kwhcommonpop
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
c11872366fafc396c835c45820ba3b60_NeikiAnalytics.exe
Resource
win7-20240215-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
c11872366fafc396c835c45820ba3b60_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
c11872366fafc396c835c45820ba3b60_NeikiAnalytics
-
Size
1.5MB
-
MD5
c11872366fafc396c835c45820ba3b60
-
SHA1
c071f75fa5a884df4b07d0a0bffe8d0e65bf1719
-
SHA256
6f495af6ae39f81d9c6bfafda25aee7cbc53808fadc3b6b214dc0e053dfa3b5c
-
SHA512
8d6f75647c9e6d6416cdbc6235ec0fedf75acd55d8859aba51062a4185d14217d6efa8e11460a45e20a193da80ed8d31f77a0f413c70c024176939f0dcda4d5a
-
SSDEEP
24576:L+CeL1SWGuq9AOOdcYPfM/ZyJlANX2rpSIDwIBqi55cQXaVzL0cJEv3z:L+CeZSx9A1dcYPcyJCpmlBqEZi/NEvj
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource c11872366fafc396c835c45820ba3b60_NeikiAnalytics
Files
-
c11872366fafc396c835c45820ba3b60_NeikiAnalytics.exe windows:4 windows x86 arch:x86
f6902553f7bcd9f8a5b6f707f507f33f
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
kernel32
IsBadWritePtr
CreateProcessW
GetExitCodeProcess
HeapAlloc
GetProcessHeap
HeapFree
GetFileSizeEx
FileTimeToSystemTime
FindNextFileW
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
OpenMutexW
VerSetConditionMask
VerifyVersionInfoW
TerminateProcess
OpenFileMappingW
WaitNamedPipeW
MapViewOfFile
UnmapViewOfFile
LocalFree
CreateDirectoryW
RemoveDirectoryW
OutputDebugStringA
GetFileTime
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
Module32FirstW
GetLogicalDriveStringsW
TerminateThread
CreateThread
LocalFileTimeToFileTime
SetFilePointer
GetCurrentDirectoryW
GetExitCodeThread
GetSystemTimeAsFileTime
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
GetStartupInfoW
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetVersionExA
HeapSize
HeapReAlloc
HeapDestroy
CreateEventW
GetFileAttributesW
DeleteFileW
InitializeCriticalSection
FreeResource
CreateFileW
GetFileSize
ReadFile
CloseHandle
WritePrivateProfileStringW
GetModuleFileNameW
FindResourceW
GetTickCount
SizeofResource
CopyFileW
LockResource
MoveFileExW
LoadResource
FindFirstFileW
FindResourceExW
FindClose
DeleteCriticalSection
EnterCriticalSection
GetLocalTime
LeaveCriticalSection
GetCurrentThreadId
GetLastError
WideCharToMultiByte
RaiseException
lstrlenA
GetModuleHandleW
SetLastError
GetVersionExW
InterlockedCompareExchange
GetWindowsDirectoryW
OutputDebugStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCurrentProcess
LoadLibraryW
FlushInstructionCache
GetProcAddress
FreeLibrary
lstrlenW
MultiByteToWideChar
InterlockedExchange
GetTempPathW
QueryDosDeviceW
SystemTimeToFileTime
MulDiv
lstrcmpW
WriteFile
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
VirtualFreeEx
OpenEventW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
ProcessIdToSessionId
ReleaseMutex
GlobalFree
GetCurrentProcessId
GetCommandLineW
GlobalAlloc
GlobalLock
GlobalUnlock
LoadLibraryExW
Sleep
ExitProcess
CreateMutexW
InterlockedDecrement
InterlockedIncrement
ResetEvent
SetEvent
WaitForMultipleObjects
WaitForSingleObject
UnhandledExceptionFilter
lstrcmpiW
user32
SetCursor
GetWindowLongW
CreateWindowExW
GetCursorPos
UnregisterClassA
GetShellWindow
WindowFromPoint
wsprintfW
RedrawWindow
FillRect
CreateAcceleratorTableW
InvalidateRgn
DestroyAcceleratorTable
GetSysColor
EnumDisplaySettingsW
EnumDisplayDevicesW
PeekMessageW
GetClassNameW
FindWindowExW
LoadBitmapW
CharNextW
SetActiveWindow
AttachThreadInput
GetForegroundWindow
SetWindowTextW
EnableWindow
IsWindowEnabled
GetActiveWindow
SetTimer
DrawIconEx
SetRect
EqualRect
ScreenToClient
ShowWindow
MoveWindow
GetNextDlgTabItem
OffsetRect
FindWindowW
SetWindowPos
RegisterClassExW
DefWindowProcW
InvalidateRect
PostMessageW
GetClassInfoExW
UpdateLayeredWindow
ClientToScreen
RegisterWindowMessageW
EndPaint
IsWindowVisible
DestroyWindow
BeginPaint
GetDlgItem
GetSystemMetrics
LoadCursorW
GetClientRect
DrawFrameControl
MapWindowPoints
DispatchMessageW
GetDC
SetFocus
SystemParametersInfoW
LoadImageW
TranslateMessage
KillTimer
CopyRect
DrawTextW
GetWindow
GetDlgCtrlID
IsDialogMessageW
ReleaseDC
IntersectRect
LoadIconW
SendMessageW
SetRectEmpty
ReleaseCapture
GetParent
DestroyIcon
GetDesktopWindow
IsChild
SetCapture
InflateRect
PtInRect
GetWindowRect
GetFocus
GetMonitorInfoW
SetWindowLongW
CallWindowProcW
GetMessageW
MonitorFromWindow
IsWindow
SendMessageTimeoutW
GetWindowThreadProcessId
SetForegroundWindow
GetWindowTextW
PostThreadMessageW
GetWindowTextLengthW
gdi32
CreateRectRgn
GetClipRgn
CombineRgn
ExtTextOutW
SelectClipRgn
SetBkColor
CreateCompatibleDC
MoveToEx
SetViewportOrgEx
SaveDC
SetTextColor
Rectangle
OffsetRgn
RestoreDC
ExtSelectClipRgn
RoundRect
SelectObject
GetViewportOrgEx
RectInRegion
BitBlt
CreatePen
TextOutW
GetCurrentObject
CreateFontIndirectW
CreateDIBSection
DeleteDC
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
GetObjectW
GetTextColor
SetBkMode
CreateRoundRectRgn
DeleteObject
LineTo
CreateBitmap
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
CreateSolidBrush
CreateRectRgnIndirect
advapi32
CreateProcessAsUserW
ChangeServiceConfigW
QueryServiceConfigW
DuplicateTokenEx
GetTokenInformation
QueryServiceStatusEx
OpenServiceW
InitializeSecurityDescriptor
OpenSCManagerW
SetSecurityDescriptorDacl
CloseServiceHandle
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
OpenProcessToken
RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegDeleteValueW
RegSetValueExW
RegOpenKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
shell32
SHQueryRecycleBinW
SHGetPathFromIDListW
CommandLineToArgvW
SHGetFolderPathW
SHFileOperationW
SHCreateDirectoryExW
SHBindToParent
ShellExecuteW
SHGetSpecialFolderPathW
ole32
CLSIDFromProgID
OleUninitialize
OleInitialize
StringFromGUID2
CLSIDFromString
OleLockRunning
CoGetClassObject
CreateStreamOnHGlobal
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoTaskMemAlloc
CoUninitialize
CoCreateInstance
CoCreateGuid
oleaut32
LoadTypeLi
OleCreateFontIndirect
VariantInit
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysStringByteLen
DispCallFunc
SysAllocString
VarUI4FromStr
SysStringLen
SysFreeString
msvcp80
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?str@?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAK@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?allocate@?$allocator@_W@std@@QAEPA_WI@Z
?deallocate@?$allocator@_W@std@@QAEXPA_WI@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPB_WHH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
shlwapi
PathRemoveFileSpecW
PathFileExistsW
StrToIntW
StrToIntA
PathAppendW
PathFindFileNameW
StrRetToBufW
SHEnumKeyExW
SHGetValueW
PathFindExtensionW
PathAddBackslashW
comctl32
InitCommonControlsEx
ord410
ord412
ord413
_TrackMouseEvent
msimg32
AlphaBlend
gdiplus
GdipGetFontCollectionFamilyList
GdipCreateFromHDC
GdipDeletePath
GdipAddPathArcI
GdipGetFontSize
GdipDeletePrivateFontCollection
GdipCloneBrush
GdipDisposeImage
GdipDrawRectangleI
GdipAddPathStringI
GdipNewPrivateFontCollection
GdipFree
GdipDrawPath
GdipGetImageWidth
GdipCreateFont
GdipAddPathPieI
GdipGetImageHeight
GdipMeasureString
GdipGetFamily
GdipSetPenMode
GdipDrawImageI
GdipRotateWorldTransform
GdipSetCompositingQuality
GdipDeleteGraphics
GdiplusShutdown
GdipClosePathFigure
GdipResetWorldTransform
GdipCreatePen1
GdipDeleteFontFamily
GdipTranslateWorldTransform
GdipCreateSolidFill
GdipDeleteStringFormat
GdipSetPenStartCap
GdiplusStartup
GdipAddPathRectangleI
GdipFillRectangleI
GdipSetStringFormatFlags
GdipCreateImageAttributes
GdipDeletePen
GdipSetStringFormatAlign
GdipDisposeImageAttributes
GdipFillRectangle
GdipSetStringFormatLineAlign
GdipSetSmoothingMode
GdipCreateBitmapFromScan0
GdipDrawLinesI
GdipSetStringFormatTrimming
GdipSetClipPath
GdipGetImageGraphicsContext
GdipSetPenEndCap
GdipCreatePath
GdipGetFontCollectionFamilyCount
GdipLoadImageFromFile
GdipDrawImageRectI
GdipDeleteBrush
GdipCreateFontFromLogfontW
GdipPrivateAddFontFile
GdipFillPath
GdipCreateStringFormat
GdipCloneFontFamily
GdipSetTextRenderingHint
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipSetInterpolationMode
GdipDrawLine
GdipGraphicsClear
GdipAlloc
GdipDeleteFont
GdipCreateHBITMAPFromBitmap
GdipDrawImagePointsRectI
GdipGetImagePixelFormat
GdipCloneBitmapArea
GdipImageRotateFlip
GdipLoadImageFromStream
GdipCreateBitmapFromStream
GdipDrawString
GdipDrawImageRectRectI
GdipSetPixelOffsetMode
GdipSetPenDashStyle
GdipCloneImage
msvcr80
_time64
_stat64
_gmtime64
__sys_nerr
strerror
getenv
memchr
_errno
fputs
fopen
fgets
strrchr
strncpy
strtoul
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strpbrk
sscanf
sprintf
_CxxThrowException
__CxxFrameHandler3
wcsftime
sprintf_s
_ismbcspace
_mbsinc
_vsnprintf_s
fputc
_stricmp
fprintf
_strtoui64
_strtoi64
_mktime64
_localtime64_s
wcstod
_wcstoi64
_wtol
_vsnwprintf_s
wcstoul
_wcsupr_s
_waccess_s
_vswprintf
ferror
fgetc
fseek
strchr
ftell
fopen_s
sscanf_s
fread
wcscpy
memmove
_itow_s
__iob_func
qsort
wcsncpy
memcmp
_mbsstr
strstr
wcspbrk
_time32
isspace
toupper
isxdigit
ispunct
isprint
isgraph
isdigit
iscntrl
__isascii
isalpha
isalnum
strncmp
islower
isupper
realloc
fwrite
_wfopen_s
strtol
wcscat_s
wcscat
_waccess
iswspace
_beginthreadex
wcsncpy_s
_snwprintf
log10
_vsnwprintf
_mbsicmp
_wcsnicmp
swscanf_s
_wtoi64
_wcslwr_s
_recalloc
strcmp
labs
??_V@YAXPAX@Z
_mbschr
memset
malloc
memcpy
_mbscmp
wcsstr
wcscpy_s
_wtoi
_wtof
wcsspn
wcscspn
wcschr
free
ceil
floor
vsprintf_s
_vscprintf
__RTDynamicCast
swprintf_s
abs
calloc
atoi
wcsrchr
_purecall
fclose
fflush
fwprintf
wcslen
rand
_wfopen
_strdup
srand
memmove_s
tolower
strlen
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
wcscmp
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
vswprintf_s
_vscwprintf
??2@YAPAXI@Z
memcpy_s
?what@exception@std@@UBEPBDXZ
_wcsicmp
??3@YAXPAX@Z
version
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA
GetFileVersionInfoSizeW
ws2_32
socket
connect
setsockopt
getpeername
WSASetLastError
htons
bind
ntohs
getsockname
send
WSAGetLastError
closesocket
WSAStartup
WSACleanup
freeaddrinfo
getaddrinfo
__WSAFDIsSet
select
ioctlsocket
getsockopt
recv
psapi
GetModuleFileNameExW
crypt32
CertNameToStrW
wtsapi32
WTSFreeMemory
WTSEnumerateSessionsW
userenv
UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock
LoadUserProfileW
Exports
Exports
??4_Init_locks@std@@QAEAAV01@ABV01@@Z
Sections
.text Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 316KB - Virtual size: 313KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 92KB - Virtual size: 92KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE