Static task
static1
General
-
Target
external.rar
-
Size
1.7MB
-
MD5
22ef9ab322dc7bb800e2c4a592c4dbee
-
SHA1
e886d1e3c72772a0fec1c1cb52ced7b128253f2e
-
SHA256
569902703f36604235912a26bacdd522c92c29ef42b9dbb25ccbfe93c29817d4
-
SHA512
df710c29c6f7549694caa1d36b57721014fe0e16537aafe8ace5d24ab74fccddb8b9ae2835483eaf580c942347bd764e00c1715beea6662af3eca3accf6bedf7
-
SSDEEP
49152:MbzQz+/2/TkbMRQksER4HsfK5QuKZ71X2hMDm0h:6zqTkYQksQ4HIZBXcMDmG
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource unpack001/dependencies/build.dll unpack001/md._syn/map.exe unpack001/md._syn/md_.syn_unsafe.sys unpack001/updater.dll
Files
-
external.rar.rar
-
Updater.deps.json
-
Updater.runtimeconfig.json
-
dependencies/build.dll.dll windows:6 windows x64 arch:x64
e799248e2510ffc008105c87f6497361
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
d3d11
D3D11CreateDeviceAndSwapChain
advapi32
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
GetTokenInformation
AddAccessAllowedAce
GetLengthSid
SetSecurityInfo
InitializeAcl
OpenProcessToken
RegSetValueExA
IsValidSid
RegCreateKeyExA
RegGetValueA
RegOpenKeyA
RegCloseKey
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
normaliz
IdnToAscii
wldap32
ord46
ord211
ord217
ord143
ord45
ord50
ord41
ord22
ord26
ord27
ord60
ord32
ord35
ord79
ord30
ord200
ord301
ord33
crypt32
CertFindCertificateInStore
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertGetCertificateChain
ws2_32
getsockname
bind
accept
__WSAFDIsSet
socket
htons
WSAIoctl
listen
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
WSACleanup
closesocket
WSASend
select
shutdown
WSASetLastError
WSASocketW
getaddrinfo
WSAStartup
connect
WSARecv
getsockopt
freeaddrinfo
ioctlsocket
setsockopt
WSAGetLastError
htonl
recv
recvfrom
sendto
getpeername
gethostname
ntohs
kernel32
SetStdHandle
GetTimeZoneInformation
DeleteFileW
HeapReAlloc
CreateProcessW
SetEndOfFile
IsValidCodePage
GetACP
GetOEMCP
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
LoadLibraryExW
InterlockedFlushSList
RtlUnwindEx
GetCPInfo
GetStringTypeW
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
GetProcAddress
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
ReadFile
Process32First
SetWaitableTimer
TlsSetValue
SetLastError
EnterCriticalSection
SetConsoleTitleA
GetCurrentProcess
GetStdHandle
GetCommandLineA
SetCurrentConsoleFontEx
TerminateProcess
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetQueuedCompletionStatus
CreateMutexA
WaitForSingleObject
OpenProcess
SetCurrentDirectoryA
PostQueuedCompletionStatus
CreateToolhelp32Snapshot
CreateEventW
Sleep
EnumSystemLocalesW
GetTickCount64
K32GetModuleFileNameExA
GetLastError
CreateFileA
SetEvent
GetSystemDirectoryA
TerminateThread
TlsAlloc
DeleteFileA
Process32Next
CloseHandle
QueueUserAPC
CreateWaitableTimerA
LocalFree
DeleteCriticalSection
ExitProcess
GetConsoleWindow
SleepEx
TlsGetValue
CreateProcessA
K32EnumProcessModules
TlsFree
FormatMessageA
CreateIoCompletionPort
GetTickCount
AllocConsole
MulDiv
GetExitCodeProcess
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetFileType
PeekNamedPipe
GetCurrentProcessId
VerifyVersionInfoW
GetFileSizeEx
GetModuleHandleW
SetThreadExecutionState
InitializeCriticalSection
GetModuleHandleExW
AreFileApisANSI
SetFileInformationByHandle
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
RaiseException
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
GetFileInformationByHandleEx
TryAcquireSRWLockExclusive
EncodePointer
DecodePointer
LCMapStringEx
FlushFileBuffers
GetUserDefaultLCID
IsValidLocale
FormatMessageW
GetLocaleInfoW
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
WriteFile
RtlUnwind
MoveFileExW
user32
OffsetRect
PtInRect
GetWindowLongW
SetWindowLongW
GetClassLongPtrW
LoadCursorW
DestroyIcon
LoadImageW
CreateIconIndirect
SystemParametersInfoW
GetMonitorInfoW
GetRawInputData
RegisterRawInputDevices
RegisterDeviceNotificationW
UnregisterDeviceNotification
UnregisterClassW
ToUnicode
ChangeDisplaySettingsExW
EnumDisplaySettingsW
EnumDisplaySettingsExW
EnumDisplayDevicesW
EnumDisplayMonitors
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetKeyState
GetActiveWindow
SetFocus
IsZoomed
BringWindowToTop
IsIconic
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
FlashWindow
SetLayeredWindowAttributes
GetLayeredWindowAttributes
DestroyWindow
CreateWindowExW
RegisterClassExW
ClipCursor
WindowFromPoint
AdjustWindowRectEx
SetWindowTextW
RemovePropW
GetPropW
SetRect
DefWindowProcW
WaitMessage
PostMessageW
SendMessageW
GetMessageTime
PeekMessageW
DispatchMessageW
TranslateMessage
GetWindowRect
SetWindowPos
CallNextHookEx
ShowWindow
GetAsyncKeyState
SetWindowLongA
SetWindowsHookExA
GetWindowLongA
SetWindowDisplayAffinity
MapVirtualKeyA
MessageBoxA
MoveWindow
UnhookWindowsHookEx
mouse_event
GetWindowDisplayAffinity
GetDesktopWindow
FindWindowA
UpdateWindow
SetForegroundWindow
SendInput
GetDC
MonitorFromWindow
ScreenToClient
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
ReleaseCapture
SetCursorPos
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SetPropW
GetSystemMetrics
MsgWaitForMultipleObjects
MapVirtualKeyW
gdi32
CreateRectRgn
SwapBuffers
SetPixelFormat
DescribePixelFormat
ChoosePixelFormat
SetDeviceGammaRamp
GetDeviceGammaRamp
DeleteDC
CreateDCW
CreateDIBSection
CreateBitmap
GetDeviceCaps
DeleteObject
shell32
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW
SHGetFolderPathA
ShellExecuteA
ole32
CoCreateInstance
CoInitialize
CoUninitialize
imm32
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ntdll
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlPcToFileHeader
bcrypt
BCryptGenRandom
Sections
.text Size: 2.0MB - Virtual size: 2.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 655KB - Virtual size: 655KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1.8MB - Virtual size: 1.8MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 80KB - Virtual size: 79KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 500B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
injector.bat
-
md._syn/map.exe.exe windows:6 windows x64 arch:x64
e417d2960a98576c86d2500cb73aa03b
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
kernel32
FormatMessageA
CloseHandle
CreateFileA
GetCurrentProcess
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
LoadLibraryExA
VirtualAlloc
DeviceIoControl
VirtualFree
GetLocaleInfoEx
CreateFileW
GetFileAttributesW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetLastError
GetModuleHandleW
GetFileInformationByHandleEx
MultiByteToWideChar
WideCharToMultiByte
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
advapi32
RegOpenKeyExA
RegCreateKeyA
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyA
RegDeleteKeyA
RegSetValueExA
OpenProcessToken
RegCloseKey
RegQueryValueExA
msvcp140
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?unsetf@ios_base@std@@QEAAXH@Z
??7ios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Throw_Cpp_error@std@@YAXH@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
ntdll
RtlAnsiStringToUnicodeString
RtlInitUnicodeString
NtQuerySystemInformation
RtlInitAnsiString
dbghelp
ImageDirectoryEntryToData
ImageNtHeader
ImageRvaToVa
vcruntime140_1
__CxxFrameHandler4
vcruntime140
memset
__current_exception_context
__current_exception
_CxxThrowException
__C_specific_handler
__std_exception_copy
__std_exception_destroy
memchr
memcmp
memmove
memcpy
api-ms-win-crt-stdio-l1-1-0
setvbuf
_set_fmode
ungetc
fgetc
fwrite
fgetpos
fsetpos
fclose
fflush
fputc
fread
__acrt_iob_func
_fseeki64
_get_stream_buffer_pointers
__p__commode
__stdio_common_vfprintf
api-ms-win-crt-runtime-l1-1-0
_initterm
_initterm_e
_get_initial_narrow_environment
__p___argc
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
abort
__p___argv
exit
terminate
_exit
perror
system
_beginthreadex
api-ms-win-crt-heap-l1-1-0
free
malloc
_callnewh
_set_new_mode
api-ms-win-crt-string-l1-1-0
_stricmp
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-utility-l1-1-0
rand
api-ms-win-crt-filesystem-l1-1-0
_unlock_file
_lock_file
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
api-ms-win-crt-math-l1-1-0
__setusermatherr
Sections
.text Size: 98KB - Virtual size: 98KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 2KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 292B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
md._syn/md_.syn_unsafe.sys.dll windows:6 windows x64 arch:x64
ab4ec7029a433801eb2657821774ddc0
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
ntoskrnl.exe
RtlCompareUnicodeString
ZwQuerySystemInformation
DbgPrintEx
RtlEqualUnicodeString
PsLoadedModuleList
ObfDereferenceObject
RtlInitUnicodeString
PsLookupProcessByProcessId
MmCopyMemory
ExAllocatePool2
RtlGetVersion
ExFreePoolWithTag
ExGetPreviousMode
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 104B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 156B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
updater.dll.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
updater.pdb