bd9db73221ae484c2a23da14465a13b2

Sharing

Copy URL Twitter E-mail

General

Target

bd9db73221ae484c2a23da14465a13b2
Size

1.0MB
MD5

bd9db73221ae484c2a23da14465a13b2
SHA1

ff9887638ce5d5c9be0707d83b58b0b009b0e742
SHA256

b1404b0ce2054ebad254708af761f1cecbb1845ac48161616fac0e3f2e7d3787
SHA512

775b9a1e60e31cadca78acd9b36954fb9aeccf489eaaada599fa805bdbba98c446ed5a455e9a7ec517d04b8fc6d3b7db571271661e5a16613b52f295e4002d1a
SSDEEP

24576:Hc2YfeCDVc/55YSxHc6W6fJAZ1f6iJnStpjaDMo:HNYmCebH26fOfJnSvaDMo

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/3389远程连接辅助工具.exe
unpack001/Connect.dll
unpack001/mstscax.dll

Files

bd9db73221ae484c2a23da14465a13b2
.rar
3389远程连接辅助工具.exe
.exe windows:4 windows x86 arch:x86

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateDirectoryA
GetTempPathA
ReadFile
SetFilePointer
CreateFileA
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeW

user32

MessageBoxA
wsprintfA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Connect.dll
.exe windows:5 windows x86 arch:x86

c9563dea574f58f47d86577e5a7f024c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mstsc.pdb

Imports

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
GetUserNameW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetUserNameA

kernel32

FlushFileBuffers
ExitProcess
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetFilePointer
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
GetCPInfo
GetOEMCP
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
HeapAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
lstrcpynA
GetVersionExW
GetModuleFileNameA
GetStdHandle
GetCommandLineA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCommandLineW
ReadFile
WriteFile
WideCharToMultiByte
SetLastError
GetACP
CreateThread
SetEvent
LocalAlloc
lstrlenA
LoadResource
LockResource
LocalFree
CloseHandle
GetLastError
InterlockedDecrement
FreeLibrary
InterlockedIncrement
GetStartupInfoA
DebugBreak
GetCurrentProcess
TerminateProcess
MultiByteToWideChar
GetProcAddress
GetVersionExA
GetModuleHandleA
GetComputerNameA
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
GetModuleHandleW
lstrlenW
GetProcessHeap
WaitForSingleObject
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindResourceA
FindResourceW
FormatMessageA
FormatMessageW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
ExpandEnvironmentStringsA
ExpandEnvironmentStringsW
LoadLibraryW

gdi32

CreateFontIndirectA
CreateFontIndirectW
GetObjectA
GetObjectW
GetDIBColorTable
UpdateColors
StretchBlt
CreatePalette
CreateCompatibleBitmap
CreateSolidBrush
SetTextColor
SetBkMode
SetMapMode
SelectPalette
RealizePalette
TranslateCharsetInfo
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
CreateRectRgn
CreateRectRgnIndirect
DeleteObject
SetRectRgn
GetDCOrgEx
GetClipBox
CombineRgn
EqualRgn

