: infected

b20183c14d6dd66ff7f55a64cacdb99f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

SetEndOfFile
CreateFileW
VirtualAlloc
Sleep
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
SetLastError
FlsAlloc
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameW
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileA
GetProcessHeap

user32

GetDC

gdi32

EnumFontFamiliesW

Exports

Exports

init_bugtrace
init_bugtrace_with_path_type
init_bugtrace_with_userinfo
init_bugtrace_with_userinfo_new
set_bugtrace_addr
set_user_stream

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
如果无法打开请解压所有文件后再打开
资料详情.PDF 2190.com
.exe windows:5 windows x64 arch:x64

Password: infected

d2180032be79f897fd12e1dfd634e58d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleInformation
GetMappedFileNameW
GetModuleFileNameExW

userenv

ExpandEnvironmentStringsForUserW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

shlwapi

PathRemoveFileSpecW
PathFindFileNameA
PathFileExistsW
StrStrIW
PathFindFileNameW
PathAppendW

wtsapi32

WTSQueryUserToken

ws2_32

WSAStartup
htonl
htons
freeaddrinfo
inet_addr
getaddrinfo
select
__WSAFDIsSet
WSACleanup
getsockname
getsockopt
WSAGetLastError
accept
bind
listen
setsockopt
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
ioctlsocket
sendto
recv
recvfrom
connect
socket
send
WSAAddressToStringA
closesocket
gethostname
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
getpeername
WSAIoctl
ntohs
WSAStringToAddressA
WSASetLastError

wldap32

ord301
ord79
ord30
ord200
ord22
ord41
ord143
ord217
ord46
ord26
ord27
ord32
ord35
ord33
ord60
ord50
ord211

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
DuplicateHandle
EncodePointer
GetCPInfo
OutputDebugStringW
RtlPcToFileHeader
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
ExitThread
FreeLibraryAndExitThread
GetFileAttributesExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
WriteConsoleW
SetConsoleCtrlHandler
GetACP
GetConsoleCP
IsValidLocale
FlushFileBuffers
GetCurrentDirectoryW
GetFullPathNameW
GetFullPathNameA
SetStdHandle
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
ChangeTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
CreateFileW
GetFileAttributesW
AreFileApisANSI
CloseHandle
RaiseException
GetLastError
SetLastError
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
WaitForSingleObject
WaitForSingleObjectEx
CreateMutexA
CreateMutexW
CreateEventW
Sleep
GetProcessTimes
TerminateProcess
GetThreadTimes
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetSystemDirectoryW
GetVersionExW
GetLogicalProcessorInformation
VirtualAlloc
VirtualProtect
VirtualFree
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
MapViewOfFileEx
UnmapViewOfFile
CreateTimerQueueTimer
DeleteTimerQueueTimer
InterlockedPopEntrySList
GetModuleFileNameW
GetProcAddress
LoadLibraryW
LocalAlloc
LocalFree
SetThreadAffinityMask
CreateFileMappingA
RegisterWaitForSingleObject
UnregisterWait
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
CompareStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetLocaleInfoW
GetSystemDefaultLangID
GetUserDefaultLCID
EnumSystemLocalesW
GetEnvironmentVariableW
GetEnvironmentVariableA
ResumeThread
OpenProcess
ExitProcess
GetCurrentProcess
GetCurrentThreadId
SuspendThread
GetCurrentThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
WriteFile
SetFilePointer
GetFileSize
GetModuleHandleW
HeapSize
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
SwitchToThread
GetCurrentProcessId
SizeofResource
FindFirstFileW
FindNextFileW
FindClose
SetFileAttributesW
LockResource
LoadResource
FindResourceW
GetWindowsDirectoryA
GetLogicalDriveStringsA
GetTempPathW
GetTempFileNameW
CreateThread
OpenEventW
SetCurrentDirectoryW
SystemTimeToFileTime
GetSystemTime
TryEnterCriticalSection
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetUserDefaultUILanguage
Thread32Next
InitializeCriticalSection
OpenThread
CreateDirectoryW
GetModuleHandleExW
ExpandEnvironmentStringsW
DeleteFileW
GetNativeSystemInfo
VerSetConditionMask
VerifyVersionInfoW
ReadFile
GetFileSizeEx
EnumResourceNamesW
SetFilePointerEx
GetFileTime
TerminateThread
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
GetProcessId
GlobalAlloc
GlobalFree
GetModuleFileNameA
Module32FirstW
Module32NextW
SetUnhandledExceptionFilter
GetCommandLineA
UnhandledExceptionFilter
OpenMutexW
GetModuleHandleA
LoadLibraryA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetFileType
GetStdHandle
OutputDebugStringA
DeleteFiber
FindFirstFileA
FindNextFileA
FormatMessageA
ConvertFiberToThread
QueryPerformanceCounter
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
IsBadCodePtr
GetExitCodeThread
GetVersionExA
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FormatMessageW
MoveFileExA
PeekNamedPipe
WaitForMultipleObjects
QueryDepthSList
UnregisterWaitEx
HeapCreate
GetDiskFreeSpaceW
LockFile
UnlockFileEx
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
DeleteFileA
HeapCompact
UnlockFile
LockFileEx
FreeLibrary
Thread32First

