d42ce9fc62baa31af4154f4fd799ed00_NeikiAnalytics

Sharing

Copy URL

Twitter E-mail

General

Target

d42ce9fc62baa31af4154f4fd799ed00_NeikiAnalytics
Size

2.1MB
MD5

d42ce9fc62baa31af4154f4fd799ed00
SHA1

5428cf10d264d3cfe77ac321cdb69833e14777f6
SHA256

b0ad7d40833b651400c70a30abc01180b1417276504ba176d5eb4f21746e62f8
SHA512

029882656cde973d6c40bdb2f5aaa8a4f740ad97db75cdf2541b83490c22e0db32d831d9218c1562bfa172d38694936f7a75b36738dd65ef6105fad7da9119c9
SSDEEP

49152:MJ+OHF/Q07q6XQobV1izBWwtTD0D6fEMeI28fdO0lM:q+Olh7QY1izBW3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d42ce9fc62baa31af4154f4fd799ed00_NeikiAnalytics

Files

d42ce9fc62baa31af4154f4fd799ed00_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

dd09d44a63af942dcfd38ec38efcf441

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins\workspace\pc-2345softmgr-build\SoftMgr\main\bin\Win32\Release\pdb\2345SoftmgrDaemon.pdb

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSQueryUserToken
WTSRegisterSessionNotification

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

duilib

?SetInstance@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z
?SetResourceDll@CPaintManagerUI@DuiLib@@SAXPAUHINSTANCE__@@@Z

kernel32

SetLastError
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
InterlockedExchangeAdd
FormatMessageW
GetDiskFreeSpaceW
GetTempFileNameW
CopyFileW
GetCurrentDirectoryW
SetFileAttributesW
GetTempPathW
GetFullPathNameW
GetFileSizeEx
DeleteFileW
lstrlenW
GetFileTime
GetFileSize
SetEndOfFile
SetFileTime
ReadFile
LoadLibraryExW
TerminateProcess
MultiByteToWideChar
GetACP
InitializeCriticalSection
WideCharToMultiByte
GetEnvironmentVariableW
QueryDosDeviceW
ReleaseMutex
GetFileAttributesExW
GetExitCodeProcess
GetLongPathNameW
lstrcmpiW
FindResourceW
LoadResource
GetSystemInfo
LockResource
SearchPathW
OutputDebugStringW
GetFileAttributesW
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
RtlCaptureContext
ReleaseSemaphore
GetProcessId
SuspendThread
TerminateThread
CreateSemaphoreW
EncodePointer
ResumeThread
GetSystemDirectoryW
CreateProcessW
GetLogicalDriveStringsW
FindClose
DeviceIoControl
ExpandEnvironmentStringsW
FindNextFileW
FindFirstFileW
GetWindowsDirectoryW
GetProcessHeap
LocalFree
HeapAlloc
HeapFree
GetVersionExW
TlsFree
TlsSetValue
TlsGetValue
OutputDebugStringA
LockFile
GetFullPathNameA
UnlockFileEx
HeapValidate
LoadLibraryA
InterlockedPopEntrySList
HeapSize
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
FlushViewOfFile
CreateFileA
GetVersionExA
TlsAlloc
GetExitCodeThread
SetThreadPriority
CreateThread
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapCreate
IsWow64Process
Process32FirstW
AreFileApisANSI
Process32NextW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GlobalMemoryStatusEx
FlushFileBuffers
FormatMessageA
GetSystemTime
SystemTimeToFileTime
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MapViewOfFile
UnmapViewOfFile
OpenMutexW
OpenEventW
GetCurrentProcess
MulDiv
ReadProcessMemory
OpenProcess
WriteProcessMemory
CreateFileMappingW
FreeLibrary
WTSGetActiveConsoleSessionId
GetProcAddress
LoadLibraryW
FileTimeToSystemTime
GetLocalTime
GetCurrentThreadId
CreateFileW
SetFilePointer
WriteFile
VirtualQuery
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcessId
InterlockedDecrement
ResetEvent
SetEvent
WaitForMultipleObjects
GetTickCount
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
Sleep
CloseHandle
GetLastError
CreateEventW
WaitForSingleObject
CreateMutexW
CreateDirectoryW
GetPrivateProfileStringW
OpenThread
VirtualQueryEx
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
LockFileEx
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
HeapReAlloc
DeleteFileA

