4179e5710dd000118290fedce73a9fa3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4179e5710dd000118290fedce73a9fa3_JaffaCakes118
Size

278KB
MD5

4179e5710dd000118290fedce73a9fa3
SHA1

3dc84786b3019e2dcc3ca0e3033b4474a2a93bc1
SHA256

289f283bb8e8d306c8be630652c88e2346d85e9e644f3e2ea55dc7080f77e5b6
SHA512

b642f0928e5dc9e85a5d6c5f4ba71f3c2afee49730848304195983cb796170da6a67076d87d1f73bf21bc313621f675e90806022efddccb1c242357953dade7f
SSDEEP

6144:8lxfah2XpwgEhHwcWQ0AF5z/DGnh84yegH9xoTh1ulNlqKioyHwSOItTOt4Wej09:8ihuegERlWQ0KzrqEegH9yTrulYoyQSo

Score

1^/10

Malware Config

Signatures

Files

4179e5710dd000118290fedce73a9fa3_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2852f13ba34d841aa78a9355221a6b8c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/02/2016, 00:00

Not After

15/10/2018, 23:59

Subject

CN=YY Inc.,OU=PM,O=YY Inc.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:8b:eb:6b:eb:de:57:80:74:98:10:d4:41:20:72:b9:cd:7e:9f:d3:09:04:12:5e:33:04:9c:0c:7f:35:63:4c
Signer

Actual PE Digest

61:8b:eb:6b:eb:de:57:80:74:98:10:d4:41:20:72:b9:cd:7e:9f:d3:09:04:12:5e:33:04:9c:0c:7f:35:63:4c

Digest Algorithm

sha256

PE Digest Matches

true

3d:3b:d2:65:f9:53:1b:4b:10:dc:cf:3b:86:0f:cc:12:be:53:67:8c
Signer

Actual PE Digest

3d:3b:d2:65:f9:53:1b:4b:10:dc:cf:3b:86:0f:cc:12:be:53:67:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DUOWAN_BUILD\build\Build_Src\dwinternal\huya-client_5.8rel_mb\bin\release\huyasdk.pdb

Imports

dwbase

??1has_slots@sigslot@@UAE@XZ
??0connection_holder@_connection_base@sigslot@@QAE@ABV012@@Z
??0_connection_base@sigslot@@QAE@ABV01@@Z
??1_connection_base@sigslot@@UAE@XZ
?getdest@_connection_base@sigslot@@QBEPAVhas_slots@2@XZ
?get_emitter@_connection_base@sigslot@@QBEPAXXZ
?get_receiver@has_slots@sigslot@@QAEABVslot_holder@12@XZ
??0has_slots@sigslot@@QAE@XZ
??Bconnection_holder@_connection_base@sigslot@@QBEPBV12@XZ
??0connection_holder@_connection_base@sigslot@@QAE@PBV12@@Z
??Cconnection_holder@_connection_base@sigslot@@QBEPBV12@XZ
??0_connection_base@sigslot@@QAE@ABVslot_holder@has_slots@1@PAX@Z
??1connection_holder@_connection_base@sigslot@@QAE@XZ

pthreadvc2

pthread_mutexattr_init
pthread_mutex_destroy
pthread_cond_destroy
pthread_cond_timedwait
pthread_cond_broadcast
pthread_mutexattr_settype
pthread_rwlock_destroy
pthread_rwlock_wrlock
pthread_rwlock_unlock
pthread_rwlock_rdlock
pthread_mutexattr_destroy
pthread_mutex_init
pthread_cond_init
pthread_mutex_lock
pthread_cond_signal
pthread_mutex_unlock
pthread_create
pthread_rwlock_init
pthread_join

