2024-04-28_e1d40248de9fe400b87083e1d3b93218_icedid_nymaim

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-28_e1d40248de9fe400b87083e1d3b93218_icedid_nymaim
Size

3.8MB
MD5

e1d40248de9fe400b87083e1d3b93218
SHA1

a6446f9130730b3e378829848e93d4e355028d0e
SHA256

a85a3f5363de5206124da442ec8fb2bc580124bff31797c260d39e74724b1e24
SHA512

7238c2f01ac57df803c0d3a8d4eb2b2e5d2b5ac322c6e9159dbf4bcc6e115dfa7ff1fd5966eee3edca251251ddc74782fc6eb0c672441e5ab1a0f958c7b30b51
SSDEEP

49152:tck8g3jfJM3G9FqvXlLFIlc9nYwnA1FrScOgu0PPs/wQ17n8TqNx:GJn3G9FKXlRIsYr1FrScvuiPjmb8T+x

Score

10^/10

Malware Config

Signatures

Detects executables containing SQL queries to confidential data stores. Observed in infostealers 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore

Files

2024-04-28_e1d40248de9fe400b87083e1d3b93218_icedid_nymaim
.exe windows:4 windows x86 arch:x86

4d87b0efd77c6474fe1565b2c6c40f9f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:28:5b:3b:82:72:0e:35:59:f1:dc:29:0e:7e:c2:18
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/01/2016, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c3:4e:45:97:44:96:51:f5:62:f1:b3:9d:61:e4:80:64:6d:fb:02:c0:42:02:4a:bf:1b:af:bd:d8:53:f3:05:b1
Signer

Actual PE Digest

c3:4e:45:97:44:96:51:f5:62:f1:b3:9d:61:e4:80:64:6d:fb:02:c0:42:02:4a:bf:1b:af:bd:d8:53:f3:05:b1

Digest Algorithm

sha256

PE Digest Matches

false

b3:aa:12:2f:b6:40:d9:13:a6:d0:db:b6:07:1d:08:05:bd:fe:82:fe
Signer

Actual PE Digest

b3:aa:12:2f:b6:40:d9:13:a6:d0:db:b6:07:1d:08:05:bd:fe:82:fe

Digest Algorithm

sha1

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
gethostbyname
inet_addr
htons
ioctlsocket
socket
closesocket
send
recv
__WSAFDIsSet
select
getsockopt
listen
bind
accept
getsockname
ntohs
WSASetLastError
WSAStartup
WSACleanup
htonl
ntohl
WSAGetLastError

kernel32

GlobalFlags
TlsAlloc
GlobalHandle
TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GetProcessVersion
GetCPInfo
GetOEMCP
GetFileTime
SetErrorMode
WritePrivateProfileStringA
RtlUnwind
GetTimeZoneInformation
GetLocalTime
GetSystemTimeAsFileTime
RaiseException
HeapReAlloc
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
RemoveDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GetStartupInfoA
GetCommandLineA
ExitThread
GetACP
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualProtect
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetStdHandle
SetHandleCount
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
GetProfileStringA
MulDiv
MultiByteToWideChar
LocalFree
FormatMessageA
GetLastError
GetFileAttributesW
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalSize
Sleep
FreeLibrary
lstrlenW
GetCurrentThread
FileTimeToLocalFileTime
GetTickCount
GetProfileIntA
GetThreadLocale
GetFullPathNameA
FindFirstFileA
UnlockFile
LockFile
DuplicateHandle
lstrcmpA
SuspendThread
SetThreadPriority
ResumeThread
InterlockedDecrement
InterlockedIncrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
CreateProcessA
RemoveDirectoryW
SetThreadExecutionState
GetVolumeInformationW
CompareFileTime
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetSystemInfo
GetComputerNameA
FindResourceA
SizeofResource
LoadResource
LockResource
GetCurrentDirectoryA
GetSystemDefaultLangID
GetVolumeInformationA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
lstrcpynA
CreateThread
SleepEx
ReadFile
CreateDirectoryA
CopyFileW
MoveFileA
LocalAlloc
SetLastError
CreateDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
SetFileAttributesW
FlushFileBuffers
DeviceIoControl
GetCurrentThreadId
TerminateProcess
GetUserDefaultLangID
SetEvent
lstrlenA
GetProcAddress
LoadLibraryA
CopyFileA
GetFileAttributesA
GetModuleFileNameA
SetFileAttributesA
DeleteFileA
GetWindowsDirectoryW
lstrcmpiA
GetLocaleInfoA
GetVersion
GetSystemDirectoryA
GetCurrentProcessId
MoveFileW
GetSystemTime
SystemTimeToFileTime
SetFileTime
LoadLibraryW
MoveFileExW
GlobalAlloc
GlobalFree
GetModuleHandleA
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
lstrcatA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointer
SetEndOfFile
GetSystemDirectoryW
DeleteFileW
GetWindowsDirectoryA
GetVersionExA
GetExitCodeProcess
CreateFileA
GetCurrentProcess
ExitProcess
CreateProcessW
GetModuleFileNameW
CreateEventA
WaitForMultipleObjects
ResetEvent
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
CreateMutexA
OpenMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
VirtualAlloc

user32

GetDCEx
LockWindowUpdate
DrawTextA
TabbedTextOutA
GetMenuCheckMarkDimensions
GetMenuState
SetMenuItemBitmaps
IsDialogMessageA
GetDlgItemTextA
SendDlgItemMessageA
MapWindowPoints
GetFocus
AdjustWindowRectEx
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
IsChild
WinHelpA
GetClassInfoA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
UnhookWindowsHookEx
CallWindowProcA
GetMessageTime
GetLastActivePopup
SystemParametersInfoA
GetWindowPlacement
GetNextDlgTabItem
EndDialog
SetActiveWindow
CreateDialogIndirectParamA
GetParent
IsWindowEnabled
GetActiveWindow
DrawTextW
DrawFrameControl
SetRect
SystemParametersInfoW
DrawStateA
ModifyMenuW
DeleteMenu
AppendMenuW
DrawIconEx
IntersectRect
GetSysColorBrush
FrameRect
PeekMessageA
UnionRect
ClientToScreen
WindowFromPoint
SetDlgItemTextA
GetClassNameA
GetWindowTextLengthW
GetWindowTextLengthA
CopyIcon
SetFocus
DestroyIcon
PostQuitMessage
GetMessageA
TranslateMessage
DispatchMessageA
UpdateWindow
SetCursorPos
CreateDialogParamW
CreateDialogParamA
SetPropA
RemovePropA
DefWindowProcW
DefWindowProcA
CreateWindowExA
SetWindowLongA
RegisterClassA
DefDlgProcA
DestroyWindow
GetWindowLongA
GetWindowDC
BeginPaint
EndPaint
SetDlgItemTextW
RegisterWindowMessageA
RegisterClipboardFormatA
RemoveMenu
DrawFocusRect
GetMessagePos
ScreenToClient
LoadCursorA
SetCursor
EqualRect
GetCapture
ReleaseCapture
SetCapture
CreatePopupMenu
GetKeyState
ModifyMenuA
TrackPopupMenu
IsIconic
GetSystemMetrics
DrawIcon
OffsetRect
EnableMenuItem
SetClipboardViewer
CheckMenuItem
LoadImageW
LoadImageA
DestroyMenu
ChangeClipboardChain
GetMenu
EnumWindows
SetForegroundWindow
IsWindowVisible
wsprintfW
ShowWindow
SendMessageW
LoadBitmapA
IsWindow
GetMenuItemCount
GetMenuItemID
GetSubMenu
AppendMenuA
GetNextDlgGroupItem
CopyAcceleratorTableA
CharNextA
PostThreadMessageA
GetAsyncKeyState
SetRectEmpty
MapDialogRect
SetWindowContextHelpId
IsRectEmpty
InflateRect
CharUpperA
IsClipboardFormatAvailable
ValidateRect
FillRect
GrayStringA
CheckMenuRadioItem
GetCursorPos
PtInRect
InvalidateRect
GetClientRect
ReleaseDC
CopyRect
FindWindowA
GetWindowThreadProcessId
MsgWaitForMultipleObjects
MoveWindow
SetParent
KillTimer
SetTimer
wsprintfA
PostMessageA
GetForegroundWindow
ExitWindowsEx
MessageBeep
GetWindowTextA
MessageBoxW
GetWindowTextW
GetWindowRect
CreateWindowExW
SetWindowPos
SetWindowTextW
SetWindowTextA
GetDesktopWindow
MessageBoxA
GetDlgItem
GetSysColor
GetDlgCtrlID
LoadStringA
SendMessageA
GetWindow
GetDC
EnableWindow
LoadIconA
IsWindowUnicode
ExcludeUpdateRgn
ShowCaret
HideCaret
UnregisterClassA
GetPropA

