LadaCuScule-6[.]116-amd64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

LadaCuScule-6.116-amd64.exe
Size

2.0MB
MD5

72bfb714b80fd5067956ce47266657e6
SHA1

022dfdac41493299e803e04fd1cd3b9ec2ba9f21
SHA256

17f5e59dcf55770652c6dabab68f9a0ded5a27414a5260070fcbdd123aa6e2a8
SHA512

be333f5d3bb2909dfd4f20ae76345ac55d82894d65616a833c0a4fe4df602044375bb06f5dc7fc1386a299b6e37b6dda72489be5d63c9a6f334a1f199fccaffb
SSDEEP

49152:XjfyzhKo1Tpj+a5a0CvCUO8ATYWfW/fss6cBlYHb2d1bd:TfkzLzvC6U/fWfmss6wlfdpd

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ExecDos.dll
unpack001/$PLUGINSDIR/LcS.exe
unpack001/$PLUGINSDIR/NScurl.dll
unpack001/$PLUGINSDIR/NSutils.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PROGRAMFILES/LadaCuScule/LcS.exe

Files

LadaCuScule-6.116-amd64.exe
.exe windows:4 windows x64 arch:x64

9a4c047d9cda0e4c9e36d8cf80c9f971

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

26:fd:ad:ac:05:be:80:71:bc:dd:8b:eb:fa:02:15:9d
Certificate

Issuer

CN=Negruțiu Root Certificate Authority - G1,O=Marius Negruțiu

Not Before

14/10/2023, 11:20

Not After

14/10/2026, 11:20

Subject

CN=Marius Negruțiu,O=Marius Negruțiu,1.2.840.113549.1.9.1=#0c1e6d61726975732e6e656772757469754070726f746f6e6d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

35:0a:aa:09:f9:fc:6b:85:4d:46:ca:b9:ca:0f:0f:c9
Certificate

Issuer

CN=Negruțiu Root Certificate Authority - G2,O=Marius Negruțiu

Not Before

14/10/2023, 11:23

Not After

14/10/2026, 11:23

Subject

CN=Marius Negruțiu,O=Marius Negruțiu,1.2.840.113549.1.9.1=#0c1e6d61726975732e6e656772757469754070726f746f6e6d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f8:50:3e:3d:6b:42:b1:89:cd:0e:20:ed:ec:1f:22:29:ca:9e:ff:4b:67:ec:1a:82:53:0f:10:3f:9f:a4:17:c6
Signer

Actual PE Digest

f8:50:3e:3d:6b:42:b1:89:cd:0e:20:ed:ec:1f:22:29:ca:9e:ff:4b:67:ec:1a:82:53:0f:10:3f:9f:a4:17:c6

Digest Algorithm

sha256

PE Digest Matches

true

1b:f7:46:2f:8a:26:d2:a7:d0:37:68:d1:9e:dc:a5:01:b6:1a:98:c2
Signer

Actual PE Digest

1b:f7:46:2f:8a:26:d2:a7:d0:37:68:d1:9e:dc:a5:01:b6:1a:98:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CompareStringW
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetLocalTime
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetUserDefaultUILanguage
GetVersionExW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapFree
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHCLSIDFromString
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetAsyncKeyState
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongPtrW
GetWindowRect
InvalidateRect
IsDlgButtonChecked
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongPtrW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongPtrW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfW
wvsprintfW

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 240KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 2.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/ExecDos.dll
.dll windows:4 windows x64 arch:x64

407cd5d8fd5e0edf06b1cd7a10f44333

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileW
CreatePipe
CreateProcessW
CreateThread
DuplicateHandle
FlushFileBuffers
GetCurrentProcess
GetExitCodeProcess
GetExitCodeThread
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalFree
MultiByteToWideChar
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcatW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

user32

FindWindowExW
GetClassNameW
GetDlgItem
SendMessageW
wsprintfW

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 99B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LcS.exe
.exe windows:6 windows x64 arch:x64

