samples4[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

samples4.zip
Size

11.3MB
MD5

78d1b2d2d33dbdee8a68614849da921e
SHA1

c80d3a41878f8b776daeb5c706ecc4586f754a94
SHA256

7ae4167445cef80f080de5b84c6490a61c1834aa1e05fce43e611c5d054da858
SHA512

2bf4a6aa22954efdb5699299034a9a1bf5086634baaab14acc5e0904d3d38bab3a8e566f1f699340f99d71b128bd3d22df2b2a83d076ea0f031cd4c3b00b93c4
SSDEEP

196608:iVPPnUoLLj3r94fPEC+uCSzmmGgQvFm69unI3xefV/EgOgm53FVvrYn/ushuMMof:cPPnUiD9QmJgKFKn9fV/EgOg61VMfYMj

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/0e60d49a967599fab179f8c885d91db25016be996d66a4e00cbb197e5085efa4/0e60d49a967599fab179f8c885d91db25016be996d66a4e00cbb197e5085efa4
unpack001/1ce5dd21fbff44289d22647277a94f2611ee661cdcab323548caa0a7082ddc7d/1ce5dd21fbff44289d22647277a94f2611ee661cdcab323548caa0a7082ddc7d
unpack001/3c73425d026a172779c8ffc5e338afbf6e66f1ad3020a11c2bece4658fcb28fc/3c73425d026a172779c8ffc5e338afbf6e66f1ad3020a11c2bece4658fcb28fc
unpack001/5df6314b5c6f6bd151a5fda104d32655c5bd8153be922b80069b22f1c1de9db3/5df6314b5c6f6bd151a5fda104d32655c5bd8153be922b80069b22f1c1de9db3
unpack001/5ee5166c02636f294fb8f6da69d5c0ae893a1c4694ae1bcc3753b497598121a0/5ee5166c02636f294fb8f6da69d5c0ae893a1c4694ae1bcc3753b497598121a0
unpack001/5f7cdd8c28daba74fd96c1aa9de6d920b026dcea5b596e7e145ffe11c5a4cb8e/5f7cdd8c28daba74fd96c1aa9de6d920b026dcea5b596e7e145ffe11c5a4cb8e

Files

samples4.zip
.zip
0e60d49a967599fab179f8c885d91db25016be996d66a4e00cbb197e5085efa4/0e60d49a967599fab179f8c885d91db25016be996d66a4e00cbb197e5085efa4
.exe windows:6 windows x86 arch:x86

f6a114275ec71b0f9e53c5ebb7d8d51d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreA
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
GetCurrentThread
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
GetModuleHandleA
GetProcAddress
WinExec
GetCurrentProcessId
GlobalAlloc
OpenProcess
GetSystemInfo
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetEndOfFile
HeapSize
WriteConsoleW
FlushFileBuffers
GetProcessHeap
GetStringTypeW
CreateThread
WaitForMultipleObjects
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
GetLastError
CloseHandle
WriteFile
SetFilePointerEx
SetFilePointer
SetFileAttributesW
ReadFile
GetLogicalDriveStringsW
GetFileSize
GetDriveTypeW
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
TerminateProcess
CreateFileA
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
DecodePointer
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetStdHandle
HeapReAlloc
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetFileAttributesExW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
GetStdHandle
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetFileType
GetFileSizeEx
CompareStringW
LCMapStringW

user32

FindWindowA
ShowWindow

shell32

SHEmptyRecycleBinA
SHChangeNotify

advapi32

QueryServiceStatusEx
OpenServiceA
EnumDependentServicesA
ControlService
RegSetValueExA
RegCreateKeyExA
RegCloseKey
OpenEventLogA
CloseEventLog
ClearEventLogA
GetTokenInformation
FreeSid
EqualSid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
OpenSCManagerA
EnumServicesStatusExA
CloseServiceHandle
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

mpr

WNetAddConnection2W
WNetAddConnection2A
WNetCloseEnum
WNetOpenEnumW
WNetEnumResourceW

ws2_32

WSAStartup

rstrtmgr

RmGetList
RmStartSession
RmEndSession
RmRegisterResources

Sections

.text
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1ce5dd21fbff44289d22647277a94f2611ee661cdcab323548caa0a7082ddc7d/1ce5dd21fbff44289d22647277a94f2611ee661cdcab323548caa0a7082ddc7d
.exe windows:6 windows x86 arch:x86

4a337ffacd1cf97d8fcf9a97fe4d8f98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionW
wnsprintfW

mpr

WNetGetConnectionW

kernel32

GetFileSizeEx
HeapFree
FindNextFileW
FindClose
CreateFileW
PostQueuedCompletionStatus
LoadLibraryA
lstrcatW
CreateThread
HeapAlloc
GetProcAddress
GetProcessHeap
lstrcpyW
lstrcmpiW
CreateIoCompletionPort
lstrcmpW
FindFirstVolumeW
GetCurrentProcess
lstrcmpA
GetModuleHandleA
GlobalAlloc
GetSystemInfo
SetVolumeMountPointW
FindFirstFileW
GetVolumePathNamesForVolumeNameW
WriteFile
GetDriveTypeW
GetModuleFileNameA
GetLogicalDrives
Process32First
TerminateProcess
GetEnvironmentVariableA
lstrcatA
OpenProcess
CreateToolhelp32Snapshot
MultiByteToWideChar
GetTempPathA
CreateFileA
DeleteFileW
Process32Next
lstrcpyA
ExitProcess
lstrcmpiA
GetTempFileNameA
GetStringTypeW
SetStdHandle
AllocConsole
GetCurrentProcessId
WriteConsoleW
AttachConsole
GetStdHandle
lstrlenW
MoveFileW
CloseHandle
Sleep
FindVolumeClose
GetQueuedCompletionStatus
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualQuery
ReadFile
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
HeapSize
HeapReAlloc
DecodePointer
FindNextVolumeW
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
GetModuleFileNameW
GetModuleHandleExW
LCMapStringW
GetFileType

user32

wsprintfW
SystemParametersInfoA

gdi32

SelectObject
StartPage
EndDoc
CreateDCW
CreateFontW
DeleteDC
TextOutW
DeleteObject
StartDocW
EndPage

winspool.drv

EnumPrintersW

advapi32

OpenServiceA
CloseServiceHandle
ClearEventLogW
OpenSCManagerW
AllocateAndInitializeSid
ControlService
FreeSid
OpenEventLogW
CheckTokenMembership
QueryServiceStatusEx

shell32

SHEmptyRecycleBinW
ShellExecuteA

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.7aedee
Size: 787KB - Virtual size: 788KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
3c73425d026a172779c8ffc5e338afbf6e66f1ad3020a11c2bece4658fcb28fc/3c73425d026a172779c8ffc5e338afbf6e66f1ad3020a11c2bece4658fcb28fc
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5df6314b5c6f6bd151a5fda104d32655c5bd8153be922b80069b22f1c1de9db3/5df6314b5c6f6bd151a5fda104d32655c5bd8153be922b80069b22f1c1de9db3
.exe windows:5 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 69KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

exlhlzdc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gyuvvvyg
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
5ee5166c02636f294fb8f6da69d5c0ae893a1c4694ae1bcc3753b497598121a0/5ee5166c02636f294fb8f6da69d5c0ae893a1c4694ae1bcc3753b497598121a0
.exe windows:6 windows x86 arch:x86

e4817e5988730d84f473d0e35b261222

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

VirtualAlloc
VirtualProtect
LoadLibraryA
GetProcAddress
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
WriteConsoleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
CloseHandle
CreateFileW
DecodePointer

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
5f7cdd8c28daba74fd96c1aa9de6d920b026dcea5b596e7e145ffe11c5a4cb8e/5f7cdd8c28daba74fd96c1aa9de6d920b026dcea5b596e7e145ffe11c5a4cb8e
.exe windows:6 windows x86 arch:x86

04f4a4454da812f4d2024bd9e3fcfe70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

closesocket

crypt32

CryptUnprotectData

wininet

InternetReadFile

ntdll

NtQuerySystemInformation

rstrtmgr

RmStartSession

kernel32

LocalFree
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetDesktopWindow

gdi32

GetObjectW

advapi32

RegOpenKeyExA

shell32

SHGetKnownFolderPath

ole32

CreateStreamOnHGlobal

shlwapi

ord184

gdiplus

GdipGetImageEncoders

Sections

.text
Size: - Virtual size: 902KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.~Jw
Size: - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Tx?
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.7<a
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6a114275ec71b0f9e53c5ebb7d8d51d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

mpr

ws2_32

rstrtmgr

Sections

.text Size: 172KB - Virtual size: 172KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 25KB - Virtual size: 36KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 7KB - Virtual size: 7KB

4a337ffacd1cf97d8fcf9a97fe4d8f98

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

mpr

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 2KB - Virtual size: 5KB

.reloc Size: 5KB - Virtual size: 4KB

.7aedee Size: 787KB - Virtual size: 788KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 110KB - Virtual size: 109KB

.rsrc Size: 102KB - Virtual size: 101KB

.reloc Size: 512B - Virtual size: 12B

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

Size: 69KB - Virtual size: 96KB

.rsrc Size: 1.1MB - Virtual size: 1.3MB

.idata Size: 512B - Virtual size: 4KB

Size: 512B - Virtual size: 2.6MB

exlhlzdc Size: 3.3MB - Virtual size: 3.3MB

gyuvvvyg Size: 1KB - Virtual size: 4KB

e4817e5988730d84f473d0e35b261222

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

04f4a4454da812f4d2024bd9e3fcfe70

Headers

.text
Size: 172KB - Virtual size: 172KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 25KB - Virtual size: 36KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 2KB - Virtual size: 5KB

.reloc
Size: 5KB - Virtual size: 4KB

.7aedee
Size: 787KB - Virtual size: 788KB

.text
Size: 110KB - Virtual size: 109KB

.rsrc
Size: 102KB - Virtual size: 101KB

.reloc
Size: 512B - Virtual size: 12B

.rsrc
Size: 1.1MB - Virtual size: 1.3MB

.idata
Size: 512B - Virtual size: 4KB

exlhlzdc
Size: 3.3MB - Virtual size: 3.3MB

gyuvvvyg
Size: 1KB - Virtual size: 4KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: - Virtual size: 902KB

.rdata
Size: - Virtual size: 128KB

.data
Size: - Virtual size: 12KB

.~Jw
Size: - Virtual size: 2.7MB

.Tx?
Size: 1KB - Virtual size: 1KB

.7<a
Size: 5.8MB - Virtual size: 5.8MB

.rsrc
Size: 512B - Virtual size: 469B