winmm

timeKillEvent
timeSetEvent
timeGetTime

ws2_32

htonl
htons

clientcommon

?GetProcAddress@CDLLHelper@@QBEP6GHXZPBD@Z
?LoadDllEx@CDLLHelper@@QAE_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@I@Z
?getExePath@pubfunc@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@W4moduleType@1@@Z
?IsValidDll@CDLLHelper@@QBE_NXZ
??0CDLLHelper@@QAE@XZ
?toWideString@pubfunc@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PBDHI@Z
?getDwAppDataPath@pubfunc@@SA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ
??1DwByteArray@@QAE@XZ
?resize@DwByteArray@@QAEXH@Z
??0DwByteArray@@QAE@XZ
?append@DwByteArray@@QAEAAV1@PBDH@Z
??1CDLLHelper@@QAE@XZ

hymediatrans

createHYTransMod
getHYTransMod
releaseHYTransMod

hylinktrans

getHYLinkTransMod
releaseHYLinkTransMod
createHYLinkTransMod

audiochatmic

getAudioAcquisition
getAudioChatMic

kernel32

InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
LoadLibraryExW
OutputDebugStringA
WritePrivateProfileStringA
GetModuleFileNameW
InterlockedExchange
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
MoveFileW
DeleteFileW
WideCharToMultiByte
GetFileAttributesW
GetLocalTime
CreateEventW
CloseHandle
SetEvent
TerminateThread
WaitForSingleObject
GetCurrentThread
SetThreadPriority
Sleep
InitializeCriticalSection
LoadLibraryW
GetProcAddress
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetSystemTimeAsFileTime
FreeLibrary

shell32

SHCreateDirectoryExW

msvcp90

??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?max_size@?$allocator@D@std@@QBEIXZ
?allocate@?$allocator@D@std@@QAEPADI@Z
?deallocate@?$allocator@D@std@@QAEXPADI@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBEHXZ
?length@?$char_traits@D@std@@SAIPBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$allocator@D@std@@QAE@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@0ABV12@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z

msvcr90

_vsnwprintf
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
getenv
calloc
_vsnprintf_s
sscanf_s
strchr
memcpy_s
printf
sprintf_s
log10
fabs
srand
_time64
_snprintf
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
memcmp
fopen
wcsftime
fwrite
fflush
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
__CxxFrameHandler3
_purecall
_invalid_parameter_noinfo
??2@YAPAXI@Z
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
malloc
free
memcpy
memset
strlen
_vsnprintf
??_V@YAXPAX@Z
memmove_s
memmove
rand
atoi
strncpy
_beginthreadex
floor
_mktime64
sprintf
_localtime64_s
wcslen
fseek
_ftime64
_wfopen
fclose
fwprintf
ftell
_initterm

shlwapi

PathFindFileNameW

Exports

Exports

createMediaLibrary
createMediaLinkMicLibrary
releaseMediaLibrary
releaseMediaLinkMicLibrary

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2852f13ba34d841aa78a9355221a6b8c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2dCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

61:8b:eb:6b:eb:de:57:80:74:98:10:d4:41:20:72:b9:cd:7e:9f:d3:09:04:12:5e:33:04:9c:0c:7f:35:63:4cSigner

3d:3b:d2:65:f9:53:1b:4b:10:dc:cf:3b:86:0f:cc:12:be:53:67:8cSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dwbase

pthreadvc2

winmm

ws2_32

clientcommon

hymediatrans

hylinktrans

audiochatmic

kernel32

shell32

msvcp90

msvcr90

shlwapi

Exports

Exports

Sections

.text Size: 179KB - Virtual size: 179KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 22KB - Virtual size: 22KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

32:35:84:46:ec:93:65:e4:74:80:61:10:37:73:8c:2d
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

61:8b:eb:6b:eb:de:57:80:74:98:10:d4:41:20:72:b9:cd:7e:9f:d3:09:04:12:5e:33:04:9c:0c:7f:35:63:4c
Signer

3d:3b:d2:65:f9:53:1b:4b:10:dc:cf:3b:86:0f:cc:12:be:53:67:8c
Signer

.text
Size: 179KB - Virtual size: 179KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 22KB - Virtual size: 22KB