cc20cae08f82e39e35ac3a7edbbbd129337b7aee0572858e02bfda88995f7146[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

cc20cae08f82e39e35ac3a7edbbbd129337b7aee0572858e02bfda88995f7146.exe
Size

271KB
MD5

f64cf47ae8bc917c16d8c4749182ccaf
SHA1

56c2eb969bc77b953fa20817aa35a0fa123db807
SHA256

cc20cae08f82e39e35ac3a7edbbbd129337b7aee0572858e02bfda88995f7146
SHA512

7ea81a959202cdda6499694f8f0bfa899725678d359f5d7b5b3d3c4110ff106ae0835c4a682d3e7b8ec004cbf30cd663490b98b2975e65adcc8d1518217841b5
SSDEEP

6144:+R+xX0oKDDpdHSJ4K11i4rcP0i1cct6oRSIPrzV3C5zoyl:SPD3HZ2S0iisbhProVN

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
cc20cae08f82e39e35ac3a7edbbbd129337b7aee0572858e02bfda88995f7146.exe
unpack001/$APPDATA/noheader/hl/verifypeer/lst/AxImp.exe
unpack001/$APPDATA/noheader/hl/verifypeer/lst/makecert.exe
unpack001/$PLUGINSDIR/System.dll
unpack001/$TEMP/disp/square/aspnetcompiler.exe
unpack001/$TEMP/disp/square/netfxperf.dll
unpack001/$TEMP/stepfather.dll

Files

cc20cae08f82e39e35ac3a7edbbbd129337b7aee0572858e02bfda88995f7146.exe
.exe windows:4 windows x86 arch:x86

1f23f452093b5c1ff091a2f9fb4fa3e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
GetShortPathNameW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/66-lohit-kannada.conf
$APPDATA/noheader/hl/verifypeer/lst/6x10-KOI8-R.pcf.gz
.gz
6x10-KOI8-R.pcf
$APPDATA/noheader/hl/verifypeer/lst/AxImp.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AxImp.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/noheader/hl/verifypeer/lst/makecert.exe
.exe windows:5 windows x86 arch:x86

34bca1a8725a684420029505cfe3aa97

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetProcAddress
CompareFileTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
CloseHandle
UnmapViewOfFile
FindResourceA
LoadResource
SizeofResource
LockResource
FreeResource
SetLastError
SystemTimeToFileTime
LocalFileTimeToFileTime
GetLastError
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
GetFileSize
WriteFile
WideCharToMultiByte
LocalAlloc
GetVersionExA
MultiByteToWideChar
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW

msvcrt

exit
_cexit
__winitenv
_exit
_c_exit
strtok
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
_wtol
_wcsnicmp
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
free
_wcsicmp
vwprintf
wprintf
malloc
swprintf
_XcptFilter
wcscpy
__wgetmainargs

advapi32

CryptGetUserKey
CryptSetKeyParam
CryptGenKey
CryptDestroyKey
CryptAcquireContextA
CryptGetProvParam
CryptReleaseContext

user32

LoadStringA
LoadStringW

ole32

CoInitialize
CoUninitialize
CoCreateGuid

oleaut32

VarDateFromStr

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

mssign32

GetCryptProvFromCert
FreeCryptProvFromCert
PvkFreeCryptProv
PvkPrivateKeySave
SignError
PvkGetCryptProv
PvkPrivateKeyAcquireContextFromMemory

crypt32

CertFreeCertificateContext
CertSetCertificateContextProperty
CertAddEncodedCertificateToStore
CertOpenStore
CertCreateCertificateContext
CryptDecodeObject
CertComparePublicKeyInfo
CryptExportPublicKeyInfo
CryptEncodeObject
CryptQueryObject
CertStrToNameW
CryptHashPublicKeyInfo
CryptHashCertificate
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertEnumCertificatesInStore
CertFindCertificateInStore
CertCompareIntegerBlob
CryptSignAndEncodeCertificate
CertCloseStore

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/noheader/hl/verifypeer/lst/nobegintest.rc
$APPDATA/noheader/hl/verifypeer/lst/servrapp1.gif
$APPDATA/noheader/hl/verifypeer/lst/sqlntsv9F.HxK
.xml
$APPDATA/noheader/hl/verifypeer/lst/x-fictionbook+xml.xml
.xml
$APPDATA/noheader/hl/verifypeer/lst/x-tex-pk.xml
.xml
$APPDATA/org.gnome.desktop.wm.keybindings.gschema.xml
.xml
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Blacktop
$TEMP/disp/square/.ldata.i35.me9
$TEMP/disp/square/aspnetcompiler.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

aspnet_compiler.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/disp/square/entsrvperf02.gif
$TEMP/disp/square/gzexe
.sh linux
$TEMP/disp/square/hu.ttb
$TEMP/disp/square/libevdocument3-4
$TEMP/disp/square/netfxperf.dll
.dll windows:4 windows x86 arch:x86

3dbf7da614961234fa6fd11137b304ed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

netfxperf.pdb

Imports

kernel32

LoadLibraryExW
lstrlenW
GetLastError
GetProcAddress
lstrcatW
VirtualAlloc
HeapFree
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
HeapReAlloc
HeapAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr

mscoree

GetCORSystemDirectory

Exports

Exports

ClosePerformanceData
CollectPerformanceData
OpenPerformanceData

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 870B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/disp/square/wctype.c
$TEMP/disp/square/wsearche.c
$TEMP/passwrd/31004
$TEMP/passwrd/71.opends60.dll
$TEMP/passwrd/bug.cs
.js
$TEMP/stepfather.dll
.dll windows:4 windows x86 arch:x86

1eb01c763bdce163d7a9850c7ffc1fa3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

DlgDirListComboBoxA
OemKeyScan

kernel32

HeapDestroy
SetCriticalSectionSpinCount
GetModuleHandleA
GetProcAddress
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

Amortise
Appalls
Apprenticing
Bolshevises
Cage
Cannibalized
Cares
Carrier
Chirms
Chirre
Complexions
Concave
Corrades
Crossbreed
Damnify
Dance
Debuts
Decimate
Deploy
Dispread
Dissects
Domesticating
Encarnalising
Entoils
Epitomises
Etherify
Inducing
Ingurgitate
Intellectualise
Liedowns
Lithograph
Mitch
Outpray
Overgrazing
Overrank
Partakes
Peaces
Phenomenalize
Punishes
Records
Regrade
Replans
Septuple
Shimmer
Shying
Sinks
Soot
Sorb
Soup
Trivialised
Unknots

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f23f452093b5c1ff091a2f9fb4fa3e9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 10KB - Virtual size: 9KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 36KB - Virtual size: 32KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

34bca1a8725a684420029505cfe3aa97

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

advapi32

user32

ole32

oleaut32

rpcrt4

mssign32

crypt32

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 13KB - Virtual size: 13KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 120B

.reloc Size: 1024B - Virtual size: 648B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 24KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

3dbf7da614961234fa6fd11137b304ed

Headers

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 10KB - Virtual size: 9KB

.text
Size: 36KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 13KB - Virtual size: 13KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 648B

.text
Size: 24KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 368B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 870B

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB