??4_Init_locks@std@@QAEAAV01@ABV01@@Z
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a2c1744d11b066a5983d9d2e89db4295c11897c05f509d313de8b487f96ee0fd.exe
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
a2c1744d11b066a5983d9d2e89db4295c11897c05f509d313de8b487f96ee0fd.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
a2c1744d11b066a5983d9d2e89db4295c11897c05f509d313de8b487f96ee0fd
-
Size
1.6MB
-
MD5
75767b2b906bb55fa671a731c60f62c2
-
SHA1
6f05cf610271d88d771b3812f33856aafedaa559
-
SHA256
a2c1744d11b066a5983d9d2e89db4295c11897c05f509d313de8b487f96ee0fd
-
SHA512
2acd234309f5e8bc0178442154ec59730f08189d4b60c24092de6564a5b38307302bf1ec8ffc25a4d05116d0e653c191572717cc8baad30edd13f21ad4a46e91
-
SSDEEP
24576:jfez/ws0GMoIaib7PsVSjUPkygMArpSDGXD8aXsqjnhMgeiCl7G0nehbGZpbD:6/aBjEkygMAFSDyDmg27RnWGj
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource a2c1744d11b066a5983d9d2e89db4295c11897c05f509d313de8b487f96ee0fd
Files
-
a2c1744d11b066a5983d9d2e89db4295c11897c05f509d313de8b487f96ee0fd.exe windows:4 windows x86 arch:x86
7c7b35b5260ba9f3dd3dd149d77424f6
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
uilogic
CreateUiLogic
CreateUiPolicyPtr
GetRecordObj
GetScheduleObj
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
GetUserProfileDirectoryW
UnloadUserProfile
LoadUserProfileW
wtsapi32
WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSEnumerateProcessesW
WTSRegisterSessionNotification
rpcrt4
RpcServerListen
RpcRevertToSelf
RpcImpersonateClient
NdrServerCall2
RpcServerRegisterIf
RpcStringBindingComposeW
RpcServerUnregisterIf
RpcStringFreeW
RpcServerUseProtseqEpW
RpcMgmtStopServerListening
NdrClientCall2
RpcBindingFree
RpcBindingFromStringBindingW
comn
GetObjectSys
GetObjectLang
GetObjectLog
ws2_32
WSACleanup
inet_addr
WSAGetLastError
listen
send
select
htonl
recvfrom
sendto
WSAIoctl
setsockopt
getsockopt
getsockname
htons
accept
WSAStartup
socket
connect
closesocket
bind
inet_ntoa
gethostbyname
recv
encrypt
CreateEncryptObject
StrToHex
HexToStr
diskmgr
CreateDdmManager
shlwapi
PathFileExistsW
amnet
?ToInteger@Amnet@@YAKPA_W@Z
?InitAdapter@Amnet@@YAX_N@Z
?Sendto@Amnet@@YA_NHPADI0H_N@Z
?Disconnect@Amnet@@YA_NH_N@Z
?Install@Amnet@@YA_NXZ
?GetLastError@Amnet@@YAHXZ
?Uninstall@Amnet@@YAXXZ
?GetAdapterCount@Amnet@@YAHXZ
?GetHostName@Amnet@@YAXPAD@Z
?CleanVirtualAdapter@Amnet@@YAXXZ
?ToCharacter@Amnet@@YAPADK@Z
?GetAdapterAt@Amnet@@YA_NIAAUTAdapter@1@@Z
?ToInteger@Amnet@@YAKPAD@Z
ntlog
?WriteLog@NTLOG@@YAHHIPB_WZZ
?OpenLog@NTLOG@@YAHIPA_W@Z
?CloseLog@NTLOG@@YAXH@Z
nthelp
?Wchartochar@Help32@@YAXPB_WPADH@Z
?Compress@Help32@@YAHPAEI@Z
?FileIsExist@Help32@@YAHPA_W@Z
?GUIDToString@Help32@@YAXAAU_GUID@@PA_WH@Z
?IsValidUserAndHasAdmin@Help32@@YAHPA_WAAH@Z
?IsEmpty@Help32@@YAHPAD@Z
?IsEmpty@Help32@@YAHPA_W@Z
?Decrypto@Help32@@YAXPAEK@Z
?SplitString@Help32@@YAXPA_W_WAAV?$vector@PA_WV?$allocator@PA_W@std@@@std@@@Z
?StringToGUID@Help32@@YAXPA_WAAU_GUID@@@Z
?Encrypto@Help32@@YAXPAEK@Z
?InternetCheckResult@Help32@@YAHPBDH@Z
?GetIPv4InAddr@Help32@@YAKPBD@Z
?GetIPv4InAddr@Help32@@YAKPB_W@Z
?WriteFile@Help32@@YAKPA_WKPAXK@Z
?Expansion@Help32@@YAXPAEIPADI@Z
?CopyString@Help32@@YAPA_WPA_W@Z
?CopyString@Help32@@YAXPAD0@Z
?CopyString@Help32@@YAXPA_W0@Z
