024bc4ee3b68e79baa5feb68de217506_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

024bc4ee3b68e79baa5feb68de217506_JaffaCakes118
Size

5.8MB
MD5

024bc4ee3b68e79baa5feb68de217506
SHA1

3aba7ae50d081425243c8b8215576a8cf2dfac34
SHA256

dcf52121e34f4f8ab1d5f95247809fbe357bf2cde64f68f484c53da0fb9d97e5
SHA512

b3b60957cf0548f6faaa59d4d92a331240b36fe67588c818228601cb96fe23bade31c1cfca9a20410ed45a993fed95d0433c4e1a084b2b2333fb5aad5ff8e7e1
SSDEEP

98304:GsL31C3Pt28J6gerDLxlm+Ct+DzyJ0zRv3nagIGRyylf8qxcGW3rJYNBrKPuuXiM:pMUpPD1oWDeJ053aIyyl9araXriXiM

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
static1/unpack001/DyxTools/clear.exe	aspack_v212_v242

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ClientUpdate.exe
unpack001/DyxTools/clear.exe
unpack001/KingMir3.dll
unpack001/Mir3.exe
unpack001/战神传奇3.exe

Files

024bc4ee3b68e79baa5feb68de217506_JaffaCakes118
.rar
BgmList.wwl
ClientUpdate.exe
.exe windows:4 windows x86 arch:x86

8df7445917c811cf5863fa02cca76fe2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

EVENT_SINK_GetIDsOfNames
ord582
__vbaVarTstGt
__vbaVarSub
ord583
_CIcos
_adj_fptan
ord585
__vbaVarMove
__vbaStrI4
__vbaVarVargNofree
ord694
__vbaAryMove
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
__vbaPut3
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
EVENT_SINK_Invoke
__vbaRaiseEvent
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord518
ord519
__vbaI2Abs
__vbaCopyBytes
__vbaResume
__vbaStrCat
ord553
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaStrDate
ord662
__vbaHresultCheckObj
ord557
_adj_fdiv_m32
__vbaAryVar
Zombie_GetTypeInfo
__vbaAryDestruct
ord591
EVENT_SINK2_Release
__vbaVarForInit
ord593
__vbaExitProc
__vbaI4Abs
ord594
__vbaObjSet
__vbaOnError
ord595
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaBoolVar
__vbaBoolVarNull
__vbaFpR8
_CIsin
ord631
__vbaErase
ord709
__vbaVargVarMove
__vbaVarZero
ord632
__vbaChkstk
__vbaCyVar
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaVarAbs
__vbaGenerateBoundsError
__vbaGet3
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaPutOwner3
ord561
__vbaPrintObj
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaVarLateMemSt
__vbaVarOr
ord563
ord670
__vbaFpUI1
__vbaCastObjVar
__vbaLbound
__vbaRedimPreserve
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
__vbaVarAnd
__vbaObjIs
__vbaLateIdCallSt
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaPrintFile
__vbaStrToUnicode
ord713
ord606
__vbaDateStr
_adj_fprem
_adj_fdivr_m64
__vbaVarDiv
__vbaFailedFriend
ord607
__vbaLateIdStAd
ord608
ord531
ord716
__vbaFPException
__vbaInStrVar
ord532
ord717
ord319
__vbaGetOwner3
__vbaStrVarVal
__vbaUbound
__vbaVarCat
__vbaGetOwner4
__vbaCheckType
__vbaI2Var
__vbaFileSeek
ord644
__vbaStopExe
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
__vbaInStr
__vbaR8Str
__vbaVarLateMemCallLdRf
ord648
__vbaVar2Vec
__vbaNew2
__vbaVarInt
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
__vbaR8Var
ord577
_adj_fdiv_r
ord578
ord685
ord100
ord579
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
ord320
__vbaStrComp
__vbaStrToAnsi
__vbaVarDup
ord321
__vbaVerifyVarObj
__vbaFpI2
ord614
__vbaVarCopy
__vbaVarLateMemCallLd
ord616
__vbaFpI4
__vbaLateMemCallLd
__vbaRecDestructAnsi
ord617
__vbaVarSetObjAddref
_CIatan
__vbaAryCopy
ord618
__vbaStrMove
__vbaCastObj
__vbaI4Cy
__vbaStrVarCopy
__vbaR8IntI4
ord619
ord542
ord543
_allmul
__vbaVarLateMemCallSt
ord544
__vbaLenVarB
__vbaFpCSngR4
__vbaLateIdSt
ord545
_CItan
ord547
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
__vbaFpCSngR8
_CIexp
__vbaI4ErrVar
__vbaRecAssign
ord580
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 584KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
D3DX9_43.dll
.dll windows:6 windows x86 arch:x86

