f30197b8d85c0fa612a56598287376121a5d2c1895d4bdd7901c9cabcf8a635f

Sharing

Copy URL Twitter E-mail

General

Target

f30197b8d85c0fa612a56598287376121a5d2c1895d4bdd7901c9cabcf8a635f
Size

10.6MB
MD5

4010fea11ab81e6d972def335c37e371
SHA1

af692a9737d4bb509635d37337d11da2f56f7407
SHA256

f30197b8d85c0fa612a56598287376121a5d2c1895d4bdd7901c9cabcf8a635f
SHA512

bf17b9a0fa0fcdd26f6cd9b490e8e704501fd9a2b5d0d0d9ee31a47d9334fb26ba0c13709ba086d8aa399268a83a99886baa7c9a89806176965049c2a54ae21c
SSDEEP

98304:6UsFEFc9Kd4mLQWFAXZK7u8thuub+5HF0qihuKJm8S1SRF:mFEe9e4mwXZK7Fu95HF5iAKJm8S1S7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f30197b8d85c0fa612a56598287376121a5d2c1895d4bdd7901c9cabcf8a635f

Files

f30197b8d85c0fa612a56598287376121a5d2c1895d4bdd7901c9cabcf8a635f
.exe windows:6 windows x64 arch:x64

80e227898616ebd6d331563f2dea95c9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Dock1.9.7.4\x64\Release\Dock_64.pdb

Imports

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
StringFromGUID2
CoCreateGuid
CoInitializeSecurity
CLSIDFromString
CoInitializeEx
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemFree
PropVariantClear

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA
LoadLibraryW
FindResourceW

api-ms-win-core-libraryloader-l1-2-0

FreeLibraryAndExitThread
LoadStringW
GetModuleHandleW
LockResource
LoadResource
LoadLibraryExW
LoadLibraryExA
FreeLibrary
GetModuleFileNameW
GetProcAddress
SizeofResource

api-ms-win-ntuser-sysparams-l1-1-0

GetSystemMetrics
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
EnumDisplayDevicesW

oleaut32

SetErrorInfo
GetErrorInfo
VariantChangeType
SysStringLen
VariantClear
SysFreeString
VariantInit
CreateErrorInfo
SysAllocString

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-file-l1-1-0

GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetLongPathNameW
GetFileSize
SetFileAttributesW
ReadFile
DeleteFileW
FlushFileBuffers
CreateDirectoryA
SetEndOfFile
CreateDirectoryW
GetFileTime
RemoveDirectoryA
SetFilePointerEx
GetFileSizeEx
UnlockFile
GetFileAttributesExA
DeleteFileA
CreateFileA
FindFirstFileExW
FindFirstFileA
FindClose
GetShortPathNameW
FindNextFileA
SetFileTime
SetFilePointer
GetFileAttributesW
LocalFileTimeToFileTime
GetFileAttributesA
WriteFile
GetFileInformationByHandle
GetFileType
GetVolumeInformationW
GetDriveTypeW
FindNextFileW
GetFileAttributesExW
LockFile
CreateFileW

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

d3dcompiler_47

D3DCompile

d3d11

D3D11CreateDevice
CreateDirect3D11DeviceFromDXGIDevice

api-ms-win-mm-time-l1-1-0

timeGetTime
timeBeginPeriod

api-ms-win-core-processthreads-l1-1-0

TlsGetValue
TlsAlloc
ExitThread
ExitProcess
OpenProcessToken
GetCurrentThreadId
TlsSetValue
OpenThread
GetCurrentThread
TlsFree
ResumeThread
CreateThread
GetExitCodeProcess
SetPriorityClass
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
CreateProcessW
GetExitCodeThread

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetErrorMode
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW
MoveFileA
CreateFileMappingA

api-ms-win-core-file-l2-1-2

CopyFileW

api-ms-win-core-psapi-l1-1-0

K32GetProcessMemoryInfo
QueryFullProcessImageNameW
K32EnumProcesses

api-ms-win-core-kernel32-legacy-l1-1-1

SetDllDirectoryW

api-ms-win-core-localization-l1-2-0

GetACP
GetSystemDefaultLCID
FormatMessageA
GetOEMCP
FormatMessageW
LCMapStringW
GetLocaleInfoW
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale

api-ms-win-core-synch-l1-1-0

CreateEventW
SetEvent
TryEnterCriticalSection
InitializeCriticalSection
SetWaitableTimer
LeaveCriticalSection
OpenEventW
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObject

api-ms-win-service-management-l1-1-0

OpenSCManagerW

dwrite

DWriteCreateFactory

d2d1

ord1
ord2

api-ms-win-core-version-l1-1-0

VerQueryValueW

api-ms-win-core-version-l1-1-1

GetFileVersionInfoW

api-ms-win-core-sysinfo-l1-1-0

GetLocalTime
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount64

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-appmodel-runtime-l1-1-0

GetPackageFamilyName

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW

api-ms-win-core-file-ansi-l2-1-0

ReplaceFileA

api-ms-win-core-memory-l1-1-0

ReadProcessMemory
OpenFileMappingW
VirtualAllocEx
CreateFileMappingW
UnmapViewOfFile
VirtualFreeEx
MapViewOfFile
VirtualQuery
VirtualProtect

api-ms-win-core-file-l1-2-2

GetTempPathA

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree
LocalFree
LocalAlloc

api-ms-win-security-cryptoapi-l1-1-0

CryptGetHashParam
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA
CryptDestroyHash
CryptHashData

api-ms-win-security-base-l1-1-0

GetTokenInformation
AdjustTokenPrivileges

crypt32

CryptStringToBinaryA
CryptBinaryToStringW
CryptStringToBinaryW

api-ms-win-core-registry-l1-1-0

RegQueryInfoKeyW
RegCloseKey
RegGetValueW
RegOpenKeyExW
RegEnumValueW
RegNotifyChangeKeyValue
RegSetValueExW
RegQueryValueExW
RegDeleteValueW

rpcrt4

UuidFromStringW

api-ms-win-devices-config-l1-1-1

CM_Get_DevNode_Status
CM_Get_Parent

api-ms-win-core-registry-l2-1-0

RegOpenKeyW
RegEnumKeyW
RegCreateKeyW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

api-ms-win-power-base-l1-1-0

CallNtPowerInformation

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
GetEnvironmentVariableW
GetStdHandle
GetCommandLineA
SetEnvironmentVariableW
GetCommandLineW
FreeEnvironmentStringsW
GetEnvironmentStringsW

ext-ms-win-networking-wlanapi-l1-1-0

WlanSetProfile
WlanCloseHandle
WlanQueryInterface
WlanFreeMemory
WlanGetProfileList
WlanOpenHandle
WlanEnumInterfaces

ws2_32

connect
WSACleanup
WSAStartup
socket

iphlpapi

GetAdaptersInfo

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-obsolete-l1-1-0

GlobalUnlock
GlobalSize
GlobalLock

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-power-setting-l1-1-0

PowerGetActiveScheme

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

powrprof

PowerReadFriendlyName
SetSuspendState
PowerSetActiveScheme
PowerEnumerate

api-ms-win-core-processthreads-l1-1-3

SetProcessInformation

api-ms-win-core-processthreads-l1-1-2

GetSystemTimes

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW

api-ms-win-core-toolhelp-l1-1-0

Process32FirstW
CreateToolhelp32Snapshot
Process32NextW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-debug-l1-1-1