?CheckWindowsUserAndPasswordIsValid@Help32@@YAHPA_W0@Z
?GetAddrInIPv4@Help32@@YAXKPA_W@Z
?Chartowchar@Help32@@YAXPBDPA_WH@Z
?GetModuleFilePath@Help32@@YAXPA_W@Z
?GetModuleFilePath@Help32@@YAXPAD@Z
?EqualString@Help32@@YAHPA_WPAD@Z
?EqualString@Help32@@YAHPA_W0@Z
?ReadFile@Help32@@YAKPA_WKPAXK@Z
?MakeGUID@Help32@@YAXAAU_GUID@@@Z
usbdetect
?RegisterNotification@USBDriveDetector@@QAE_NPAUSERVICE_STATUS_HANDLE__@@PAVHandler@1@@Z
?EventHandler@USBDriveDetector@@QAEXKKPAX@Z
?GetCurRemovablePartitions@DeviceUtil@@SAXPAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@DU?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@D@std@@@2@@std@@@Z
?Get@USBDriveDetector@@SAAAV1@XZ
?GetCurRemovableDrives@DeviceUtil@@SAXPAV?$set@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@Z
funclogic
CreateEnumDisk
kernel32
HeapFree
GetProcessHeap
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedCompareExchange
GetVersion
LocalAlloc
LocalFree
GenerateConsoleCtrlEvent
GetCurrentThread
SetLastError
WriteConsoleW
GetStdHandle
WriteConsoleA
DeviceIoControl
PeekNamedPipe
CreatePipe
GetSystemDirectoryW
GetVersionExA
GetFileSizeEx
FlushFileBuffers
QueryPerformanceCounter
WaitForSingleObject
CreateThread
FindFirstFileW
SetSystemPowerState
CreateMutexW
InitializeCriticalSection
LeaveCriticalSection
GetTickCount
ReleaseMutex
SetEvent
FindClose
QueueUserWorkItem
GetModuleFileNameW
CloseHandle
GetLocalTime
GetLastError
DeleteCriticalSection
Sleep
lstrcpyW
EnterCriticalSection
CreateEventW
DeleteFileW
GetCurrentProcess
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
GetProcAddress
LoadLibraryW
GetVersionExW
Process32FirstW
TerminateProcess
SetFilePointer
GetPrivateProfileStringW
ReadFile
GetModuleFileNameA
CreateFileW
WTSGetActiveConsoleSessionId
CreateDirectoryW
WriteFile
MultiByteToWideChar
GetExitCodeProcess
FreeLibrary
CreateProcessW
GetStartupInfoW
WideCharToMultiByte
WritePrivateProfileStringW
GetFileAttributesW
GetPrivateProfileIntW
SetProcessPriorityBoost
SetPriorityClass
InterlockedExchange
GetSystemInfo
GetCurrentProcessId
GetDriveTypeW
GetCurrentThreadId
OutputDebugStringA
InterlockedDecrement
OutputDebugStringW
OpenMutexW
GetModuleHandleW
LoadLibraryA
CreateMutexA
GetLogicalDriveStringsW
SetUnhandledExceptionFilter
RemoveDirectoryW
GetEnvironmentVariableW
FindNextFileW
OpenEventW
InterlockedIncrement
GetPrivateProfileStringA
WritePrivateProfileStructW
GetPrivateProfileStructW
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
CreateFileA
GetFileSize
TerminateThread
GetComputerNameW
GetFileAttributesA
CreateDirectoryA
IsBadReadPtr
IsBadWritePtr
lstrlenW
SetFilePointerEx
MoveFileW
GetWindowsDirectoryW
GetSystemTimeAsFileTime
user32
UnregisterDeviceNotification
OpenWindowStationW
SetProcessWindowStation
CloseDesktop
GetUserObjectSecurity
ExitWindowsEx
wsprintfW
wvsprintfW
CreateWindowExW
TranslateMessage
RegisterClassExW
GetWindowLongW
DispatchMessageW
SendMessageW
PostQuitMessage
RegisterDeviceNotificationW
SetWindowLongW
LoadCursorW
DefWindowProcW
GetMessageW
CloseWindowStation
SetUserObjectSecurity
GetProcessWindowStation
GetThreadDesktop
SetThreadDesktop
OpenDesktopW
advapi32
RevertToSelf
LogonUserW
RegOpenKeyExA
InitializeAcl
AddAccessAllowedAce
GetAce
OpenThreadToken
