mari0-win[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

mari0-win.zip
Size

5.3MB
MD5

0e33703bb1e6f0decf01e613e4313f93
SHA1

0153a306426762ccf7bb540b02550b73f95ec71e
SHA256

8bb79293e59e4fbd16f770848d90c6958c4f37b945e2c18d3739bbe7520f33a3
SHA512

24ad844ccda7cd09a23eb1b42f3de9a8d29864d64c524bee43237e5d5062ce0447fe44db8dc005058fd8a8bb4903061deaceaf6add623b8fb2c7525f777c2bac
SSDEEP

98304:dNJELkGBNz6SD+dOk5iKrDkjkdyClgi77X8g3t4aeQR2XxsJyplbr2wwGcTV:NEwqNRi82Z6izlgi0oSyT4brnETV

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/DevIL.dll
unpack001/OpenAL32.dll
unpack001/SDL.dll
unpack001/mari0_1.6.exe

Files

mari0-win.zip
.zip
DevIL.dll
.dll windows:5 windows x86 arch:x86

79712d80908408072e04e6f25d5bb144

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTime
ExitProcess
lstrlenA
GetLastError
HeapFree
HeapAlloc
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
Sleep
GetProcAddress
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
MultiByteToWideChar
ReadFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FlushFileBuffers
LoadLibraryA
InitializeCriticalSectionAndSpinCount
CreateFileA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleHandleA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap

Exports

Exports

_iBindImageTemp@0
_iConvertImage@12
_iConvertPal@8
_iCopyPal@0
_iFlipBuffer@16
_iGetFlipped@4
_iGetIntegervImage@12
_iMemSwap@12
_iMirror@0
_ialloc@4
_icalloc@8
_ifree@4
_ilActiveFace@4
_ilActiveImage@4
_ilActiveLayer@4
_ilActiveMipmap@4
_ilApplyPal@4
_ilApplyProfile@8
_ilBindImage@4
_ilBlit@40
_ilClampNTSC@0
_ilClearColour@16
_ilClearImage@0
_ilClearImage_@4
_ilCloneCurImage@0
_ilCloseImage@4
_ilClosePal@4
_ilCompressDXT@24
_ilCompressFunc@4
_ilConvertBuffer@28
_ilConvertImage@8
_ilConvertPal@4
_ilCopyImage@4
_ilCopyImageAttr@8
_ilCopyImage_@4
_ilCopyPixels@36
_ilCreateSubImage@8
_ilDefaultImage@0
_ilDeleteImage@4
_ilDeleteImages@8
_ilDetermineType@4
_ilDetermineTypeF@4
_ilDetermineTypeL@8
_ilDisable@4
_ilDxtcDataToImage@0
_ilDxtcDataToSurface@0
_ilEnable@4
_ilFlipSurfaceDxtcData@0
_ilFormatFunc@4
_ilGenImage@0
_ilGenImages@8
_ilGetAlpha@4
_ilGetBoolean@4
_ilGetBooleanv@8
_ilGetBpcType@4
_ilGetBppFormat@4
_ilGetBppPal@4
_ilGetClear@12
_ilGetCurImage@0
_ilGetCurName@0
_ilGetDXTCData@12
_ilGetData@0
_ilGetError@0
_ilGetFormatBpp@4
_ilGetInteger@4
_ilGetIntegerv@8
_ilGetLumpPos@0
_ilGetPalBaseType@4
_ilGetPalette@0
_ilGetString@4
_ilGetTypeBpc@4
_ilHint@8
_ilImageToDxtcData@4
_ilInit@0
_ilInitImage@32
_ilInvertSurfaceDxtcDataAlpha@0
_ilIsDisabled@4
_ilIsEnabled@4
_ilIsImage@4
_ilIsValid@8
_ilIsValidF@8
_ilIsValidL@12
_ilIsValidPal@4
_ilKeyColour@16
_ilLoad@8
_ilLoadData@20
_ilLoadDataF@20
_ilLoadDataL@24
_ilLoadF@8
_ilLoadImage@4
_ilLoadL@12
_ilLoadPal@4
_ilModAlpha@8
_ilNVidiaCompressDXT@24
_ilNewImage@20
_ilNewImageFull@28
_ilNextPower2@4
_ilOriginFunc@4
_ilOverlayImage@16
_ilPopAttrib@0
_ilPushAttrib@4
_ilRegisterFormat@4
_ilRegisterLoad@8
_ilRegisterMipNum@4
_ilRegisterNumFaces@4
_ilRegisterNumImages@4
_ilRegisterOrigin@4
_ilRegisterPal@12
_ilRegisterSave@8
_ilRegisterType@4
_ilRemoveLoad@4
_ilRemoveSave@4
_ilReplaceCurImage@4
_ilResetMemory@0
_ilResetRead@0
_ilResetWrite@0
_ilResizeImage@24
_ilSave@8
_ilSaveData@4
_ilSaveF@8
_ilSaveImage@4
_ilSaveL@12
_ilSavePal@4
_ilSetAlpha@8
_ilSetCurImage@4
_ilSetData@4
_ilSetDuration@4
_ilSetError@4
_ilSetInteger@8
_ilSetMemory@8
_ilSetPal@4
_ilSetPixels@36
_ilSetRead@28
_ilSetString@8
_ilSetWrite@24
_ilShutDown@0
_ilSquishCompressDXT@24
_ilSurfaceToDxtcData@4
_ilTexImage@28
_ilTexImageDxtc@20
_ilTexImage_@32
_ilTexSubImage_@8
_ilTypeFromExt@4
_ilTypeFunc@4
devil_jpeg_read_init
devil_jpeg_write_init
jcopy_block_row
jcopy_sample_rows
jdiv_round_up
jinit_1pass_quantizer
jinit_2pass_quantizer
jinit_arith_decoder
jinit_arith_encoder
jinit_c_coef_controller
jinit_c_main_controller
jinit_c_master_control
jinit_c_prep_controller
jinit_color_converter
jinit_color_deconverter
jinit_compress_master
jinit_d_coef_controller
jinit_d_main_controller
jinit_d_post_controller
jinit_downsampler
jinit_forward_dct
jinit_huff_decoder
jinit_huff_encoder
jinit_input_controller
jinit_inverse_dct
jinit_marker_reader
jinit_marker_writer
jinit_master_decompress
jinit_memory_mgr
jinit_merged_upsampler
jinit_upsampler
jpeg_CreateCompress
jpeg_CreateDecompress
jpeg_abort
jpeg_abort_compress
jpeg_abort_decompress
jpeg_add_quant_table
jpeg_alloc_huff_table
jpeg_alloc_quant_table
jpeg_calc_jpeg_dimensions
jpeg_calc_output_dimensions
jpeg_consume_input
jpeg_core_output_dimensions
jpeg_default_colorspace
jpeg_default_qtables
jpeg_destroy
jpeg_destroy_compress
jpeg_destroy_decompress
jpeg_fdct_10x10
jpeg_fdct_10x5
jpeg_fdct_11x11
jpeg_fdct_12x12
jpeg_fdct_12x6
jpeg_fdct_13x13
jpeg_fdct_14x14
jpeg_fdct_14x7
jpeg_fdct_15x15
jpeg_fdct_16x16
jpeg_fdct_16x8
jpeg_fdct_1x1
jpeg_fdct_1x2
jpeg_fdct_2x1
jpeg_fdct_2x2
jpeg_fdct_2x4
jpeg_fdct_3x3
jpeg_fdct_3x6
jpeg_fdct_4x2
jpeg_fdct_4x4
jpeg_fdct_4x8
jpeg_fdct_5x10
jpeg_fdct_5x5
jpeg_fdct_6x12
jpeg_fdct_6x3
jpeg_fdct_6x6
jpeg_fdct_7x14
jpeg_fdct_7x7
jpeg_fdct_8x16
jpeg_fdct_8x4
jpeg_fdct_9x9
jpeg_fdct_float
jpeg_fdct_ifast
jpeg_fdct_islow
jpeg_finish_compress
jpeg_finish_decompress
jpeg_finish_output
jpeg_free_large
jpeg_free_small
jpeg_get_large
jpeg_get_small
jpeg_has_multiple_scans
jpeg_idct_10x10
jpeg_idct_10x5
jpeg_idct_11x11
jpeg_idct_12x12
jpeg_idct_12x6
jpeg_idct_13x13
jpeg_idct_14x14
jpeg_idct_14x7
jpeg_idct_15x15
jpeg_idct_16x16
jpeg_idct_16x8
jpeg_idct_1x1
jpeg_idct_1x2
jpeg_idct_2x1
jpeg_idct_2x2
jpeg_idct_2x4
jpeg_idct_3x3
jpeg_idct_3x6
jpeg_idct_4x2
jpeg_idct_4x4
jpeg_idct_4x8
jpeg_idct_5x10
jpeg_idct_5x5
jpeg_idct_6x12
jpeg_idct_6x3
jpeg_idct_6x6
jpeg_idct_7x14
jpeg_idct_7x7
jpeg_idct_8x16
jpeg_idct_8x4
jpeg_idct_9x9
jpeg_idct_float
jpeg_idct_ifast
jpeg_idct_islow
jpeg_input_complete
jpeg_mem_available
jpeg_mem_init
jpeg_mem_term
jpeg_new_colormap
jpeg_open_backing_store
jpeg_quality_scaling
jpeg_read_header
jpeg_read_raw_data
jpeg_read_scanlines
jpeg_resync_to_restart
jpeg_save_markers
jpeg_set_colorspace
jpeg_set_defaults
jpeg_set_linear_quality
jpeg_set_marker_processor
jpeg_set_quality
jpeg_simple_progression
jpeg_start_compress
jpeg_start_decompress
jpeg_start_output
jpeg_std_error
jpeg_suppress_tables
jpeg_write_m_byte
jpeg_write_m_header
jpeg_write_marker
jpeg_write_raw_data
jpeg_write_scanlines
jpeg_write_tables
jround_up
jzero_far

