78259903828ee203e9c6e73d930e2684_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

78259903828ee203e9c6e73d930e2684_JaffaCakes118
Size

10.8MB
MD5

78259903828ee203e9c6e73d930e2684
SHA1

6b6785558d34cd2c6ff6677c0b96763f90d00436
SHA256

4179811143d7efe0454ed70b6e83ad56605f02a11742ec8bf4f7ba085d096a40
SHA512

b48a125921db0fc64fadc4047ffc2a882a74d7348d911480022457f7fc412f5abd7d3cd0e626ca2057637b5547aa9fba34f575bba66bf340027f5dbc08d1341f
SSDEEP

196608:xKg5po0SYj0mTMITe1OxHJtmGH5MMG0rRaLUZ/MizlPB98DKyhCwXeAZjJUcpcQE:xKACJY/Tk1OFJEYe0rRJrj8DZhtcT

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack004/Kong.dat	patched_upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack004/Kong.dat	upx

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack002/AFT注册码生成.exe
unpack003/AFT3.DAT
unpack003/复件 AFT3.DAT
unpack003/复件 AFT3_REG_C.exe
unpack004/Kong.dat
unpack004/帝王登陆器生成.exe
unpack006/配置信息生成器.exe

Files

78259903828ee203e9c6e73d930e2684_JaffaCakes118
.rar
M2注册程序.reg
上万免费版本下载基地.url
.url
下载说明.txt
使用说明.txt
完整商业版本下载.url
.url
引擎注册/AFT注册码生成.rar
.rar
AFT注册码生成.exe
.exe windows:4 windows x86 arch:x86

8ae571e62a3de0944af5f9fc8966bc7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
GetEnvironmentVariableW
CloseHandle
WriteFile
CreateFileW
GetModuleFileNameA
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
MultiByteToWideChar
CreateDirectoryW
GetFileAttributesW
SetFileTime
GetModuleHandleW
GetStartupInfoW

user32

wsprintfW

shell32

ShellExecuteW

msvcrt

_XcptFilter
??2@YAPAXI@Z
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_CxxThrowException
wcscat
sprintf
calloc
free
malloc
wcslen
wcscpy
wcsstr
_exit
??0exception@@QAE@ABQBD@Z
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 813KB - Virtual size: 813KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
引擎注册/AFT配置信息.rar
.rar
AFT3.DAT
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

EurekaLog_PasswordRequestEvent
ExceptionManager

Sections

Size: 1.4MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 514KB - Virtual size: 859KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.7MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
复件 AFT3.DAT
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

EurekaLog_PasswordRequestEvent
ExceptionManager

Sections

Size: 1.4MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 514KB - Virtual size: 859KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1.7MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
复件 AFT3_REG_C.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 443KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 48KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.qnk
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
登录器生成/帝王登陆器生成_.rar
.rar
Kong.dat
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 2.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
帝王登陆器生成.exe
.exe windows:5 windows x86 arch:x86

60c71be364425df6e78f548925c71ff1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
GlobalUnlock
lstrcmpiA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetCurrentProcess
DuplicateHandle
lstrcpynA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
CreateFileW
FindClose
WriteConsoleW
GetConsoleMode
GetConsoleCP
CompareStringW
LoadLibraryW
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
SetEnvironmentVariableA
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
SetUnhandledExceptionFilter
IsValidCodePage
CreateSemaphoreA
ResumeThread
ReleaseSemaphore
EnterCriticalSection
LeaveCriticalSection
GetProfileStringA
WriteFile
ReadFile
GetLastError
WaitForMultipleObjects
CreateFileA
SetEvent
FindResourceA
LoadResource
LockResource
GetModuleFileNameA
GetCurrentThreadId
ExitProcess
GlobalSize
GlobalFree
DeleteCriticalSection
InitializeCriticalSection
lstrcatA
WinExec
lstrcpyA
FindNextFileA
GlobalReAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetFullPathNameA
FreeLibrary
LoadLibraryA
lstrlenA
WritePrivateProfileStringA
CreateThread
CreateEventA
Sleep
GlobalAlloc
GlobalLock
GetACP
HeapSize
HeapQueryInformation
GetModuleHandleW
RaiseException
DecodePointer
EncodePointer
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetOEMCP
GetCPInfo
GetProcessVersion
SetErrorMode
GlobalFlags
GetCurrentThread
GetFileAttributesA
CopyFileA
SetCurrentDirectoryA
GetFileTime
GetFileSize
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcmpA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetVolumeInformationA
GetModuleHandleA
GetProcAddress
MulDiv
GetCommandLineA
GetTickCount
WaitForSingleObject
SetStdHandle
CloseHandle
InterlockedIncrement

user32

OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
SetWindowPos
SendMessageA
DestroyCursor
SetParent
GetClipboardData
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
CloseClipboard
wsprintfA
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
IsWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
SystemParametersInfoA
TranslateMessage
LoadIconA
DrawFrameControl
DrawEdge
DrawFocusRect
WindowFromPoint
GetMessageA
DispatchMessageA
SetRectEmpty
RegisterClipboardFormatA
CreateIconFromResourceEx
CreateIconFromResource
DrawIconEx
CreatePopupMenu
AppendMenuA
ModifyMenuA
CreateMenu
CreateAcceleratorTableA
GetDlgCtrlID
GetSubMenu
EnableMenuItem
ClientToScreen
EnumDisplaySettingsA
LoadImageA
ShowWindow
IsWindowEnabled
TranslateAcceleratorA
GetKeyState
CopyAcceleratorTableA
PostQuitMessage
IsZoomed
GetSystemMenu
DeleteMenu
GetClassInfoA
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetForegroundWindow
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
UnregisterClassA
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
SetWindowTextA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
LoadStringA
GetSysColorBrush
DefWindowProcA
GetMenu
SetMenu
PeekMessageA
IsIconic
SetFocus
GetActiveWindow
GetWindow
DestroyAcceleratorTable
SetWindowRgn
GetMessagePos
ScreenToClient
ChildWindowFromPointEx
CopyRect
LoadBitmapA
WinHelpA
KillTimer
SetTimer
ReleaseCapture
GetCapture

gdi32

SetBkColor
CreateRectRgnIndirect
SetStretchBltMode
GetClipRgn
CreatePolygonRgn
SelectClipRgn
DeleteObject
CreateDIBitmap
GetSystemPaletteEntries
CreatePalette
StretchBlt
SelectPalette
RealizePalette
GetDIBits
GetWindowExtEx
GetViewportOrgEx
GetWindowOrgEx
BeginPath
EndPath
PathToRegion
CreateEllipticRgn
CreateRoundRectRgn
GetTextColor
GetBkMode
GetBkColor
GetROP2
GetStretchBltMode
GetPolyFillMode
CreateCompatibleBitmap
CreateDCA
CreateBitmap
SelectObject
GetObjectA
CreatePen
PatBlt
FillRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
GetStockObject
CreateFontIndirectA
EndPage
EndDoc
DeleteDC
StartDocA
StartPage
BitBlt
CreateCompatibleDC
Ellipse
Rectangle
LPtoDP
DPtoLP
GetCurrentObject
RoundRect
GetTextExtentPoint32A
GetDeviceCaps
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
GetTextMetricsA
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetViewportExtEx
ExtSelectClipRgn

winmm

midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA
Shell_NotifyIconA

ole32

OleInitialize
OleUninitialize
CLSIDFromString

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi

comctl32

ImageList_Destroy
ord17

ws2_32

accept
getpeername
recv
ioctlsocket
recvfrom
WSAAsyncSelect
closesocket
WSACleanup
inet_ntoa

comdlg32

GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA

Sections

.text
Size: 435KB - Virtual size: 436KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
登录器生成/配置信息生成器.rar
.rar
配置信息生成器.exe
.exe windows:4 windows x86 arch:x86

8ae571e62a3de0944af5f9fc8966bc7c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
GetEnvironmentVariableW
CloseHandle
WriteFile
CreateFileW
GetModuleFileNameA
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
MultiByteToWideChar
CreateDirectoryW
GetFileAttributesW
SetFileTime
GetModuleHandleW
GetStartupInfoW

user32

wsprintfW

shell32

ShellExecuteW

msvcrt

_XcptFilter
??2@YAPAXI@Z
__CxxFrameHandler
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_CxxThrowException
wcscat
sprintf
calloc
free
malloc
wcslen
wcscpy
wcsstr
_exit
??0exception@@QAE@ABQBD@Z
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
_controlfp

Sections

.text
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 569KB - Virtual size: 569KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ae571e62a3de0944af5f9fc8966bc7c

Headers

File Characteristics

Imports

kernel32

user32

shell32

msvcrt

Sections

.text Size: 47KB - Virtual size: 46KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 813KB - Virtual size: 813KB

Headers

File Characteristics

Exports

Exports

Sections

Size: 1.4MB - Virtual size: 3.5MB

.rsrc Size: 514KB - Virtual size: 859KB

.idata Size: 512B - Virtual size: 4KB

.data Size: 1.7MB - Virtual size: 3.9MB

Headers

File Characteristics

Exports

Exports

Sections

Size: 1.4MB - Virtual size: 3.5MB

.rsrc Size: 514KB - Virtual size: 859KB

.idata Size: 512B - Virtual size: 4KB

.data Size: 1.7MB - Virtual size: 3.9MB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 443KB - Virtual size: 443KB

.rdata Size: 88KB - Virtual size: 88KB

.data Size: 48KB - Virtual size: 126KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 64KB - Virtual size: 63KB

.qnk Size: 1KB - Virtual size: 4KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 2.9MB

UPX1 Size: 1.7MB - Virtual size: 1.7MB

.rsrc Size: 16KB - Virtual size: 16KB

60c71be364425df6e78f548925c71ff1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winmm

winspool.drv

advapi32

shell32

ole32

oleaut32

comctl32

ws2_32

comdlg32

Sections

.text Size: 435KB - Virtual size: 436KB

.rdata Size: 86KB - Virtual size: 88KB

.data Size: 48KB - Virtual size: 116KB

.rsrc Size: 91KB - Virtual size: 28KB

8ae571e62a3de0944af5f9fc8966bc7c

Headers

File Characteristics

Imports

kernel32

user32

shell32

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 813KB - Virtual size: 813KB

.rsrc
Size: 514KB - Virtual size: 859KB

.idata
Size: 512B - Virtual size: 4KB

.data
Size: 1.7MB - Virtual size: 3.9MB

.rsrc
Size: 514KB - Virtual size: 859KB

.idata
Size: 512B - Virtual size: 4KB

.data
Size: 1.7MB - Virtual size: 3.9MB

.text
Size: 443KB - Virtual size: 443KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 48KB - Virtual size: 126KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 64KB - Virtual size: 63KB

.qnk
Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 2.9MB

UPX1
Size: 1.7MB - Virtual size: 1.7MB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 435KB - Virtual size: 436KB

.rdata
Size: 86KB - Virtual size: 88KB

.data
Size: 48KB - Virtual size: 116KB

.rsrc
Size: 91KB - Virtual size: 28KB

.text
Size: 47KB - Virtual size: 46KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 569KB - Virtual size: 569KB