gdi32

GetViewportExtEx
GetWindowExtEx
CreatePatternBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CreateRectRgnIndirect
SetRectRgn
CombineRgn
StretchDIBits
GetCharWidthA
GetTextMetricsA
CopyMetaFileA
GetTextColor
GetBkColor
CreateRectRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
RestoreDC
SaveDC
CreateBitmap
GetClipBox
SetBkMode
SetBkColor
SetTextColor
SetStretchBltMode
CreateFontIndirectW
GetMapMode
SetMapMode
LPtoDP
DPtoLP
CreateCompatibleBitmap
DeleteObject
SelectObject
StretchBlt
BitBlt
DeleteDC
GetStockObject
CreateCompatibleDC
GetDIBits
CreateDIBSection
CreateSolidBrush
GetObjectA
CreateFontIndirectA
GetDeviceCaps
GetTextExtentPointA
PatBlt
CreateDIBitmap
CreateFontA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA
GetSaveFileNameW

advapi32

CloseServiceHandle
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyA
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExW
RegSetValueExW
RegNotifyChangeKeyValue
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegDeleteValueW
RegFlushKey
RegCreateKeyExW
GetUserNameW
RegLoadKeyA
RegRestoreKeyA
GetUserNameA
RegSaveKeyA
OpenSCManagerA
OpenServiceA
RegCloseKey
DuplicateTokenEx
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
RegEnumValueA

shell32

SHGetMalloc
SHGetDesktopFolder
Shell_NotifyIconA
SHBrowseForFolderW
SHGetPathFromIDListW
SHFileOperationW
SHFileOperationA
ShellExecuteW
FindExecutableW
ShellExecuteExA
ShellExecuteExW
SHGetFileInfoW
SHGetFileInfoA
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

comctl32

ImageList_AddMasked
ImageList_Add
ImageList_Remove
ord17
ord8
ImageList_BeginDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_EndDrag
ImageList_DragLeave
ImageList_Draw
ImageList_DragEnter
ImageList_GetIcon
ImageList_Destroy
ImageList_Create
PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA

oledlg

ord8

ole32

OleUninitialize
OleInitialize
ReleaseStgMedium
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
OleGetClipboard
CoRevokeClassObject
CoRegisterClassObject
CoGetObject
CoInitialize
StringFromGUID2
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
OleDuplicateData
CoDisconnectObject
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoFreeUnusedLibraries

olepro32

ord253
ord251

oleaut32

SysAllocStringByteLen
VariantTimeToSystemTime
VariantChangeType
VariantClear
VariantCopy
LoadTypeLibEx
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
LoadTypeLi
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

wininet

InternetCanonicalizeUrlW
InternetSetCookieA
InternetGetCookieA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCombineUrlA
GetUrlCacheEntryInfoW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 572KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 206KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4d87b0efd77c6474fe1565b2c6c40f9f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8aCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5a:28:5b:3b:82:72:0e:35:59:f1:dc:29:0e:7e:c2:18Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

c3:4e:45:97:44:96:51:f5:62:f1:b3:9d:61:e4:80:64:6d:fb:02:c0:42:02:4a:bf:1b:af:bd:d8:53:f3:05:b1Signer

b3:aa:12:2f:b6:40:d9:13:a6:d0:db:b6:07:1d:08:05:bd:fe:82:feSigner

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

oledlg

ole32

olepro32

oleaut32

wininet

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 572KB - Virtual size: 570KB

.data Size: 184KB - Virtual size: 206KB

.rsrc Size: 924KB - Virtual size: 923KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5a:28:5b:3b:82:72:0e:35:59:f1:dc:29:0e:7e:c2:18
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

c3:4e:45:97:44:96:51:f5:62:f1:b3:9d:61:e4:80:64:6d:fb:02:c0:42:02:4a:bf:1b:af:bd:d8:53:f3:05:b1
Signer

b3:aa:12:2f:b6:40:d9:13:a6:d0:db:b6:07:1d:08:05:bd:fe:82:fe
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 572KB - Virtual size: 570KB

.data
Size: 184KB - Virtual size: 206KB

.rsrc
Size: 924KB - Virtual size: 923KB