WaitForDebugEvent
ContinueDebugEvent

wlanapi

WlanConnect
WlanDisconnect
WlanRegisterNotification

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-synch-l1-2-1

CreateWaitableTimerW

coremessaging

CreateDispatcherQueueController

user32

IsWindowEnabled
SendNotifyMessageW
GetDC
SetWindowRgn
GetDesktopWindow
GetAsyncKeyState
CloseTouchInputHandle
DestroyIcon
GetMessageExtraInfo
UnhookWindowsHookEx
GetTouchInputInfo
TrackMouseEvent
GetDoubleClickTime
SendMessageA
SetWinEventHook
ReleaseDC
wsprintfW
MsgWaitForMultipleObjects
PeekMessageW
CallNextHookEx
GetParent
SetWindowsHookExW
AllowSetForegroundWindow
keybd_event
SetWindowsHookExA
OpenClipboard
CloseClipboard
EmptyClipboard
ExitWindowsEx
GetLayeredWindowAttributes
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
MonitorFromPoint
MonitorFromRect
QueryDisplayConfig
GetDisplayConfigBufferSizes
DisplayConfigGetDeviceInfo
EnumDisplaySettingsW
GetCursorPos
SetDisplayConfig
MonitorFromWindow
CreatePopupMenu
DestroyMenu
RegisterClassExW
ShowWindow
UpdateLayeredWindow
GetKeyboardLayoutList
LoadKeyboardLayoutW
RegisterShellHookWindow
ShowWindowAsync
SendMessageTimeoutA
GetShellWindow
GetAncestor
SetLayeredWindowAttributes
GetForegroundWindow
GetClassNameW
IsZoomed
IsIconic
GetWindowTextW
UnregisterClassW
GetKeyboardLayout
IsHungAppWindow
GetWindowPlacement
AttachThreadInput
SetFocus
GetClientRect
ActivateKeyboardLayout
UnregisterDeviceNotification
DeregisterShellHookWindow
GetWindowTextLengthW
SetActiveWindow
GetWindowLongW
CloseWindow
SendMessageTimeoutW
SendMessageW
SetWindowTextW
SwitchToThisWindow
LoadCursorW
SetCursor
SetForegroundWindow
UnhookWinEvent
EndPaint
BeginPaint
SetWindowLongW
SetPropW
UpdateLayeredWindowIndirect
GetPropW
DefWindowProcW
IsWindow
PostMessageA
GetWindowRect
RegisterWindowMessageW
GetWindowTextLengthA
FindWindowW
GetMenuStringW
GetSubMenu
GetMenuItemCount
IsWindowVisible
GetMenu
GetMenuItemID
FindWindowExW
GetMenuState
GetSystemMenu
SetWindowLongPtrA
PostQuitMessage
KillTimer
GetWindowLongPtrA
TranslateMessage
TranslateAcceleratorW
ChangeWindowMessageFilter
SetMenu
MoveWindow
RegisterHotKey
RegisterTouchWindow
SetTimer
DispatchMessageW
LoadAcceleratorsW
RemovePropW
CreateWindowExW
MessageBoxW
DestroyWindow
PostMessageW
UnregisterHotKey
GetMessageW
GetWindowThreadProcessId
SetWindowPos
EnableWindow
FindWindowA
GetWindowLongA
FindWindowExA
SetWindowLongA
GetWindow

ole32

CoGetObjectContext
CoGetApartmentType
OleDuplicateData
ReleaseStgMedium
RevokeDragDrop
RegisterDragDrop
OleInitialize
OleUninitialize
CoInitialize

imm32

ImmAssociateContext
ImmReleaseContext
ImmGetDefaultIMEWnd
ImmSetCompositionWindow
ImmGetContext
ImmGetCompositionStringW

oleacc

AccessibleObjectFromWindow
WindowFromAccessibleObject
AccessibleChildren

cfgmgr32

CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW

comdlg32

GetOpenFileNameW

kernel32

IsProcessorFeaturePresent
RtlCaptureStackBackTrace
RtlPcToFileHeader
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetCompressedFileSizeW
InitOnceBeginInitialize
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetStringTypeW
WaitForSingleObjectEx
SwitchToThread
GetNativeSystemInfo
QueryPerformanceCounter
QueryPerformanceFrequency
GetLocaleInfoEx
CompareStringEx
EnterCriticalSection
EncodePointer
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
GetModuleHandleExW
WakeConditionVariable
WakeAllConditionVariable
LCMapStringEx
GetCPInfo
SetFileInformationByHandle
GetTempPathW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitOnceExecuteOnce
SleepConditionVariableCS
CreateEventExW
CreateSemaphoreExW
FlushProcessWriteBuffers
GetCurrentProcessorNumber
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SleepConditionVariableSRW
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolWait
GetFileInformationByHandleEx
CreateSymbolicLinkW
InitializeCriticalSectionAndSpinCount
ResetEvent
RtlCaptureContext
FreeLibraryWhenCallbackReturns
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
InitializeSListHead
InitOnceComplete
GetStartupInfoW
IsDebuggerPresent
InitializeConditionVariable

shell32

DragAcceptFiles
DragFinish
SHAppBarMessage
SHCreateShellItemArrayFromIDLists
DragQueryFileW
ShellExecuteW
ord88
SHGetDesktopFolder
SHQueryUserNotificationState
SHCreateItemFromIDList
ord727
SHCreateItemFromParsingName
SHOpenFolderAndSelectItems
SHGetFileInfoW
SHParseDisplayName
SHFileOperationW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteExW
ord6
SHBrowseForFolderW
SHEmptyRecycleBinW
ord155
SHBindToParent
SHGetFolderLocation
SHGetKnownFolderPath
ord190
ord195

advapi32

CloseServiceHandle
ControlService
OpenServiceW
InitiateShutdownW
GetUserNameW

winmm

PlaySoundW

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW
PathRemoveBackslashW
PathIsDirectoryW
StrStrIA
PathFileExistsW
StrStrIW
StrRetToBufW
ord176

urlmon

CopyStgMedium
URLDownloadToFileW

gdi32

SetDIBitsToDevice
CreatePen
SetBkMode
Rectangle
GetBitmapBits
CreateRectRgnIndirect
DeleteObject
BitBlt
GetObjectW
DeleteDC
GetStockObject
SetLayout
CreateCompatibleDC
GetDeviceCaps
CreateRectRgn
GetPixel
CreateEllipticRgn
CreateDIBSection
SelectObject
CombineRgn

dwmapi

DwmQueryThumbnailSourceSize
DwmSetWindowAttribute
DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmUnregisterThumbnail
DwmRegisterThumbnail
DwmFlush
DwmUpdateThumbnailProperties
DwmIsCompositionEnabled

msimg32

AlphaBlend

dxva2

GetMonitorBrightness
DestroyPhysicalMonitors
SetMonitorBrightness
GetPhysicalMonitorsFromHMONITOR
GetNumberOfPhysicalMonitorsFromHMONITOR

steam_api64

SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallback
SteamInternal_ContextInit
SteamAPI_IsSteamRunning
SteamAPI_UnregisterCallback
SteamInternal_FindOrCreateUserInterface
SteamAPI_GetHSteamUser
SteamAPI_RegisterCallResult
SteamAPI_Init
SteamAPI_Shutdown
SteamAPI_RunCallbacks

dbghelp

MiniDumpWriteDump

bluetoothapis

BluetoothSetServiceState
BluetoothFindRadioClose
BluetoothFindFirstRadio
BluetoothGetRadioInfo

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW

version

GetFileVersionInfoSizeW

comctl32

ImageList_Draw
ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon

rasapi32

RasEnumConnectionsW
RasEnumEntriesW
RasDialW
RasHangUpW
RasGetEntryDialParamsW

api-ms-win-shcore-scaling-l1-1-1

GetScaleFactorForMonitor

pdh

PdhCloseQuery
PdhAddCounterW
PdhRemoveCounter
PdhOpenQueryW
PdhCollectQueryData
PdhGetFormattedCounterValue

api-ms-win-core-debug-l1-1-0

OutputDebugStringW

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwindEx
RtlUnwind

api-ms-win-core-interlocked-l1-1-0

InterlockedPushEntrySList
InterlockedFlushSList

api-ms-win-core-console-l1-1-0

ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
WriteConsoleW
SetConsoleCtrlHandler

api-ms-win-core-threadpool-l1-2-0

TrySubmitThreadpoolCallback

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 917KB - Virtual size: 916KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

80e227898616ebd6d331563f2dea95c9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-ntuser-sysparams-l1-1-0

oleaut32

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

d3dcompiler_47

d3d11

api-ms-win-mm-time-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-synch-l1-2-0

api-ms-win-core-file-l2-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-file-l2-1-2

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-service-management-l1-1-0

dwrite

d2d1

api-ms-win-core-version-l1-1-0

api-ms-win-core-version-l1-1-1

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-appmodel-runtime-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-file-ansi-l2-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-file-l1-2-2

api-ms-win-core-heap-l2-1-0

api-ms-win-security-cryptoapi-l1-1-0

api-ms-win-security-base-l1-1-0

crypt32

api-ms-win-core-registry-l1-1-0

rpcrt4

api-ms-win-devices-config-l1-1-1

api-ms-win-core-registry-l2-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-power-base-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

ext-ms-win-networking-wlanapi-l1-1-0

ws2_32

iphlpapi

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-power-setting-l1-1-0

api-ms-win-core-datetime-l1-1-0

powrprof

api-ms-win-core-processthreads-l1-1-3

api-ms-win-core-processthreads-l1-1-2

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-debug-l1-1-1

wlanapi

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-synch-l1-2-1

coremessaging

user32

ole32

imm32

.text
Size: 6.9MB - Virtual size: 6.9MB

.rdata
Size: 2.1MB - Virtual size: 2.1MB

.data
Size: 139KB - Virtual size: 184KB

.pdata
Size: 390KB - Virtual size: 390KB

_RDATA
Size: 77KB - Virtual size: 77KB

.rsrc
Size: 917KB - Virtual size: 916KB

.reloc
Size: 16KB - Virtual size: 15KB