5fb75b2a87c1fa7cc3d7904a0b97084a

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9b:28:ef:17:5d:cd:b3:d3:ec:10:d1:6d:64:92:d2:24:02:c3:2b:3e
Signer

Actual PE Digest

9b:28:ef:17:5d:cd:b3:d3:ec:10:d1:6d:64:92:d2:24:02:c3:2b:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3dx9_43.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
__pioinfo
__badioinfo
wctomb
_itoa
_snprintf
_fileno
isleadbyte
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_amsg_exit
_initterm
_XcptFilter
srand
strtod
fread
fflush
fwrite
abort
_tempnam
exit
isalpha
atof
atol
isxdigit
_ultoa
wcstombs
_CIexp
_isnan
rand
atoi
isalnum
floor
_strtime
_strdate
sscanf
isspace
isdigit
_setjmp3
longjmp
ldexp
frexp
calloc
realloc
_CIlog
setlocale
_strdup
free
_clearfp
ceil
_controlfp
malloc
_CIatan
_CIcos
_CIasin
_finite
_CIsin
_CIatan2
_CIacos
memmove
qsort
_CIfmod
_purecall
_stricmp
modf
iswspace
iswalpha
iswdigit
iswpunct
_CIsqrt
memcpy
memset
_CIpow
??2@YAPAXI@Z
??3@YAXPAX@Z
_iob
_vsnprintf
_vsnwprintf
_errno
__CxxFrameHandler

gdi32

GetTextMetricsA
GetObjectA
GetGlyphOutlineA
CreateDIBSection
DeleteDC
DeleteObject
SelectObject
GetCharacterPlacementW
GetCharacterPlacementA
SetTextColor
SetBkColor
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectA
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW
TranslateCharsetInfo
GetCurrentObject
GetOutlineTextMetricsA
GetGlyphOutlineW
GetObjectW

kernel32

DeleteFileW
SetFilePointer
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
CompareStringA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
LocalFree
CreateFileW
GetFileSizeEx
GetFullPathNameW
GetLastError
IsDBCSLeadByte
WriteFile
GetTempPathA
MoveFileA
CreateFileA
ReadFile
CloseHandle
DeleteFileA
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
VirtualFree
GetACP
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
GetModuleHandleA
FreeLibrary
LoadLibraryA
GetVersionExA
GetSystemInfo
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
DisableThreadLibraryCalls
MoveFileW
GetTempFileNameW
GlobalMemoryStatus
SetEndOfFile
ExpandEnvironmentStringsA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
WaitForSingleObject
ReleaseMutex
CreateMutexA
Sleep
InterlockedExchange
InterlockedCompareExchange
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersion
GetTempFileNameA
FindResourceW

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

D3DXAssembleShader
D3DXAssembleShaderFromFileA
D3DXAssembleShaderFromFileW
D3DXAssembleShaderFromResourceA
D3DXAssembleShaderFromResourceW
D3DXBoxBoundProbe
D3DXCheckCubeTextureRequirements
D3DXCheckTextureRequirements
D3DXCheckVersion
D3DXCheckVolumeTextureRequirements
D3DXCleanMesh
D3DXColorAdjustContrast
D3DXColorAdjustSaturation
D3DXCompileShader
D3DXCompileShaderFromFileA
D3DXCompileShaderFromFileW
D3DXCompileShaderFromResourceA
D3DXCompileShaderFromResourceW
D3DXComputeBoundingBox
D3DXComputeBoundingSphere
D3DXComputeIMTFromPerTexelSignal
D3DXComputeIMTFromPerVertexSignal
D3DXComputeIMTFromSignal
D3DXComputeIMTFromTexture
D3DXComputeNormalMap
D3DXComputeNormals
D3DXComputeTangent
D3DXComputeTangentFrame
D3DXComputeTangentFrameEx
D3DXConcatenateMeshes
D3DXConvertMeshSubsetToSingleStrip
D3DXConvertMeshSubsetToStrips
D3DXCreateAnimationController
D3DXCreateBox
D3DXCreateBuffer
D3DXCreateCompressedAnimationSet
D3DXCreateCubeTexture
D3DXCreateCubeTextureFromFileA
D3DXCreateCubeTextureFromFileExA
D3DXCreateCubeTextureFromFileExW
D3DXCreateCubeTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateCubeTextureFromFileW
D3DXCreateCubeTextureFromResourceA
D3DXCreateCubeTextureFromResourceExA
D3DXCreateCubeTextureFromResourceExW
D3DXCreateCubeTextureFromResourceW
D3DXCreateCylinder
D3DXCreateEffect
D3DXCreateEffectCompiler
D3DXCreateEffectCompilerFromFileA
D3DXCreateEffectCompilerFromFileW
D3DXCreateEffectCompilerFromResourceA
D3DXCreateEffectCompilerFromResourceW
D3DXCreateEffectEx
D3DXCreateEffectFromFileA
D3DXCreateEffectFromFileExA
D3DXCreateEffectFromFileExW
D3DXCreateEffectFromFileW
D3DXCreateEffectFromResourceA
D3DXCreateEffectFromResourceExA
D3DXCreateEffectFromResourceExW
D3DXCreateEffectFromResourceW
D3DXCreateEffectPool
D3DXCreateFontA
D3DXCreateFontIndirectA
D3DXCreateFontIndirectW
D3DXCreateFontW
D3DXCreateKeyframedAnimationSet
D3DXCreateLine
D3DXCreateMatrixStack
D3DXCreateMesh
D3DXCreateMeshFVF
D3DXCreateNPatchMesh
D3DXCreatePMeshFromStream
D3DXCreatePRTBuffer
D3DXCreatePRTBufferTex
D3DXCreatePRTCompBuffer
D3DXCreatePRTEngine
D3DXCreatePatchMesh
D3DXCreatePolygon
D3DXCreateRenderToEnvMap
D3DXCreateRenderToSurface
D3DXCreateSPMesh
D3DXCreateSkinInfo
D3DXCreateSkinInfoFVF
D3DXCreateSkinInfoFromBlendedMesh
D3DXCreateSphere
D3DXCreateSprite
D3DXCreateTeapot
D3DXCreateTextA
D3DXCreateTextW
D3DXCreateTexture
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA
D3DXCreateTextureFromFileExW
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXCreateTextureFromFileW
D3DXCreateTextureFromResourceA
D3DXCreateTextureFromResourceExA
D3DXCreateTextureFromResourceExW
D3DXCreateTextureFromResourceW
D3DXCreateTextureGutterHelper
D3DXCreateTextureShader
D3DXCreateTorus
D3DXCreateVolumeTexture
D3DXCreateVolumeTextureFromFileA
D3DXCreateVolumeTextureFromFileExA
D3DXCreateVolumeTextureFromFileExW
D3DXCreateVolumeTextureFromFileInMemory
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileW
D3DXCreateVolumeTextureFromResourceA
D3DXCreateVolumeTextureFromResourceExA
D3DXCreateVolumeTextureFromResourceExW
D3DXCreateVolumeTextureFromResourceW
D3DXDebugMute
D3DXDeclaratorFromFVF
D3DXDisassembleEffect
D3DXDisassembleShader
D3DXFVFFromDeclarator
D3DXFileCreate
D3DXFillCubeTexture
D3DXFillCubeTextureTX
D3DXFillTexture
D3DXFillTextureTX
D3DXFillVolumeTexture
D3DXFillVolumeTextureTX
D3DXFilterTexture
D3DXFindShaderComment
D3DXFloat16To32Array
D3DXFloat32To16Array
D3DXFrameAppendChild
D3DXFrameCalculateBoundingSphere
D3DXFrameDestroy
D3DXFrameFind
D3DXFrameNumNamedMatrices
D3DXFrameRegisterNamedMatrices
D3DXFresnelTerm
D3DXGenerateOutputDecl
D3DXGeneratePMesh
D3DXGetDeclLength
D3DXGetDeclVertexSize
D3DXGetDriverLevel
D3DXGetFVFVertexSize
D3DXGetImageInfoFromFileA
D3DXGetImageInfoFromFileInMemory
D3DXGetImageInfoFromFileW
D3DXGetImageInfoFromResourceA
D3DXGetImageInfoFromResourceW
D3DXGetPixelShaderProfile
D3DXGetShaderConstantTable
D3DXGetShaderConstantTableEx
D3DXGetShaderInputSemantics
D3DXGetShaderOutputSemantics
D3DXGetShaderSamplers
D3DXGetShaderSize
D3DXGetShaderVersion
D3DXGetVertexShaderProfile
D3DXIntersect
D3DXIntersectSubset
D3DXIntersectTri
D3DXLoadMeshFromXA
D3DXLoadMeshFromXInMemory
D3DXLoadMeshFromXResource
D3DXLoadMeshFromXW
D3DXLoadMeshFromXof
D3DXLoadMeshHierarchyFromXA
D3DXLoadMeshHierarchyFromXInMemory
D3DXLoadMeshHierarchyFromXW
D3DXLoadPRTBufferFromFileA
D3DXLoadPRTBufferFromFileW
D3DXLoadPRTCompBufferFromFileA
D3DXLoadPRTCompBufferFromFileW
D3DXLoadPatchMeshFromXof
D3DXLoadSkinMeshFromXof
D3DXLoadSurfaceFromFileA
D3DXLoadSurfaceFromFileInMemory
D3DXLoadSurfaceFromFileW
D3DXLoadSurfaceFromMemory
D3DXLoadSurfaceFromResourceA
D3DXLoadSurfaceFromResourceW
D3DXLoadSurfaceFromSurface
D3DXLoadVolumeFromFileA
D3DXLoadVolumeFromFileInMemory
D3DXLoadVolumeFromFileW
D3DXLoadVolumeFromMemory
D3DXLoadVolumeFromResourceA
D3DXLoadVolumeFromResourceW
D3DXLoadVolumeFromVolume
D3DXMatrixAffineTransformation
D3DXMatrixAffineTransformation2D
D3DXMatrixDecompose
D3DXMatrixDeterminant
D3DXMatrixInverse
D3DXMatrixLookAtLH
D3DXMatrixLookAtRH
D3DXMatrixMultiply
D3DXMatrixMultiplyTranspose
D3DXMatrixOrthoLH
D3DXMatrixOrthoOffCenterLH
D3DXMatrixOrthoOffCenterRH
D3DXMatrixOrthoRH
D3DXMatrixPerspectiveFovLH
D3DXMatrixPerspectiveFovRH
D3DXMatrixPerspectiveLH
D3DXMatrixPerspectiveOffCenterLH
D3DXMatrixPerspectiveOffCenterRH
D3DXMatrixPerspectiveRH
D3DXMatrixReflect
D3DXMatrixRotationAxis
D3DXMatrixRotationQuaternion
D3DXMatrixRotationX
D3DXMatrixRotationY
D3DXMatrixRotationYawPitchRoll
D3DXMatrixRotationZ
D3DXMatrixScaling
D3DXMatrixShadow
D3DXMatrixTransformation
D3DXMatrixTransformation2D
D3DXMatrixTranslation
D3DXMatrixTranspose
D3DXOptimizeFaces
D3DXOptimizeVertices
D3DXPlaneFromPointNormal
D3DXPlaneFromPoints
D3DXPlaneIntersectLine
D3DXPlaneNormalize
D3DXPlaneTransform
D3DXPlaneTransformArray
D3DXPreprocessShader
D3DXPreprocessShaderFromFileA
D3DXPreprocessShaderFromFileW
D3DXPreprocessShaderFromResourceA
D3DXPreprocessShaderFromResourceW
D3DXQuaternionBaryCentric
D3DXQuaternionExp
D3DXQuaternionInverse
D3DXQuaternionLn
D3DXQuaternionMultiply
D3DXQuaternionNormalize
D3DXQuaternionRotationAxis
D3DXQuaternionRotationMatrix
D3DXQuaternionRotationYawPitchRoll
D3DXQuaternionSlerp
D3DXQuaternionSquad
D3DXQuaternionSquadSetup
D3DXQuaternionToAxisAngle
D3DXRectPatchSize
D3DXSHAdd
D3DXSHDot
D3DXSHEvalConeLight
D3DXSHEvalDirection
D3DXSHEvalDirectionalLight
D3DXSHEvalHemisphereLight
D3DXSHEvalSphericalLight
D3DXSHMultiply2
D3DXSHMultiply3
D3DXSHMultiply4
D3DXSHMultiply5
D3DXSHMultiply6
D3DXSHPRTCompSplitMeshSC
D3DXSHPRTCompSuperCluster
D3DXSHProjectCubeMap
D3DXSHRotate
D3DXSHRotateZ
D3DXSHScale
D3DXSaveMeshHierarchyToFileA
D3DXSaveMeshHierarchyToFileW
D3DXSaveMeshToXA
D3DXSaveMeshToXW
D3DXSavePRTBufferToFileA
D3DXSavePRTBufferToFileW
D3DXSavePRTCompBufferToFileA
D3DXSavePRTCompBufferToFileW
D3DXSaveSurfaceToFileA
D3DXSaveSurfaceToFileInMemory
D3DXSaveSurfaceToFileW
D3DXSaveTextureToFileA
D3DXSaveTextureToFileInMemory
D3DXSaveTextureToFileW
D3DXSaveVolumeToFileA
D3DXSaveVolumeToFileInMemory
D3DXSaveVolumeToFileW
D3DXSimplifyMesh
D3DXSphereBoundProbe
D3DXSplitMesh
D3DXTessellateNPatches
D3DXTessellateRectPatch
D3DXTessellateTriPatch
D3DXTriPatchSize
D3DXUVAtlasCreate
D3DXUVAtlasPack
D3DXUVAtlasPartition
D3DXValidMesh
D3DXValidPatchMesh
D3DXVec2BaryCentric
D3DXVec2CatmullRom
D3DXVec2Hermite
D3DXVec2Normalize
D3DXVec2Transform
D3DXVec2TransformArray
D3DXVec2TransformCoord
D3DXVec2TransformCoordArray
D3DXVec2TransformNormal
D3DXVec2TransformNormalArray
D3DXVec3BaryCentric
D3DXVec3CatmullRom
D3DXVec3Hermite
D3DXVec3Normalize
D3DXVec3Project
D3DXVec3ProjectArray
D3DXVec3Transform
D3DXVec3TransformArray
D3DXVec3TransformCoord
D3DXVec3TransformCoordArray
D3DXVec3TransformNormal
D3DXVec3TransformNormalArray
D3DXVec3Unproject
D3DXVec3UnprojectArray
D3DXVec4BaryCentric
D3DXVec4CatmullRom
D3DXVec4Cross
D3DXVec4Hermite
D3DXVec4Normalize
D3DXVec4Transform
D3DXVec4TransformArray
D3DXWeldVertices

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 62KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DyxTools/clear.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 32KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aspack
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DyxTools/reg.reg
Init.ini
KingMir3.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

FastMemoryCpy
FloatCalculate
GetBlockList
GetCharInfo
GetCharInfoEx
GetDetailBlockList
GetItemInfo
GetMagicInfo
GetMonInfo
GetMsgProcess
IsShowing
LoadPlayerConfig
PlayerNpcMonInfo
ReceiveMSG
RegMsgProcess
SavePlayerConfig
SetAutoDrinkMode
SetCharInfo
SetUserHp
ShowWgForm
UpdateMagicInfo
UpdateMonInfo
WGWriteString
WhereIAM

Sections

CODE
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 252KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 619B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 552KB - Virtual size: 552KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MagicEx.res
Mir3.exe
.exe windows:5 windows x86 arch:x86

440c024a6641affaa2beac90b0e0796f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Mir3_Release\Mir3_Release.pdb

Imports

kernel32

SetUnhandledExceptionFilter
SetErrorMode
GetDiskFreeSpaceExA
GetVersionExA
WideCharToMultiByte
FindResourceW
FindResourceExW
MultiByteToWideChar
GlobalFree
lstrcmpiA
lstrcatA
GetModuleHandleA
CompareStringW
CreateFileW
SetEndOfFile
GetDriveTypeW
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetCurrentDirectoryW
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryW
GetFileType
SetHandleCount
GetLocaleInfoW
GetTimeZoneInformation
IsValidCodePage
FlushFileBuffers
GetACP
GetModuleFileNameW
GetStdHandle
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
SetLastError
TerminateThread
TlsSetValue
SuspendThread
TlsAlloc
HeapCreate
IsProcessorFeaturePresent
GetCPInfo
LCMapStringW
FindFirstFileExA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetStartupInfoW
HeapSetInformation
GetCommandLineA
ExitProcess
lstrlenA
FindResourceA
SizeofResource
LoadResource
LockResource
CreateToolhelp32Snapshot
GetProcessId
Process32First
OpenProcess
Process32Next
GlobalAlloc
GlobalLock
GlobalUnlock
GetPrivateProfileIntA
GetCurrentDirectoryA
GetPrivateProfileSectionA
WritePrivateProfileStringA
GetLocalTime
SetFilePointer
WriteFile
ReadFile
GetLastError
ReleaseMutex
WaitForSingleObject
OpenMutexA
CreateMutexA
DeleteCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
OutputDebugStringA
FreeLibrary
LoadLibraryA
GetProcAddress
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleW
CreateThread
ExitThread
GetDateFormatA
GetTimeFormatA
RtlUnwind
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DecodePointer
EncodePointer
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileStringA
CreateDirectoryA
GetTickCount
Sleep
lstrcpyA
TlsFree
ResumeThread
GetCurrentThread
VirtualQuery
GetModuleFileNameA
TlsGetValue
DeviceIoControl
GetCurrentProcess
LocalAlloc
CreateFileA
GetFileSize
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetOEMCP
SetEnvironmentVariableA

user32

SetWindowTextA
KillTimer
SetFocus
GetKeyState
ShowWindow
SetRect
MoveWindow
GetWindowTextA
ChangeDisplaySettingsA
GetKeyboardState
ScreenToClient
PostQuitMessage
PtInRect
SendMessageA
UpdateWindow
GetSystemMetrics
SetWindowPos
SystemParametersInfoA
CreateWindowExA
DestroyWindow
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
SetTimer
wsprintfA
IsIconic
GetActiveWindow
CallWindowProcA
EndPaint
MessageBoxA
OffsetRect
LoadIconA
RegisterClassExA
GetCursorPos
LoadImageA
GetClientRect
ClientToScreen
LoadCursorA
SetCursor
GetMenu
EnumDisplaySettingsA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
GetWindowLongA
SetWindowLongA
BeginPaint
InvalidateRect
DefWindowProcA

gdi32

GetObjectA
DeleteObject
SetBrushOrgEx
UnrealizeObject
GetDIBits
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
CreateSolidBrush
DeleteDC
GetTextExtentPoint32A
CreateFontA
SetBkColor
SetTextColor

advapi32

DeleteService
SetSecurityInfo
AddAccessAllowedAce
AddAccessDeniedAce
InitializeAcl
GetTokenInformation
OpenProcessToken
AllocateAndInitializeSid
CloseServiceHandle
ControlService
OpenServiceA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
FreeSid

shell32

ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

ws2_32

htonl
gethostbyname
inet_addr
connect
WSAAsyncSelect
htons
WSAIoctl
setsockopt
getsockopt
WSAGetLastError
socket
closesocket
send
recv
ioctlsocket
WSAStartup
WSACleanup

avifil32

AVIStreamRelease
AVIFileExit
AVIStreamInfoA
AVIStreamLength
AVIStreamReadFormat
AVIFileGetStream
AVIFileOpenA
AVIFileInit
AVIFileRelease
AVIStreamRead

msvfw32

ICLocate
ICSendMessage
ICClose
ICDecompress

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA

d3dx9_43

D3DXMatrixMultiply
D3DXMatrixOrthoOffCenterLH
D3DXCreateTexture
D3DXCreateFontA
D3DXMatrixScaling
D3DXMatrixTranslation

d3d9

Direct3DCreate9

winmm

timeGetTime

dsound

ord1

netapi32

Netbios

imm32

ImmGetContext
ImmSetConversionStatus
ImmReleaseContext
ImmGetCompositionStringA

psapi

GetModuleFileNameExA

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 726KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MirPath.ini
SoundList.wwl
ZS-20180103.DSK
ZS-20180103.INF
king3.ini
motions.res
update.txt
战神传奇3.exe
.exe windows:4 windows x86 arch:x86

2d602830e929862b47a9777db6da2a68

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaVarTstGt
__vbaVarSub
__vbaStrI2
__vbaVargParmRef
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaStrI4
__vbaVarMove
ord693
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord695
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
ord588
ord696
__vbaPut3
__vbaEnd
__vbaVarIdiv
__vbaFreeVarList
_adj_fdiv_m64
__vbaVarIndexStore
__vbaRaiseEvent
__vbaGetFxStr3
__vbaFreeObjList
ord516
ord517
_adj_fprem1
ord518
__vbaRecAnsiToUni
__vbaVarSetVarAddref
ord519
__vbaI2Abs
ord628
__vbaResume
__vbaCopyBytes
ord629
__vbaVarCmpNe
__vbaStrCat
ord660
__vbaBoolErrVar
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaNameFile
ord662
__vbaHresultCheckObj
ord556
__vbaVargVarCopy
__vbaLenVar
_adj_fdiv_m32
ord666
__vbaAryVar
__vbaVarXor
__vbaAryDestruct
__vbaVarIndexLoadRefLock
__vbaCyErrVar
ord591
__vbaLateMemSt
__vbaForEachCollObj
__vbaStrBool
ord593
__vbaVarForInit
__vbaExitProc
__vbaI4Abs
ord594
ord301
__vbaCyAdd
ord595
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord304
ord598
__vbaVarIndexLoad
__vbaForEachCollVar
ord520
__vbaStrFixstr
__vbaBoolVar
ord307
__vbaVarTstLt
__vbaRefVarAry
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
ord709
__vbaVarZero
__vbaVargVarMove
ord525
__vbaNextEachCollObj
ord632
__vbaVarCmpGt
__vbaChkstk
__vbaFileClose
ord526
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaGet3
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaPutOwner3
__vbaVarTstEq
__vbaDateR8
__vbaCyI4
ord560
__vbaNextEachCollVar
ord561
__vbaObjVar
__vbaPrintObj
__vbaI2I4
ord562
DllFunctionCall
__vbaVarLateMemSt
ord563
__vbaVarOr
ord564
__vbaCySub
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
ord568
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaUI1ErrVar
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
ord601
__vbaUI1I2
_CIsqrt
ord310
__vbaObjIs
__vbaVarAnd
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaFpCmpCy
__vbaUI1I4
__vbaStrUI1
__vbaVarMul
__vbaExceptHandler
ord312
ord711
__vbaInputFile
__vbaStrToUnicode
__vbaPrintFile
ord712
__vbaR4ErrVar
ord606
_adj_fprem
_adj_fdivr_m64
__vbaR8ErrVar
__vbaLateIdStAd
ord607
__vbaVarDiv
ord608
ord531
ord716
__vbaFPException
__vbaInStrVar
ord717
ord532
ord319
__vbaGetOwner3
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
__vbaVarCat
__vbaCheckType
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
__vbaFileSeek
ord537
ord644
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord570
ord648
__vbaR8Str
__vbaVar2Vec
__vbaInStr
__vbaVarLateMemCallLdRf
__vbaNew2
ord571
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
__vbaVarSetObj
ord573
__vbaStrCopy
ord681
__vbaI4Str
__vbaVarNot
__vbaVarCmpLt
__vbaFreeStrList
ord576
_adj_fdivr_m32
ord577
__vbaPowerR8
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
ord579
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
__vbaFpCy
__vbaAryLock
__vbaLateMemCall
__vbaVarAdd
ord320
__vbaStrComp
ord612
__vbaVarDup
__vbaStrToAnsi
ord321
__vbaVerifyVarObj
__vbaFpI2
__vbaVarMod
__vbaVarTstGe
__vbaUnkVar
ord616
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaFpI4
__vbaR8IntI2
ord617
__vbaVarSetObjAddref
__vbaLateMemCallLd
__vbaRecDestructAnsi
_CIatan
__vbaI2ErrVar
__vbaAryCopy
ord618
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
__vbaI4Cy
ord619
__vbaR8IntI4
ord650
_allmul
ord651
__vbaLenVarB
__vbaLateIdSt
_CItan
ord546
__vbaAryUnlock
__vbaUI1Var
__vbaFPInt
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaRecAssign
__vbaI4ErrVar
ord580
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8df7445917c811cf5863fa02cca76fe2

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 584KB - Virtual size: 581KB

.data Size: 4KB - Virtual size: 23KB

.rsrc Size: 192KB - Virtual size: 189KB

5fb75b2a87c1fa7cc3d7904a0b97084a

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

9b:28:ef:17:5d:cd:b3:d3:ec:10:d1:6d:64:92:d2:24:02:c3:2b:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

gdi32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 62KB - Virtual size: 148KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 55KB - Virtual size: 55KB

Headers

File Characteristics

Sections

.text Size: 32KB - Virtual size: 100KB

.data Size: 512B - Virtual size: 8KB

.rsrc Size: 22KB - Virtual size: 152KB

.aspack Size: 26KB - Virtual size: 28KB

.adata Size: - Virtual size: 4KB

Headers

File Characteristics

Exports

Exports

Sections

CODE Size: 1.1MB - Virtual size: 1.1MB

DATA Size: 14KB - Virtual size: 14KB

BSS Size: - Virtual size: 252KB

.idata Size: 11KB - Virtual size: 10KB

.edata Size: 1024B - Virtual size: 619B

.reloc Size: 64KB - Virtual size: 64KB

.rsrc Size: 552KB - Virtual size: 552KB

440c024a6641affaa2beac90b0e0796f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

ws2_32

avifil32

msvfw32

.text
Size: 584KB - Virtual size: 581KB

.data
Size: 4KB - Virtual size: 23KB

.rsrc
Size: 192KB - Virtual size: 189KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

9b:28:ef:17:5d:cd:b3:d3:ec:10:d1:6d:64:92:d2:24:02:c3:2b:3e
Signer

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 62KB - Virtual size: 148KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 55KB - Virtual size: 55KB

.text
Size: 32KB - Virtual size: 100KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 22KB - Virtual size: 152KB

.aspack
Size: 26KB - Virtual size: 28KB

.adata
Size: - Virtual size: 4KB

CODE
Size: 1.1MB - Virtual size: 1.1MB

DATA
Size: 14KB - Virtual size: 14KB

BSS
Size: - Virtual size: 252KB

.idata
Size: 11KB - Virtual size: 10KB

.edata
Size: 1024B - Virtual size: 619B

.reloc
Size: 64KB - Virtual size: 64KB

.rsrc
Size: 552KB - Virtual size: 552KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 231KB - Virtual size: 231KB

.data
Size: 726KB - Virtual size: 2.1MB

.tls
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 15KB - Virtual size: 15KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 4KB - Virtual size: 60KB

.rsrc
Size: 152KB - Virtual size: 148KB