24e172ffe8fbd921ca04ab7be37e4be7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

wvnsprintfW
wvnsprintfA

kernel32

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
EnterCriticalSection
CloseHandle
HeapAlloc
HeapReAlloc
GetLastError
WriteFile
SetFilePointer
CreateFileW
CreateDirectoryW
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
MoveFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileSize
CreateThreadpoolTimer
SetThreadpoolTimer
lstrlenA
GetLocalTime
WideCharToMultiByte
GetCurrentProcessId
ProcessIdToSessionId
GetProcAddress
GlobalMemoryStatusEx
GetPhysicallyInstalledSystemMemory
GetModuleFileNameW
FreeLibrary
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryW
GetSystemDirectoryW
FormatMessageW
CreateEventW
SetEvent
WaitForSingleObjectEx
FlushFileBuffers
LeaveCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
SetLastError
ExitProcess
GetModuleHandleW
GetCommandLineW
GetTickCount

advapi32

ControlService
NotifyServiceStatusChangeW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NScurl.dll
.dll windows:4 windows x64 arch:x64

2735ff9a552ce2455cebb0af6c49cdea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
DeregisterEventSource
RegisterEventSourceW
ReportEventW

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
CertGetEnhancedKeyUsage
CertGetIntendedKeyUsage
CertOpenSystemStoreA

kernel32

CloseHandle
CompareFileTime
CompareStringA
CompareStringW
CreateDirectoryW
CreateEventW
CreateFileW
CreateThread
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileW
FindResourceExW
FormatMessageW
FreeLibrary
GetConsoleMode
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileSize
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LoadResource
LockResource
MoveFileExA
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleA
ReadConsoleW
ReadFile
ResetEvent
RtlVirtualUnwind
SetConsoleMode
SetEvent
SetFilePointer
SetLastError
SizeofResource
Sleep
SleepEx
SystemTimeToFileTime
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcmpiA
lstrcmpiW
lstrcpyW
lstrcpynA
lstrcpynW
lstrlenA
lstrlenW

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_access
_assert
_beginthreadex
_close
_errno
_exit
_fdopen
_filelengthi64
_fileno
_fileno
_fstat64
_gmtime64
_lock
_onexit
_open
_read
_setmode
_snprintf
_snwprintf
_stat64
_stricmp
_strdup
_strdup
_strnicmp
_sys_errlist
_sys_nerr
_time64
_unlink
_unlock
_vsnprintf
_vsnwprintf
_wfopen
abort
atexit
atoi
calloc
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwrite
getc
getenv
islower
isspace
isupper
isxdigit
_write
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
raise
realloc
setvbuf
signal
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
tolower
ungetc
wcscat
wcscpy
wcslen
wcsstr
wcstombs

user32

CallWindowProcW
CopyRect
CreateDialogParamW
CreateWindowExW
DestroyIcon
DestroyWindow
DispatchMessageW
EnableMenuItem
EnableWindow
FindWindowExW
GetDesktopWindow
GetDlgItem
GetProcessWindowStation
GetPropW
GetSystemMenu
GetSystemMetrics
GetUserObjectInformationW
GetWindow
GetWindowLongPtrW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
IsDialogMessageW
IsWindow
IsWindowEnabled
IsWindowVisible
LoadImageW
MessageBoxW
MsgWaitForMultipleObjects
OffsetRect
PeekMessageW
RemovePropW
ScreenToClient
SendDlgItemMessageW
SendMessageW
SetForegroundWindow
SetPropW
SetRectEmpty
SetWindowLongPtrW
SetWindowPos
SetWindowTextW
TranslateMessage
wsprintfW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

WSACleanup
WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
WSAIoctl
WSAResetEvent
WSASetEvent
WSASetLastError
WSAStartup
WSAWaitForMultipleEvents
__WSAFDIsSet
accept
bind
closesocket
connect
freeaddrinfo
getaddrinfo
gethostbyname
getnameinfo
getpeername
getsockname
getsockopt
htonl
htons
ioctlsocket
listen
ntohs
recv
select
send
setsockopt
socket

Exports

Exports

cancel
echo
enumerate
escape
http
md5
query
sha1
sha256
unescape
wait

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 613KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 231B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSutils.dll
.dll windows:4 windows x64 arch:x64

