b8c4d028504d7598c933ac58856c3d9261556d1284cb7e3d3d300af206fb7c7b

Sharing

Copy URL Twitter E-mail

General

Target

b8c4d028504d7598c933ac58856c3d9261556d1284cb7e3d3d300af206fb7c7b
Size

1.5MB
MD5

21bf4998e7a6518c9c31b0572aa75c4b
SHA1

2c37ddfaeea036932169b3b1c816031e4e1bce83
SHA256

b8c4d028504d7598c933ac58856c3d9261556d1284cb7e3d3d300af206fb7c7b
SHA512

1b16a04463c548c94a5b1aab04392795e6ef87e213bc2b16ac1a35175607048a2f54952b4398599aec04b1a350d7e2942b2833395c0fd28f799fb5117998f907
SSDEEP

24576:mm6c+jZHqXj+IrJQ8m40X8dGRZC/PIy53I99eeYrXmIVQCG+K7EQ1/TwSfVcYG3D:B6c+jZHqX6S+X8dGRZC/PIy53I99etXg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8c4d028504d7598c933ac58856c3d9261556d1284cb7e3d3d300af206fb7c7b

Files

b8c4d028504d7598c933ac58856c3d9261556d1284cb7e3d3d300af206fb7c7b
.exe windows:10 windows x64 arch:x64

420c49a8b1a293b6be194a76f9764334

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SearchIndexer.pdb

Imports

msvcp_win

?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?epptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setg@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W00@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?egptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?pptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?eback@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?setp@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXPEA_W0@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAGXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA_N_N@Z
?gptr@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEBAPEA_WXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
??Bios_base@std@@QEBA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Wcscoll
_Wcsxfrm
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xbad_function_call@std@@YAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Syserror_map@std@@YAPEBDH@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXH@Z
?_Xlength_error@std@@YAXPEBD@Z

api-ms-win-crt-string-l1-1-0

memmove_s
memset
wcspbrk
wcscmp
wcsncmp

api-ms-win-crt-runtime-l1-1-0

_register_thread_local_exe_atexit_callback
_initterm
_c_exit
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__recalloc
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_errno
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wcslwr_s
_o__wcsnicmp
__C_specific_handler
memmove
_o__wtol
_o_abort
_o_calloc
_o_ceilf
_o_exit
_o_free
_o_iswspace
_o_iswxdigit
_o_malloc
_o_qsort
_o_realloc
_o_terminate
_o_towupper
_o_wcsncpy_s
_o_wcstok
_o_wcstol
_o_wmemcpy_s
__current_exception
__current_exception_context
__CxxFrameHandler3
_CxxThrowException
__std_terminate
__CxxFrameHandler4
_o__crt_atexit
_o__configure_narrow_argv
_o__configthreadlocale
_o__get_narrow_winmain_command_line
_o__get_errno
_o__cexit
_o__callnewh
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_exception_destroy
_o___std_exception_copy
__C_specific_handler_noexcept
memcmp
memcpy
_o___p__commode
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
wcschr
wcsstr
strchr
_o__exit
_o__errno
_o____lc_codepage_func

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleExW
LockResource
FindResourceExW
GetProcAddress
GetModuleFileNameA
FindStringOrdinal
LoadResource
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
GetModuleHandleW
SizeofResource
LoadStringW
GetModuleHandleExA

api-ms-win-core-synch-l1-1-0

OpenEventW
InitializeSRWLock
TryAcquireSRWLockExclusive
WaitForSingleObject
DeleteCriticalSection
ReleaseMutex
ReleaseSemaphore
EnterCriticalSection
WaitForSingleObjectEx
OpenSemaphoreW
LeaveCriticalSection
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
CreateSemaphoreExW
CreateMutexW
InitializeCriticalSection
SetEvent
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
InitializeCriticalSectionEx
AcquireSRWLockExclusive
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapSize
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSetInformation

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
SetErrorMode

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
SetPriorityClass
GetCurrentThread
GetStartupInfoW
TerminateProcess
GetCurrentProcessId
GetCurrentProcess
OpenThreadToken
OpenProcessToken
GetCurrentThreadId
CreateThread
TlsFree

api-ms-win-core-localization-l1-2-0

ResolveLocaleName
GetLocaleInfoEx
FormatMessageA
GetLocaleInfoW
GetSystemPreferredUILanguages
LocaleNameToLCID
LCMapStringW
GetNLSVersionEx
GetSystemDefaultLCID
FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

oleaut32

SetErrorInfo
GetErrorInfo
SafeArrayDestroy
SafeArrayGetUBound
SafeArrayGetElement
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen
VarUI4FromStr
VarBstrCat
SysStringLen
SysAllocStringLen
VariantClear
VariantInit
SysAllocString
SysFreeString

api-ms-win-core-registry-l1-1-0

RegDeleteKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegGetValueW
RegCreateKeyExW
RegEnumKeyExW
RegDeleteTreeW
RegQueryValueExW
RegGetKeySecurity

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsUNCW
PathIsUNCServerW
PathStripToRootW
PathFileExistsW
PathIsUNCServerShareW
PathRemoveBackslashW
PathIsRootW
PathCanonicalizeW
PathFindNextComponentW
PathSkipRootW
PathAddBackslashW
PathAppendW