Sections

.text
Size: 600KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 730KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenAL32.dll
.dll windows:5 windows x86 arch:x86

79d32053ec04e0ccb92ade7cdcfef5f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutClose
waveInClose
waveOutWrite
waveInPrepareHeader
waveInOpen
waveInAddBuffer
waveInReset
waveInGetNumDevs
waveOutGetDevCapsA
waveOutUnprepareHeader
waveInUnprepareHeader
waveOutOpen
waveInGetDevCapsA
waveOutGetNumDevs
waveOutPrepareHeader
waveInStop
waveInStart
timeGetTime

kernel32

GetCurrentProcess
SetEndOfFile
HeapSize
ReadFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
SetStdHandle
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
IsBadWritePtr
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
TlsGetValue
GetCurrentThread
TlsSetValue
SetThreadPriority
DisableThreadLibraryCalls
TlsAlloc
TlsFree
WaitForSingleObject
ExitThread
GetExitCodeThread
CloseHandle
CreateThread
Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
SetEvent
WaitForSingleObjectEx
CreateEventA
GetLastError
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetModuleHandleA
HeapFree
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
HeapReAlloc
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetModuleHandleW
ExitProcess
LoadLibraryW
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetLastError
WriteFile
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount

user32

GetMessageA
PostThreadMessageA
GetForegroundWindow

shell32

SHGetSpecialFolderPathA

Exports

Exports

alAuxiliaryEffectSlotf
alAuxiliaryEffectSlotfv
alAuxiliaryEffectSloti
alAuxiliaryEffectSlotiv
alBuffer3f
alBuffer3i
alBufferData
alBufferSubDataSOFT
alBufferf
alBufferfv
alBufferi
alBufferiv
alDatabufferDataEXT
alDatabufferSubDataEXT
alDatabufferfEXT
alDatabufferfvEXT
alDatabufferiEXT
alDatabufferivEXT
alDeleteAuxiliaryEffectSlots
alDeleteBuffers
alDeleteDatabuffersEXT
alDeleteEffects
alDeleteFilters
alDeleteSources
alDisable
alDistanceModel
alDopplerFactor
alDopplerVelocity
alEffectf
alEffectfv
alEffecti
alEffectiv
alEnable
alFilterf
alFilterfv
alFilteri
alFilteriv
alGenAuxiliaryEffectSlots
alGenBuffers
alGenDatabuffersEXT
alGenEffects
alGenFilters
alGenSources
alGetAuxiliaryEffectSlotf
alGetAuxiliaryEffectSlotfv
alGetAuxiliaryEffectSloti
alGetAuxiliaryEffectSlotiv
alGetBoolean
alGetBooleanv
alGetBuffer3f
alGetBuffer3i
alGetBufferf
alGetBufferfv
alGetBufferi
alGetBufferiv
alGetDatabufferSubDataEXT
alGetDatabufferfEXT
alGetDatabufferfvEXT
alGetDatabufferiEXT
alGetDatabufferivEXT
alGetDouble
alGetDoublev
alGetEffectf
alGetEffectfv
alGetEffecti
alGetEffectiv
alGetEnumValue
alGetError
alGetFilterf
alGetFilterfv
alGetFilteri
alGetFilteriv
alGetFloat
alGetFloatv
alGetInteger
alGetIntegerv
alGetListener3f
alGetListener3i
alGetListenerf
alGetListenerfv
alGetListeneri
alGetListeneriv
alGetProcAddress
alGetSource3f
alGetSource3i
alGetSourcef
alGetSourcefv
alGetSourcei
alGetSourceiv
alGetString
alIsAuxiliaryEffectSlot
alIsBuffer
alIsDatabufferEXT
alIsEffect
alIsEnabled
alIsExtensionPresent
alIsFilter
alIsSource
alListener3f
alListener3i
alListenerf
alListenerfv
alListeneri
alListeneriv
alMapDatabufferEXT
alSelectDatabufferEXT
alSource3f
alSource3i
alSourcePause
alSourcePausev
alSourcePlay
alSourcePlayv
alSourceQueueBuffers
alSourceRewind
alSourceRewindv
alSourceStop
alSourceStopv
alSourceUnqueueBuffers
alSourcef
alSourcefv
alSourcei
alSourceiv
alSpeedOfSound
alUnmapDatabufferEXT
alcCaptureCloseDevice
alcCaptureOpenDevice
alcCaptureSamples
alcCaptureStart
alcCaptureStop
alcCloseDevice
alcCreateContext
alcDestroyContext
alcGetContextsDevice
alcGetCurrentContext
alcGetEnumValue
alcGetError
alcGetIntegerv
alcGetProcAddress
alcGetString
alcGetThreadContext
alcIsExtensionPresent
alcMakeContextCurrent
alcOpenDevice
alcProcessContext
alcSetThreadContext
alcSuspendContext

Sections

.text
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDL.dll
.dll windows:5 windows x86 arch:x86

9e626d7bc733e30e54d69771d5465472

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeBeginPeriod
timeGetTime
timeKillEvent
timeEndPeriod
timeSetEvent
mciSendCommandA
mciGetErrorStringA
waveOutClose
waveOutWrite
waveOutUnprepareHeader
waveOutOpen
waveOutPrepareHeader
waveOutGetErrorTextA
joyGetPosEx
joyGetDevCapsA
joyGetNumDevs

kernel32

GetLocaleInfoA
GetACP
MultiByteToWideChar
GetModuleHandleA
WideCharToMultiByte
QueryPerformanceCounter
Sleep
GetEnvironmentVariableA
SetEnvironmentVariableA
CreateFileA
SetFilePointer
SetErrorMode
WriteFile
ReadFile
CreateFileW
CreateMutexA
ReleaseMutex
InterlockedIncrement
InterlockedDecrement
TerminateThread
GetCurrentThreadId
CreateThread
FormatMessageA
GetLastError
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
CreateEventA
LCMapStringW
LCMapStringA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleW
DeleteCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCommandLineA
ExitThread
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetStringTypeA
HeapFree
SetConsoleCtrlHandler
GetDriveTypeA
ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
CloseHandle
GetVersionExA
LoadLibraryA
GetProcAddress
SetThreadPriority
GetCurrentThread
FreeLibrary
GetStringTypeW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
GetConsoleCP
RaiseException

user32

InvalidateRect
GetKeyState
MapVirtualKeyExA
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
CreateIconFromResourceEx
SetClassLongA
SetWindowTextA
CreateCursor
DestroyCursor
GetCursor
ToAsciiEx
EndPaint
SetCursor
SetTimer
PostQuitMessage
KillTimer
WindowFromPoint
SetFocus
BeginPaint
GetKeyboardLayout
UnregisterClassA
GetClassInfoA
PostMessageA
LoadImageA
MapWindowPoints
AdjustWindowRect
ToUnicode
RegisterClassA
GetWindowRect
IsZoomed
SetForegroundWindow
EnumDisplaySettingsA
GetDC
GetMenu
ReleaseDC
SetWindowPos
AdjustWindowRectEx
DestroyIcon
ChangeDisplaySettingsA
ClientToScreen
DestroyWindow
GetMessageA
ScreenToClient
SetCapture
MsgWaitForMultipleObjects
GetParent
GetClientRect
TranslateMessage
GetKeyboardState
GetForegroundWindow
MapVirtualKeyA
SetWindowLongA
SetCursorPos
GetWindowLongA
CreateWindowExA
PeekMessageA
DefWindowProcA
GetCursorPos
ShowWindow
ClipCursor
DispatchMessageA
ReleaseCapture
GetSystemMetrics
CallWindowProcA
GetDesktopWindow
PtInRect

gdi32

ChoosePixelFormat
SetPixelFormat
SwapBuffers
GetDeviceCaps
GetSystemPaletteEntries
RealizePalette
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DescribePixelFormat
UnrealizeObject
CreatePalette
SetDIBColorTable
GetDIBits
CreateDIBSection
DeleteDC
SetDeviceGammaRamp
BitBlt
GetDeviceGammaRamp
SetSystemPaletteUse
SetPaletteEntries
DeleteObject
SelectPalette
GetSystemPaletteUse

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

SDL_AddTimer
SDL_AllocRW
SDL_AudioDriverName
SDL_AudioInit
SDL_AudioQuit
SDL_BuildAudioCVT
SDL_CDClose
SDL_CDEject
SDL_CDName
SDL_CDNumDrives
SDL_CDOpen
SDL_CDPause
SDL_CDPlay
SDL_CDPlayTracks
SDL_CDResume
SDL_CDStatus
SDL_CDStop
SDL_ClearError
SDL_CloseAudio
SDL_CondBroadcast
SDL_CondSignal
SDL_CondWait
SDL_CondWaitTimeout
SDL_ConvertAudio
SDL_ConvertSurface
SDL_CreateCond
SDL_CreateCursor
SDL_CreateMutex
SDL_CreateRGBSurface
SDL_CreateRGBSurfaceFrom
SDL_CreateSemaphore
SDL_CreateThread
SDL_CreateYUVOverlay
SDL_Delay
SDL_DestroyCond
SDL_DestroyMutex
SDL_DestroySemaphore
SDL_DisplayFormat
SDL_DisplayFormatAlpha
SDL_DisplayYUVOverlay
SDL_EnableKeyRepeat
SDL_EnableUNICODE
SDL_Error
SDL_EventState
SDL_FillRect
SDL_Flip
SDL_FreeCursor
SDL_FreeRW
SDL_FreeSurface
SDL_FreeWAV
SDL_FreeYUVOverlay
SDL_GL_GetAttribute
SDL_GL_GetProcAddress
SDL_GL_LoadLibrary
SDL_GL_Lock
SDL_GL_SetAttribute
SDL_GL_SwapBuffers
SDL_GL_Unlock
SDL_GL_UpdateRects
SDL_GetAppState
SDL_GetAudioStatus
SDL_GetClipRect
SDL_GetCursor
SDL_GetError
SDL_GetEventFilter
SDL_GetGammaRamp
SDL_GetKeyName
SDL_GetKeyRepeat
SDL_GetKeyState
SDL_GetModState
SDL_GetMouseState
SDL_GetRGB
SDL_GetRGBA
SDL_GetRelativeMouseState
SDL_GetThreadID
SDL_GetTicks
SDL_GetVideoInfo
SDL_GetVideoSurface
SDL_GetWMInfo
SDL_Has3DNow
SDL_Has3DNowExt
SDL_HasAltiVec
SDL_HasMMX
SDL_HasMMXExt
SDL_HasRDTSC
SDL_HasSSE
SDL_HasSSE2
SDL_Init
SDL_InitSubSystem
SDL_JoystickClose
SDL_JoystickEventState
SDL_JoystickGetAxis
SDL_JoystickGetBall
SDL_JoystickGetButton
SDL_JoystickGetHat
SDL_JoystickIndex
SDL_JoystickName
SDL_JoystickNumAxes
SDL_JoystickNumBalls
SDL_JoystickNumButtons
SDL_JoystickNumHats
SDL_JoystickOpen
SDL_JoystickOpened
SDL_JoystickUpdate
SDL_KillThread
SDL_Linked_Version
SDL_ListModes
SDL_LoadBMP_RW
SDL_LoadFunction
SDL_LoadObject
SDL_LoadWAV_RW
SDL_LockAudio
SDL_LockSurface
SDL_LockYUVOverlay
SDL_LowerBlit
SDL_MapRGB
SDL_MapRGBA
SDL_MixAudio
SDL_NumJoysticks
SDL_OpenAudio
SDL_PauseAudio
SDL_PeepEvents
SDL_PollEvent
SDL_PumpEvents
SDL_PushEvent
SDL_Quit
SDL_QuitSubSystem
SDL_RWFromConstMem
SDL_RWFromFP
SDL_RWFromFile
SDL_RWFromMem
SDL_ReadBE16
SDL_ReadBE32
SDL_ReadBE64
SDL_ReadLE16
SDL_ReadLE32
SDL_ReadLE64
SDL_RegisterApp
SDL_RemoveTimer
SDL_SaveBMP_RW
SDL_SemPost
SDL_SemTryWait
SDL_SemValue
SDL_SemWait
SDL_SemWaitTimeout
SDL_SetAlpha
SDL_SetClipRect
SDL_SetColorKey
SDL_SetColors
SDL_SetCursor
SDL_SetError
SDL_SetEventFilter
SDL_SetGamma
SDL_SetGammaRamp
SDL_SetModState
SDL_SetModuleHandle
SDL_SetPalette
SDL_SetTimer
SDL_SetVideoMode
SDL_ShowCursor
SDL_SoftStretch
SDL_ThreadID
SDL_UnloadObject
SDL_UnlockAudio
SDL_UnlockSurface
SDL_UnlockYUVOverlay
SDL_UnregisterApp
SDL_UpdateRect
SDL_UpdateRects
SDL_UpperBlit
SDL_VideoDriverName
SDL_VideoInit
SDL_VideoModeOK
SDL_VideoQuit
SDL_WM_GetCaption
SDL_WM_GrabInput
SDL_WM_IconifyWindow
SDL_WM_SetCaption
SDL_WM_SetIcon
SDL_WM_ToggleFullScreen
SDL_WaitEvent
SDL_WaitThread
SDL_WarpMouse
SDL_WasInit
SDL_WriteBE16
SDL_WriteBE32
SDL_WriteBE64
SDL_WriteLE16
SDL_WriteLE32
SDL_WriteLE64
SDL_getenv
SDL_iconv
SDL_iconv_close
SDL_iconv_open
SDL_iconv_string
SDL_lltoa
SDL_mutexP
SDL_mutexV
SDL_putenv
SDL_revcpy
SDL_snprintf
SDL_strdup
SDL_strlcat
SDL_strlcpy
SDL_strtoull
SDL_ulltoa
SDL_vsnprintf

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mari0_1.6.exe
.exe windows:5 windows x86 arch:x86

472f2aa7565b61856ecdbbcd91dafc71

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

devil

_ilOriginFunc@4
_ilGenImages@8
_ilBindImage@4
_ilConvertImage@8
_ilGetData@0
_ilGetError@0
_ilInit@0
_ilLoadL@12
_ilRegisterOrigin@4
_ilSaveL@12
_ilGetInteger@4
_ilTexImage@28
_ilEnable@4
_ilDeleteImages@8
_ilShutDown@0

openal32

alSourceQueueBuffers
alcCloseDevice
alcCreateContext
alcOpenDevice
alcGetIntegerv
alcCaptureStop
alListenerf
alListenerfv
alcDestroyContext
alGetListenerfv
alcCaptureSamples
alcCaptureStart
alDistanceModel
alcGetError
alGetListenerf
alcMakeContextCurrent
alGenSources
alDeleteSources
alGetError
alGetSourcef
alDeleteBuffers
alSourceUnqueueBuffers
alSourcef
alSourcePlay
alSourcei
alGenBuffers
alSourceStop
alGetSourcefv
alSourceRewind
alGetSourcei
alBufferData
alSourcePause
alGetBufferi
alSourcefv

sdl

SDL_UnloadObject
SDL_LoadFunction
SDL_KillThread
SDL_CreateMutex
SDL_GetTicks
SDL_CondWait
SDL_CreateThread
SDL_CondBroadcast
SDL_WaitThread
SDL_WarpMouse
SDL_GetMouseState
SDL_ThreadID
SDL_mutexP
SDL_CreateCond
SDL_WM_GrabInput
SDL_Delay
SDL_Init
SDL_SetModuleHandle
SDL_strlcat
SDL_strlcpy
SDL_getenv
SDL_Quit
SDL_DestroyMutex
SDL_mutexV
SDL_PumpEvents
SDL_EnableUNICODE
SDL_DestroyCond
SDL_WaitEvent
SDL_FreeSurface
SDL_VideoModeOK
SDL_GetVideoInfo
SDL_GL_SetAttribute
SDL_CreateRGBSurfaceFrom
SDL_putenv
SDL_ShowCursor
SDL_ListModes
SDL_WM_SetCaption
SDL_GL_SwapBuffers
SDL_GetAppState
SDL_GL_GetAttribute
SDL_SetVideoMode
SDL_WM_SetIcon
SDL_EnableKeyRepeat
SDL_GetKeyState
SDL_GetKeyRepeat
SDL_GetError
SDL_JoystickGetBall
SDL_JoystickOpen
SDL_JoystickNumBalls
SDL_JoystickNumHats
SDL_QuitSubSystem
SDL_NumJoysticks
SDL_InitSubSystem
SDL_JoystickClose
SDL_JoystickGetHat
SDL_JoystickName
SDL_JoystickEventState
SDL_JoystickNumButtons
SDL_JoystickGetButton
SDL_JoystickGetAxis
SDL_JoystickNumAxes
SDL_LoadObject
SDL_PollEvent

opengl32

glScissor
glPointSize
glPixelStorei
glEnd
glIsEnabled
glGetError
glDisable
glBegin
glColor4ubv
glColorPointer
glGetFloatv
glStencilFunc
glRotatef
glBlendFunc
glScalef
glTexEnvf
glColor4fv
glGetTexEnviv
glStencilOp
glHint
glDeleteTextures
glBindTexture
glColor4f
glDrawElements
glColorMask
glGetIntegerv
glEnable
glEnableClientState
glClear
glClearColor
glOrtho
glTexImage2D
glPopAttrib
glDrawArrays
glGetTexParameteriv
glTexParameteri
glPopMatrix
glReadPixels
glDisableClientState
glPushMatrix
glMultMatrixf
glPushAttrib
glMatrixMode
glViewport
glVertexPointer
glTexCoordPointer
glGenTextures
glLoadIdentity
glDeleteLists
glTexSubImage2D
glTexParameterf
glEndList
glNewList
glVertex2f
glAlphaFunc
wglGetProcAddress
wglGetCurrentDC
glGetString
glCallList
glTranslatef
glGenLists

ws2_32

getsockname
ntohs
htons
htonl
inet_ntoa
gethostname
getpeername
setsockopt
__WSAFDIsSet
accept
listen
getsockopt
send
gethostbyname
gethostbyaddr
closesocket
socket
bind
recv
WSACleanup
sendto
shutdown
WSAGetLastError
select
recvfrom
WSAStartup
connect
ioctlsocket

kernel32

SetEnvironmentVariableA
GetLocaleInfoW
LoadLibraryW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetExitCodeProcess
CreatePipe
CompareStringW
CompareStringA
GetProcessHeap
SetEndOfFile
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetTickCount
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
VirtualFree
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
InitializeCriticalSectionAndSpinCount
SetLastError
SetHandleCount
LCMapStringW
LCMapStringA
GetCPInfo
RaiseException
GetModuleFileNameW
WriteConsoleW
GetDateFormatA
GetTimeFormatA
MoveFileA
DuplicateHandle
CreateProcessA
ExitProcess
GetModuleHandleW
RtlUnwind
GetStartupInfoA
GetCommandLineA
HeapReAlloc
GetFullPathNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
GetFileType
SetStdHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
WriteConsoleA
GetConsoleOutputCP
VirtualAlloc
DeleteFileA
CloseHandle
GetVersionExA
ReleaseMutex
GetCurrentThreadId
GetFileTime
GetCurrentDirectoryA
CreateMutexA
FindNextFileA
FindClose
RemoveDirectoryA
FindFirstFileA
CreateDirectoryA
FlushFileBuffers
MultiByteToWideChar
GetTimeZoneInformation
ReadFile
FileTimeToSystemTime
GetFileAttributesA
GetVolumeInformationA
GetDriveTypeA
WriteFile
WaitForSingleObject
GetCurrentProcess
SystemTimeToTzSpecificLocalTime
SetErrorMode
SetFilePointer
GetFileSize
CreateFileA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetLastError
FormatMessageA
FreeLibrary
lstrcpyA
GlobalHandle
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
lstrcpynA
Sleep
GetSystemTimeAsFileTime
QueryPerformanceFrequency
QueryPerformanceCounter
LocalFree
SetConsoleTitleW
GetConsoleScreenBufferInfo
GetStdHandle
WideCharToMultiByte
SetConsoleScreenBufferSize
AllocConsole
GetCommandLineW
GetModuleHandleA

user32

wsprintfA

advapi32

OpenProcessToken
GetUserNameA

shell32

CommandLineToArgvW

Exports

Exports

FT_Activate_Size
FT_Add_Default_Modules
FT_Add_Module
FT_Angle_Diff
FT_Atan2
FT_Attach_File
FT_Attach_Stream
FT_Bitmap_Convert
FT_Bitmap_Copy
FT_Bitmap_Done
FT_Bitmap_Embolden
FT_Bitmap_New
FT_CeilFix
FT_Cos
FT_DivFix
FT_Done_Face
FT_Done_FreeType
FT_Done_Glyph
FT_Done_Library
FT_Done_Size
FT_Face_GetCharVariantIndex
FT_Face_GetCharVariantIsDefault
FT_Face_GetCharsOfVariant
FT_Face_GetVariantSelectors
FT_Face_GetVariantsOfChar
FT_FloorFix
FT_Get_Advance
FT_Get_Advances
FT_Get_CMap_Format
FT_Get_CMap_Language_ID
FT_Get_Char_Index
FT_Get_Charmap_Index
FT_Get_First_Char
FT_Get_Glyph
FT_Get_Glyph_Name
FT_Get_Kerning
FT_Get_Module
FT_Get_Name_Index
FT_Get_Next_Char
FT_Get_Postscript_Name
FT_Get_Renderer
FT_Get_Sfnt_Name
FT_Get_Sfnt_Name_Count
FT_Get_Sfnt_Table
FT_Get_SubGlyph_Info
FT_Get_Track_Kerning
FT_Get_TrueType_Engine_Type
FT_GlyphSlot_Own_Bitmap
FT_Glyph_Copy
FT_Glyph_Get_CBox
FT_Glyph_To_Bitmap
FT_Glyph_Transform
FT_Init_FreeType
FT_Library_Version
FT_List_Add
FT_List_Finalize
FT_List_Find
FT_List_Insert
FT_List_Iterate
FT_List_Remove
FT_List_Up
FT_Load_Char
FT_Load_Glyph
FT_Load_Sfnt_Table
FT_Matrix_Invert
FT_Matrix_Multiply
FT_MulDiv
FT_MulFix
FT_New_Face
FT_New_Library
FT_New_Memory_Face
FT_New_Size
FT_Open_Face
FT_Outline_Check
FT_Outline_Copy
FT_Outline_Decompose
FT_Outline_Done
FT_Outline_Done_Internal
FT_Outline_Embolden
FT_Outline_Get_Bitmap
FT_Outline_Get_CBox
FT_Outline_Get_Orientation
FT_Outline_New
FT_Outline_New_Internal
FT_Outline_Render
FT_Outline_Reverse
FT_Outline_Transform
FT_Outline_Translate
FT_Reference_Face
FT_Reference_Library
FT_Remove_Module
FT_Render_Glyph
FT_Request_Size
FT_RoundFix
FT_Select_Charmap
FT_Select_Size
FT_Set_Char_Size
FT_Set_Charmap
FT_Set_Debug_Hook
FT_Set_Pixel_Sizes
FT_Set_Renderer
FT_Set_Transform
FT_Sfnt_Table_Info
FT_Sin
FT_Sqrt32
FT_Stream_OpenGzip
FT_Stream_OpenLZW
FT_Tan
FT_Vector_From_Polar
FT_Vector_Length
FT_Vector_Polarize
FT_Vector_Rotate
FT_Vector_Transform
FT_Vector_Unit
PHYSFS_addToSearchPath
PHYSFS_close
PHYSFS_deinit
PHYSFS_delete
PHYSFS_enumerateFiles
PHYSFS_enumerateFilesCallback
PHYSFS_eof
PHYSFS_exists
PHYSFS_fileLength
PHYSFS_flush
PHYSFS_freeList
PHYSFS_getBaseDir
PHYSFS_getCdRomDirs
PHYSFS_getCdRomDirsCallback
PHYSFS_getDirSeparator
PHYSFS_getLastError
PHYSFS_getLastModTime
PHYSFS_getLinkedVersion
PHYSFS_getMountPoint
PHYSFS_getRealDir
PHYSFS_getSearchPath
PHYSFS_getSearchPathCallback
PHYSFS_getUserDir
PHYSFS_getWriteDir
PHYSFS_init
PHYSFS_isDirectory
PHYSFS_isInit
PHYSFS_isSymbolicLink
PHYSFS_mkdir
PHYSFS_mount
PHYSFS_openAppend
PHYSFS_openRead
PHYSFS_openWrite
PHYSFS_permitSymbolicLinks
PHYSFS_read
PHYSFS_readSBE16
PHYSFS_readSBE32
PHYSFS_readSBE64
PHYSFS_readSLE16
PHYSFS_readSLE32
PHYSFS_readSLE64
PHYSFS_readUBE16
PHYSFS_readUBE32
PHYSFS_readUBE64
PHYSFS_readULE16
PHYSFS_readULE32
PHYSFS_readULE64
PHYSFS_removeFromSearchPath
PHYSFS_seek
PHYSFS_setAllocator
PHYSFS_setBuffer
PHYSFS_setSaneConfig
PHYSFS_setWriteDir
PHYSFS_supportedArchiveTypes
PHYSFS_swapSBE16
PHYSFS_swapSBE32
PHYSFS_swapSBE64
PHYSFS_swapSLE16
PHYSFS_swapSLE32
PHYSFS_swapSLE64
PHYSFS_swapUBE16
PHYSFS_swapUBE32
PHYSFS_swapUBE64
PHYSFS_swapULE16
PHYSFS_swapULE32
PHYSFS_swapULE64
PHYSFS_symbolicLinksPermitted
PHYSFS_tell
PHYSFS_utf8FromLatin1
PHYSFS_utf8FromUcs2
PHYSFS_utf8FromUcs4
PHYSFS_utf8ToUcs2
PHYSFS_utf8ToUcs4
PHYSFS_write
PHYSFS_writeSBE16
PHYSFS_writeSBE32
PHYSFS_writeSBE64
PHYSFS_writeSLE16
PHYSFS_writeSLE32
PHYSFS_writeSLE64
PHYSFS_writeUBE16
PHYSFS_writeUBE32
PHYSFS_writeUBE64
PHYSFS_writeULE16
PHYSFS_writeULE32
PHYSFS_writeULE64
TT_New_Context
TT_RunIns
luaopen_love
luaopen_love_audio
luaopen_love_event
luaopen_love_filesystem
luaopen_love_font
luaopen_love_graphics
luaopen_love_image
luaopen_love_joystick
luaopen_love_keyboard
luaopen_love_mouse
luaopen_love_physics
luaopen_love_sound
luaopen_love_thread
luaopen_love_timer

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 602KB - Virtual size: 601KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 721KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 346KB - Virtual size: 346KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

79712d80908408072e04e6f25d5bb144

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 600KB - Virtual size: 599KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 9KB - Virtual size: 730KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 33KB - Virtual size: 33KB

79d32053ec04e0ccb92ade7cdcfef5f8

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

shell32

Exports

Exports

Sections

.text Size: 375KB - Virtual size: 374KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 15KB - Virtual size: 15KB

9e626d7bc733e30e54d69771d5465472

Headers

DLL Characteristics

File Characteristics

Imports

winmm

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 270KB - Virtual size: 269KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 11KB - Virtual size: 48KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 15KB - Virtual size: 15KB

472f2aa7565b61856ecdbbcd91dafc71

Headers

DLL Characteristics

File Characteristics

Imports

devil

openal32

sdl

opengl32

ws2_32

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 602KB - Virtual size: 601KB

.data Size: 48KB - Virtual size: 721KB

.rsrc Size: 346KB - Virtual size: 346KB

.reloc Size: 117KB - Virtual size: 116KB

.text
Size: 600KB - Virtual size: 599KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 9KB - Virtual size: 730KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 33KB - Virtual size: 33KB

.text
Size: 375KB - Virtual size: 374KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 270KB - Virtual size: 269KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 11KB - Virtual size: 48KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 602KB - Virtual size: 601KB

.data
Size: 48KB - Virtual size: 721KB

.rsrc
Size: 346KB - Virtual size: 346KB

.reloc
Size: 117KB - Virtual size: 116KB