C:\bamboo-agent\xml-data\build-dir\IPDP-DEF66-BUILDWIN64\!output\!bin\Release\Ipint.YCamBulletHD.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
5edf230fae325f08d83ea12a70db690f8f5117c27ed98f5edfd2fdec4c152db4_NeikiAnalytics.dll
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
5edf230fae325f08d83ea12a70db690f8f5117c27ed98f5edfd2fdec4c152db4_NeikiAnalytics.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
5edf230fae325f08d83ea12a70db690f8f5117c27ed98f5edfd2fdec4c152db4_NeikiAnalytics.exe
-
Size
469KB
-
MD5
1d2ee04bb98addb0e592be03416b4040
-
SHA1
4447331269d13d7e744e471ba8099c3a25da2107
-
SHA256
5edf230fae325f08d83ea12a70db690f8f5117c27ed98f5edfd2fdec4c152db4
-
SHA512
20a75ad7a7ff520f982e72c817e2b49e6a68207afe7441f7b149e68a318d2fe74ab915545bdfcc16dfce7325c8373c8d12a8d2b4790d492227e3379acbf0beeb
-
SSDEEP
6144:f200MQK/SFI3M95/oDWoEqdYVV2i+U6gYNby5reQIW:f1+KaFCMT/osnpN6gA
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5edf230fae325f08d83ea12a70db690f8f5117c27ed98f5edfd2fdec4c152db4_NeikiAnalytics.exe
Files
-
5edf230fae325f08d83ea12a70db690f8f5117c27ed98f5edfd2fdec4c152db4_NeikiAnalytics.exe.dll windows:6 windows x64 arch:x64
0cd0fa57d196c1c894f3b8e54c90ac84
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
Imports
iputil
?win_tss_ptr_create@detail@asio@boost@@YAKXZ
?asio_handler_allocate@asio@boost@@YAPEAX_KZZ
?asio_handler_deallocate@asio@boost@@YAXPEAX_KZZ
ord1113
ord1114
?startup@winsock_init_base@detail@asio@boost@@KAXAEAUdata@1234@EE@Z
?cleanup@winsock_init_base@detail@asio@boost@@KAXAEAUdata@1234@@Z
?throw_on_error@winsock_init_base@detail@asio@boost@@KAXAEAUdata@1234@@Z
?post_deferred_completion@win_iocp_io_context@detail@asio@boost@@QEAAXPEAVwin_iocp_operation@234@@Z
?get_misc_category@error@asio@boost@@YAAEBVerror_category@system@3@XZ
ord1042
ord1034
ord1056
?get@GlobalService@Utility@ITV8@@SAAEAVio_context@asio@boost@@XZ
?wrapAsyncActionHandler@Utility@ITV8@@YAPEAUIAsyncActionHandler@2@PEAU32@PEAUILogger@2@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?popParameters@ParametersContainer@Utility@ITV8@@QEAA?AV?$shared_ptr@U?$pair@V?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vany@boost@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vany@boost@@@std@@@2@@std@@PEAUIAsyncActionHandler@ITV8@@@std@@@boost@@XZ
?updateParams@ParametersContainer@Utility@ITV8@@QEAA_NAEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vany@boost@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vany@boost@@@std@@@2@@std@@@Z
?ApplySettings@SimpleAdjuster@Utility@ITV8@@UEAAXPEAUIAsyncActionHandler@3@@Z
??0SimpleAdjuster@Utility@ITV8@@QEAA@XZ
??1SimpleAdjuster@Utility@ITV8@@UEAA@XZ
?audioSourceInitializeParams@Utility@ITV8@@YAXAEAVParametersContainer@12@IPEBUDeviceInfo@GDRV@2@PEBUDriverInfo@52@PEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vany@boost@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vany@boost@@@std@@@2@@std@@@Z
??0ConnectsStatistic@Utility@ITV8@@QEAA@V?$function@$$A6AXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z@boost@@@Z
??1ConnectsStatistic@Utility@ITV8@@QEAA@XZ
??0StatisticReporter@Utility@ITV8@@QEAA@PEAUILogger@2@PEAUIAsyncDeviceChannelHandler@GDRV@2@PEAUIContract@2@AEAVio_context@asio@boost@@@Z
??1StatisticReporter@Utility@ITV8@@UEAA@XZ
?updateStatistic@StatisticReporter@Utility@ITV8@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
ord1022
ord1023
?setAudioSinkParams@RTSPClient@Utility@ITV8@@QEAAXAEBV?$optional@UAudioSinkParams@Utility@ITV8@@@boost@@@Z
?setDefaultRtspPort@Utility@ITV8@@YA?AV?$shared_ptr@UConnectionInfo@asio@ITV8@@@boost@@V34@@Z
?initializeRTSPClientFromParams@Utility@ITV8@@YAXAEAVRTSPClient@12@AEBVParametersContainer@12@@Z