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateFreeThreadedMarshaler
CoRevokeClassObject
CoInitializeSecurity
CoAddRefServerProcess
CoReleaseServerProcess
CoTaskMemFree
CoResumeClassObjects
CoInitializeEx
CLSIDFromString
CoImpersonateClient
CoRevertToSelf
CoTaskMemRealloc
CoMarshalInterface
StringFromGUID2
IIDFromString
CoRegisterClassObject
CoCreateInstance
CoGetMalloc
CoTaskMemAlloc
PropVariantClear

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
IsThreadpoolTimerSet
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-synch-l1-2-0

InitOnceInitialize
InitOnceExecuteOnce
Sleep
InitOnceBeginInitialize
InitOnceComplete

ntdll

RtlNtStatusToDosError
RtlIsStateSeparationEnabled
NtQueryWnfStateData
NtOpenFile
RtlInitUnicodeString
NtSetInformationFile
RtlQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlPublishWnfStateData
RtlQueryPackageClaims
RtlGetPersistedStateLocation
RtlGetDeviceFamilyInfoEnum

api-ms-win-core-file-l1-1-0

FindNextVolumeW
GetFileAttributesExW
SetFileAttributesW
GetFileAttributesW
FindClose
GetFileTime
CompareFileTime
FindNextFileW
FindFirstFileExW
DeleteFileW
CreateDirectoryW
SetFileTime
FindFirstVolumeW
GetDriveTypeW
GetLogicalDrives
GetVolumeInformationW
FindVolumeClose
CreateFileW
FindFirstFileW
RemoveDirectoryW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW
lstrcmpW

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventRegister
EventEnabled
EventActivityIdControl
EventSetInformation
EventUnregister

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount
GetVersionExW
GetTickCount64

api-ms-win-core-string-l1-1-0

CompareStringW
CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-shcore-registry-l1-1-0

SHDeleteKeyW
SHGetValueW
SHSetValueW
SHCopyKeyW

api-ms-win-shell-shdirectory-l1-1-0

ord290

api-ms-win-core-processenvironment-l1-1-0

SetEnvironmentVariableW
SearchPathW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
GetCommandLineW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-service-management-l1-1-0

CloseServiceHandle
OpenServiceW
OpenSCManagerW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess
SetProcessMitigationPolicy

api-ms-win-service-management-l2-1-0

ChangeServiceConfig2W

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoOriginateErrorW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage
GetSystemDefaultUILanguage

api-ms-win-core-heap-l2-1-0

LocalFree

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-rtlsupport-l1-1-0

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

shcore

SHStrDupW
ord1

combase

ord184

mssrch

??1CSearchServiceObj@@QEAA@XZ
?GetFileChangeClientManagerInstance@@YA?AV?$shared_ptr@UIFileChangeClientManager@ChangeTracking@Windows@@@std@@XZ
?GetFilterHostProcessPoolManager@CSearchServiceObj@@SAJPEAPEAUIFilterHostProcessPoolManager@@@Z
??0CSearchServiceObj@@QEAA@XZ
?Cleanup@CSearchServiceObj@@SAXXZ

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrStrIW
StrCmpNICW

api-ms-win-core-path-l1-1-0

PathCchSkipRoot

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileW
GetSystemPowerStatus
RegisterWaitForSingleObject

api-ms-win-service-winsvc-l1-1-0

QueryServiceStatus
ControlService

api-ms-win-service-core-l1-1-1

EnumDependentServicesW

api-ms-win-core-processthreads-l1-1-3

SetThreadDescription

api-ms-win-core-timezone-l1-1-0

SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

api-ms-win-core-datetime-l1-1-0

GetTimeFormatW

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-winrt-l1-1-0

RoRegisterActivationFactories
RoGetActivationFactory
RoRevokeActivationFactories

api-ms-win-core-winrt-string-l1-1-0

WindowsIsStringEmpty
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDeleteString

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-service-core-l1-1-0

SetServiceStatus
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
CreateFileMappingW
MapViewOfFile

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

rpcrt4

I_RpcBindingInqLocalClientPID

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-shcore-stream-l1-1-0

SHCreateMemStream

api-ms-win-core-realtime-l1-1-0

QueryUnbiasedInterruptTime

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-appmodel-runtime-l1-1-1

GetApplicationUserModelIdFromToken

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

propsys

ord437

Sections

.text
Size: 680KB - Virtual size: 676KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

420c49a8b1a293b6be194a76f9764334

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp_win

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

oleaut32

api-ms-win-core-registry-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-synch-l1-2-0

ntdll

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-shcore-registry-l1-1-0

api-ms-win-shell-shdirectory-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-string-l2-1-0

api-ms-win-service-management-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-service-management-l2-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-apiquery-l1-1-0

shcore

combase

mssrch

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-service-winsvc-l1-1-0

api-ms-win-service-core-l1-1-1

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-service-core-l1-1-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-localization-l1-2-2

rpcrt4

api-ms-win-core-psapi-l1-1-0

api-ms-win-shcore-stream-l1-1-0

api-ms-win-core-realtime-l1-1-0

.text
Size: 680KB - Virtual size: 676KB

.rdata
Size: 192KB - Virtual size: 191KB

.data
Size: 8KB - Virtual size: 15KB

.pdata
Size: 44KB - Virtual size: 40KB

.didat
Size: 4KB - Virtual size: 752B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 576KB - Virtual size: 580KB