0e4dea32ee828e2e79235dd200912cf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW

gdi32

BitBlt
CreateCompatibleDC
CreateDIBSection
CreateSolidBrush
DeleteDC
DeleteObject
GetObjectW
GetPixel
GetStockObject
SelectObject

kernel32

BeginUpdateResourceA
BeginUpdateResourceW
CloseHandle
CompareStringW
CreateFileW
CreateThread
DeleteCriticalSection
DeleteFileW
DeviceIoControl
EndUpdateResourceW
EnterCriticalSection
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
FindResourceExW
FreeLibrary
GetCurrentProcess
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetSystemDirectoryW
GetVersion
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
LoadResource
LockResource
MoveFileExW
MultiByteToWideChar
OpenProcess
QueryDosDeviceW
ReadFile
SetFileAttributesW
SetFilePointer
SetLastError
SizeofResource
Sleep
TerminateThread
TlsGetValue
UpdateResourceW
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenA
lstrlenW

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_snwprintf
_unlock
_vsnwprintf
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

OleLoadPicturePath

user32

CallNextHookEx
CallWindowProcW
DefWindowProcW
FillRect
FrameRect
GetPropW
GetWindowLongPtrW
IsWindow
KillTimer
RemovePropW
SendMessageW
SetPropW
SetRect
SetTimer
SetWindowLongPtrW
SetWindowsHookExW
UnhookWindowsHookEx
wsprintfW

version

VerQueryValueW

Exports

Exports

CPUID
CloseFileHandles
CompareFiles
DisableProgressStepBack
DriveIsSSD
ExecutePendingFileRenameOperations
FindPendingFileRenameOperations
GetFileVersion
GetProductVersion
GetVersionInfoString
LoadImageFile
ReadResourceString
RedirectProgressBar
RegBinaryInsertString
RegMultiSzDelete
RegMultiSzInsertAfter
RegMultiSzInsertAtIndex
RegMultiSzInsertBefore
RegMultiSzRead
RejectCloseMessages
RemoveSoftwareRestrictionPolicies
RestoreProgressStepBack
StartReceivingClicks
StartTimer
StopReceivingClicks
StopTimer
WriteResourceString

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 736B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 850B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x64 arch:x64

cf8eee620b3371ff06e99c34f39ea84c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
Sleep
TlsGetValue
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyW
lstrcpynW
lstrlenW

msvcrt

__iob_func
_amsg_exit
_initterm
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfW

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 320B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x64 arch:x64

74ba91b9fcb5a967b84ea9b49217f8d2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
IsTextUnicode
SetSecurityDescriptorDacl

kernel32

CloseHandle
CopyFileW
CreateFileMappingW
CreateFileW
CreatePipe
CreateProcessW
DeleteFileW
ExitProcess
GetCommandLineW
GetExitCodeProcess
GetModuleFileNameW
GetStartupInfoW
GetTempFileNameW
GetTickCount
GlobalAlloc
GlobalFree
GlobalReAlloc
IsDBCSLeadByteEx
MapViewOfFile
MultiByteToWideChar
PeekNamedPipe
ReadFile
Sleep
TerminateProcess
UnmapViewOfFile
WaitForSingleObject
WideCharToMultiByte
lstrcatW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

user32

CharNextW
CharPrevW
FindWindowExW
SendMessageW
wsprintfW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/LadaCuScule/LcS.exe
.exe windows:6 windows x64 arch:x64

24e172ffe8fbd921ca04ab7be37e4be7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

wvnsprintfW
wvnsprintfA

kernel32

CloseThreadpoolTimer
WaitForThreadpoolTimerCallbacks
EnterCriticalSection
CloseHandle
HeapAlloc
HeapReAlloc
GetLastError
WriteFile
SetFilePointer
CreateFileW
CreateDirectoryW
ExpandEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
MoveFileW
DeleteFileW
GetFinalPathNameByHandleW
GetFileSize
CreateThreadpoolTimer
SetThreadpoolTimer
lstrlenA
GetLocalTime
WideCharToMultiByte
GetCurrentProcessId
ProcessIdToSessionId
GetProcAddress
GlobalMemoryStatusEx
GetPhysicallyInstalledSystemMemory
GetModuleFileNameW
FreeLibrary
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryW
GetSystemDirectoryW
FormatMessageW
CreateEventW
SetEvent
WaitForSingleObjectEx
FlushFileBuffers
LeaveCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
SetLastError
ExitProcess
GetModuleHandleW
GetCommandLineW
GetTickCount

advapi32

ControlService
NotifyServiceStatusChangeW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a4c047d9cda0e4c9e36d8cf80c9f971

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

26:fd:ad:ac:05:be:80:71:bc:dd:8b:eb:fa:02:15:9dCertificate

Extended Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

35:0a:aa:09:f9:fc:6b:85:4d:46:ca:b9:ca:0f:0f:c9Certificate

Extended Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

f8:50:3e:3d:6b:42:b1:89:cd:0e:20:ed:ec:1f:22:29:ca:9e:ff:4b:67:ec:1a:82:53:0f:10:3f:9f:a4:17:c6Signer

1b:f7:46:2f:8a:26:d2:a7:d0:37:68:d1:9e:dc:a5:01:b6:1a:98:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 42KB - Virtual size: 42KB

.data Size: 512B - Virtual size: 352B

.rdata Size: 15KB - Virtual size: 15KB

.xdata Size: 1KB - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 240KB

.idata Size: 7KB - Virtual size: 6KB

.ndata Size: 512B - Virtual size: 2.8MB

.rsrc Size: 166KB - Virtual size: 166KB

407cd5d8fd5e0edf06b1cd7a10f44333

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 400B

.pdata Size: 512B - Virtual size: 288B

.xdata Size: 512B - Virtual size: 224B

.bss Size: - Virtual size: 48B

.edata Size: 512B - Virtual size: 99B

.idata Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 512B - Virtual size: 16B

24e172ffe8fbd921ca04ab7be37e4be7

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

advapi32

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: - Virtual size: 32B

.pdata Size: 1024B - Virtual size: 984B

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

26:fd:ad:ac:05:be:80:71:bc:dd:8b:eb:fa:02:15:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

35:0a:aa:09:f9:fc:6b:85:4d:46:ca:b9:ca:0f:0f:c9
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

f8:50:3e:3d:6b:42:b1:89:cd:0e:20:ed:ec:1f:22:29:ca:9e:ff:4b:67:ec:1a:82:53:0f:10:3f:9f:a4:17:c6
Signer

1b:f7:46:2f:8a:26:d2:a7:d0:37:68:d1:9e:dc:a5:01:b6:1a:98:c2
Signer

.text
Size: 42KB - Virtual size: 42KB

.data
Size: 512B - Virtual size: 352B

.rdata
Size: 15KB - Virtual size: 15KB

.xdata
Size: 1KB - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 240KB

.idata
Size: 7KB - Virtual size: 6KB

.ndata
Size: 512B - Virtual size: 2.8MB

.rsrc
Size: 166KB - Virtual size: 166KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 400B

.pdata
Size: 512B - Virtual size: 288B

.xdata
Size: 512B - Virtual size: 224B

.bss
Size: - Virtual size: 48B

.edata
Size: 512B - Virtual size: 99B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 512B - Virtual size: 16B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: - Virtual size: 32B

.pdata
Size: 1024B - Virtual size: 984B

.rsrc
Size: 33KB - Virtual size: 33KB

.text
Size: 2.6MB - Virtual size: 2.6MB

.data
Size: 23KB - Virtual size: 23KB

.rdata
Size: 613KB - Virtual size: 613KB

.pdata
Size: 99KB - Virtual size: 99KB

.xdata
Size: 87KB - Virtual size: 86KB

.bss
Size: - Virtual size: 19KB

.edata
Size: 512B - Virtual size: 231B

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 223KB - Virtual size: 222KB

.reloc
Size: 25KB - Virtual size: 25KB

.text
Size: 30KB - Virtual size: 29KB

.data
Size: 512B - Virtual size: 48B

.rdata
Size: 3KB - Virtual size: 3KB

.pdata
Size: 2KB - Virtual size: 1KB

.xdata
Size: 2KB - Virtual size: 1KB

.bss
Size: - Virtual size: 736B

.edata
Size: 1024B - Virtual size: 850B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 48B

.rdata
Size: 2KB - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB