hterm[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

hterm.exe
Size

5.8MB
MD5

8e6d13aedb2a002708e6fa7bef50a9e3
SHA1

7b56e8375f2be52c5c3c32e982d8f969f73bddba
SHA256

ede7222dbcfb57cb3fb7ec6804ab839a9676c23943e7099588e137438c694d7c
SHA512

2a25456412596d4266cdcbee3a366a8166201f8ea978c2828d56fda94dc2e0d5e7da9de950c6bc24d5d985522168f2d7f9a9667f07dcb9ac4f894d8248502220
SSDEEP

98304:T10r/zx1FBQ7bDuyIr/K7o9g1UORV/y3BJymW5fok8EC5dU:YBQ7bDuf/K09tO7/kJymWQFU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
hterm.exe

Files

hterm.exe
.exe windows:5 windows x86 arch:x86

286743d1725f22e14d9e50d1dc2771a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeBeginPeriod
timeEndPeriod

comctl32

ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo
ImageList_ReplaceIcon
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_SetDragCursorImage
ord16
ImageList_Add
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_Draw
ImageList_Replace
ord17
ImageList_Remove

oleacc

LresultFromObject

uxtheme

CloseThemeData
DrawThemeBackground
GetThemeBackgroundContentRect
IsThemeBackgroundPartiallyTransparent
GetThemeColor
DrawThemeParentBackground
GetThemePartSize
GetThemeInt
GetThemeSysColor
GetThemeMargins
GetThemeSysFont
SetWindowTheme
IsThemeActive
IsAppThemed
GetThemeFont
GetCurrentThemeName
GetThemeBackgroundExtent
IsThemePartDefined
OpenThemeData

rpcrt4

UuidToStringW
RpcStringFreeW

shlwapi

AssocQueryStringW
SHAutoComplete

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

TerminateProcess
IsDebuggerPresent
LoadResource
SizeofResource
GetNativeSystemInfo
GetEnvironmentVariableW
FindResourceW
GetVersionExW
IsValidCodePage
GetCPInfo
GetExitCodeProcess
CreateThread
SetHandleInformation
CreatePipe
SetNamedPipeHandleState
PeekNamedPipe
CreateProcessW
InterlockedExchange
GetLogicalDriveStringsW
GetDriveTypeW
QueryPerformanceCounter
QueryPerformanceFrequency
FindNextFileW
GetACP
IsBadReadPtr
OutputDebugStringW
GetTimeZoneInformation
GetConsoleMode
SetConsoleTextAttribute
GetLastError
SetLastError
GetOverlappedResult
SetEvent
ResetEvent
WaitForMultipleObjects
WriteFile
ReadFile
CloseHandle
ClearCommError
SetupComm
EscapeCommFunction
GetCommModemStatus
GetCommState
PurgeComm
SetCommMask
SetCommState
SetCommTimeouts
WaitCommEvent
CreateEventW
CreateFileW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
ExitProcess
GetCurrentThreadId
GlobalSize
GlobalHandle
LocalFree
GetCommandLineW
GetStdHandle
ReadConsoleOutputCharacterA
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
WaitForSingleObject
ResumeThread
GetExitCodeThread
TerminateThread
SetConsoleCursorPosition
FreeConsole
AttachConsole
WriteConsoleA
WriteConsoleW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeSListHead
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
LockResource
SetThreadPriority
GetCurrentThread
RaiseException
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
ExpandEnvironmentStringsW
FormatMessageW
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
GetTempFileNameW
GetTempPathW
FindClose
GetLongPathNameW
CopyFileW
GetFileAttributesW
SetCurrentDirectoryW
GetFileType
SetErrorMode
LoadLibraryW
FreeLibrary
IsBadStringPtrA

user32

ShowCursor
AdjustWindowRectEx
IsClipboardFormatAvailable
GetDesktopWindow
EndPaint
BeginPaint
GetWindowDC
ValidateRect
PostThreadMessageW
GetMessageW
GetClassNameW
MessageBeep
GetWindowTextW
IsRectEmpty
ValidateRgn
TranslateAcceleratorW
DestroyAcceleratorTable
CreateAcceleratorTableW
DestroyCursor
GetCaretBlinkTime
GetDoubleClickTime
DrawIconEx
UnionRect
FindWindowExW
ChildWindowFromPoint
HideCaret
GetWindowTextLengthW
keybd_event
IsMenu
GetComboBoxInfo
InsertMenuItemW
SetMenuInfo
RemoveMenu
ModifyMenuW
AppendMenuW
InsertMenuW
DestroyMenu
CreatePopupMenu
CreateMenu
CheckMenuRadioItem
GetSysColorBrush
SetMenuItemInfoW
GetMenuItemID
GetSubMenu
CheckMenuItem
GetMenuState
DrawFrameControl
DrawEdge
OffsetRect
CopyRect
SetRectEmpty
DrawStateW
CreateIconIndirect
SetMenu
PostMessageW
RegisterWindowMessageW
DrawFocusRect
DrawTextW
DestroyIcon
GetIconInfo
LoadImageW
LoadIconW
LoadBitmapW
LoadCursorW
GetProcessDefaultLayout
MessageBoxW
GetClipboardFormatNameW
RegisterClipboardFormatW
SetForegroundWindow
EnableMenuItem
GetSystemMenu
DrawMenuBar
CreateDialogIndirectParamW
IsZoomed
BringWindowToTop
IsIconic
EnumDisplayMonitors
SetLayeredWindowAttributes
UnregisterClassW
RegisterClassW
GetWindowPlacement
SetWindowRgn
GetDlgItem
EnumDisplaySettingsW
GetScrollInfo
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
SetScrollInfo
IsDialogMessageW
wsprintfW
MsgWaitForMultipleObjects
SetTimer
KillTimer
WaitForInputIdle
DdeInitializeW
DdeUninitialize
DdeConnect
DdeDisconnect
DdePostAdvise
DdeNameService
MonitorFromPoint
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindow
SetParent
MonitorFromWindow
SetWindowLongW
GetWindowLongW
PtInRect
InflateRect
FillRect
GetSysColor
ChildWindowFromPointEx
WindowFromPoint
MapWindowPoints
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetClientRect
SetWindowTextW
EnableScrollBar
ScrollWindow
RedrawWindow
InvalidateRect
GetUpdateRgn
UpdateWindow
GetMenuItemInfoW
TrackPopupMenu
GetMenuItemCount
GetSystemMetrics
IsWindowEnabled
EnableWindow
ReleaseCapture
SetCapture
GetCapture
MapVirtualKeyW
VkKeyScanW
GetAsyncKeyState
GetKeyState
GetFocus
GetActiveWindow
SetFocus
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
MoveWindow
AnimateWindow
ShowWindow
DestroyWindow
IsWindow
CreateWindowExW
CallWindowProcW
PostQuitMessage
DefWindowProcW
GetMessageTime
GetMessagePos
UnregisterHotKey
RegisterHotKey
PeekMessageW
DispatchMessageW
TranslateMessage
ReleaseDC
GetDC
GetParent
GetWindowRect
GetDialogBaseUnits
SetWindowPos
SendMessageW
SystemParametersInfoW
ChangeDisplaySettingsExW
CreateDialogParamW
GetMonitorInfoW
DdeFreeStringHandle
DdeQueryStringW
DdeCreateStringHandleW
DdeGetLastError
DdeFreeDataHandle
DdeGetData
DdeCreateDataHandle
FlashWindowEx
DdeClientTransaction
SetRect

gdi32

GetStockObject
GetTextExtentPoint32W
BitBlt
CreateBitmap
CreateBitmapIndirect
CreateCompatibleBitmap
CreateSolidBrush
GetGraphicsMode
GetViewportExtEx
GetWindowExtEx
CreateICW
CreateHatchBrush
CreatePatternBrush
Arc
Ellipse
ExtFloodFill
GetClipBox
GetObjectType
GetPixel
MaskBlt
Pie
PolyPolygon
Rectangle
SelectClipRgn
ExtSelectClipRgn
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPixel
SetPolyFillMode
StretchBlt
StretchDIBits
ExtCreateRegion
SetStretchBltMode
GetWorldTransform
SetWorldTransform
ModifyWorldTransform
ExtTextOutW
GdiFlush
DPtoLP
LPtoDP
Polygon
Polyline
DeleteDC
SetViewportExtEx
SetWindowExtEx
SetWindowOrgEx
CreatePen
ExtCreatePen
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
CombineRgn
EqualRgn
GetRgnBox
PtInRegion
RectInRegion
GetBkColor
LineTo
MoveToEx
CreateRectRgnIndirect
GetCharABCWidthsW
GetTextExtentExPointW
CreateDIBitmap
GetDIBits
CreateDIBSection
GetDIBColorTable
SetDIBColorTable
CreateDCW
SetViewportOrgEx
CloseEnhMetaFile
CreateEnhMetaFileW
DeleteEnhMetaFile
GetEnhMetaFileW
GetEnhMetaFileHeader
PlayEnhMetaFile
GetSystemPaletteEntries
EnumFontFamiliesExW
SetAbortProc
StartDocW
EndDoc
StartPage
EndPage
PatBlt
CreateCompatibleDC
SetTextColor
SetBkMode
SetBkColor
GetObjectW
OffsetRgn
PolyBezier
SetBrushOrgEx
SelectPalette
RealizePalette
ExcludeClipRect
CreateRectRgn
GetTextMetricsW
SelectObject
GetOutlineTextMetricsW
GetRegionData
CreatePolygonRgn
GetDeviceCaps
DeleteObject
SetROP2
RoundRect
CreateFontIndirectW

winspool.drv

OpenPrinterW
GetPrinterW
DocumentPropertiesW
ClosePrinter

shell32

SHGetFolderPathW
ord6
SHGetFileInfoW
ShellExecuteExW
ExtractIconExW
ExtractIconW
CommandLineToArgvW
DragAcceptFiles
DragFinish
DragQueryPoint
DragQueryFileW

ole32

RevokeDragDrop
CoLockObjectExternal
CoTaskMemAlloc
CoCreateInstance
OleUninitialize
OleInitialize
ReleaseStgMedium
CoTaskMemFree
RegisterDragDrop
OleSetClipboard
OleGetClipboard
OleFlushClipboard
OleIsCurrentClipboard

comdlg32

PrintDlgW
ChooseFontW
CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW

advapi32

GetUserNameW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

msvcp140

_Cnd_destroy_in_situ
_Cnd_init_in_situ
_Mtx_current_owns
_Thrd_id
_Thrd_join
?_Xlength_error@std@@YAXPBD@Z
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?_Xout_of_range@std@@YAXPBD@Z
_Xtime_get_ticks
_Query_perf_counter
_Query_perf_frequency
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?_Throw_Cpp_error@std@@YAXH@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1_Lockit@std@@QAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPBDH@Z
_Mbrtowc
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
?c_str@?$_Yarn@D@std@@QBEPBDXZ
??Bid@locale@std@@QAEIXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$numpunct@_W@std@@2V0locale@2@A
_Cnd_timedwait
_Cnd_signal
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAJ@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
_Cnd_do_broadcast_at_thread_exit
??0_Lockit@std@@QAE@H@Z

msimg32

AlphaBlend
GradientFill

vcruntime140

__std_type_info_name
wcschr
strstr
strchr
_except_handler4_common
memset
__current_exception_context
__current_exception
_set_se_translator
wcsstr
_setjmp3
__CxxLongjmpUnwind
memchr
_purecall
__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memmove
__RTtypeid
__std_type_info_compare
longjmp

api-ms-win-crt-runtime-l1-1-0

_set_app_type
exit
_errno
abort
_get_narrow_winmain_command_line
_initterm
_invalid_parameter_noinfo_noreturn
_initterm_e
_exit
_c_exit
_register_thread_local_exe_atexit_callback
terminate
_controlfp_s
_seh_filter_exe
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_cexit
_crt_atexit
_register_onexit_function
_beginthreadex

api-ms-win-crt-heap-l1-1-0

free
realloc
_set_new_mode
malloc
calloc
_callnewh

api-ms-win-crt-math-l1-1-0

floor
lroundf
lround
_libm_sse2_sin_precise
_fdopen
_CIfmod
_libm_sse2_acos_precise
_libm_sse2_pow_precise
_libm_sse2_tan_precise
_CIatan2
_libm_sse2_cos_precise
__setusermatherr
ceil
_ldclass
_fdclass
_dclass
_fdsign
_ldsign
_libm_sse2_sqrt_precise
_dsign

