626c4ebd607163ba6cdd07e77f6c240d091111cad532a8cb9accf6d3014c12f4

Sharing

Copy URL Twitter E-mail

General

Target

626c4ebd607163ba6cdd07e77f6c240d091111cad532a8cb9accf6d3014c12f4
Size

1.8MB
MD5

81074306052a4a4573d1b2ebba9a87da
SHA1

a780967789e1b4eb17b9f40e530e1fdfa02a9476
SHA256

626c4ebd607163ba6cdd07e77f6c240d091111cad532a8cb9accf6d3014c12f4
SHA512

c661bebeb1a6538cec2536f8af9c7cab4532245810ecc27a39b99b487b372ebb5869b46fe569f62746ed6d9c763bb9423e2cd4b341087592aa536b7ae7e682fc
SSDEEP

49152:QXKx0ZGvLU6HNVpya8FV/CHb28rXwGJwAysM5H:QuU6tVpQub2A

Score

10^/10

Malware Config

Signatures

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
626c4ebd607163ba6cdd07e77f6c240d091111cad532a8cb9accf6d3014c12f4

Files

626c4ebd607163ba6cdd07e77f6c240d091111cad532a8cb9accf6d3014c12f4
.dll regsvr32 windows:10 windows x64 arch:x64

76a80dc21358074e38f7b9f8cb4118ff

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

urlmon.pdb

Imports

msvcrt

__CxxFrameHandler3
wcstol
strstr
strncmp
wcsnlen
_wcslwr_s
towlower
__CxxFrameHandler4
strchr
_snwprintf_s
_scwprintf
_errno
realloc
bsearch
_wtol
_wcsnicmp
_i64tow_s
_wtoi
_ui64tow_s
swprintf_s
_ultow_s
memmove_s
isalpha
wcsncmp
swscanf_s
_wcsicmp
_purecall
wcsrchr
fclose
_itow_s
rand_s
wcstok_s
strcmp
_onexit
__dllonexit
_unlock
memcmp
wcstoul
memcpy_s
_lock
memcpy
wcschr
wcsstr
__C_specific_handler
_initterm
malloc
memset
free
_amsg_exit
_XcptFilter
_snwscanf_s
wcscat_s
wcscpy_s
_vsnwprintf
_wfopen
fgets
?terminate@@YAXXZ
_vsnprintf
strnlen
wcscmp

iertutil

GetPropertyName
IntlPercentEncodeNormalize
CreateUriPriv
GetPortFromUrlScheme
IsStringProperty
ord701
CreateIUriBuilder
ord25
GetIUriPriv
CreateUri
CreateUriFromMultiByteString
ord901
GetPropertyFromName
ord791
IsDWORDProperty
GetIUriPriv2
ord656
ord675
ord665
ord651
ord655
ord657
ord667
CreateUriWithFragment
ord650
ord670
ord664
ord672
ord658
ord398
ord50
ord793
ord681
ord700
ord795
ord854
ord466
ord134
ord282
ord281
ord820
ord71
ord68
ord64
ord61
ord88
ord706
ord796
ord683
ord86
ord76
ord81
ord74
ord79
ord85
ord690
ord916
ord58
ord209
ord32
ord200
ord201
ord54
ord150
ord158
ord159
ord151
UriFromHostAndScheme
ord56
ord49
ord903
ord902
GetIDNSettingsForIE
PrivateCoInternetCanonicalizeIUri
PrivateCoInternetParseIUri
PrivateCoInternetCombineIUri
FastMimeLookupKnownType
FastMimeSetIsMimeFilterEnabled
ord70
ord63
ord20
FastMimeGetIsMimeFilterEnabled
CreateStringHashN
ord230
ord16
ord45
ord205
ord42
ord43
ord44
ord143
ord135
ord140
ord141
ord142
ord913
ord810
ord172
IUriBuilderInternalCreateDomain
ord708
ord166
ord855
ord35
ord870
ord682
ord89
ord57
ord702
ord17
ord96
ord325
ord173
ord62
ord72
ord594
ord597
ord654
ord652

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
AcquireSRWLockExclusive
CreateMutexExW
WaitForSingleObjectEx
AcquireSRWLockShared
WaitForSingleObject
CreateMutexW
ReleaseSRWLockShared
CreateMutexA
ReleaseSemaphore
ReleaseMutex
TryEnterCriticalSection
CreateEventExW
InitializeCriticalSectionEx
OpenMutexW
LeaveCriticalSection
CreateSemaphoreExW
SetEvent
OpenSemaphoreW
CreateEventW
EnterCriticalSection
DeleteCriticalSection
InitializeSRWLock
ReleaseSRWLockExclusive

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsRelativeW
PathIsPrefixW
PathIsRootW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathUnquoteSpacesW
PathIsUNCW
PathGetDriveNumberW
PathIsUNCServerShareW
PathFindExtensionA
PathRemoveFileSpecW
PathIsUNCServerW
PathIsPrefixA
PathFindExtensionW
PathFileExistsA
PathFileExistsW

api-ms-win-core-shlwapi-obsolete-l1-1-0

StrCmpNICA
StrDupW
StrCmpNCA
StrTrimW
StrCmpICW
StrChrW
StrStrIW
StrToIntW
StrCmpNCW
StrToInt64ExW
StrDupA
QISearch
StrCmpNICW
StrCmpNIW
StrStrIA
StrCmpIW
StrCmpNA
StrChrIW
StrCmpCA
StrRChrW
StrCmpNIA
StrChrNW
StrChrA
StrToIntExW
StrCmpICA
StrCmpNW
StrStrW
StrCmpW
StrCmpCW
StrStrA
StrToIntA

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
SizeofResource
LockResource
GetProcAddress
GetModuleHandleExA
LoadLibraryExW
GetModuleHandleExW
FindResourceExW
GetModuleFileNameA
LoadStringA
GetModuleFileNameW
LoadStringW
FreeLibrary
GetModuleHandleA
FindStringOrdinal
LoadLibraryExA
LoadResource

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteEx
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte
CompareStringW

api-ms-win-core-registry-l1-1-0

RegQueryValueExA
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExA
RegCreateKeyExW
RegSetValueExW
RegGetValueW
RegDeleteKeyExA
RegEnumValueA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegGetValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegQueryValueExW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpA
lstrcmpW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
CreateThread
CreateProcessA
GetExitCodeProcess
GetCurrentProcessId
GetCurrentProcess
OpenProcessToken
GetCurrentThread
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
GetExitCodeThread
TerminateThread
TerminateProcess
ExitThread
OpenThreadToken

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-localization-l1-2-0

GetACP
GetThreadLocale
GetUserGeoID
GetUserDefaultLCID
GetCPInfo
FormatMessageA
IsDBCSLeadByte
FormatMessageW
IdnToUnicode
IsValidCodePage
GetLocaleInfoA
IdnToAscii
GetSystemDefaultLCID

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-stringansi-l1-1-0

CharUpperBuffA
CharPrevA
CharNextA
CharLowerA

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
Sleep
WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceComplete

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
SetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetVersionExA
GetSystemInfo
GetWindowsDirectoryA
GetSystemDirectoryA
GetTickCount64
GetLocalTime
GetSystemTime
GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchRemoveBackslash
PathCchCanonicalize
PathCchCombineEx
PathCchAppend
PathCchAddBackslash

api-ms-win-core-string-l2-1-0

CharNextW
CharLowerW
CharPrevW
CharLowerBuffW

api-ms-win-core-heap-l2-1-0

LocalAlloc
GlobalAlloc
GlobalFree
LocalFree

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryW
LoadLibraryA

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-file-l1-1-0

GetFileAttributesA
CreateFileA
GetFullPathNameA
GetShortPathNameW
CreateDirectoryA
WriteFile
SetFilePointer
FindFirstFileA
CreateFileW
GetTempFileNameW
SetFileTime
GetFileAttributesW
GetFileSizeEx
CompareFileTime
SetFileAttributesW
FindFirstFileW
GetFileInformationByHandle
FileTimeToLocalFileTime
GetVolumePathNameW
SetFileAttributesA
DeleteFileA
GetFullPathNameW
LocalFileTimeToFileTime
FindNextFileA
GetDriveTypeA
CreateDirectoryW
QueryDosDeviceW
GetLongPathNameA
GetLongPathNameW
FindClose
GetFileSize
GetFileTime
DeleteFileW
RemoveDirectoryA
GetFileAttributesExW
GetDriveTypeW
ReadFile

api-ms-win-core-file-l1-2-2

GetTempPathA

api-ms-win-core-kernel32-legacy-l1-1-0

CopyFileA
GetShortPathNameA
DosDateTimeToFileTime

api-ms-win-core-version-l1-1-0

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolTimer
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
WaitForThreadpoolTimerCallbacks
SubmitThreadpoolWork
CloseThreadpoolTimer
CreateThreadpoolWork
SetThreadpoolTimer

api-ms-win-core-registryuserspecific-l1-1-0

SHRegCreateUSKeyW
SHRegWriteUSValueW
SHRegCloseUSKey
SHRegEnumUSKeyW
SHRegQueryInfoUSKeyW
SHRegEnumUSValueW
SHRegGetUSValueW
SHRegOpenUSKeyW
SHRegQueryUSValueW
SHRegGetBoolUSValueA
SHRegDeleteUSValueW
SHRegDeleteEmptyUSKeyW
SHRegGetUSValueA

api-ms-win-core-atoms-l1-1-0

FindAtomA
FindAtomW
AddAtomW
AddAtomA
DeleteAtom

api-ms-win-core-url-l1-1-0

PathCreateFromUrlA
UrlCanonicalizeW
UrlCombineW
UrlUnescapeW
PathCreateFromUrlW
ParseURLW
UrlGetPartW
UrlCreateFromPathW
UrlEscapeW
UrlCompareW
ParseURLA
UrlIsW
UrlGetLocationW

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileIntA

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
FileTimeToSystemTime

api-ms-win-security-base-l1-1-0

CheckTokenMembership
CreateWellKnownSid
GetTokenInformation
CopySid
DuplicateToken
GetLengthSid

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-http-time-l1-1-0

InternetTimeToSystemTimeA
InternetTimeFromSystemTimeW
InternetTimeFromSystemTimeA

api-ms-win-core-file-l1-2-0

CreateFile2
GetVolumeNameForVolumeMountPointW
GetTempPathW

api-ms-win-core-threadpool-legacy-l1-1-0

QueueUserWorkItem

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-processthreads-l1-1-2

QueryProtectedPolicy

api-ms-win-core-errorhandling-l1-1-2

RaiseFailFastException

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsA
GetCommandLineW

api-ms-win-core-datetime-l1-1-0

GetTimeFormatA
GetTimeFormatW
GetDateFormatW

api-ms-win-core-heap-obsolete-l1-1-0

GlobalSize
GlobalLock
GlobalUnlock

api-ms-win-core-file-l2-1-0

MoveFileExW

ntdll

RtlGetSuiteMask
RtlIpv6StringToAddressExW
RtlIpv4StringToAddressExW
RtlMoveMemory

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
CreateFileMappingW
VirtualProtect

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-localization-obsolete-l1-2-0

CompareStringA

api-ms-win-core-commandlinetoargv-l1-1-0

CommandLineToArgvW

api-ms-win-stateseparation-helpers-l1-1-0

GetPersistedRegistryLocationW

api-ms-win-core-sidebyside-l1-1-0

DeactivateActCtx
CreateActCtxW
ReleaseActCtx
ActivateActCtx

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-io-l1-1-0

DeviceIoControl

Exports

Exports

AsyncGetClassBits
AsyncInstallDistributionUnit
BindAsyncMoniker
CAuthenticateHostUI_CreateInstance
CDLGetLongPathNameA
CDLGetLongPathNameW
CORPolicyProvider
CoGetClassObjectFromURL
CoInstall
CoInternetCanonicalizeIUri
CoInternetCombineIUri
CoInternetCombineUrl
CoInternetCombineUrlEx
CoInternetCompareUrl
CoInternetCreateSecurityManager
CoInternetCreateZoneManager
CoInternetFeatureSettingsChanged
CoInternetGetMobileBrowserAppCompatMode
CoInternetGetMobileBrowserForceDesktopMode
CoInternetGetProtocolFlags
CoInternetGetSecurityUrl
CoInternetGetSecurityUrlEx
CoInternetGetSession
CoInternetIsFeatureEnabled
CoInternetIsFeatureEnabledForIUri
CoInternetIsFeatureEnabledForUrl
CoInternetIsFeatureZoneElevationEnabled
CoInternetParseIUri
CoInternetParseUrl
CoInternetQueryInfo
CoInternetSetFeatureEnabled
CoInternetSetMobileBrowserAppCompatMode
CoInternetSetMobileBrowserForceDesktopMode
CompareSecurityIds
CompatFlagsFromClsid
CopyBindInfo
CopyStgMedium
CreateAsyncBindCtx
CreateAsyncBindCtxEx
CreateFormatEnumerator
CreateIUriBuilder
CreateURLMoniker
CreateURLMonikerEx
CreateURLMonikerEx2
CreateUri
CreateUriFromMultiByteString
CreateUriPriv
CreateUriWithFragment
DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllRegisterServerEx
DllUnregisterServer
Extract
FaultInIEFeature
FileBearsMarkOfTheWeb
FindMediaType
FindMediaTypeClass
FindMimeFromData
GetAddSitesFileUrl
GetClassFileOrMime
GetClassURL
GetComponentIDFromCLSSPEC
GetIDNFlagsForUri
GetIUriPriv
GetIUriPriv2
GetLabelsFromNamedHost
GetMarkOfTheWeb
GetPortFromUrlScheme
GetPropertyFromName
GetPropertyName
GetSoftwareUpdateInfo
GetUrlmonThreadNotificationHwnd
GetZoneFromAlternateDataStreamEx
HlinkGoBack
HlinkGoForward
HlinkNavigateMoniker
HlinkNavigateString
HlinkSimpleNavigateToMoniker
HlinkSimpleNavigateToString
IECompatLogCSSFix
IEGetUserPrivateNamespaceName
IEInstallScope
IntlPercentEncodeNormalize
IsAsyncMoniker
IsDWORDProperty
IsIntranetAvailable
IsJITInProgress
IsLoggingEnabledA
IsLoggingEnabledW
IsStringProperty
IsValidURL
MkParseDisplayNameEx
ObtainUserAgentString
PrivateCoInstall
QueryAssociations
QueryClsidAssociation
RegisterBindStatusCallback
RegisterFormatEnumerator
RegisterMediaTypeClass
RegisterMediaTypes
RegisterWebPlatformPermanentSecurityManager
ReleaseBindInfo
RestrictHTTP2
RevokeBindStatusCallback
RevokeFormatEnumerator
SetAccessForIEAppContainer
SetSoftwareUpdateAdvertisementState
ShouldDisplayPunycodeForUri
ShouldShowIntranetWarningSecband
ShowTrustAlertDialog
URLDownloadA
URLDownloadToCacheFileA
URLDownloadToCacheFileW
URLDownloadToFileA
URLDownloadToFileW
URLDownloadW
URLOpenBlockingStreamA
URLOpenBlockingStreamW
URLOpenPullStreamA
URLOpenPullStreamW
URLOpenStreamA
URLOpenStreamW
UnregisterWebPlatformPermanentSecurityManager
UrlMkBuildVersion
UrlMkGetSessionOption
UrlMkSetSessionOption
UrlmonCleanupCurrentThread
WriteHitLogging
ZonesReInit

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.isoapis
Size: 4KB - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 328KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76a80dc21358074e38f7b9f8cb4118ff

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

iertutil

api-ms-win-core-synch-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-shlwapi-obsolete-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-stringansi-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-path-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-file-l1-2-2

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-version-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-registryuserspecific-l1-1-0

api-ms-win-core-atoms-l1-1-0

api-ms-win-core-url-l1-1-0

api-ms-win-core-privateprofile-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-http-time-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-errorhandling-l1-1-2

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-file-l2-1-0

ntdll

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-synch-l1-2-1

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-commandlinetoargv-l1-1-0

api-ms-win-stateseparation-helpers-l1-1-0

api-ms-win-core-sidebyside-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-io-l1-1-0

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

fothk Size: 4KB - Virtual size: 4KB

.rdata Size: 228KB - Virtual size: 226KB

.data Size: 8KB - Virtual size: 49KB

.pdata Size: 52KB - Virtual size: 49KB

.text
Size: 1.2MB - Virtual size: 1.2MB

fothk
Size: 4KB - Virtual size: 4KB

.rdata
Size: 228KB - Virtual size: 226KB

.data
Size: 8KB - Virtual size: 49KB

.pdata
Size: 52KB - Virtual size: 49KB

.didat
Size: 4KB - Virtual size: 2KB

.isoapis
Size: 4KB - Virtual size: 352B

.rsrc
Size: 328KB - Virtual size: 324KB

.reloc
Size: 12KB - Virtual size: 9KB