5b8970476b82f437f0b9d8ba3411acfb

Sharing

Copy URL Twitter E-mail

General

Target

5b8970476b82f437f0b9d8ba3411acfb
Size

5.5MB
MD5

5b8970476b82f437f0b9d8ba3411acfb
SHA1

17da8f4f285d8477d1b688e1c53e578c86ce4c5d
SHA256

84f4be27b2fd6e5ec9ad825144e05e5239f825421b9138743e6d45001b910b78
SHA512

23176a8642c8816cb31b76904b22471298189a6bb4d17622b01c749dc8664eaf2e1841e0e7ebd7f3e7d695eef5ebf53d2d0b35f0adaf6e2f7f60c3dc0908a792
SSDEEP

98304:ftOx0gc9oQNqdnJ3HmlstZCwhF+6AX7XGa6weKw1LJvwtLvbiYQWkUOQ:fUa59omqdntklwhFlAX7XGwwHvwtLvjR

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/OR3_Diffuseur.exe
unpack001/OR3_Diffuseurs.exe
unpack001/OR3_Diffuseurs_Montage_Pub.exe
unpack002/OR3_Diffuseurs_Montage_Pub.exe
unpack001/OR3_Diffuseurs_Secours.exe
unpack001/OR3_Diffuseurs_Titrage_RDS.exe
unpack001/OR3_Diffuseurs_Upload.exe
unpack001/OR3_Titrage_Creacast.exe
unpack001/OR3_Titrage_Icecast.exe
unpack001/OR3_Titrage_LesIndes.exe
unpack001/OR3_Titrage_Shoutcast.exe

Files

5b8970476b82f437f0b9d8ba3411acfb
.zip
OR3_Diffuseur.exe
.exe windows:4 windows x86 arch:x86

37dd0ce8dbfd22b96e727a44b031e82e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
ord583
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFreeVar
__vbaCyMul
ord588
__vbaLineInputStr
__vbaGosubReturn
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
__vbaResume
__vbaCopyBytes
__vbaForEachCollAd
__vbaVarCmpNe
__vbaStrCat
ord552
ord553
ord660
__vbaLsetFixstr
__vbaStrDate
__vbaRecDestruct
ord661
__vbaSetSystemError
__vbaNameFile
ord662
__vbaHresultCheckObj
ord557
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
ord591
__vbaLateMemSt
__vbaStrBool
__vbaForEachCollObj
ord593
__vbaExitProc
__vbaFileCloseAll
ord594
__vbaCyAdd
ord595
__vbaOnError
__vbaObjSet
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
ord520
__vbaStrFixstr
__vbaBoolVar
__vbaBoolVarNull
__vbaFpR8
__vbaVarTstLt
_CIsin
ord709
__vbaErase
__vbaNextEachCollObj
__vbaVarCmpGt
__vbaVarZero
ord632
__vbaChkstk
__vbaFileClose
__vbaGosubFree
ord633
__vbaCyVar
ord526
EVENT_SINK_AddRef
ord634
ord528
ord635
__vbaGenerateBoundsError
__vbaExitEachColl
ord636
__vbaCyI2
__vbaStrCmp
ord637
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner4
__vbaDateR8
ord560
ord638
__vbaCyI4
ord639
ord561
__vbaObjVar
__vbaI2I4
DllFunctionCall
ord670
__vbaVarOr
__vbaVarLateMemSt
__vbaCySub
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaR4Cy
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaR8Cy
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaUI1I4
__vbaVarMul
__vbaFpCmpCy
__vbaExceptHandler
ord711
__vbaPrintFile
ord712
ord605
__vbaStrToUnicode
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaFailedFriend
__vbaLateIdStAd
__vbaI2Str
__vbaVarDiv
__vbaGosub
ord607
ord608
__vbaVarCmpLe
ord531
ord716
__vbaFPException
ord532
ord319
ord640
__vbaStrVarVal
__vbaUbound
__vbaGetOwner4
ord641
__vbaVarCat
__vbaCheckType
ord535
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
__vbaStopExe
ord644
ord538
ord645
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
ord570
__vbaR8Str
ord648
__vbaInStr
__vbaNew2
ord571
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
ord579
ord686
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaFpCy
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
ord614
__vbaFpI2
__vbaVarMod
__vbaVarCopy
__vbaVarLateMemCallLd
__vbaVarTstGe
__vbaFpI4
__vbaCyAbs
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaAryCopy
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
__vbaI4Cy
ord542
ord543
_allmul
ord544
__vbaVarLateMemCallSt
__vbaLateIdSt
ord545
_CItan
__vbaNextEachCollAd
ord546
ord653
ord547
ord654
__vbaAryUnlock
_CIexp
ord656
ord657
__vbaMidStmtBstr
ord580
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 9.7MB - Virtual size: 9.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OR3_Diffuseurs.exe
.exe windows:4 windows x86 arch:x86