user32

GetMonitorInfoW
WindowFromPoint
GetShellWindow
MonitorFromWindow
IsWindow
SystemParametersInfoW
ReleaseDC
LoadMenuW
TrackPopupMenu
GetSubMenu
FindWindowExW
GetMenuDefaultItem
DestroyIcon
IsMenu
SetMenuDefaultItem
DestroyMenu
GetClassInfoExW
CallWindowProcW
SetWindowLongW
EnumDisplayDevicesW
UnregisterClassW
MoveWindow
EnumDisplayMonitors
GetDC
GetWindowLongW
ShowWindow
IsWindowVisible
PostQuitMessage
LoadCursorW
TranslateMessage
DispatchMessageW
GetLastInputInfo
GetCursorPos
RegisterClassExW
CreateWindowExW
DestroyWindow
SetForegroundWindow
CopyRect
GetMessageW
GetForegroundWindow
GetClassNameW
PostMessageW
GetSystemMetrics
SetWindowPos
RegisterWindowMessageW
SendMessageTimeoutW
EnumDisplaySettingsW
GetParent
DefWindowProcW
GetWindowThreadProcessId
SetTimer
GetWindow
FindWindowW
LoadIconW
SendMessageW
KillTimer
GetWindowRect
GetDesktopWindow
GetActiveWindow

gdi32

GetStockObject
GetDeviceCaps

advapi32

RegCreateKeyExW
ImpersonateSelf
SetTokenInformation
OpenProcessToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
ControlService
StartServiceW
OpenServiceW
RegNotifyChangeKeyValue
RegOpenKeyExW
RevertToSelf

shell32

SHGetFolderPathW
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHAppBarMessage

ole32

CoCreateInstance
CoInitialize
CoInitializeEx
CoInitializeSecurity
CoUninitialize
OleInitialize
OleUninitialize

oleaut32

VariantInit
SysAllocString
VariantClear
SysFreeString

msvcp140

??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_alloc@std@@YAXXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
_Cnd_broadcast
_Xtime_get_ticks
_Thrd_sleep
_Cnd_register_at_thread_exit
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Syserror_map@std@@YAPBDH@Z
?_XGetLastError@std@@YAXXZ
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Throw_future_error@std@@YAXABVerror_code@1@@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCreate@@YAXPAX@Z
_Cnd_unregister_at_thread_exit
??0task_continuation_context@Concurrency@@AAE@XZ
?_CallInContext@_ContextCallback@details@Concurrency@@QBEXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AAEXXZ
?_Capture@_ContextCallback@details@Concurrency@@AAEXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AAEXXZ
?_Release_chore@details@Concurrency@@YAXPAU_Threadpool_chore@12@@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QAEX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QAEXXZ
?_Schedule_chore@details@Concurrency@@YAHPAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
_Thrd_join
_Cnd_init
_Mtx_destroy
_Thrd_id
_Thrd_start
_Cnd_wait
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_signal
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
_Cnd_destroy_in_situ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Cnd_init_in_situ
?_Xlength_error@std@@YAXPBD@Z
_Mtx_init

