g:\acro_root_at\acrobat\systemsynchronizer\synchronizerapp\build\win\release\AdobeCollabSync.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
586c136a13a7cbe2d5a1b69c6c26fae0_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
586c136a13a7cbe2d5a1b69c6c26fae0_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
586c136a13a7cbe2d5a1b69c6c26fae0_NeikiAnalytics
-
Size
3.0MB
-
MD5
586c136a13a7cbe2d5a1b69c6c26fae0
-
SHA1
86ed5b615b115032d5f519e4632b9f7570958f7b
-
SHA256
86a57eade8a5f756320ee5ad6d1a7a7a6f91d549b948ace44650fc4ac7efb2ec
-
SHA512
a49b61002aa15fcef8fd2f767c7316dce6c8c3f87a860cfe5259c5a0b076ac84b59aebf06a8968b7f65cd85d7ce85257c3de1a69642ab361ed2b9c8807f6fe48
-
SSDEEP
24576:sDKnxYaXJi2Y3MpbwnCvzb4cbmYdTyVDnSI8LUlFl5Fp4P/HEp6uu:sDkYOMwwnMb4PmyV9cY/43Ep6
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 586c136a13a7cbe2d5a1b69c6c26fae0_NeikiAnalytics
Files
-
586c136a13a7cbe2d5a1b69c6c26fae0_NeikiAnalytics.exe windows:4 windows x86 arch:x86
49300f2855263524c4995b36fbea3ecd
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
shlwapi
StrCmpNA
msvcp80
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0strstreambuf@std@@QAE@H@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??1strstreambuf@std@@UAE@XZ
?freeze@strstreambuf@std@@QAEX_N@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Xran@_String_base@std@@SAXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@V32@D@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
msvcr80
strtoul
strchr
malloc
calloc
realloc
free
strtol
isspace
tolower
memchr
_environ
qsort
_stricmp
strpbrk
__tzname
__timezone
__daylight
_endthreadex
sprintf
strncmp
strlen
strcpy
getenv
atoi
isdigit
_vsnwprintf_s
memset
wcsrchr
wcsncpy_s
_wcsicmp
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
_invalid_parameter_noinfo
_purecall
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_exit
_errno
_beginthreadex
_mbsinc
_stat64i32
isalpha
_mbspbrk
_access
memmove
fprintf
__iob_func
exit
strstr
strrchr
strcmp
sscanf
fclose
setvbuf
fopen
fflush
fputs
abort
strcat
strerror
_strlwr
toupper
memmove_s
memcmp
isalnum
strncpy
_gmtime64
_time64
strftime
_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_putenv
_strdup
_localtime64
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
_XcptFilter
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
memcpy
_ismbblead
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_mktime64
ws2_32
ntohl
inet_addr
ntohs
htons
getprotobynumber
getprotobyname
gethostbyaddr
gethostbyname
htonl
WSAStartup
WSASetLastError
select
recvfrom
sendto
send
recv
__WSAFDIsSet
accept
getsockopt
getpeername
getsockname
shutdown
listen
setsockopt
bind
connect
socket
ioctlsocket
closesocket
WSAGetLastError
WSACleanup
wininet
InternetCloseHandle
InternetWriteFile
InternetReadFile
HttpEndRequestA