user32

GetClassNameW
EnumChildWindows
IsWindowEnabled
GetAncestor
GetWindowThreadProcessId
GetWindowInfo
SendMessageTimeoutW
GetWindow
GetWindowLongW
LookupIconIdFromDirectory
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
UpdateWindow
TranslateMessage
DispatchMessageW
GetMessageW
DefWindowProcW
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
GetDesktopWindow
GetLayeredWindowAttributes
IsWindow
IsWindowVisible
RegisterClassExW

advapi32

DeleteService
RegCloseKey
ImpersonateLoggedOnUser
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetTokenInformation
FreeSid
CryptEncrypt
OpenProcessToken
SetEntriesInAclW
AllocateAndInitializeSid
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenServiceW
ChangeServiceConfigW
ControlService
OpenSCManagerW
CloseServiceHandle
OpenEventLogW
ReadEventLogW
CloseEventLog
DeregisterEventSource
RegisterEventSourceA
ReportEventA
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptDestroyKey
CryptImportKey

shell32

CommandLineToArgvW

pdh

PdhCloseQuery
PdhAddCounterW
PdhGetFormattedCounterValue
PdhRemoveCounter
PdhCollectQueryData
PdhOpenQueryW

dbghelp

MiniDumpWriteDump

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

4fe4cbe3f1eef29244a0a0b01016c849

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0Certificate

Extended Key Usages

Key Usages

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5aCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

b6:c7:2d:ab:56:e9:c2:a3:6d:e6:eb:57:6e:d3:80:3a:b7:e3:02:f0:31:6f:8f:29:f6:ed:af:0b:b7:ac:2e:82Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: - Virtual size: 103KB

.rdata Size: - Virtual size: 31KB

.data Size: - Virtual size: 18KB

.pdata Size: - Virtual size: 6KB

.text Size: - Virtual size: 295KB

.data Size: - Virtual size: 26KB

.text Size: 369KB - Virtual size: 369KB

.data Size: 1024B - Virtual size: 672B

.reloc Size: 512B - Virtual size: 72B

.rsrc Size: 512B - Virtual size: 512B

Password: infected

Password: infected

b20183c14d6dd66ff7f55a64cacdb99f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 7KB - Virtual size: 16KB

.pdata Size: 5KB - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

d2180032be79f897fd12e1dfd634e58d

Headers

DLL Characteristics

File Characteristics

Imports

psapi

userenv

version

shlwapi

wtsapi32

ws2_32

wldap32

kernel32

user32

advapi32

shell32

pdh

dbghelp

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

02:44:53:70:9c:84:72:5b:99:03:71:85:6b:0e:50:e0
Certificate

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b6:c7:2d:ab:56:e9:c2:a3:6d:e6:eb:57:6e:d3:80:3a:b7:e3:02:f0:31:6f:8f:29:f6:ed:af:0b:b7:ac:2e:82
Signer

.text
Size: - Virtual size: 103KB

.rdata
Size: - Virtual size: 31KB

.data
Size: - Virtual size: 18KB

.pdata
Size: - Virtual size: 6KB

.text
Size: - Virtual size: 295KB

.data
Size: - Virtual size: 26KB

.text
Size: 369KB - Virtual size: 369KB

.data
Size: 1024B - Virtual size: 672B

.reloc
Size: 512B - Virtual size: 72B

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 7KB - Virtual size: 16KB

.pdata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 156KB - Virtual size: 182KB

.pdata
Size: 172KB - Virtual size: 172KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 3KB - Virtual size: 2KB

.vmp0
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 2KB - Virtual size: 2KB