user32

TranslateMessage
GetWindowDC
MapDialogRect
GetWindow
FillRect
CheckDlgButton
IsDlgButtonChecked
BeginPaint
DrawIcon
EndPaint
EndDialog
MapWindowPoints
GetDesktopWindow
GetDC
ReleaseDC
GetDlgItem
EnableWindow
SetRect
LockWindowUpdate
SetFocus
SetWindowPlacement
SetWindowPos
GetClientRect
MoveWindow
EqualRect
CopyRect
IsWindowVisible
InvalidateRect
UpdateWindow
EnableMenuItem
ShowWindow
SetForegroundWindow
AdjustWindowRect
IsZoomed
SetCursor
GetSystemMenu
CreateMenu
IsWindow
PostQuitMessage
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetMessageTime
GetCursorPos
CreateDialogIndirectParamA
CreateDialogIndirectParamW
CreateDialogParamA
CreateDialogParamW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DialogBoxParamA
DialogBoxParamW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetDlgItemTextA
GetDlgItemTextW
GetMessageA
GetMessageW
MessageBoxA
MessageBoxW
GetWindowLongA
GetWindowLongW
InsertMenuA
InsertMenuW
IsDialogMessageA
IsDialogMessageW
LoadAcceleratorsA
LoadAcceleratorsW
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
LoadImageA
LoadImageW
LoadStringW
ModifyMenuA
ModifyMenuW
PostMessageA
PostMessageW
SendMessageA
SendMessageW
SetDlgItemTextA
SetDlgItemTextW
SetWindowLongA
SetWindowLongW
SetWindowTextA
SetWindowTextW
TranslateAcceleratorA
TranslateAcceleratorW
RegisterClassExA
RegisterClassExW
SendDlgItemMessageW
DestroyIcon
SetTimer
KillTimer
DestroyWindow
GetSystemMetrics
GetWindowRect

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
ExtractIconW
ExtractIconA
SHGetSpecialFolderLocation

ole32

CoTaskMemAlloc
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_GetImageCount
ImageList_ReplaceIcon

wsock32

inet_addr
gethostbyaddr
gethostbyname

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA
GetOpenFileNameW

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 221KB - Virtual size: 221KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
list.mdb
mstscax.dll
.dll regsvr32 windows:5 windows x86 arch:x86

f4f9ea2971d7855283ab7cbcf0ce7925

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mstscax.pdb

Imports

kernel32

lstrcatA
GetProcessHeap
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
HeapSize
InterlockedExchange
RtlUnwind
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsAlloc
TlsGetValue
TlsFree
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
VirtualQuery
GetSystemInfo
VirtualProtect
HeapFree
GetSystemDefaultLangID
SetEvent
GetVersion
FreeResource
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetCommandLineA
IsBadReadPtr
SetFilePointer
ReadFile
DuplicateHandle
GlobalFree
GlobalHandle
Beep
lstrcmpA
GetSystemTime
GetExitCodeThread
WaitForMultipleObjects
ReleaseSemaphore
GlobalSize
ResetEvent
CreateDirectoryA
DeleteFileA
GetTempFileNameA
CreateDirectoryW
DeleteFileW
GetTempFileNameW
GetTempPathA
Sleep
QueryDosDeviceW
FindNextChangeNotification
FindCloseChangeNotification
GetFileInformationByHandle
SetFileTime
SetEndOfFile
LockFileEx
LockFile
UnlockFile
FreeLibraryAndExitThread
ResumeThread
CreateThread
GetComputerNameA
DebugBreak
WaitForMultipleObjectsEx
EscapeCommFunction
SetCommState
GetCommState
TransmitCommChar
WaitCommEvent
SetCommTimeouts
SetupComm
SetCommMask
PurgeComm
GetCommTimeouts
GetCommMask
GetCommModemStatus
ClearCommError
GetCommProperties
GetCommConfig
SetErrorMode
DeviceIoControl
GetOverlappedResult
FlushFileBuffers
FindClose
GetDiskFreeSpaceA
GlobalMemoryStatus
GetLocalTime
CompareFileTime
SystemTimeToFileTime
GetSystemDefaultLCID
CreateEventA
CreateEventW
CreateFileA
CreateFileW
FindFirstFileA
FindFirstFileW
FindResourceA
FindResourceW
lstrcmpiA
lstrcmpiW
GetFileAttributesA
GetFileAttributesW
GetSystemDirectoryA
GetSystemDirectoryW
SetFileAttributesA
SetFileAttributesW
FindNextFileA
FindNextFileW
GetFullPathNameA
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
GetProfileStringA
GetProfileStringW
LoadLibraryExA
LoadLibraryExW
MoveFileA
MoveFileW
OutputDebugStringW
RemoveDirectoryA
RemoveDirectoryW
CreateMutexA
CreateMutexW
CreateSemaphoreA
CreateSemaphoreW
lstrcpyA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FindFirstChangeNotificationA
FindFirstChangeNotificationW
GetVolumeInformationA
GetVolumeInformationW
GetComputerNameW
GetVersionExW
GetDefaultCommConfigA
GetDefaultCommConfigW
lstrcpynA
ExitThread
RaiseException
IsBadCodePtr
SetStdHandle
TlsSetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
MultiByteToWideChar
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
SizeofResource
DisableThreadLibraryCalls
GetProcAddress
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
HeapDestroy
LoadResource
LockResource
SetLastError
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
LocalFree
lstrlenA
lstrlenW
LocalAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
OutputDebugStringA

advapi32

RegCloseKey
RegQueryValueExA
SetFileSecurityW
SetFileSecurityA
GetFileSecurityW
GetFileSecurityA
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegEnumValueW
RegEnumValueA
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
GetSecurityDescriptorLength
RegOpenKeyA

user32

SetRect
GetWindowDC
DestroyCursor
CreateCursor
AttachThreadInput
GetWindowThreadProcessId
CallNextHookEx
GetAsyncKeyState
GetForegroundWindow
MessageBeep
FlashWindow
SetCapture
ReleaseCapture
GetMessageExtraInfo
UnhookWindowsHookEx
CreateIconIndirect
MsgWaitForMultipleObjects
PostQuitMessage
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EnumClipboardFormats
CountClipboardFormats
GetClipboardData
SetClipboardViewer
ChangeClipboardChain
GetMessageTime
CallWindowProcA
CallWindowProcW
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DispatchMessageA
DispatchMessageW
DrawTextA
DrawTextW
GetClassInfoA
GetClassInfoW
GetClipboardFormatNameA
GetClipboardFormatNameW
GetMessageA
GetMessageW
GetWindowLongA
GetWindowLongW
FillRect
LoadCursorA
LoadCursorW
LoadIconA
LoadIconW
BringWindowToTop
LoadStringW
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostThreadMessageA
PostThreadMessageW
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterClipboardFormatW
SendMessageA
SendMessageW
SetWindowLongA
SetWindowLongW
SetWindowsHookExA
SetWindowsHookExW
SetWindowTextA
SetWindowTextW
UnregisterClassA
UnregisterClassW
wvsprintfA
wvsprintfW
RegisterClassExA
RegisterClassExW
GetClassInfoExA
GetClassInfoExW
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
MapVirtualKeyA
MapVirtualKeyW
GetSystemMenu
EnableMenuItem
SetWindowPlacement
CloseWindow
GetKeyboardState
ScreenToClient
ClientToScreen
SetCursorPos
keybd_event
SetCursor
GetKeyboardType
IsWindowVisible
GetSysColor
GetCursorPos
SetScrollPos
LockWindowUpdate
ShowScrollBar
GetKeyboardLayout
DestroyWindow
InflateRect
GetSysColorBrush
SetScrollInfo
AdjustWindowRect
SystemParametersInfoA
IsIconic
SetParent
TranslateMessage
SetFocus
GetClientRect
UpdateWindow
InvalidateRect
IsWindow
MoveWindow
ShowWindow
IsChild
GetFocus
DestroyAcceleratorTable
GetParent
SetWindowPos
GetWindowRect
GetDesktopWindow
GetSystemMetrics
GetWindowPlacement
BeginPaint
EndPaint
GetKeyState
IntersectRect
EqualRect
SetWindowRgn
UnionRect
PtInRect
GetDC
ReleaseDC
SetTimer
KillTimer
OffsetRect
wsprintfA

