daxexec[.]dll | Triage

Sharing

Copy URL Twitter E-mail

General

Target

daxexec.dll
Size

497KB
MD5

99e5a01aea600c8f53e48dc2dcb0fb60
SHA1

3335123661439827b3b8b2d33a81e1dd6cab7930
SHA256

83ac1853fee6605ed69e95c286f22b90cacda4e1b8ffed16c17f4d838f65ed5f
SHA512

234979806ac555e7fe2315a91ffca308c4663a6ff54ec4b30760b9e33417420d606f4318412b53aed397d72600898627e3fe2ef21e293445fdb44d17ea110dd0
SSDEEP

12288:csWONh2P0uXUgANa94tosEp3Wkxwq65IDUkV:cwNhJuXUgAo94cWkxwq65IDL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
daxexec.dll

Files

daxexec.dll
.dll windows:10 windows x86 arch:x86

c84d31008ca6103aabf4620eadd53843

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

daxexec.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__ui64tow_s
_o__wcsicmp
_o__wcsnicmp
_o__wtoi
memmove
_o_calloc
_o_ceil
_o_free
_o_malloc
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcsncat_s
_o_wcsncpy_s
_except_handler4_common
_CxxThrowException
_o__invalid_parameter_noinfo_noreturn
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__execute_onexit_table
_o__errno
_o__crt_atexit
_o__configure_narrow_argv
_o__cexit
_o__callnewh
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
wcschr
__std_type_info_compare
__std_terminate
__CxxFrameHandler3
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsnlen
memset
wcsncmp

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleExW
DisableThreadLibraryCalls
GetProcAddress
GetModuleHandleW

api-ms-win-core-synch-l1-1-0

InitializeSRWLock
SetEvent
CreateSemaphoreExW
ReleaseSemaphore
CreateEventW
ResetEvent
WaitForSingleObject
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReleaseMutex
ReleaseSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
InitializeCriticalSectionAndSpinCount
CreateMutexExW
CreateEventExW
WaitForSingleObjectEx
AcquireSRWLockShared
AcquireSRWLockExclusive

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapDestroy
HeapSize
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetUnhandledExceptionFilter
GetLastError
SetLastError
UnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

ProcessIdToSessionId
SuspendThread
OpenThread
SetThreadToken
OpenThreadToken
GetCurrentThread
CreateProcessAsUserW
GetCurrentThreadId
OpenProcessToken
GetCurrentProcess
TlsSetValue
TlsAlloc
TlsGetValue
TerminateProcess
GetCurrentProcessId
TlsFree
GetProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

DuplicateHandle
CloseHandle

rpcrt4

IUnknown_QueryInterface_Proxy
NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
NdrStubCall2
IUnknown_AddRef_Proxy
RpcAsyncInitializeHandle
NdrCStdStubBuffer2_Release
CStdStubBuffer_Disconnect
NdrDllCanUnloadNow
CStdStubBuffer_DebugServerRelease
RpcBindingFromStringBindingW
NdrDllGetClassObject
NdrStubForwardingFunction
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_AddRef
NdrOleFree
RpcBindingFree
RpcAsyncCancelCall
RpcStringFreeW
RpcBindingSetAuthInfoExW
RpcAsyncCompleteCall
I_RpcExceptionFilter
RpcStringBindingComposeW
NdrAsyncClientCall

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventUnregister
EventProviderEnabled
EventWriteTransfer
EventRegister
EventSetInformation

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-2-0

InitOnceComplete
Sleep
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-com-midlproxystub-l1-1-0

NdrProxyForwardingFunction4
ObjectStublessClient6
CStdStubBuffer2_CountRefs
CStdStubBuffer2_Disconnect
NdrProxyForwardingFunction5
CStdStubBuffer2_Connect
NdrProxyForwardingFunction3
ObjectStublessClient3
CStdStubBuffer2_QueryInterface

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemDirectoryW
GetTickCount
GetSystemInfo

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-registry-l1-1-0

RegOpenCurrentUser
RegQueryInfoKeyW
RegGetValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteTreeW

ntdll

NtRenameKey
RtlUpcaseUnicodeChar
RtlRunOnceComplete
NtCreateKey
NtSetInformationKey
NtQueryInformationFile
NtDuplicateObject
NtQueryAttributesFile
NtDeleteValueKey
NtQueryDirectoryFileEx
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
NtSetSecurityObject
NtNotifyChangeKey
NtDeleteFile
NtFlushKey
NtCreateKeyTransacted
NtSetInformationFile
NtNotifyChangeMultipleKeys
NtOpenKeyEx
NtOpenKey
NtEnumerateValueKey
NtEnumerateKey
NtDeleteKey
NtQueryMultipleValueKey
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryKey
NtSetInformationJobObject
NtTerminateJobObject
NtMakeTemporaryObject
NtCreateJobObject
NtCreateMutant
NtQueryObject
NtOpenMutant
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlDosPathNameToNtPathName_U_WithStatus
EtwEventUnregister
EtwEventWrite
RtlCopySid
NtQuerySecurityObject
EtwEventRegister
NtOpenJobObject
NtQuerySecurityAttributesToken
RtlValidSid
RtlGetLastNtStatus
NtQueryInformationProcess
NtSetValueKey
RtlFindAceByType
RtlEqualSid
RtlLengthSid
RtlFreeHeap
RtlAllocateHeap
NtWaitForMultipleObjects
PssNtFreeSnapshot
PssNtCaptureSnapshot
NtOpenProcess
NtAlpcSendWaitReceivePort
NtAlpcConnectPort
RtlAllocateAndInitializeSid
NtQuerySystemInformation
NtClose
NtWaitForSingleObject
NtOpenEvent
EtwEventWriteNoRegistration
ZwUpdateWnfStateData
ZwQueryWnfStateNameInformation
NtOpenKeyTransacted
NtQueryValueKey
RtlDeriveCapabilitySidsFromName
NtOpenFile
NtCreateFile
RtlInitUnicodeString
NtQueryFullAttributesFile
RtlExpandEnvironmentStrings
RtlQueryEnvironmentVariable
RtlNtStatusToDosError
RtlWow64IsWowGuestMachineSupported
RtlFreeSid
RtlAdjustPrivilege
NtTerminateProcess
RtlCreateServiceSid
RtlRunOnceExecuteOnce
RtlRunOnceBeginInitialize
NtDuplicateToken
NtQueryInformationToken
NtQueryDirectoryFile
NtOpenKeyTransactedEx
RtlSleepConditionVariableSRW
RtlWakeAllConditionVariable
RtlAcquireSRWLockExclusive
RtlReleaseSRWLockExclusive
RtlQueryResourcePolicy
wcsstr

api-ms-win-security-base-private-l1-1-1

CreateAppContainerToken

api-ms-win-core-file-l1-1-0

SetFileInformationByHandle
GetVolumePathNameW
CreateDirectoryW
GetFileSizeEx
WriteFile
FindNextFileW
FindFirstFileExW
GetLongPathNameW
GetFinalPathNameByHandleW
GetFileAttributesW
FindFirstFileW
FlushFileBuffers
ReadFile
GetFileInformationByHandle
DeleteFileW
GetVolumeInformationW
FindClose
RemoveDirectoryW
SetFileAttributesW
CreateFileW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
SetThreadpoolTimer

fltlib

FilterInstanceClose
FilterSendMessage
FilterConnectCommunicationPort
FilterInstanceCreate
FilterAttach
FilterLoad

profapi

ord102
ord101

api-ms-win-core-path-l1-1-0

PathCchRemoveBackslash
PathAllocCombine
PathCchSkipRoot
PathIsUNCEx
PathAllocCanonicalize

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-security-sddl-l1-1-0

ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-shcore-taskpool-l1-1-0

SHTaskPoolQueueTask
SHTaskPoolGetUniqueContext

api-ms-win-core-console-l1-1-0

SetConsoleCtrlHandler

api-ms-win-core-console-l1-2-0

FreeConsole
AttachConsole

api-ms-win-core-console-l2-1-0

GenerateConsoleCtrlEvent

api-ms-win-security-capability-l1-1-0

CapabilityCheck

api-ms-win-core-shlwapi-legacy-l1-1-0

PathUnExpandEnvStringsW
PathIsRelativeW

api-ms-win-core-wow64-l1-1-0

Wow64RevertWow64FsRedirection
Wow64DisableWow64FsRedirection

api-ms-win-core-job-l2-1-0

AssignProcessToJobObject

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrIsIntlEqualW

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-windowserrorreporting-l1-1-0

GetApplicationRestartSettings

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
UnmapViewOfFile

api-ms-win-core-psm-key-l1-1-0

PsmGetApplicationNameFromKey
PsmGetPackageFullNameFromKey

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
ExpandEnvironmentStringsW
GetCurrentDirectoryA

api-ms-win-core-io-l1-1-0

DeviceIoControl

container

_WcIsContainerQuiescent@8
?GetContainerIdentifierString@container@@YG?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@PAX@Z
_WcGetComRegistryRoot@8
_WcCleanupContainer@8
_WcGetContainerIdentifier@8
?CreateContainer@container@@YGXPAXABUContainer@DefinitionFile@1@_N0@Z
_WcRegisterForContainerTerminationNotification@16
_WcReleaseContainerTerminationNotification@4

api-ms-win-appmodel-identity-l1-2-0

AppContainerDeriveSidFromMoniker

api-ms-win-appmodel-state-l1-2-0

GetPublisherRootFolder
GetStateFolder
OpenStateExplicit
GetSecureSystemAppDataFolder
CloseState
GetSystemAppDataFolder

api-ms-win-shell-shellfolders-l1-1-0

SHGetKnownFolderPath

msvcp_win

?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
?_Syserror_map@std@@YAPBDH@Z
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPADK@Z
_Make_dir
_File_size
_Remove_dir
_Unlink
_Stat
_Lstat
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Open_dir
_Read_dir
_Close_dir
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@I@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
_Thrd_sleep
_Thrd_yield
_Xtime_get_ticks
_Query_perf_frequency
_Query_perf_counter
?_Xlength_error@std@@YAXPBD@Z

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-file-l2-1-0

GetFileInformationByHandleEx

api-ms-win-security-lsalookup-l2-1-0

LookupPrivilegeValueW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

appxdeploymentclient

ord68

Exports

Exports

AddLookaside
AddProcessToHeliumContainer
CheckAppXPackageBreakaway
CheckApplicationInCurrentPackage
CloseAppExecutionAlias
CloseJitvSilo
CompleteAppExecutionAliasProcessCreation
CreateAppExecutionAlias
CreateDesktopAppXActivationInfo
CreateDesktopAppXLocalCacheStructure
CreateDesktopAppXTombstoneFile
CreateJitvSilo
CurrentThreadIsInVirtualizationContext
DetokenizeDesktopAppXOfflineRegistry
DisableDesktopAppXDebuggingForPackage
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
DoesPackageHaveElevationCapability
DoesPackageHaveUIAccessCapability
DoesPluginSupportCentennial
EnableDesktopAppXDebuggingForPackage
EnsureDesktopAppXPackageShutdown
EnterPackageVirtualizationContext
FreeAppExecutionAliasInfo
FreeAppExecutionAliasInfoWithLicenseRundown
FreeDesktopAppXActivationInfo
FreeDesktopAppXLaunchContext
GetAppExecutionAliasApplicationUserModelId
GetAppExecutionAliasExecutable
GetAppExecutionAliasPackageFamilyName
GetAppExecutionAliasPackageFullName
GetApplicationExecutableRelativePath
GetDesktopAppXComRootHandle
LeavePackageVirtualizationContext
LoadAppExecutionAliasInfo
MigrateWritablePackageRootData
OpenAppExecutionAlias
OpenAppExecutionAliasForUser
PerformAppxLicenseRundown
PersistAppExecutionAliasToFile
PostCreateProcessDesktopAppXActivation
PrepareDesktopAppXActivation
RegisterDesktopAppXPackageFamily
RegisterDesktopAppXPackageFamilyIfNecessary
RemoveDesktopAppXMetadataForFolder
RemoveLookaside
SetDesktopAppXMetadataForFolder
SetDesktopAppXMetadataForPackage
TryActivateDesktopAppXApplication
VerifyFileIsTrustedAndInPackage

Sections

.text
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c84d31008ca6103aabf4620eadd53843

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

rpcrt4

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

ntdll

api-ms-win-security-base-private-l1-1-1

api-ms-win-core-file-l1-1-0

api-ms-win-core-threadpool-l1-2-0

fltlib

profapi

api-ms-win-core-path-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-shcore-taskpool-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-console-l1-2-0

api-ms-win-core-console-l2-1-0

api-ms-win-security-capability-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-job-l2-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-psm-key-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-io-l1-1-0

container

api-ms-win-appmodel-identity-l1-2-0

api-ms-win-appmodel-state-l1-2-0

api-ms-win-shell-shellfolders-l1-1-0

msvcp_win

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-file-l2-1-0

api-ms-win-security-lsalookup-l2-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

appxdeploymentclient

Exports

Exports

Sections

.text Size: 440KB - Virtual size: 440KB

PAGE Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 3KB

.idata Size: 17KB - Virtual size: 17KB

.didat Size: 1024B - Virtual size: 600B

.detourc Size: 4KB - Virtual size: 4KB

.detourd Size: 512B - Virtual size: 12B

.text
Size: 440KB - Virtual size: 440KB

PAGE
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 3KB

.idata
Size: 17KB - Virtual size: 17KB

.didat
Size: 1024B - Virtual size: 600B

.detourc
Size: 4KB - Virtual size: 4KB

.detourd
Size: 512B - Virtual size: 12B

.rsrc
Size: 1024B - Virtual size: 984B

.reloc
Size: 22KB - Virtual size: 21KB