?regReceiver@RTSPStream@Utility@ITV8@@QEAAXPEAVRTSPReceiver@23@@Z
?unregReceiver@RTSPStream@Utility@ITV8@@QEAAXPEAVRTSPReceiver@23@V?$function@$$A6AXXZ@boost@@@Z
?service@RTSPStream@Utility@ITV8@@QEAAAEAVio_context@asio@boost@@XZ
?getStream@RTSPSource@Utility@ITV8@@QEAAAEAVRTSPStream@23@I@Z
?getConnectionInfo@AsyncConnectionPolicyBase@Utility@ITV8@@QEBA?AV?$shared_ptr@UConnectionInfo@asio@ITV8@@@boost@@XZ
?SetValue@SimpleAdjuster@Utility@ITV8@@UEAAJPEBD0@Z
?SetValue@SimpleAdjuster@Utility@ITV8@@UEAAJPEBDH@Z
?SetValue@SimpleAdjuster@Utility@ITV8@@UEAAJPEBDN@Z
?SetValue@SimpleAdjuster@Utility@ITV8@@UEAAJPEBD_N@Z
?parseConnectionInfo@asio@ITV8@@YA?AV?$shared_ptr@UConnectionInfo@asio@ITV8@@@boost@@PEBD@Z
??0HttpSession@http@ITV8@@QEAA@V?$shared_ptr@UConnectionInfo@asio@ITV8@@@boost@@@Z
?get@HttpSession@http@ITV8@@QEAA?AV?$shared_ptr@VHttpResponse@http@ITV8@@@boost@@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAV?$vector@DV?$allocator@D@std@@@7@@Z
??1HttpSession@http@ITV8@@QEAA@XZ
??0AutodetectException@Utility@ITV8@@QEAA@JAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0Autodetect@Utility@ITV8@@QEAA@PEAUIAutodetectHandler@GDRV@2@AEBUDriverInfo@42@PEAUILogger@2@@Z
??1Autodetect@Utility@ITV8@@UEAA@XZ
??0AutodetectException@Utility@ITV8@@QEAA@AEBV012@@Z
??1AutodetectException@Utility@ITV8@@UEAA@XZ
?Destroy@?$CommonAutodetect@VIpDeviceSearchResult@MMD@ITV8@@@Utility@ITV8@@UEAAXXZ
?QueryConstContract@?$CommonAutodetect@VIpDeviceSearchResult@MMD@ITV8@@@Utility@ITV8@@UEBAPEBXPEBD@Z
?QueryContract@?$CommonAutodetect@VIpDeviceSearchResult@MMD@ITV8@@@Utility@ITV8@@UEAAPEAXPEBD@Z
?Start@?$CommonAutodetect@VIpDeviceSearchResult@MMD@ITV8@@@Utility@ITV8@@UEAAXPEBD0@Z
?Stop@?$CommonAutodetect@VIpDeviceSearchResult@MMD@ITV8@@@Utility@ITV8@@UEAAXXZ
??0RTSPSource@Utility@ITV8@@QEAA@IPEAUILogger@2@@Z
??1RTSPSource@Utility@ITV8@@QEAA@XZ
?changePort@asio@ITV8@@YA?AV?$shared_ptr@UConnectionInfo@asio@ITV8@@@boost@@V34@G@Z
?DEFAULT_RTSP_PORT@http@ITV8@@3IB
?initFileLogger@LoggerDetail@ITV8@@YAPEAUILogger@2@XZ
?addressStringToDisplay@asio@ITV8@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV34@@Z
?instance@GlobalService@Utility@ITV8@@SA?AV?$shared_ptr@VGlobalService@Utility@ITV8@@@boost@@XZ
?connect@AsyncConnectionPolicyBase@Utility@ITV8@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?disconnect@AsyncConnectionPolicyBase@Utility@ITV8@@QEAAXXZ
??0ConnectionPolicyDefault@Utility@ITV8@@QEAA@PEAUIDeviceHandler@GDRV@2@PEAUILogger@2@@Z
??1ConnectionPolicyDefault@Utility@ITV8@@UEAA@XZ
ord1011
ord1013
ord1010
?QueryConstContract@AsyncConnectionPolicyBase@Utility@ITV8@@UEBAPEBXPEBD@Z
?QueryContract@AsyncConnectionPolicyBase@Utility@ITV8@@UEAAPEAXPEBD@Z
?cancel@ConnectionPolicyDefault@Utility@ITV8@@MEAAXXZ
?handleConnected@ConnectionPolicyDefault@Utility@ITV8@@MEAAXAEBVerror_code@system@boost@@@Z
?requestDeviceEquipmentStatus@ConnectionPolicyDefault@Utility@ITV8@@MEAAXXZ
?tryConnect@ConnectionPolicyDefault@Utility@ITV8@@MEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?translateSystemError@Utility@ITV8@@YAJAEBVerror_code@system@boost@@@Z
?setPersistentParam@ParametersContainer@Utility@ITV8@@QEAAXPEBDAEBVany@boost@@@Z
?getPersistentParam@ParametersContainer@Utility@ITV8@@QEBA?AVany@boost@@PEBD@Z
?params@SimpleAdjuster@Utility@ITV8@@QEAAAEAVParametersContainer@23@XZ
?videoSourceInitializeParams@Utility@ITV8@@YAXAEAVParametersContainer@12@IIPEBUDeviceInfo@GDRV@2@PEBUDriverInfo@52@PEAV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vany@boost@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vany@boost@@@std@@@2@@std@@@Z
?onConnectionStart@ConnectsStatistic@Utility@ITV8@@QEAAXXZ