gdi32

CreateSolidBrush
PatBlt
StretchDIBits
CreateCompatibleDC
CreateCompatibleBitmap
LineTo
MoveToEx
CreatePen
DeleteObject
SetBkMode
SetBkColor
CreatePolygonRgn
GetRgnBox
CombineRgn
SetRectRgn
UpdateColors
BitBlt
SetBrushOrgEx
SetStretchBltMode
SelectClipRgn
CreateRectRgn
StretchBlt
RealizePalette
SelectPalette
CreateDIBitmap
CreateBrushIndirect
GetNearestPaletteIndex
GetCurrentObject
CreateBitmap
SetDIBitsToDevice
CreatePalette
SetDIBColorTable
CreateDIBPatternBrushPt
CreatePatternBrush
SetBitmapBits
SetTextAlign
GetTextAlign
SetROP2
CreateDIBSection
GetBitmapBits
GdiFlush
GetPaletteEntries
Polyline
Polygon
SetPolyFillMode
SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
LPtoDP
SaveDC
SetTextColor
SetMapMode
CreateMetaFileW
CreateMetaFileA
GetObjectW
GetObjectA
CreateDCW
CreateDCA
GetDIBits
SetMetaFileBitsEx
PlayMetaFile
GetMetaFileBitsEx
GetDIBColorTable
GetNearestColor
Ellipse
SelectObject
GetStockObject
Rectangle
RestoreDC
DeleteDC
SetViewportOrgEx
SetWindowOrgEx

winspool.drv

SetPrinterW
EnumPrintersW
EnumPrintersA
GetPrinterA
GetPrinterDriverA
GetPrinterDataW
GetPrinterDataA
StartDocPrinterW
StartPagePrinter
WritePrinter
GetJobW
SetJobW
GetJobA
SetJobA
EndPagePrinter
EndDocPrinter
GetPrinterW
GetPrinterDriverW
StartDocPrinterA
OpenPrinterW
OpenPrinterA
ClosePrinter

ole32

CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
OleLoadFromStream
OleUninitialize
OleIsCurrentClipboard
OleSetClipboard
WriteClassStm
OleRegEnumVerbs
OleSaveToStream
OleInitialize
CoGetMalloc

oleaut32

VariantClear
OleCreatePropertyFrame
VariantChangeType
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
SysStringByteLen
SysAllocStringByteLen
LoadRegTypeLi

winmm

waveOutSetVolume
waveOutGetVolume
waveOutGetPitch
waveOutPrepareHeader
waveOutWrite
waveOutUnprepareHeader
waveOutReset
waveOutClose
waveOutOpen

wsock32

ioctlsocket
inet_addr
getsockname
shutdown
setsockopt
WSACleanup
WSAAsyncSelect
WSAAsyncGetHostByName
connect
htons
socket
closesocket
send
recv
WSAStartup
bind
sendto
recvfrom
gethostbyname
gethostname
WSACancelAsyncRequest
WSAGetLastError

shell32

ExtractIconW
ExtractIconA
SHFileOperationA
ord100

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllGetTscCtlVer
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 539KB - Virtual size: 539KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

9165ea3e914e03bda3346f13edbd6ccd

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 7KB

.data Size: 36KB - Virtual size: 36KB

.rsrc Size: 8KB - Virtual size: 4KB

c9563dea574f58f47d86577e5a7f024c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

shell32

ole32

oleaut32

comctl32

wsock32

comdlg32

Sections

.text Size: 151KB - Virtual size: 151KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 221KB - Virtual size: 221KB

f4f9ea2971d7855283ab7cbcf0ce7925

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

user32

gdi32

winspool.drv

ole32

oleaut32

winmm

wsock32

shell32

Exports

Exports

Sections

.text Size: 539KB - Virtual size: 539KB

.data Size: 10KB - Virtual size: 19KB

.rsrc Size: 63KB - Virtual size: 62KB

.reloc Size: 26KB - Virtual size: 25KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 7KB

.data
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 151KB - Virtual size: 151KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 221KB - Virtual size: 221KB

.text
Size: 539KB - Virtual size: 539KB

.data
Size: 10KB - Virtual size: 19KB

.rsrc
Size: 63KB - Virtual size: 62KB

.reloc
Size: 26KB - Virtual size: 25KB