ImpersonateLoggedOnUser
CopySid
InitializeSecurityDescriptor
RegDeleteKeyA
AddAce
GetAclInformation
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
RegEnumKeyW
RegQueryInfoKeyW
RegFlushKey
RegOpenKeyW
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
LookupAccountSidW
RegQueryValueExW
ChangeServiceConfig2W
DeleteService
CloseServiceHandle
OpenServiceW
CreateServiceW
QueryServiceStatus
OpenSCManagerW
ControlService
DeregisterEventSource
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
ReportEventW
RegisterEventSourceW
SetServiceStatus
RegOpenKeyExW
CreateProcessAsUserW
RegSetValueExW
RegCloseKey
RegDeleteValueW
SetTokenInformation
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetLengthSid
shell32
SHGetFolderPathA
SHGetFolderPathW
ShellExecuteExW
ole32
CLSIDFromString
StringFromCLSID
CoUninitialize
CoInitialize
CoTaskMemFree
CoInitializeEx
CoCreateInstance
oleaut32
SysStringLen
SysAllocString
SysFreeString
msvcp80
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??0?$allocator@_W@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$allocator@_W@std@@QAE@ABV01@@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?max_size@?$allocator@_W@std@@QBEIXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?width@ios_base@std@@QAEHH@Z
?width@ios_base@std@@QBEHXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flags@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
activeds
ord9
msvcr80
_vsnprintf_s
fputc
ferror
_wfsopen
_CIpow
ftell
fread
_fsopen
fseek
isalpha
isspace
isalnum
_beginthread
fprintf
printf
??_V@YAXPAX@Z
_vswprintf
_localtime64_s
free
malloc
wcscpy_s
_time64
memmove_s
??2@YAPAXI@Z
swprintf_s
wcscat_s
swscanf_s
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
strrchr
_swprintf
??0exception@std@@QAE@XZ
memmove
_strnicmp
_itoa
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CxxFrameHandler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_purecall
fclose
fopen_s
_wcsicmp
wcsrchr
strchr
_itow
_wcsnicmp
fopen
wcschr
atoi
_mktime64
strstr
_wtoi
_vsnwprintf
wprintf
vswprintf_s
sscanf_s
wcsncpy
feof
towupper
_beginthreadex
strncpy
fgets
__winitenv
strtok
_wcsupr
srand
_endthreadex
strncmp
mbstowcs
strcpy_s
wcsstr
_vsnprintf
strtol
calloc
rand
strftime
toupper
vsprintf
_vscprintf
_vscwprintf
gets
memcpy
strlen
div
memset
wcscpy
strcpy
wcscmp
strcmp
_CxxThrowException
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
atol
tolower
exit
_invalid_parameter_noinfo
??3@YAXPAX@Z
wcsncmp
_localtime64
?what@exception@std@@UBEPBDXZ
sprintf
??1exception@std@@UAE@XZ
wcstombs
iphlpapi
AddIPAddress
GetAdaptersInfo
version
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW
winhttp
WinHttpReadData
WinHttpSetTimeouts
WinHttpCloseHandle
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpConnect
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpReceiveResponse
enumfolder
CreateEnumRemoteFolder
Exports
Exports
Sections
.text Size: 640KB - Virtual size: 639KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 112KB - Virtual size: 110KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 89KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 864KB - Virtual size: 868KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE