General

Malware Config

Signatures

Files

• 41c7076bb4d5b171750f7eb727ad5a6e60304eea592c6001ab906765dd3abe76.zip

  .zip

  Password: infected

• 41c7076bb4d5b171750f7eb727ad5a6e60304eea592c6001ab906765dd3abe76.zip

  .zip

  Password: infected

• 4QX53GoAsRUNlOddIRqNbgJYX8.dll

  .dll regsvr32 windows:5 windows x64 arch:x64

  Password: infected

  d76ae4775a3b5cab14b414b04192c713

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  C:\Users\Administrator\Downloads\WindowsSDK7-Samples-master\WindowsSDK7-Samples-master\Touch\MTGestures\cpp\x64\Release\MTGestures.pdb

  Imports

  kernel32

  LCMapStringW

  IsValidCodePage

  GetOEMCP

  GetACP

  GetCPInfo

  FreeLibrary

  HeapReAlloc

  MultiByteToWideChar

  EnterCriticalSection

  FatalAppExitA

  LeaveCriticalSection

  LoadLibraryW

  SetConsoleCtrlHandler

  RaiseException

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetStringTypeW

  GetUserDefaultLCID

  GetLocaleInfoA

  EnumSystemLocalesA

  HeapAlloc

  ExitProcess

  GetTickCount

  QueryPerformanceCounter

  HeapDestroy

  HeapCreate

  GetVersion

  HeapSetInformation

  GetEnvironmentStringsW

  WideCharToMultiByte

  FreeEnvironmentStringsW

  GetModuleFileNameA

  DeleteCriticalSection

  DecodePointer

  EncodePointer

  GetCurrentThreadId

  FlsSetValue

  GetCommandLineA

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  IsDebuggerPresent

  WriteFile

  GetStdHandle

  GetModuleFileNameW

  GetLocaleInfoW

  GetLastError

  Sleep

  HeapSize

  GetProcAddress

  GetModuleHandleW

  FlsGetValue

  FlsFree

  SetLastError

  GetCurrentThread

  FlsAlloc

  HeapFree

  SetHandleCount

  InitializeCriticalSectionAndSpinCount

  GetFileType

  GetStartupInfoW

  IsValidLocale

  user32

  CloseGestureInfoHandle

  InvalidateRect

  GetGestureInfo

  ScreenToClient

  DispatchMessageW

  DefWindowProcW

  UpdateWindow

  CreateWindowExW

  ShowWindow

  LoadStringW

  EndPaint

  DestroyWindow

  SetGestureConfig

  TranslateAcceleratorW

  GetMessageW

  PostQuitMessage

  LoadCursorW

  BeginPaint

  TranslateMessage

  RegisterClassExW

  gdi32

  LineTo

  DeleteObject

  SelectObject

  Polyline

  CreatePen

  MoveToEx

  ntdll

  NtAllocateVirtualMemory

  NtTestAlert

  ZwOpenSymbolicLinkObject

  LdrAccessResource

  NtQueueApcThread

  LdrFindResource_U

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  RtlUnwindEx

  Exports

  Exports

  AAKXCK

  ABBmjS

  ABhobFkZqijtpQLlOilhSr

  ACQJqCGujLpCRT

  ADnSvIfRovy

  AGkcJjGwVOjivSLsXRoY

  AGulqJqHsYzdE

  AIZgcVIEpbJDLg

  AKHjmBorbZqtXL

  AKuzwgaryBHSGoMJlKn

  ANxfLrupS

  ASUUEPTLlJauNWuykN

  AUobsouPSgyQnXhlrBcYEGig

  AWYKMtwwjbiEtKxCcFFyXW

  AYrLyrRdhxvPYjkTZ

  AZvELZPUezr

  AaTXhqzIimjQo

  AcKPciJXTHFNSeEClUhbYAk

  AehpcFCqSICdREqbGfVt

  AgdpAVTMFEWPRg

  AjSXWoTDLpspvSTAVby

  AqmpZtQpqIjjYewnMkrFkD

  AtXyhSDUvMqVVWMxwPYMPgoWk

  AuRAEFQy

  AwKRKFPkZdIvWt

  AxkwKIhEUHErDwblsxUnWuUJVL

  AyZhLFvSdYoV

  AzbqboaoXz

  AzyxqaSnFXdT

  BADenfpkKtjryvI

  BAiwJfGCfEnYgQTFzwtzZYda

  BCqNcZ

  BDaSttbx

  BEQbkuLjhEyCLUEzu

  BFPwAMfigDHPNVetb

  BMcmvgRGTGouTg

  BOGQGlFGpRIUekukNAAxBkiifw

  BRwvooTSrmSHkcp

  BSOpTM

  BSnOshRuFapjXMPvBrVfmhBK

  BURXLgtw

  BYyUqNBIg

  BaKQpUuhHlxXCPVA

  BeCPtVLVUZlsjEQRar

  BkSdPBPxjuSxMIw

  BmAARiXYSqMi

  BnTufpMRGoPXNXvlxuxVt

  BpTjBMboixPCftPfDUYRSuVg

  Brangcx

  BrflplHGvoeghTBjuqscUghxTc

  BrxDAiSMUeEFXmSo

  BsKsYPKtTeoKSYFxP

  BtuhIchVWCbKcvKSGgXrWTNPXu

  BvHrdPmrgIqGQrUvt

  BwpOtWWCBFUbQMf

  CDxJQgnjMpwbMbJplLvbypejqS

  CJQUCBvShdsaLF

  CNLIgHow

  CRYgANrnLtPFrDFrE

  CRxqdr

  CSBkGngk

  CTmlUyywZyiPAzcAcqskm

  CUAsZTwJJFsBZVbkvNyaEw

  CUnfyVhqGmpYJQ

  CcgfAfmHih

  CgaidZSf

  CsAHglhiLQFKfiV

  CsKyzmuGNsOUtSHVF

  CswQijP

  CswUmucOmDMNkAy

  DAWkRohpCXkMZyGtfVCstDRu

  DBpaxnIvZUmZUA

  DCCZhQQQJwWcrcsTmubk

  DCgkFBSZHuQWbLfkzePX

  DGneCmBLCRZxxuXwNvzizA

  DKrlzOFCX

  DNUzvlTntdCaQMcz

  DOCanLO

  DPJzrGYjjynfnKM

  DQHVqDmeYNLIGjzumWJnGk

  DRswhdwJgZGPGwhxKtSpNDlL

  DUWAmtReGCVuaofdnfY

  DVPqahvFn

  DWxdnhkgoMOXA

  DXEJvyRDZ

  DZBlbnAuvUzaSymO

  DdsTLRCzhLcmQ

  DeKuDrDhATuaYiTAAqoO

  DfmwtJbHVm

  DjCasZInJmrYSkvAMdxqxF

  DjyLMpXDKYuK

  DkvPTuvhYIzniFUTMGJQBAvBW

  DllRegisterServer

  DpczXu

  DrbvsvwdgSvtzfrrmvUn

  DrxZnDXDqGxHd

  DsgXKxAAzJzxweAVFZ

  DvncvtBrJLKuegnujepkfnUv

  DwrCKysdYe

  DxVjbgRmRPLZEKjBoIu

  DxhcSBDIXcydOfnxO

  DzxtcS

  EAupEjTqbySTA

  EBbwlfAVMYvthCjY

  EFAEbKynHVoPzWMfFOFgD

  EIsdsrtIsiYxUqUsxajRCJ

  EKjKoDFOcxmKCJAoHFvnoMH

  EOBUntDf

  ESUdfBOYKlEKjxE

  ETkIPjqbyCE

  EUMfjwvZlIIzqSVeCEfkz

  EUrFLZOcdYNP

  EbzeKOsEuPbkUcsz

  EcCNaTmPimCWgWrlGTIM

  EfKQVAaXDocWSgSg

  EfXlpFuygrKnZJlBgls

  EfxoIpTIPweOQwHQI

  EixlKbASZ

  EmMrqlKmtiLXMtJVy

  EnCKhwkgRna

  EoHmRnv

  ErOqPntAsROkTVelNSumpo

  EypSwyAnSP

  FABfPi

  FFHuQYWWEKB

  FGlyQnjn

  FGvjLGfyqHlCzCIsbf

  FIFBSMZTvhNaldADznpGe

  FJEmZnzopqFwzfrQwbRM

  FNeAUOEdKgNKdLobJQjEeYT

  FOdbZLRcImB

  FRyjZANSwXTYoyHVJzUJwH

  FWhOAubhykfNRJvcpM

  FXqphaMFMscEjiKtexTWBln

  FcnkdSoWNtDsqfj

  FerNIjpe

  FkQjsdMJ

  FmfAfnquLuoJNBMSD

  FoSmffUUfTILxiezATILMAnd

  FoZTfUiYEBBCev

  FrTeqxVCHDkIxDgyzY

  FtJZxp

  FtghpsPCaYtATGQVxV

  FwAtvLedceqMiljic

  FwueUWgxtRJbKkfWNJb

  FxJndGTjp

  GAXNrTxYERzFXPPYYyKlw

  GMDGiVSwREhDBf

  GNAKJr

  GRrCQVAcRUf

  GTVhShWLETuPUGwnDAohuq

  GZRQrLEfAosXGFZV

  GaGcOgY

  GclKSpAwXMlQCRoQzLS

  GeObmRL

  GecVQiSciVMeAsEibFp

  GeeXiFhaMx

  GexbjmIvkILUsSu

  GgeihiAdpwAADaEzbPhk

  GghoewjNle

  GiEEqQeQEHKsXF

  GkzUkkwVHrXkcpUHsbBsiyp

  GlRkhIzIFpQdMtQNHSTbe

  GmJcIteOqBHrsGhh

  GoKdZK

  GqogvqZaSXn

  GshbdMOnpoWwFfFvqYlpzx

  GtICjZkPjcgzZVbYlmrqAruIYi

  GuGTnKqlAdiVyc

  GwZHFofmtxBvW

  HBBbucgLIZwMlGcAQrFQ

  HDJXomKKqauQGFvYdHRctyiRK

  HFqPRjfVSEATNdTxK

  HGAYalETZZcXwxP

  HKieolMHqIDLtwseWeWXO

  HLcKdgYrEugyGOpvdyjRbEmq

  HMlkYvEsIlyDzYdkptJKudPB

  HMrNcTXYNQLwwbVNOavK

  HMyHzhpgAMpUkftTjWlLl

  HPEoDCnThwUkUyK

  HQKUXlJKtthlwbHmXEOpVxYlTm

  HSyanOyQpcTupxdPiU

  HUgVLuEMtIsBQMPXRcBq

  HWQrTuZMQpfAa

  HXhwzJ

  HZNVzlgdAnHuGebpELqvIbZqzU

  HazTiDLBviTZgmJSDRnvJGJ

  HdyMFmf

  HhKlhvmzSsFovoZNckRADrVFV

  HjgvfxcAsSHpFtipCWGO

  HsdAOWIYEGCEE

  HtKEpUlliwbe

  HwAXHqLHwPrXPPvAsBtsV

  HwzbVVEjHwJNt

  HzFOEhsyOh

  HzlbZRLkZXWmKEGdjv

  IBLjMOmkMx

  IITzTBorVHkpLfN

  IKoOBNqiHCDSHXSsJ

  ILczhULsMPSh

  ILlHufGzXhd

  IPGygyvQvnzszxduWPu

  IPXxROqeTMZFNsVjgbYVIwYYfl

  IRsTbauOLuZvmxZw

  IUfLGcKlybpkdS

  IWGfnjIwPnuM

  IXCQevqrRiyIopVkGETjnS

  IZZVdaohBGduEXQv

  IaPjPOE

  IbwfBTnGROucjZrk

  IgPUfFQUkFYM

  IgQXFDcAaDzhSBMomFT

  IgZbuKqobHktBXFVkxO

  IiMhjMjchttPmkPEo

  IlTPkRPQPndGC

  IlnOhhsYu

  IpDDTlabfRrTKtJvBoH

  IpVwayOPAFgbXKbFFsM

  IsHuPteigg

  IskmWJomw

  ItLibhCUPiFLqIMdAICeiNv

  ItYGHrkPIBgeCvddmndDlHPcK

  JDhwrKnLfGpOHlQrX

  JFeBqrhkqwgXChnX

  JMboDSaSGlZjXsNG

  JMsDjZlmyouqJYGXEWmqmPJH

  JRKxiKkRpaJzoIJZwWeFuR

  JSSqgSkIvVPQtzgmpjRtjJpJg

  JVcsGpDttbJ

  JVgIWTIqZwHhaxS

  JVlCCqtfEoWhmTd

  JXHtscY

  JXvzDUKjFfpngKEXwKl

  JXzrxGVQGelx

  JZZHgenAtk

  JZauCfvvNxCPK

  JcsbkWjxgUKsxBpWHF

  JfXnjNWKJlZuMsfpOljIVjL

  JiixwRDCIrqSqdtjQwJUUZAaL

  JiudzFIgGwVCxGOVcY

  JjQxlQCrukTcHVYpaYrvwhAwbk

  JkaUppXrgTjKvrPvUWQVRpVsK

  JldUZACoXhhjZghkWUhQBDts

  JoUsyRpXKjIOfTPCElEPRFDrk

  JqdiAtVoTzSbhyZl

  JtVxaZYmRnMXvzcSQNDvRvTWM

  JvuMgqIPNjpGPsvTwMqFXoOyt

  JxPXGWFTMSEepZiRyTLYrX

  JyLIHz

  KBvrOAvarwxzjiat

  KCdtjkGmlUZFHhRGtxonm

  KDreWTAYjPtFAklDU

  KEuzPoGYkCYAznieKsAFdvi

  KImbTRBjXqONrBobYN

  KNmnIWPYBWKywivJIMt

  KQfjbORwtrHrnSG

  KVVehbUwNUDScYrvO

  KVWdkD

  KWbaqlVaCEzgAks

  KYUYXRXVKSQAtujSDBO

  KaVCfpcHZpL

  KbgQFDbJUjoPdEXsEYaNknoxUV

  KcJDSKSZlOjj

  KcJhwFXotSiGdMPYRI

  KdTqSokzZsIF

  KdbHzxlc

  KdurJceXKltppet

  KeGrdHphrraFZjbwYpsGcioceZ

  KeNCQMjS

  KhrsLbzHkpEHqyHCNQyRZd

  KiQmeuHORVCPqYhYoJ

  KjgkriVQLmctq

  KjsUJWuK

  KkEHGYKGBrvYkuwNJwQcHVB

  KmtptqyWLUpBACt

  KpkzILlieHuU

  KsQUCyjwZvqGNTfyuj

  KvnCqSCdz

  KyHsatOfn

  KzEYLKLglEPPlBvj

  KzpjgkDCkXMCcI

  LBXjUmpFmwE

  LGPFhJwfczHGkMxSp

  LGgzlAtkRROoKgfWoKNQX

  LHlBSGxZmbzUPSg

  LJpaCDTsLBdRkFJrXISI

  LKieACPTkRDhiXoajfJHZcx

  LLLzgxthGejswfBu

  LManZVLBuWiWSaHfdogslbQeU

  LNsKncrCPTIrchcroGNjGEEgh

  LSKGsoYlftGySwikM

  LXBTuOgsJPYkKCGfB

  LXiejnyNuMYnMnLQ

  LYJNrhtGZnN

  LZdRbOyYkSXsELj

  LZmqhmoaHYGDJssngYdofZYL

  LaEuolhkgy

  LbofCxIEMDlInhBugLCr

  Lemhfcr

  LhcBAyoztlNOuAcSJdBZp

  LiaakemiTlaancTRvzd

  LkYPgHvKwQlVmdlLvLnWX

  LmZpmCJdhnWkDhWb

  LnsslCQkOUaKvadyWMPQUdNP

  LoDzrBRLFGR

  LpSTfs

  LvuthxDEAmJCZhtjBOB

  LxWmdMJaybmBaXBLKSz

  LylImoVyMflKSYIkeK

  MAxjGmbpfIJDwwLyQqLw

  MCsUOULGVgBHPqHXEWcgtzwnY

  MHUXNdjYDzHFPCZ

  MHdGeZFxYreLBffLP

  MJcqmCgfkrVTTqPIGQ

  MJzOdbLZHcdAdqhC

  MKFVEYgPupXwkyg

  MKwehHYxwEQwlOnrFJiiI

  MLMWKAmGwakirgxdEmgDGS

  MNlVdeYyV

  MOdPxPPRmIFV

  MOeyPvTyAIw

  MPUjfpqkEjekEBOxnNIo

  MPxNKDPoeIzVvHqOOgvZpY

  MQARgovWtOqXdwZrkztF

  MRNLbxIWsEKdxvfShkYDcXXt

  MRdEYSayNFpEzUa

  MVCcABPLz

  MWPxOLHGbiuzXXFVFplCjO

  MXPQDykvlUNWbHnR

  MYOHSJSNGIlDeWstupLqV

  MYSPaF

  MYcPqHvoLarO

  MZzMIWa

  MaZiGeeMkdkzbuApzKnEF

  MdXVOoQxFBhlxxAbr

  MeJHKYcyXb

  MfgDmU

  MfnuXwsvTcHrcPQnchVwkyfwn

  MgXaoSJ

  MjEGvKWDvQ

  MlVTkbkKiAxIRevRXXzmv

  MlfcmNDFSheMTLdiTIUEzX

  MlnhzOda

  MmGsdDq

  MmowSUzs

  MopAsGHIPpkwXcdPCn

  MwBkFuK

  MwHlpFQciZATNhZ

  MyCjgEXbETh

  MzYNdxlsxnCiIxOOmqro

  NDXIMoMqyFlweQNXUTSA

  NGfTwXKyxW

  NGxSzWKDRIpToKV

  NJzWCdtrikuBPkrmztCV

  NKdgsQJZtWxzqLNuzjKURvHZT

  NLKHLSf

  NQEuYRIRXMmzeiYFFNduElkUda

  NRwpJLxUVgyHuyHAQWHNpjsrgc

  NUJLqhmhfh

  NabuNhWwjrxJjelLyyh

  NbVOlkyFPQFhs

  NbwFICqFKVmlyXEWldKfAcSNbl

  NfNUWMAwVKYwaOfoLUUF

  NfxavbdiSpLYXRijsHmyzBed

  NgjiBlcmYodJIarpCqkQ

  NhbfUvMRYWLSQUKTzhHUGVx

  NiUuFHxdDwcKqplKDSg

  NttZhCwMCzHPPbA

  NuHrpCvELpdHxtnnyr

  NvuqQVtFqhJXnkjrTW

  NyVQMLPHnNBiXGihoZb

  NykURZhsInvUMlePO

  NzgQLwz

  OCBdPtMQImnhnIvuYvuu

  OHhVOYwFRf

  OMYhSuHGEQdRbvIC

  OMbrbSCioZrxolm

  OOrDAoUtlFpODoRHHoUOO

  OQcOhtDEXqbdW

  OTCgWumoNdzaTciA

  OTRMXnfqORJdboYk

  OVUIMfYagEfxXyOlnoB

  OVfOjpUPtdQrBiBByL

  OYybubPZOoqnftJgGkdHlFXpw

  OboRcQrvLeO

  OdJhfCizrTZeEbrSNxKhyMM

  OdYRzGkbqADCB

  OgZCqlrIbyeNMN

  OhKKYSKmMWqcSSqFbGjkpVt

  OhRCsS

  OjQstpVyyC

  OkDBvdlARbsmHVYowIKrWo

  OmGqMDsiBsSzvvJqv

  OnGwIjOOtn

  OpFQPgrFnQ

  OtRgQbhWOaAllHRCbaURQJQ

  OwwzdqpCjRJbitHWcWLsj

  PCweJZlQCYv

  PECCLuyBeV

  PGoWbsRVxAuztgCNZJNeUWYU

  PHQIzrwGgZklZMLU

  PIUvawORcStRYU

  PIiuEwwUawoZRrBJedNYv

  PJPHzejjWjPTYyphomLjFrVVC

  PKPUXkvBEAVJlNc

  PLzzDkCbMebUWws

  PNkkqSzNHj

  POZmkGOkVLTKJdLqUFL

  PPWhMkaYwpTczBMocHr

  PPukkDxubHNjImNjXe

  PSsOWYuUcAfFsWFlOHT

  PTUuHCKILcVVKjljdVzZc

  PUwAErcPzylm

  PVVzPFThRFGlnKxP

  PVoRjho

  PYRCoJRCEIkeQFJpCj

  PYsXTrzfjuPItodsiPUoNmdmZ

  PZlqzoKMeqkpfHuDzlawwKBh

  PbMAvMrLfgAq

  PegQSwvHkiENRdC

  PfEvgMAQ

  PisdxxiNOyonouro

  PlQacZpjneO

  PnDiUHReXTNDjZRWYuht

  PpFHMQpQMF

  PtVYoG

  PuByAKOoq

  PuRBNaOGTpTTuKrkALrxFGto

  PumQEpgqPs

  PumsEJjdSRcUnARDbo

  PuotqGRg

  PyoOrn

  PyveLmLxocZYw

  QBNcFVazktVESBx

  QBZVRHiNMsHX

  QBvmdsG

  QDZLndvavftxdIEgai

  QGZhhKJLzVZVARj

  QLtzNPsIptXqWuUHCJt

  QPFvnFLtvosBggjbZne

  QQUhSSwFhooWCCHRInFheIks

  QRiFSyAoptcPwfs

  QRjBNrlfzHDmSIQOc

  QUITjylossdsyJzHTYK

  QURIevcjKFznzsKesSpdDgLt

  QWhFWTEZcRVkjBwQmnyPZ

  QXQKFGzjEkQMP

  QZKGedXYdsFmNVd

  QbnzQmJCTmxYCtC

  QebTkqLUVcKgqxg

  QgSfZZtkhqiLIVvJNRyWbceqU

  QhJvlVUNQpZPqDXfWwp

  QjXjQXc

  QjicNGW

  QlbJtLyzYZIARKMrZQzaSQJXf

  QopjlGspRyfCCCSXBmnS

  QpAXkFapsglngeMLUWsLZwq

  QrOFQUYCrcutgvzbIrosQjxDN

  QrmXPuZO

  QsqARrlYzHW

  QuNECkWPOQ

  QwYBLjSrkGBOF

  QxMERBgoFmAPScCmrrPzWtZh

  RAaNnmvaTvCzViFGFOEXvA

  RBlXNkWYxjfEKCLuiaTwg

  RCvKaHDIiKuOXFlix

  REcQWwGRrCsM

  RHzyvCPtZPDtlxrjuQgf

  RIUHpoIHUV

  RJTuZisodGMGspMPd

  RJaFdmDroJbpdgxmY

  RKOQQONvBezvTf

  RLbIkVOflkKayFQRfGvSFvJu

  ROIUAAroN

  ROhmwgUfsalGsrxPOwQqKK

  RTcDaFo

  RTlONvhPpqkqK

  RZbzQcpiGcHfJFjcAx

  RcKWJNOL

  RdNYKvqGtRfYtRL

  RfGDtnbI

  RfobdJRGmootC

  RgiPoV

  RglZEUdUPVaAWtFYRBGQMR

  RjdpdKAs

  RoOcQSejjEGzAPZ

  RtQLoUHThdtkhtW

  RxqygvZsKFu

  RyyAQBcKgUscB

  RzJfpEnTOsoSwkFMLGopbMQhZ

  SCKrFxnYFPzAp

  SDrsafTJnKKUGfOYAxO

  SGEhiKEhC

  SINRoucXULwAKnmgdKmidB

  SJJAWNjHYObwrkSLaYdDpz

  SKAYuedvVVUXDnmVBPmXzFWk

  SLajGpcscWcOmkRiXNfI

  SLgogmmcisYTiMyGBQfpXYVyn

  SOEMehNAelKrrBvd

  SQPCCoMsAOnEvoVlDBphYC

  Sections

  .text

  Size: 129KB - Virtual size: 129KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 62KB - Virtual size: 62KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 6KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  text

  Size: 2KB - Virtual size: 2KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_EXECUTE

  .rsrc

  Size: 748KB - Virtual size: 748KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