?setVideoSinkParams@RTSPClient@Utility@ITV8@@QEAAXAEBV?$optional@UVideoSinkParams@Utility@ITV8@@@boost@@V?$function@$$A6AXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z@5@@Z
?logger@RTSPClient@Utility@ITV8@@QEBAPEAUILogger@3@XZ
?parametersRequireRTSPClientReconnect@Utility@ITV8@@YA_NAEBV?$map@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vany@boost@@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Vany@boost@@@std@@@2@@std@@@Z
?restart@RTSPStream@Utility@ITV8@@QEAAXAEBVtime_duration@posix_time@boost@@@Z
?asyncGetEx@http@ITV8@@YA?AV?$shared_ptr@UICancellation@http@ITV8@@@boost@@V?$shared_ptr@UConnectionInfo@asio@ITV8@@@4@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEAVio_context@asio@4@V?$function@$$A6AXAEBVerror_code@system@boost@@AEBV?$vector@DV?$allocator@D@std@@@std@@AEBVHttpResponse@http@ITV8@@@Z@4@PEAV?$shared_ptr@V?$AsyncComplexOperation@UAsyncRequestSteps@http@ITV8@@UAsyncGetExContext@detail@23@UAsyncRequestCodesMap@23@@http@ITV8@@@4@@Z
?getCodecValue@Utility@ITV8@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVParametersContainer@12@PEBUDriverInfo@GDRV@2@AEBV34@@Z
?getCodecName@Utility@ITV8@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVParametersContainer@12@PEBUDriverInfo@GDRV@2@AEBV34@@Z
kernel32
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
SetEvent
WaitForSingleObjectEx
CreateEventA
TlsFree
ResetEvent
OpenEventA
GetCurrentProcessId
GetCurrentThreadId
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetSystemTimeAsFileTime
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
GetProcAddress
GetModuleHandleW
CreateEventW
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
msvcp140
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?imbue@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEBX@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?id@?$ctype@D@std@@2V0locale@2@A
?is@?$ctype@D@std@@QEBAPEBDPEBD0PEAF@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?toupper@?$ctype@D@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Locinfo@std@@QEAA@XZ
?_Getfalse@_Locinfo@std@@QEBAPEBDXZ
?_Gettrue@_Locinfo@std@@QEBAPEBDXZ
??0facet@locale@std@@IEAA@_K@Z
??1facet@locale@std@@MEAA@XZ
?classic@locale@std@@SAAEBV12@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$numpunct@D@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?tellp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Execute_once@std@@YAHAEAUonce_flag@1@P6AHPEAX1PEAPEAX@Z1@Z
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Mbrtowc
?_Getcvt@_Locinfo@std@@QEBA?AU_Cvtvec@@XZ
?_W_Getdays@_Locinfo@std@@QEBAPEBGXZ
?_W_Getmonths@_Locinfo@std@@QEBAPEBGXZ
??Bid@locale@std@@QEAA_KXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?widen@?$ctype@D@std@@QEBADD@Z
?narrow@?$ctype@D@std@@QEBADDD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Syserror_map@std@@YAPEBDH@Z
?exceptions@ios_base@std@@QEAAXH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
vcruntime140
__std_terminate
__std_exception_destroy
__std_type_info_compare
__std_type_info_name
_CxxThrowException
__CxxFrameHandler3
__RTDynamicCast
memchr
memcpy
memmove
memset
__C_specific_handler
memcmp
__std_type_info_destroy_list
_purecall
__std_exception_copy
api-ms-win-crt-runtime-l1-1-0
_crt_at_quick_exit
_crt_atexit
_cexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
terminate
abort
_initterm
_execute_onexit_table
_initterm_e
_resetstkoflw
api-ms-win-crt-heap-l1-1-0
malloc
_callnewh
calloc
free
api-ms-win-crt-locale-l1-1-0
localeconv
Exports
Exports
finiModule
getModule
initModule
Sections
.text Size: 286KB - Virtual size: 285KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 139KB - Virtual size: 138KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