HttpSendRequestExA
HttpAddRequestHeadersA
InternetSetOptionA
InternetOpenA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
mswsock
AcceptEx
GetAcceptExSockaddrs
TransmitFile
mpr
WNetCancelConnection2A
WNetAddConnection2A
crypt32
CryptUnprotectData
CryptProtectData
kernel32
GetFullPathNameA
GetDriveTypeA
DeleteFileA
FindNextFileA
FindFirstFileA
FindClose
GetHandleInformation
SetHandleInformation
FlushFileBuffers
WriteFile
ReadFile
CreateFileA
SetFilePointer
CreateIoCompletionPort
PostQueuedCompletionStatus
WaitForMultipleObjects
GetOverlappedResult
ResetEvent
DeleteFiber
GetQueuedCompletionStatus
InterlockedCompareExchange
ReleaseSemaphore
SetLastError
SwitchToFiber
CreateFiber
ResumeThread
SuspendThread
GetProcessAffinityMask
SetThreadAffinityMask
ConvertThreadToFiber
SetThreadPriority
Sleep
GetCurrentProcess
GetCurrentThread
DuplicateHandle
GetFileInformationByHandle
CreateEventA
TlsFree
TlsAlloc
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreatePipe
UnmapViewOfFile
MapViewOfFile
RemoveDirectoryA
GetSystemInfo
CreateFileMappingA
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
GetStdHandle
CreateProcessA
GetLastError
CloseHandle
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersionExA
GetTimeZoneInformation
WideCharToMultiByte
GetSystemTimeAsFileTime
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
LoadLibraryW
GetUserDefaultLCID
FreeLibrary
MoveFileA
CreateSemaphoreA
CreateDirectoryA
MultiByteToWideChar
DeleteFileW
GetFileAttributesA
GetFileAttributesW
GetTempPathA
InterlockedIncrement
CreateFileW
PeekNamedPipe
ConnectNamedPipe
CreateNamedPipeA
DisconnectNamedPipe
GetTempPathW
GetCurrentProcessId
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
UnlockFileEx
lstrlenA
GetVolumeInformationA
SetErrorMode
GetLogicalDriveStringsA
CancelIo
LockFileEx
LoadLibraryA
GetModuleFileNameA
OutputDebugStringA
DebugBreak
InterlockedExchange
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
FindNextChangeNotification
FindFirstChangeNotificationA
SetEvent
FindCloseChangeNotification
LocalFree
LocalAlloc
GetSystemTime
FormatMessageA
GetCurrentThreadId
SetEndOfFile
GetFileSize
LockFile
UnlockFile
GetFullPathNameW
user32
GetMessageA
PostQuitMessage
TrackPopupMenu
LoadImageW
SetForegroundWindow
SetPropW
InsertMenuItemW
TranslateMessage
DefWindowProcA
GetCursorPos
LoadStringW
CreatePopupMenu
PostMessageA
GetPropW
DestroyMenu
CallWindowProcA
GetSystemMetrics
RegisterClassW
InsertMenuW
DispatchMessageA
CreateWindowExW
DestroyWindow
advapi32
ConvertStringSecurityDescriptorToSecurityDescriptorA
OpenThreadToken
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
FreeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
AllocateAndInitializeSid
RegCloseKey
RegOpenKeyW
RegQueryValueExW
ConvertSidToStringSidA
shell32
SHGetSpecialFolderLocation
