Greyhound[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Greyhound.exe
Size

2.8MB
MD5

372b9e72b42f413ed7f31bbe75f6317f
SHA1

e8efb3314a2057b85fcfbaeb32998dd1cc3d833b
SHA256

68f086113d336edb2cd3f71a92b6caa9742adc3805c13eb0e493f083f7887c54
SHA512

b48e71200984e1aa154b72d6e5cdf8833b27a59589da3463e1200655c999875ecc25374a2512d460e979f10188d46138496b83bc396f8eb612939b09d0a95fec
SSDEEP

49152:coOQtfMt8ogPj4c8LA0HiWFcophtTkGm8L8nk:hLf8zcnk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Greyhound.exe

Files

Greyhound.exe
.exe windows:6 windows x64 arch:x64

8ff2a31f2df164def46f120460fe4f2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\UGit\Greyhound\src\WraithXCOD\x64\Release\Greyhound.pdb

Imports

kernel32

GetConsoleMode
GetFileAttributesA
GetCurrentProcessId
GetModuleHandleW
SetUnhandledExceptionFilter
GlobalAlloc
GlobalLock
ReadFile
GetFileSizeEx
FindFirstFileA
FindNextFileA
FindClose
CreateFileA
CloseHandle
SetFilePointerEx
GetFileType
InitOnceExecuteOnce
DeleteFileW
CreateFile2
SetFileInformationByHandle
GetLastError
CreateFileW
GetDynamicTimeZoneInformation
WriteFile
WriteConsoleA
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
FreeLibrary
GetProcAddress
LoadLibraryW
Sleep
ReadProcessMemory
GetSystemInfo
GetCurrentThreadId
InitializeCriticalSectionEx
OutputDebugStringW
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateProcessA
GetTempPathA
K32EmptyWorkingSet
ReleaseMutex
LocalFree
GetCommandLineW
ExpandEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
CreateDirectoryA
RemoveDirectoryA
CopyFileA
DeleteFileA
GetFileAttributesExA
QueryFullProcessImageNameA
K32GetModuleFileNameExW
K32EnumProcessModulesEx
IsWow64Process
Module32FirstW
GetProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
WaitForSingleObject
GetFileAttributesW
FindNextFileW
FindFirstFileW
CreateDirectoryW
GetFileTime
MapViewOfFile
CreateFileMappingW
GetFileSize
UnmapViewOfFile
SetEndOfFile
SetFilePointer
InitializeCriticalSection
SetLastError
GetSystemTimeAsFileTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection

user32

SendMessageW
EnableWindow
LoadImageW
LoadIconW
MessageBoxA
DeferWindowPos
BeginDeferWindowPos
GetCursorPos
InvalidateRect
SetClipboardData
EmptyClipboard
CloseClipboard
DestroyIcon
OpenClipboard
ScreenToClient
GetFocus
GetKeyState
GetClientRect
FillRect
EndDeferWindowPos
OffsetRect
GetWindowRect
ModifyMenuW
GetMenuItemID
IsMenu
GetMenuItemCount
GetSubMenu
IntersectRect
EndPaint
BeginPaint
SetCursor
GetMonitorInfoW
MonitorFromWindow
LoadCursorW
TrackMouseEvent
PostMessageW
GetParent
SetMenuInfo
LoadMenuW
SetRectEmpty
IsRectEmpty
GetWindowDC
ReleaseDC
GetDC
GetIconInfo
KillTimer
SetTimer
GetWindowLongW
GetClassNameW
GetWindow

gdi32

GetObjectW
SwapBuffers
DeleteObject
CreateSolidBrush
CreateFontW
ChoosePixelFormat
SetPixelFormat
GetDIBits
GetTextExtentPoint32W
CreateRectRgnIndirect

shell32

CommandLineToArgvW
DragFinish
ShellExecuteA
ord3
DragQueryFileW

gdiplus

GdiplusShutdown
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipCreateFromHDC
GdipDeleteGraphics
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipFillRectangleI
GdiplusStartup
GdipCreatePen2
GdipDeletePen
GdipDrawRectangleI
GdipDrawImageRectI
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateLineBrushFromRectWithAngleI
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipCreateStringFormat
GdipDeleteStringFormat
GdipMeasureString
GdipDrawString
GdipDrawLineI
GdipCreatePath
GdipDeletePath
GdipSetSmoothingMode
GdipTranslateWorldTransform
GdipAddPathLine
GdipClosePathFigure
GdipRotateWorldTransform
GdipFillPath
GdipResetWorldTransform
GdipSetInterpolationMode
GdipSetStringFormatTrimming
GdipCreateBitmapFromHICON
GdipDrawEllipseI
GdipFillEllipseI
GdipSetStringFormatFlags
GdipGetStringFormatFlags
GdipFree

mfc140u

ord3308
ord3307
ord3071
ord6285
ord4656
ord6247
ord1158
ord2270
ord1140
ord2212
ord5080
ord5363
ord5552
ord9041
ord5339
ord5083
ord5229
ord5062
ord7460
ord7461
ord7450
ord5227
ord7922
ord3756
ord11940
ord3828
ord6320
ord11944
ord13513
ord296
ord3173
ord1033
ord13136
ord5245
ord4335
ord8043
ord13767
ord4726
ord11854
ord13157
ord3599
ord1424
ord7619
ord290
ord1504
ord6313
ord13864
ord8507
ord10727
ord1369
ord878
ord357
ord6250
ord7233
ord1089
ord446
ord5241
ord12706
ord10163
ord3713
ord286
ord4343
ord8947
ord10691
ord2903
ord293
ord5709
ord6729
ord2369
ord2273
ord2238
ord2371
ord7394
ord990
ord9159
ord10769
ord361
ord4721
ord11085
ord8900
ord11902
ord2698
ord13401
ord6002
ord7249
ord8823
ord6343
ord3082
ord4725
ord13674
ord5742
ord3718
ord8656
ord8830
ord11415
ord11414
ord5451
ord9979
ord9975
ord9977
ord9978
ord9976
ord14360
ord1454
ord7913
ord9946
ord3209
ord3212
ord1450
ord889
ord1377
ord8072
ord265
ord266
ord2475
ord5240
ord1489
ord1491
ord3951
ord10704
ord8731
ord8901
ord2697
ord13397
ord6000
ord11813
ord11850
ord3172
ord3278
ord3279
ord3812
ord11806
ord2629
ord5723
ord13354
ord11406
ord6631
ord14217
ord7651
ord14211
ord2967
ord4352
ord9384
ord5582
ord4360
ord4828
ord4767
ord4752
ord4814
ord4859
ord4782
ord4837
ord1700
ord4853
ord4794
ord4800
ord4806
ord4788
ord4843
ord4776
ord1755
ord1734
ord1722
ord4499
ord3803
ord6361
ord4086
ord8441
ord5044
ord13580
ord13577
ord6588
ord8826
ord3164
ord4095
ord7551
ord14000
ord2479
ord2187
ord1421
ord6585
ord8817
ord3162
ord4078
ord7377
ord1452
ord985
ord2786
ord4722
ord11081
ord13761
ord1111
ord6303
ord8167
ord6619
ord1748
ord8084
ord12544
ord8023
ord5183
ord2439
ord12222
ord12223
ord14210
ord7650
ord14216
ord9089
ord4011
ord3949
ord12625
ord7668
ord2011
ord11664
ord11665
ord14088
ord8821
ord6324
ord12212
ord7719
ord14288
ord6121
ord14290
ord6123
ord14289
ord6122
ord3731
ord5706
ord11921
ord11929
ord4445
ord7920
ord10124
ord14209
ord11933
ord11901
ord12606
ord5555
ord9941
ord6614
ord2178
ord7716
ord983
ord11625
ord7393
ord8451
ord11771
ord1631
ord6078
ord12738
ord6566
ord6724
ord5628
ord5641
ord1501
ord280
ord8468
ord13956
ord7775
ord5468
ord3249

comctl32

ord410
ord413
ord412
InitCommonControlsEx

shlwapi

PathIsRelativeA

uxtheme

SetWindowTheme

msvcp140

?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Xinvalid_argument@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?always_noconv@codecvt_base@std@@QEBA_NXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?uncaught_exception@std@@YA_NXZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
_Cnd_destroy_in_situ
_Query_perf_counter
_Cnd_wait
_Cnd_timedwait
?_Syserror_map@std@@YAPEBDH@Z
_Query_perf_frequency
_Cnd_init_in_situ
_Cnd_signal
_Thrd_detach
??1_Facet_base@std@@UEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getlconv@_Locinfo@std@@QEBAPEBUlconv@@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??Bid@locale@std@@QEAA_KXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1facet@locale@std@@MEAA@XZ
_Mtx_unlock
_Thrd_join
_Xtime_get_ticks
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
??_7facet@locale@std@@6B@
_Mtx_destroy_in_situ
?id@?$numpunct@D@std@@2V0locale@2@A
?_Xout_of_range@std@@YAXPEBD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Throw_Cpp_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??_7_Facet_base@std@@6B@
?_Xbad_function_call@std@@YAXXZ
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ

dbghelp

MiniDumpWriteDump

ws2_32

socket
send
connect
WSAGetLastError
getaddrinfo
WSAStartup
closesocket
recv

winhttp

WinHttpSetOption
WinHttpCloseHandle
WinHttpQueryDataAvailable
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpen
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpOpenRequest

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strstr
strchr
__std_exception_copy
wcschr
__std_terminate
memcpy
memchr
memcmp
_purecall
memset
memmove
_CxxThrowException
__C_specific_handler
__current_exception
__current_exception_context
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
calloc
realloc
_aligned_malloc
malloc
_aligned_free

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_get_narrow_winmain_command_line
_configure_narrow_argv
_initterm_e
exit
_exit
_c_exit
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_beginthreadex
_wassert
terminate
_initterm
__p___argv
_errno
__p___argc

api-ms-win-crt-stdio-l1-1-0

fflush
fopen
_get_osfhandle
_fileno
fwrite
fread_s
_setmode
__stdio_common_vsnprintf_s
__stdio_common_vfprintf
fclose
fputc
__acrt_iob_func
fgetc
fgetpos
setvbuf
ungetc
fsetpos
fread
_fseeki64
_get_stream_buffer_pointers
__stdio_common_vsprintf_s
__p__commode
__stdio_common_vswprintf
__stdio_common_vsprintf
_set_fmode
_fsopen
_wfopen
_open_osfhandle
_wfopen_s
fopen_s
_ftelli64
fputs
__stdio_common_vfprintf_s

api-ms-win-crt-math-l1-1-0

ceilf
cos
pow
sqrtf
__setusermatherr
atan2f
frexp
_fdopen
cosf
log
exp
_dsign
lround
powf
modff
lroundf
ldexp
fmaxf

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_mktime64
_time64
strftime
_localtime64_s

api-ms-win-crt-string-l1-1-0

strcpy_s
isspace
_wcsnicmp
_wcsicmp
wcsncmp
strncmp
wcscpy_s
isdigit
_stricmp
_strnicmp
tolower
strcmp
isxdigit

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
_waccess
_mkdir

api-ms-win-crt-convert-l1-1-0

strtoll
mbstowcs
strtod
strtol
wcstombs
atoi
strtoull

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv

api-ms-win-crt-utility-l1-1-0

bsearch
rand
qsort

opengl32

glLoadIdentity
glMatrixMode
glViewport
glFinish
glEnable
glDrawBuffer
glScalef
wglCreateContext
wglMakeCurrent
glClearColor
glDeleteTextures
wglDeleteContext
glClear
glClearDepth
glPushMatrix
glTranslated
glGenTextures
glRotated
glTexParameteri
glTexImage2D
glPopMatrix
glBindTexture
glBegin
glNormal3d
glTexCoord2d
glVertex3d
glEnd

glu32

gluPerspective

comdlg32

GetOpenFileNameA

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString

vcomp140

_vcomp_fork
_vcomp_for_static_simple_init
_vcomp_for_static_end

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ff2a31f2df164def46f120460fe4f2c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

gdiplus

mfc140u

comctl32

shlwapi

uxtheme

msvcp140

dbghelp

ws2_32

winhttp

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

opengl32

glu32

comdlg32

ole32

oleaut32

vcomp140

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 505KB - Virtual size: 505KB

.data Size: 47KB - Virtual size: 52KB

.pdata Size: 64KB - Virtual size: 63KB

_RDATA Size: 70KB - Virtual size: 70KB

.rsrc Size: 150KB - Virtual size: 149KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 505KB - Virtual size: 505KB

.data
Size: 47KB - Virtual size: 52KB

.pdata
Size: 64KB - Virtual size: 63KB

_RDATA
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 150KB - Virtual size: 149KB

.reloc
Size: 11KB - Virtual size: 11KB