comctl32

InitCommonControlsEx

gdiplus

GdiplusStartup
GdiplusShutdown

shlwapi

PathFileExistsW
PathRemoveFileSpecW

2345miniui

?Instance@RCMiniUIAppModule@RC@@SAAAV12@XZ
?ReflectNotifications@?$CWindowImplRoot@VRCMiniAtlWindow@@@ATL@@QAEJIIJAAH@Z
?GetInitParam@RCMiniUIDialogView@RC@@QAEXAAVRCMiniUIDialogInitParam@2@@Z
?SetInitParam@RCMiniUIDialogView@RC@@QAEXABVRCMiniUIDialogInitParam@2@@Z
?OnDialogTimer@RCMiniUIDialogView@RC@@UAE_NIPAX@Z
?OnMouseMoveInDialog@RCMiniUIDialogView@RC@@UAEXABVCPoint@WTL@@I@Z
?GetToolTip@RCMiniUIDialogView@RC@@UAEAAV?$CToolTipCtrlT@VCWindow@ATL@@@WTL@@XZ
?GetRootView@RCMiniUIDialogView@RC@@UAEPAVRCMiniUIView@2@XZ
??1RCMiniUIDialogInitParam@RC@@QAE@XZ
??0RCMiniUIDialogInitParam@RC@@QAE@XZ
?WindowDefKeyPressed@RCMiniUIDialog@RC@@EAE_NIII@Z
?GetHWND@RCMiniUIDialog@RC@@UAEPAUHWND__@@XZ
??1RCMiniUIDialog@RC@@UAE@XZ
??0RCMiniUIDialog@RC@@QAE@I@Z
?EndDialog@?$CDialogImpl@VRCMiniUIDialog@RC@@VRCMiniAtlWindow@@@ATL@@QAEHH@Z
?GetDialogProc@?$CDialogImplBaseT@VRCMiniAtlWindow@@@ATL@@UAEP6GHPAUHWND__@@IIJ@ZXZ
?OnFinalMessage@?$CDialogImplBaseT@VRCMiniAtlWindow@@@ATL@@UAEXPAUHWND__@@@Z
?ProcessWindowMessage@RCMiniUIDialog@RC@@UAEHPAUHWND__@@IIJAAJK@Z
?OnDialogSkinChanged@RCMiniUIDialogView@RC@@UAEXXZ
?OnAnimateHideEnded@RCMiniUIDialogView@RC@@UAEXXZ
?OnAnimateShowEnded@RCMiniUIDialogView@RC@@UAEXXZ
?OnMouseLeaveDialog@RCMiniUIDialogView@RC@@UAEXXZ
?OnMouseEnterDialog@RCMiniUIDialogView@RC@@UAEXXZ
?OnDropFiles@RCMiniUIDialogView@RC@@UAEXABV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?OnFirstLayouted@RCMiniUIDialogView@RC@@UAEXXZ
?OnEnter@RCMiniUIDialogView@RC@@UAEXXZ
?OnEsc@RCMiniUIDialogView@RC@@UAEXXZ
?WindowDefKeyPressed@RCMiniUIDialogView@RC@@UAE_NIII@Z
?OnIdle@RCMiniUIFrameWindow@RC@@UAEHXZ
?PreTranslateMessage@RCMiniUIFrameWindow@RC@@UAEHPAUtagMSG@@@Z
?GetHWND@RCMiniUIFrameWindow@RC@@UAEPAUHWND__@@XZ
??1RCMiniUIFrameWindow@RC@@UAE@XZ
??0RCMiniUIFrameWindow@RC@@QAE@I@Z
?PostMessageW@RCMiniAtlWindow@@QAEHIIJ@Z
?GetWindowProc@?$CWindowImplBaseT@VRCMiniAtlWindow@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@UAEP6GJPAUHWND__@@IIJ@ZXZ
?OnFinalMessage@?$CWindowImplBaseT@VRCMiniAtlWindow@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@UAEXPAUHWND__@@@Z
?ProcessWindowMessage@RCMiniUIFrameWindow@RC@@UAEHPAUHWND__@@IIJAAJK@Z
?BeforeWindowDestroy@RCMiniUIDialogView@RC@@UAEXXZ
?DoModal@RCMiniUIDialog@RC@@QAEHPAUHWND__@@J@Z
?Create@RCMiniUISimpleWindow@RC@@QAEPAUHWND__@@PAU3@KK@Z
?RunFrameWindow@RCMiniUIFrameWindow@RC@@QAEXH@Z
?CenterWindow@RCMiniAtlWindow@@QAEHPAUHWND__@@@Z
?GetGlobalSkinPool@RCMiniUIManner@RC@@SAPAVRCMiniUISkinPoolInterface@2@XZ
?GetGlobalStylePool@RCMiniUIManner@RC@@SAPAVRCMiniUIStylePoolInterface@2@XZ
?SetProcessDPIAware@RCMiniUIAppModule@RC@@QAEX_NNII@Z
?SetRenderFactory@RCMiniUIAppModule@RC@@QAE_NPAVRCMiniUIRenderFactory@2@@Z
?Term@RCMiniUIAppModule@RC@@QAEXXZ
?Init@RCMiniUIAppModule@RC@@QAEXPAUHINSTANCE__@@@Z
??0RCMiniUIRenderFactorySkia@RC@@QAE@XZ
?GetGolobalStringPool@RCMiniUIResourceManager@RC@@SAPAVRCMiniUIStringPoolInterface@2@XZ
?GetGolobalFontPool@RCMiniUIResourceManager@RC@@SAPAVRCMiniUIFontPoolInterface@2@XZ
?CreateBitmap@RCMiniUIRenderFactorySkia@RC@@UAEPAVRCMiniUIBitmap@2@XZ
?CreateCanvas@RCMiniUIRenderFactorySkia@RC@@UAEPAVRCMiniUICanvas@2@HH_N@Z
?Initialize@RCMiniUIRenderFactorySkia@RC@@UAE_NXZ
??1RCMiniUIRenderFactorySkia@RC@@UAE@XZ

vcruntime140

memchr
_except_handler4_common
memset
strrchr
__CxxFrameHandler3
__std_terminate
__std_exception_destroy
__std_exception_copy
_purecall
wcsrchr
_CxxThrowException
memcpy
memmove
__RTDynamicCast
__RTtypeid
__std_type_info_name
strstr
wcschr
wcsstr
_set_purecall_handler

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_register_onexit_function
terminate
_invalid_parameter_noinfo
_errno
_beginthreadex
_endthreadex
_crt_atexit
_set_invalid_parameter_handler
_cexit
_seh_filter_exe
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_controlfp_s
_get_wide_winmain_command_line
_register_thread_local_exe_atexit_callback
_c_exit
_initterm
_exit
exit
_initterm_e

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_msize
_recalloc
_set_new_mode
free
calloc
_callnewh

api-ms-win-crt-time-l1-1-0

_localtime64_s
_mktime64
_time64
_localtime64

api-ms-win-crt-convert-l1-1-0

_itow_s
_wtoi
strtoull
wcstoul
atoi

api-ms-win-crt-string-l1-1-0

_wcsnicmp
strncmp
wcsncpy_s
towupper
towlower
tolower
wcsncpy
_wcsicmp
wcscpy_s
_stricmp
strcspn

api-ms-win-crt-filesystem-l1-1-0

_splitpath_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s
__stdio_common_vsprintf_s
__p__commode
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
_set_fmode
__stdio_common_vswscanf
__stdio_common_vswprintf

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-math-l1-1-0

_except1
modf
_dtest
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Exports

Exports

CheckSignerInfo

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd09d44a63af942dcfd38ec38efcf441

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wtsapi32

userenv

duilib

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

comctl32

gdiplus

shlwapi

2345miniui

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 304KB - Virtual size: 303KB

.data Size: 26KB - Virtual size: 30KB

.rsrc Size: 85KB - Virtual size: 84KB

.reloc Size: 75KB - Virtual size: 74KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 304KB - Virtual size: 303KB

.data
Size: 26KB - Virtual size: 30KB

.rsrc
Size: 85KB - Virtual size: 84KB

.reloc
Size: 75KB - Virtual size: 74KB