ShellExecuteA
Shell_NotifyIconW
SHGetPathFromIDListA
ole32
CoTaskMemFree
Exports
Exports
GetExecutionEnvironment
LL_MaxInt
LL_MaxUint
LL_MinInt
LL_Zero
PL_Base64Decode
PL_Base64Encode
PL_strlen
PL_strnlen
PRP_DestroyNakedCondVar
PRP_NakedBroadcast
PRP_NakedNotify
PRP_NakedWait
PRP_NewNakedCondVar
PRP_TryLock
PR_Abort
PR_Accept
PR_AcceptRead
PR_Access
PR_AddWaitFileDesc
PR_AllocFileDesc
PR_Assert
PR_AtomicAdd
PR_AtomicDecrement
PR_AtomicIncrement
PR_AtomicSet
PR_AttachThread
PR_AttachThreadGCAble
PR_Available
PR_Available64
PR_Bind
PR_BlockClockInterrupts
PR_BlockInterrupt
PR_CEnterMonitor
PR_CExitMonitor
PR_CNotify
PR_CNotifyAll
PR_CSetOnMonitorRecycle
PR_CWait
PR_CallOnce
PR_CallOnceWithArg
PR_Calloc
PR_CancelWaitFileDesc
PR_CancelWaitGroup
PR_ChangeFileDescNativeHandle
PR_Cleanup
PR_ClearInterrupt
PR_ClearThreadGCAble
PR_Close
PR_CloseDir
PR_CloseFileMap
PR_Connect
PR_ConnectContinue
PR_ConvertIPv4AddrToIPv6
PR_CreateFileMap
PR_CreateIOLayer
PR_CreateIOLayerStub
PR_CreateMWaitEnumerator
PR_CreatePipe
PR_CreateProcess
PR_CreateProcessDetached
PR_CreateSocketPollFd
PR_CreateStack
PR_CreateThread
PR_CreateThreadGCAble
PR_CreateWaitGroup
PR_Delete
PR_DestroyCondVar
PR_DestroyLock
PR_DestroyMWaitEnumerator
PR_DestroyMonitor
PR_DestroyProcessAttr
PR_DestroyRWLock
PR_DestroySocketPollFd
PR_DestroyStack
PR_DestroyWaitGroup
PR_DetachProcess
PR_DetachThread
PR_DisableClockInterrupts
PR_EmulateAcceptRead
PR_EmulateSendFile
PR_EnableClockInterrupts
PR_EnterMonitor
PR_EnumerateHostEnt
PR_EnumerateThreads
PR_EnumerateWaitGroup
PR_ErrorInstallCallback
PR_ErrorInstallTable
PR_ErrorLanguages
PR_ErrorToName
PR_ErrorToString
PR_ExitMonitor
PR_ExplodeTime
PR_FD_CLR
PR_FD_ISSET
PR_FD_NCLR
PR_FD_NISSET
PR_FD_NSET
PR_FD_SET
PR_FD_ZERO
PR_FileDesc2NativeHandle
PR_FindFunctionSymbol
PR_FindFunctionSymbolAndLibrary
PR_FindLibrary
PR_FindSymbol
PR_FindSymbolAndLibrary
PR_FormatTime
PR_FormatTimeUSEnglish
PR_Free
PR_FreeFileDesc
PR_FreeLibraryName
PR_GMTParameters
PR_GetConnectStatus
PR_GetCurrentThread
PR_GetDefaultIOMethods
PR_GetDescType
PR_GetEnv
PR_GetError
PR_GetErrorText
PR_GetErrorTextLength
PR_GetFileInfo
PR_GetFileInfo64
PR_GetFileMethods
PR_GetHostByAddr
PR_GetHostByName
PR_GetIPNodeByName
PR_GetIdentitiesLayer
PR_GetInheritedFD
PR_GetLayersIdentity
PR_GetLibraryFilePathname
PR_GetLibraryName
PR_GetLibraryPath
PR_GetMemMapAlignment
PR_GetMonitorEntryCount
PR_GetNameForIdentity
PR_GetOSError
PR_GetOpenFileInfo
PR_GetOpenFileInfo64
PR_GetPageShift
PR_GetPageSize
PR_GetPeerName
PR_GetPipeMethods
PR_GetProtoByName
PR_GetProtoByNumber
PR_GetSP
PR_GetSockName
PR_GetSocketOption
PR_GetSpecialFD
PR_GetTCPMethods
PR_GetThreadAffinityMask
PR_GetThreadID
PR_GetThreadPriority
PR_GetThreadPrivate
PR_GetThreadScope
PR_GetThreadState
PR_GetThreadType
PR_GetUDPMethods
PR_GetUniqueIdentity
PR_ImplodeTime
PR_ImportFile
PR_ImportPipe
PR_ImportTCPSocket
PR_ImportUDPSocket
PR_Init
PR_Initialize
PR_InitializeNetAddr
PR_Initialized
PR_Interrupt
PR_IntervalNow
PR_IntervalToMicroseconds
PR_IntervalToMilliseconds
PR_IntervalToSeconds
PR_IsNetAddrType
PR_JoinThread
PR_KillProcess
PR_Listen
PR_LoadLibrary
PR_LoadLibraryWithFlags
PR_LoadStaticLibrary
PR_LocalTimeParameters
PR_Lock
PR_LockFile
PR_LogFlush
PR_LogPrint
PR_MakeDir
PR_Malloc
PR_MemMap
PR_MemUnmap
PR_MicrosecondsToInterval
PR_MillisecondsToInterval
PR_MkDir
PR_NTFast_Accept
PR_NTFast_AcceptRead
PR_NTFast_AcceptRead_WithTimeoutCallback
PR_NTFast_UpdateAcceptContext
PR_NT_CancelIo
PR_NetAddrToString
PR_NewCondVar
PR_NewLock
PR_NewLogModule
PR_NewMonitor
PR_NewNamedMonitor
PR_NewProcessAttr
PR_NewRWLock
PR_NewTCPSocket
PR_NewTCPSocketPair
PR_NewThreadPrivateIndex
PR_NewUDPSocket
PR_NormalizeTime
PR_Notify
PR_NotifyAll
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_Now
PR_Open
PR_OpenDir
PR_OpenFile
PR_OpenTCPSocket
PR_OpenUDPSocket
PR_ParseTimeString
PR_Poll
PR_PopIOLayer
PR_ProcessAttrSetCurrentDirectory
PR_ProcessAttrSetInheritableFD
PR_ProcessAttrSetStdioRedirect
PR_ProcessExit
PR_PushIOLayer
PR_RWLock_Rlock
PR_RWLock_Unlock
PR_RWLock_Wlock
PR_Read
PR_ReadDir
PR_Realloc
PR_Recv
PR_RecvFrom
PR_Rename
PR_ResetProcessAttr
PR_ResumeAll
PR_RmDir
PR_SecondsToInterval
PR_Seek
PR_Seek64
PR_Select
PR_Send
PR_SendFile
PR_SendTo
PR_SetCPUAffinityMask
PR_SetConcurrency
PR_SetEnv
PR_SetError
PR_SetErrorText
PR_SetFDCacheSize
PR_SetFDInheritable
PR_SetLibraryPath
PR_SetLogBuffering
PR_SetLogFile
PR_SetNetAddr
PR_SetSocketOption
PR_SetStdioRedirect
PR_SetThreadAffinityMask
PR_SetThreadGCAble
PR_SetThreadPriority
PR_SetThreadPrivate
PR_SetThreadRecycleMode
PR_Shutdown
PR_Sleep
PR_Socket
PR_StackPop
PR_StackPush
PR_Stat
PR_StringToNetAddr
PR_SuspendAll
PR_Sync
PR_TLockFile
PR_TestAndEnterMonitor
PR_TestAndLock
PR_TicksPerSecond
PR_TransmitFile
PR_USPacificTimeParameters
PR_UnblockClockInterrupts
PR_UnblockInterrupt
PR_UnloadLibrary
PR_Unlock
PR_UnlockFile
PR_VersionCheck
PR_Wait
PR_WaitCondVar
PR_WaitProcess
PR_WaitRecvReady
PR_Write
PR_Writev
PR_Yield
PR_cnvtf
PR_dtoa
PR_htonl
PR_htonll
PR_htons
PR_ntohl
PR_ntohll
PR_ntohs
PR_smprintf
PR_smprintf_free
PR_snprintf
PR_sprintf_append
PR_sscanf
PR_strtod
PR_sxprintf
PR_vsmprintf
PR_vsnprintf
PR_vsprintf_append
PR_vsxprintf
PT_FPrintStats
SetExecutionEnvironment
_PR_AddSleepQ
_PR_CreateThread
_PR_DelSleepQ
_PR_GetPrimordialCPU
_PR_NativeCreateThread
_pr_push_ipv6toipv4_layer
Sections
.text Size: 548KB - Virtual size: 547KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 116KB - Virtual size: 112KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 25B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 29KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