6923813e638b1be0e6b0df86ac8d99d7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaVarTstGt
__vbaVarSub
__vbaStrI2
ord583
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarMove
ord693
__vbaVarVargNofree
__vbaCyMul
__vbaFreeVar
ord588
__vbaLineInputStr
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaGosubReturn
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
ord620
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaRecAnsiToUni
ord626
ord550
__vbaCopyBytes
__vbaResume
__vbaForEachCollAd
__vbaStrCat
__vbaVarCmpNe
ord552
ord553
ord660
__vbaLsetFixstr
__vbaStrDate
ord661
__vbaRecDestruct
__vbaSetSystemError
__vbaNameFile
ord662
__vbaHresultCheckObj
ord557
_adj_fdiv_m32
__vbaAryVar
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
ord591
__vbaLateMemSt
__vbaVarIndexLoadRefLock
__vbaStrBool
__vbaForEachCollObj
ord593
__vbaExitProc
ord300
__vbaFileCloseAll
ord594
ord301
__vbaCyAdd
ord595
__vbaOnError
__vbaObjSet
ord302
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaFpR4
ord306
__vbaForEachCollVar
__vbaBoolVar
ord520
__vbaStrFixstr
ord307
ord308
ord309
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord709
__vbaErase
__vbaNextEachCollObj
__vbaVarCmpGt
__vbaVarZero
ord632
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
ord633
__vbaGosubFree
EVENT_SINK_AddRef
ord634
ord528
ord635
__vbaGenerateBoundsError
__vbaExitEachColl
ord636
__vbaCyI2
__vbaGet3
__vbaStrCmp
ord637
__vbaVarTstEq
__vbaAryConstruct2
__vbaPutOwner3
__vbaPutOwner4
__vbaDateR8
ord560
ord638
__vbaCyI4
ord639
__vbaObjVar
__vbaNextEachCollVar
ord561
__vbaI2I4
DllFunctionCall
ord670
__vbaVarOr
__vbaVarLateMemSt
__vbaFpUI1
__vbaCySub
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
ord568
__vbaFixstrConstruct
__vbaR4Cy
ord569
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaR8Cy
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaLateIdCallSt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaUI1I4
__vbaVarMul
__vbaFpCmpCy
__vbaExceptHandler
ord711
__vbaPrintFile
ord605
__vbaStrToUnicode
ord712
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaLateIdStAd
__vbaI2Str
__vbaVarDiv
ord607
__vbaGosub
ord608
__vbaVarCmpLe
ord531
ord716
__vbaFPException
ord532
ord717
ord319
ord640
__vbaUbound
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
__vbaGetOwner4
ord641
__vbaCheckType
ord535
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
__vbaStopExe
ord644
__vbaFileSeek
ord538
ord645
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaVarLateMemCallLdRf
__vbaR8Str
ord648
__vbaNew2
ord570
ord571
__vbaCyMulI2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
ord681
__vbaVarCmpLt
__vbaVarNot
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
ord579
ord686
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
ord610
__vbaFpCy
__vbaLateMemCall
__vbaVarAdd
__vbaAryLock
ord320
ord612
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaVerifyVarObj
ord613
ord614
__vbaFpI2
__vbaVarMod
__vbaVarCopy
__vbaVarTstGe
__vbaFpI4
__vbaVarLateMemCallLd
__vbaCyAbs
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaUI1Str
__vbaAryCopy
__vbaStrMove
__vbaCastObj
ord619
__vbaI4Cy
__vbaStrVarCopy
ord542
ord543
_allmul
ord544
__vbaVarLateMemCallSt
__vbaLateIdSt
ord545
_CItan
__vbaNextEachCollAd
ord546
ord653
ord547
ord654
__vbaAryUnlock
ord655
_CIexp
ord656
ord657
__vbaMidStmtBstr
ord580
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 12.6MB - Virtual size: 12.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OR3_Diffuseurs.exe.manifest
.xml
OR3_Diffuseurs_Montage_Pub.exe
.exe windows:4 windows x86 arch:x86

4fab8dd33349bfd62e2612f432fb09db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord591
__vbaLateMemSt
__vbaForEachCollObj
__vbaExitProc
__vbaCyAdd
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaBoolVar
ord520
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaNextEachCollObj
ord632
__vbaChkstk
ord633
__vbaFileClose
EVENT_SINK_AddRef
ord634
__vbaGenerateBoundsError
ord528
ord635
__vbaStrCmp
ord529
ord636
ord637
__vbaVarTstEq
ord638
__vbaI2I4
DllFunctionCall
ord670
__vbaVarOr
__vbaCySub
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
ord605
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaStrVarVal
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
ord644
ord645
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
ord617
_CIatan
__vbaCastObj
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
ord653
ord546
__vbaAryUnlock
_CIexp
ord656
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OR3_Diffuseurs_Montage_Pub.zip
.zip
OR3_Diffuseurs_Montage_Pub.exe
.exe windows:4 windows x86 arch:x86

4fab8dd33349bfd62e2612f432fb09db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaResume
__vbaVarCmpNe
__vbaStrCat
__vbaLsetFixstr
ord660
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryDestruct
ord591
__vbaLateMemSt
__vbaForEachCollObj
__vbaExitProc
__vbaCyAdd
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaBoolVar
ord520
__vbaBoolVarNull
__vbaFpR8
_CIsin
__vbaNextEachCollObj
ord632
__vbaChkstk
ord633
__vbaFileClose
EVENT_SINK_AddRef
ord634
__vbaGenerateBoundsError
ord528
ord635
__vbaStrCmp
ord529
ord636
ord637
__vbaVarTstEq
ord638
__vbaI2I4
DllFunctionCall
ord670
__vbaVarOr
__vbaCySub
__vbaCastObjVar
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
EVENT_SINK_Release
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaStrToUnicode
__vbaPrintFile
ord605
_adj_fprem
_adj_fdivr_m64
ord607
ord608
__vbaFPException
__vbaStrVarVal
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
ord644
ord645
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
__vbaFpI2
__vbaFpI4
ord617
_CIatan
__vbaCastObj
__vbaStrMove
ord619
_allmul
__vbaLateIdSt
_CItan
ord653
ord546
__vbaAryUnlock
_CIexp
ord656
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OR3_Diffuseurs_Revisions.htm
.html
OR3_Diffuseurs_Secours.exe
.exe windows:4 windows x86 arch:x86

a010d6468717aaa73d156cfc8ed68a87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaLateIdCall
ord588
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord516
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord553
ord660
__vbaRecDestruct
__vbaSetSystemError
ord661
ord662
__vbaHresultCheckObj
ord557
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryDestruct
ord591
__vbaLateMemSt
__vbaForEachCollObj
__vbaExitProc
ord595
__vbaCyAdd
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
__vbaStrFixstr
ord520
__vbaBoolVarNull
__vbaVarTstLt
__vbaFpR8
_CIsin
__vbaNextEachCollObj
ord632
__vbaChkstk
ord526
ord633
__vbaFileClose
EVENT_SINK_AddRef
ord634
__vbaGenerateBoundsError
ord636
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
ord638
__vbaI2I4
DllFunctionCall
ord670
__vbaVarLateMemSt
__vbaVarOr
__vbaCySub
__vbaCastObjVar
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaR8Cy
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaExceptHandler
__vbaStrToUnicode
ord712
__vbaPrintFile
ord605
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
ord607
ord608
ord531
ord716
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord641
__vbaDateVar
__vbaI2Var
ord645
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaI4Str
__vbaVarCmpLt
__vbaFreeStrList
_adj_fdivr_m32
__vbaR8Var
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaFpI4
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
_CIatan
__vbaCastObj
__vbaStrMove
ord619
__vbaI4Cy
ord542
_allmul
__vbaLateIdSt
ord545
_CItan
ord546
ord653
__vbaAryUnlock
_CIexp
ord656
ord657
__vbaMidStmtBstr
ord580
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OR3_Diffuseurs_Titrage_RDS.exe
.exe windows:4 windows x86 arch:x86

e5447ee4cad1831ee835526c28e9a1ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarSub
__vbaVarTstGt
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord552
ord660
ord553
__vbaLsetFixstr
ord661
__vbaSetSystemError
__vbaRecDestruct
ord662
__vbaHresultCheckObj
ord557
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryDestruct
ord591
__vbaLateMemSt
__vbaForEachCollObj
__vbaExitProc
__vbaFileCloseAll
ord595
__vbaCyAdd
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaFpR4
__vbaBoolVar
__vbaStrFixstr
ord520
__vbaFpR8
__vbaVarTstLt
__vbaBoolVarNull
_CIsin
__vbaNextEachCollObj
__vbaVarZero
ord632
__vbaChkstk
ord526
__vbaFileClose
ord633
EVENT_SINK_AddRef
ord634
ord528
__vbaGenerateBoundsError
__vbaStrCmp
ord636
__vbaVarTstEq
__vbaAryConstruct2
ord637
__vbaCyI4
ord638
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
__vbaCySub
__vbaCastObjVar
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaR8Cy
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
_CIsqrt
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
ord712
ord605
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
ord607
ord608
ord531
__vbaFPException
__vbaStrVarVal
__vbaVarCat
ord641
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
ord645
ord538
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaR8Str
ord648
__vbaNew2
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord685
ord100
ord579
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
__vbaLateMemCall
__vbaAryLock
__vbaVarAdd
__vbaStrToAnsi
__vbaVarDup
__vbaFpI2
__vbaVarMod
__vbaVarTstGe
__vbaVarLateMemCallLd
__vbaFpI4
__vbaLateMemCallLd
ord617
__vbaRecDestructAnsi
_CIatan
__vbaCastObj
__vbaStrMove
__vbaI4Cy
ord619
ord542
ord543
_allmul
__vbaLateIdSt
ord544
ord545
_CItan
ord546
ord653
__vbaAryUnlock
_CIexp
ord656
__vbaMidStmtBstr
ord657
ord580
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OR3_Diffuseurs_Upload.exe
.exe windows:4 windows x86 arch:x86

7f2f30ee09507b351f5a64649c04982e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaGosubReturn
__vbaStrVarMove
__vbaLenBstr
__vbaLineInputStr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
ord516
_adj_fprem1
__vbaRecAnsiToUni
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord660
ord553
__vbaLsetFixstr
__vbaSetSystemError
ord662
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaVarTstLe
Zombie_GetTypeInfo
__vbaAryDestruct
__vbaExitProc
ord300
ord301
__vbaCyAdd
__vbaOnError
__vbaObjSet
ord302
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord306
__vbaStrFixstr
ord520
ord307
ord308
ord309
__vbaVarTstLt
__vbaFpR8
__vbaBoolVarNull
_CIsin
ord632
__vbaChkstk
ord526
ord633
__vbaGosubFree
__vbaFileClose
EVENT_SINK_AddRef
ord634
__vbaVarAbs
ord635
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaCyI2
__vbaAryConstruct2
__vbaPutOwner3
__vbaVarTstEq
__vbaCyI4
ord561
__vbaI2I4
DllFunctionCall
__vbaVarOr
ord670
__vbaCySub
__vbaCastObjVar
_adj_fpatan
__vbaFixstrConstruct
Zombie_GetTypeInfoCount
__vbaRedim
__vbaR8Cy
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
_CIsqrt
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaFpCmpCy
__vbaExceptHandler
__vbaPrintFile
__vbaStrToUnicode
ord712
ord605
_adj_fprem
_adj_fdivr_m64
ord607
__vbaGosub
ord608
__vbaFPException
ord319
__vbaGetOwner3
__vbaStrVarVal
ord641
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
__vbaFileSeek
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaNew2
ord648
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaAryLock
ord320
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaFpI2
__vbaFpI4
ord617
__vbaCyAbs
_CIatan
__vbaCastObj
__vbaStrMove
ord619
ord542
_allmul
ord545
_CItan
ord546
ord653
__vbaFPInt
__vbaAryUnlock
_CIexp
ord656
__vbaMidStmtBstr
__vbaStrCy
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OR3_Titrage_Creacast.exe
.exe windows:4 windows x86 arch:x86

715db48cfa3b52a441c0227ed2208d26

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaLineInputStr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaStrErrVarCopy
_adj_fprem1
__vbaResume
__vbaStrCat
ord660
__vbaHresultCheckObj
ord662
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarAbs
__vbaStrCmp
ord529
ord670
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaDateVar
ord645
ord538
_CIlog
ord539
__vbaFileOpen
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarAdd
__vbaVarDup
__vbaFpI2
_CIatan
__vbaStrMove
_allmul
_CItan
ord546
_CIexp
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar
ord581

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OR3_Titrage_Icecast.exe
.exe windows:4 windows x86 arch:x86

e3c776dedacea767d7c41abdd1a4fd00

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaStrCat
ord660
__vbaHresultCheckObj
ord662
_adj_fdiv_m32
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
ord634
ord638
ord670
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaDateVar
_CIlog
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
__vbaVarAdd
__vbaVarDup
_CIatan
__vbaStrMove
_allmul
_CItan
ord546
_CIexp
ord656
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OR3_Titrage_LesIndes.exe
.exe windows:4 windows x86 arch:x86

021415d8679eba25f21a6f2c82ece750

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaLineInputStr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaStrErrVarCopy
_adj_fprem1
__vbaResume
__vbaStrCat
ord660
__vbaHresultCheckObj
ord662
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
ord634
__vbaStrCmp
ord529
ord670
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
ord605
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaDateVar
ord645
ord538
_CIlog
ord539
__vbaFileOpen
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarAdd
__vbaVarDup
__vbaFpI2
_CIatan
__vbaStrMove
_allmul
_CItan
ord546
_CIexp
ord656
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar
ord581

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
OR3_Titrage_Shoutcast.exe
.exe windows:4 windows x86 arch:x86

f3ff999f26c2798cdc505feb371f0a0a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
_CIcos
_adj_fptan
__vbaStrI4
__vbaVarVargNofree
__vbaFreeVar
__vbaStrVarMove
__vbaLateIdCall
__vbaLineInputStr
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaStrErrVarCopy
_adj_fprem1
__vbaResume
__vbaStrCat
ord660
__vbaHresultCheckObj
ord662
_adj_fdiv_m32
__vbaExitProc
__vbaOnError
__vbaObjSet
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord520
_CIsin
ord632
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaStrCmp
ord529
ord670
_adj_fpatan
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord712
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaStrVarVal
__vbaDateVar
ord645
ord538
_CIlog
ord539
__vbaFileOpen
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord685
ord100
__vbaVarTstNe
__vbaVarAdd
__vbaVarDup
__vbaFpI2
_CIatan
__vbaStrMove
_allmul
_CItan
ord546
_CIexp
ord656
__vbaFreeObj
__vbaFreeStr
__vbaI4ErrVar
ord581

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37dd0ce8dbfd22b96e727a44b031e82e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 9.7MB - Virtual size: 9.7MB

.data Size: 4KB - Virtual size: 120KB

.rsrc Size: 28KB - Virtual size: 25KB

6923813e638b1be0e6b0df86ac8d99d7

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 12.6MB - Virtual size: 12.6MB

.data Size: 4KB - Virtual size: 156KB

.rsrc Size: 28KB - Virtual size: 25KB

4fab8dd33349bfd62e2612f432fb09db

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 284KB - Virtual size: 281KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 28KB - Virtual size: 25KB

4fab8dd33349bfd62e2612f432fb09db

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 276KB - Virtual size: 272KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 28KB - Virtual size: 25KB

a010d6468717aaa73d156cfc8ed68a87

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 264KB - Virtual size: 263KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 28KB - Virtual size: 25KB

e5447ee4cad1831ee835526c28e9a1ae

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.data Size: 4KB - Virtual size: 24KB

.rsrc Size: 16KB - Virtual size: 12KB

7f2f30ee09507b351f5a64649c04982e

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 144KB - Virtual size: 142KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 16KB - Virtual size: 12KB

715db48cfa3b52a441c0227ed2208d26

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 4KB

e3c776dedacea767d7c41abdd1a4fd00

Headers

File Characteristics

.text
Size: 9.7MB - Virtual size: 9.7MB

.data
Size: 4KB - Virtual size: 120KB

.rsrc
Size: 28KB - Virtual size: 25KB

.text
Size: 12.6MB - Virtual size: 12.6MB

.data
Size: 4KB - Virtual size: 156KB

.rsrc
Size: 28KB - Virtual size: 25KB

.text
Size: 284KB - Virtual size: 281KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 28KB - Virtual size: 25KB

.text
Size: 276KB - Virtual size: 272KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 28KB - Virtual size: 25KB

.text
Size: 264KB - Virtual size: 263KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 28KB - Virtual size: 25KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 4KB - Virtual size: 24KB

.rsrc
Size: 16KB - Virtual size: 12KB

.text
Size: 144KB - Virtual size: 142KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 16KB - Virtual size: 12KB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 20KB - Virtual size: 17KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 30KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 16KB - Virtual size: 12KB

.text
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 3KB