drss[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

drss.exe
Size

1.4MB
MD5

72956623eb1edf67f88667946566b838
SHA1

545a006dce1ae6674d76d85c3e0939d458aa9131
SHA256

f66f34bf1a67720d1c8bb9d99dd353f84134f14c1eb4713ca77b8fa5cb83a5ce
SHA512

01636167eb2cd250b33b51891abcf77e28697e4720d387407cb26f867dbe5b0bf7c955219b1291db224fe98d41fe3ae9efda286d220c8cfcb7f2b29d126d6fec
SSDEEP

12288:2MLfA+re1kWhk2SsVCzbyhRLF0x3IRXLGRNOo5WVoPyMdeBiBEjEUQ:2MLyNhk/Y0udXLGRQ4+qbBqs

Score

1^/10

Malware Config

Signatures

Files

drss.exe
.exe windows:6 windows x64 arch:x64

10b40e99456bde4ce7f1d567d638ca9d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:99:17:fd:77:18:80:8b:c3:4b:e2:24:e4:15:21:6f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/04/2022, 00:00

Not After

05/04/2025, 23:59

Subject

SERIALNUMBER=91540195754285145H,CN=Wondershare Technology Group Co.\,Ltd,O=Wondershare Technology Group Co.\,Ltd,L=拉萨市,ST=西藏自治区,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c0fe8a5bfe8978fe887aae6b2bbe58cba,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:99:17:fd:77:18:80:8b:c3:4b:e2:24:e4:15:21:6f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/04/2022, 00:00

Not After

05/04/2025, 23:59

Subject

SERIALNUMBER=91540195754285145H,CN=Wondershare Technology Group Co.\,Ltd,O=Wondershare Technology Group Co.\,Ltd,L=拉萨市,ST=西藏自治区,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#0c0fe8a5bfe8978fe887aae6b2bbe58cba,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:4b:30:a0:90:8b:cc:29:01:2c:75:4e:d9:69:70:42:7c:ff:c1:32:a5:fc:18:d6:34:ef:ba:60:6d:bf:f2:cb
Signer

Actual PE Digest

dd:4b:30:a0:90:8b:cc:29:01:2c:75:4e:d9:69:70:42:7c:ff:c1:32:a5:fc:18:d6:34:ef:ba:60:6d:bf:f2:cb

Digest Algorithm

sha256

PE Digest Matches

true

19:1f:4e:be:8f:8a:cf:b3:13:ea:97:05:04:23:86:bb:dc:71:72:a7
Signer

Actual PE Digest

19:1f:4e:be:8f:8a:cf:b3:13:ea:97:05:04:23:86:bb:dc:71:72:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\devops_yanfa\agent\workspace\p-7504ad9668b74b99b438a3d8e8cddc53\src\bin\x64-windows\drss.pdb

Imports

drfm

CreateDiskMapIO
InitFileMapping

avcodec-58

av_bsf_alloc
av_bsf_free
av_bsf_get_by_name
av_bsf_get_class
av_bsf_init
av_bsf_iterate
av_bsf_receive_packet
av_bsf_send_packet
av_codec_is_decoder
av_codec_is_encoder
av_codec_next
av_get_exact_bits_per_sample
av_init_packet
av_packet_get_side_data
av_packet_make_refcounted
av_packet_move_ref
av_packet_rescale_ts
av_packet_unref
avcodec_alloc_context3
avcodec_close
avcodec_configuration
avcodec_copy_context
avcodec_decode_subtitle2
avcodec_descriptor_get
avcodec_descriptor_get_by_name
avcodec_descriptor_next
avcodec_encode_subtitle
avcodec_find_best_pix_fmt_of_2
avcodec_find_decoder
avcodec_find_decoder_by_name
avcodec_find_encoder
avcodec_find_encoder_by_name
avcodec_free_context
avcodec_get_class
avcodec_get_hw_config
avcodec_get_name
avcodec_open2
avcodec_parameters_alloc
avcodec_parameters_copy
avcodec_parameters_free
avcodec_parameters_from_context
avcodec_parameters_to_context
avcodec_receive_frame
avcodec_receive_packet
avcodec_send_frame
avcodec_send_packet
avcodec_version
avsubtitle_free

avdevice-58

av_input_audio_device_next
av_input_video_device_next
av_output_audio_device_next
av_output_video_device_next
avdevice_configuration
avdevice_free_list_devices
avdevice_list_input_sources
avdevice_list_output_sinks
avdevice_register_all
avdevice_version

avfilter-7

av_buffersink_get_channel_layout
av_buffersink_get_channels
av_buffersink_get_format
av_buffersink_get_frame_flags
av_buffersink_get_frame_rate
av_buffersink_get_h
av_buffersink_get_hw_frames_ctx
av_buffersink_get_sample_aspect_ratio
av_buffersink_get_sample_rate
av_buffersink_get_time_base
av_buffersink_get_type
av_buffersink_get_w
av_buffersink_set_frame_size
av_buffersrc_add_frame
av_buffersrc_add_frame_flags
av_buffersrc_parameters_alloc
av_buffersrc_parameters_set
av_filter_iterate
avfilter_configuration
avfilter_get_by_name
avfilter_get_class
avfilter_graph_alloc
avfilter_graph_alloc_filter
avfilter_graph_config
avfilter_graph_create_filter
avfilter_graph_free
avfilter_graph_parse2
avfilter_graph_set_auto_convert
avfilter_init_str
avfilter_inout_free
avfilter_link
avfilter_pad_count
avfilter_pad_get_name
avfilter_pad_get_type
avfilter_version

avformat-58

av_codec_get_id
av_codec_get_tag2
av_demuxer_iterate
av_dump_format
av_filename_number_test
av_find_input_format
av_guess_codec
av_guess_format
av_guess_frame_rate
av_interleaved_write_frame
av_muxer_iterate
av_new_program
av_program_add_stream_index
av_read_frame
av_sdp_create
av_stream_get_codec_timebase
av_stream_get_end_pts
av_stream_get_side_data
av_stream_new_side_data
av_write_trailer
avformat_alloc_context
avformat_alloc_output_context2
avformat_close_input
avformat_configuration
avformat_find_stream_info
avformat_free_context
avformat_get_class
avformat_match_stream_specifier
avformat_network_init
avformat_new_stream
avformat_open_input
avformat_query_codec
avformat_seek_file
avformat_transfer_internal_stream_timing_info
avformat_version
avformat_write_header
avio_alloc_context
avio_check
avio_close
avio_close_dyn_buf
avio_closep
avio_context_free
avio_enum_protocols
avio_find_protocol_name
avio_flush
avio_open
avio_open2
avio_open_dyn_buf
avio_printf
avio_r8
avio_read
avio_seek
avio_size
avio_w8
avio_write

avutil-56

av_add_q
av_asprintf
av_bprint_chars
av_bprint_finalize
av_bprint_init
av_bprintf
av_buffer_ref
av_buffer_unref
av_calloc
av_compare_ts
av_default_item_name
av_dict_copy
av_dict_free
av_dict_get
av_dict_parse_string
av_dict_set
av_dict_set_int
av_display_rotation_get
av_display_rotation_set
av_expr_eval
av_expr_free
av_expr_parse
av_fifo_alloc
av_fifo_freep
av_fifo_generic_read
av_fifo_generic_write
av_fifo_realloc2
av_fifo_size
av_fifo_space
av_find_nearest_q_idx
av_fopen_utf8
av_force_cpu_flags
av_frame_alloc
av_frame_clone
av_frame_copy_props
av_frame_free
av_frame_get_buffer
av_frame_move_ref
av_frame_ref
av_frame_remove_side_data
av_frame_unref
av_free
av_freep
av_get_bits_per_pixel
av_get_bytes_per_sample
av_get_channel_description
av_get_channel_layout
av_get_channel_layout_nb_channels
av_get_channel_layout_string
av_get_channel_name
av_get_cpu_flags
av_get_default_channel_layout
av_get_known_color_name
av_get_media_type_string
av_get_picture_type_char
av_get_pix_fmt
av_get_pix_fmt_name
av_get_sample_fmt
av_get_sample_fmt_name
av_get_sample_fmt_string
av_get_standard_channel_layout
av_get_token
av_gettime_relative
av_hwdevice_ctx_create
av_hwdevice_ctx_create_derived
av_hwdevice_find_type_by_name
av_hwdevice_get_type_name
av_hwdevice_iterate_types
av_hwframe_transfer_data
av_log
av_log2
av_log_default_callback
av_log_format_line
av_log_get_flags
av_log_get_level
av_log_set_callback
av_log_set_flags
av_log_set_level
av_malloc
av_malloc_array
av_mallocz
av_mallocz_array
av_match_name
av_max_alloc
av_mul_q
av_opt_child_class_next
av_opt_eval_flags
av_opt_eval_int
av_opt_find
av_opt_get_key_value
av_opt_next
av_opt_set
av_opt_set_dict
av_opt_set_from_string
av_opt_set_int
av_opt_show2
av_parse_cpu_caps
av_parse_ratio
av_parse_time
av_parse_video_rate
av_parse_video_size
av_pix_fmt_desc_get
av_pix_fmt_desc_get_id
av_pix_fmt_desc_next
av_realloc_array
av_realloc_f
av_reallocp_array
av_reduce
av_rescale
av_rescale_delta
av_rescale_q
av_strcasecmp
av_strdup
av_strerror
av_strlcat
av_strlcatf
av_strlcpy
av_strndup
av_strtod
av_strtok
av_thread_message_queue_alloc
av_thread_message_queue_free
av_thread_message_queue_recv
av_thread_message_queue_send
av_thread_message_queue_set_err_recv
av_thread_message_queue_set_err_send
av_usleep
avutil_configuration
avutil_version

postproc-55

postproc_configuration
postproc_version

swresample-3

swr_alloc
swr_free
swr_get_class
swresample_configuration
swresample_version

swscale-5

sws_alloc_context
sws_freeContext
sws_get_class
sws_isSupportedInput
sws_isSupportedOutput
swscale_configuration
swscale_version

ws2_32

bind
closesocket
ioctlsocket
htonl
htons
listen
ntohl
setsockopt
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
WSASend
WSASocketW
WSAStringToAddressW
shutdown
WSARecv

kernel32

RtlUnwind
LeaveCriticalSection
EnterCriticalSection
PostQueuedCompletionStatus
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
GetLastError
VerSetConditionMask
GetProcessTimes
CloseHandle
WaitForSingleObjectEx
K32GetProcessMemoryInfo
Sleep
GetCurrentProcess
SetConsoleCtrlHandler
WideCharToMultiByte
LocalFree
GetModuleHandleA
GetCommandLineW
GetModuleFileNameA
GetModuleFileNameW
DeleteCriticalSection
WaitForSingleObject
SetWaitableTimer
WaitForMultipleObjects
QueueUserAPC
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FormatMessageA
VerifyVersionInfoA
MultiByteToWideChar
FormatMessageW
DuplicateHandle
SwitchToThread
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
TryEnterCriticalSection
CreateEventW
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
EncodePointer
DecodePointer
QueryPerformanceCounter
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetCurrentProcessId
IsDebuggerPresent
GetStartupInfoW
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
OutputDebugStringW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
GetStdHandle
GetFileType
GetModuleHandleExW
WriteConsoleW
ExitProcess
ExitThread
WriteFile
GetCommandLineA
GetConsoleCP
GetConsoleMode
HeapFree
GetFileSizeEx
SetFilePointerEx
HeapAlloc
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
CreateFileW
HeapSize
SetEndOfFile
InitializeCriticalSectionAndSpinCount

mswsock

AcceptEx
GetAcceptExSockaddrs

Sections

.text
Size: 716KB - Virtual size: 715KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10b40e99456bde4ce7f1d567d638ca9d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

05:99:17:fd:77:18:80:8b:c3:4b:e2:24:e4:15:21:6fCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:99:17:fd:77:18:80:8b:c3:4b:e2:24:e4:15:21:6fCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

dd:4b:30:a0:90:8b:cc:29:01:2c:75:4e:d9:69:70:42:7c:ff:c1:32:a5:fc:18:d6:34:ef:ba:60:6d:bf:f2:cbSigner

19:1f:4e:be:8f:8a:cf:b3:13:ea:97:05:04:23:86:bb:dc:71:72:a7Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

drfm

avcodec-58

avdevice-58

avfilter-7

avformat-58

avutil-56

postproc-55

swresample-3

swscale-5

ws2_32

kernel32

mswsock

Sections

.text Size: 716KB - Virtual size: 715KB

.rdata Size: 213KB - Virtual size: 212KB

.data Size: 58KB - Virtual size: 66KB

.pdata Size: 40KB - Virtual size: 40KB

.rsrc Size: 424KB - Virtual size: 423KB

.reloc Size: 7KB - Virtual size: 6KB

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

05:99:17:fd:77:18:80:8b:c3:4b:e2:24:e4:15:21:6f
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:99:17:fd:77:18:80:8b:c3:4b:e2:24:e4:15:21:6f
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

dd:4b:30:a0:90:8b:cc:29:01:2c:75:4e:d9:69:70:42:7c:ff:c1:32:a5:fc:18:d6:34:ef:ba:60:6d:bf:f2:cb
Signer

19:1f:4e:be:8f:8a:cf:b3:13:ea:97:05:04:23:86:bb:dc:71:72:a7
Signer

.text
Size: 716KB - Virtual size: 715KB

.rdata
Size: 213KB - Virtual size: 212KB

.data
Size: 58KB - Virtual size: 66KB

.pdata
Size: 40KB - Virtual size: 40KB

.rsrc
Size: 424KB - Virtual size: 423KB

.reloc
Size: 7KB - Virtual size: 6KB