api-ms-win-crt-stdio-l1-1-0

ferror
_fseeki64
_ftelli64
fwrite
_wfopen
fflush
_telli64
_lseeki64
_write
_read
_commit
__stdio_common_vsnprintf_s
_close
_open_osfhandle
_wsopen_dispatch
feof
_get_osfhandle
__stdio_common_vswprintf
__stdio_common_vswprintf_p
_wfsopen
_fileno
fread
fclose
_set_fmode
__p__commode
__stdio_common_vsscanf
__stdio_common_vswscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
__stdio_common_vfwprintf
__acrt_iob_func
clearerr

api-ms-win-crt-utility-l1-1-0

rand_s
bsearch
rand
qsort

api-ms-win-crt-string-l1-1-0

tolower
toupper
ispunct
strncmp
iswalnum
iswalpha
iswdigit
isdigit
iswspace
iswxdigit
iswprint
isspace
strncpy
_strdup
towlower
wcsncat
wcsncpy
_wcsicmp
wcspbrk
towupper

api-ms-win-crt-convert-l1-1-0

atoi
_wtol
strtol
atof
strtoll
_wcstoui64
_wcstoi64
wcstoul
_wcstol_l
wcstol
_wcstod_l
strtoul
wcstod
_wtoi

api-ms-win-crt-time-l1-1-0

_get_timezone
clock
_gmtime64
_time64
_localtime64
_tzset
strftime
_localtime64_s
_gmtime64_s
wcsftime
_mktime64

api-ms-win-crt-environment-l1-1-0

_wgetcwd
getenv
_wgetenv

api-ms-win-crt-filesystem-l1-1-0

_wrename
_wremove
_wrmdir
_wmkdir

api-ms-win-crt-locale-l1-1-0

_free_locale
localeconv
setlocale
_configthreadlocale
_create_locale

Exports

Exports

pcre2_code_copy_16
pcre2_code_copy_with_tables_16
pcre2_code_free_16
pcre2_compile_16
pcre2_compile_context_copy_16
pcre2_compile_context_create_16
pcre2_compile_context_free_16
pcre2_config_16
pcre2_convert_context_copy_16
pcre2_convert_context_create_16
pcre2_convert_context_free_16
pcre2_general_context_copy_16
pcre2_general_context_create_16
pcre2_general_context_free_16
pcre2_get_error_message_16
pcre2_get_mark_16
pcre2_get_match_data_size_16
pcre2_get_ovector_count_16
pcre2_get_ovector_pointer_16
pcre2_get_startchar_16
pcre2_jit_compile_16
pcre2_jit_free_unused_memory_16
pcre2_jit_match_16
pcre2_jit_stack_assign_16
pcre2_jit_stack_create_16
pcre2_jit_stack_free_16
pcre2_match_16
pcre2_match_context_copy_16
pcre2_match_context_create_16
pcre2_match_context_free_16
pcre2_match_data_create_16
pcre2_match_data_create_from_pattern_16
pcre2_match_data_free_16
pcre2_set_bsr_16
pcre2_set_callout_16
pcre2_set_character_tables_16
pcre2_set_compile_extra_options_16
pcre2_set_compile_recursion_guard_16
pcre2_set_depth_limit_16
pcre2_set_glob_escape_16
pcre2_set_glob_separator_16
pcre2_set_heap_limit_16
pcre2_set_match_limit_16
pcre2_set_max_pattern_length_16
pcre2_set_newline_16
pcre2_set_offset_limit_16
pcre2_set_parens_nest_limit_16
pcre2_set_recursion_limit_16
pcre2_set_recursion_memory_management_16
pcre2_set_substitute_callout_16

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

286743d1725f22e14d9e50d1dc2771a7

Headers

DLL Characteristics

File Characteristics

Imports

winmm

comctl32

oleacc

uxtheme

rpcrt4

shlwapi

version

kernel32

user32

gdi32

winspool.drv

shell32

ole32

comdlg32

advapi32

msvcp140

msimg32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 74KB - Virtual size: 250KB

.rsrc Size: 25KB - Virtual size: 24KB

.reloc Size: 334KB - Virtual size: 334KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 74KB - Virtual size: 250KB

.rsrc
Size: 25KB - Virtual size: 24KB

.reloc
Size: 334KB - Virtual size: 334KB