08f325d598313ea2e680c00e70f2339f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

08f325d598313ea2e680c00e70f2339f_JaffaCakes118
Size

531KB
MD5

08f325d598313ea2e680c00e70f2339f
SHA1

b6fc41d920f82081f2a4a2608eae292e7b10bcc3
SHA256

c9e85201d73b0a41b8738e1f79bbcc40e94a38a101b529a897f0a7d1b79749ad
SHA512

4d0aeeb7cc4bfb9378811d4f5a8b4a0f21f01fa40fb11ab4cb229632bc8405241cad077fd9b7949c2ed78810bb50b28892bf52f2b889535140602f3f95d5f53e
SSDEEP

12288:IJmXTOIFQvNu9MLP0mwBk9i+7yYCJCrqkVb13J/jPJCq/qt:SaTOIFQvNaMLP0mnP7a76FJ/NA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/update.exe	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
static1/unpack002/out.upx	autoit_exe

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Garena 2.4.exe
unpack001/update.exe
unpack002/out.upx
unpack001/war3-2401.exe

Files

08f325d598313ea2e680c00e70f2339f_JaffaCakes118
.rar
Garena 2.4.exe
.exe windows:4 windows x86 arch:x86

973c360562dcfd29bc2bff01dfaf0a17

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaVarMove
__vbaFreeVar
__vbaStrVarMove
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
__vbaStrCat
__vbaWriteFile
__vbaLsetFixstr
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaExitProc
__vbaFileCloseAll
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord520
_CIsin
ord632
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
__vbaR4Str
__vbaI2I4
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
__vbaInputFile
__vbaPrintFile
_adj_fprem
_adj_fdivr_m64
ord608
__vbaFPException
__vbaVarCat
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaI4Var
__vbaStrToAnsi
ord613
__vbaFpI4
_CIatan
__vbaStrMove
__vbaUI1Str
_allmul
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Garena/0.bmp
Garena/skin.dat
check.ini
garena.ini
update.exe
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 368KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 217KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 399KB - Virtual size: 398KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
war3-2401.exe
.exe windows:4 windows x86 arch:x86

01617d329b6552765264fd0f2a7a35ff

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
SetCurrentDirectoryA
GetModuleFileNameA
GetStartupInfoA
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
GetLogicalDriveStringsA
GetDriveTypeA
GetACP
LocalFree
FormatMessageA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
GetTickCount
GetCurrentThreadId
GetSystemInfo
CreateEventA
CloseHandle
ResetEvent
WaitForSingleObject
SetEvent
DuplicateHandle
GetCurrentProcess
WaitForMultipleObjects
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
OpenMutexA
ReleaseMutex
WideCharToMultiByte
GetLastError
MultiByteToWideChar
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
HeapUnlock
HeapLock
HeapWalk
GetProcessHeaps
QueryPerformanceFrequency
Sleep
QueryPerformanceCounter
SetThreadPriority
GetThreadPriority
GetCurrentThread
SystemTimeToFileTime
GetSystemTime
CompareFileTime
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetTimeFormatA
GetDateFormatA
WriteFile
CreateFileA
DeleteFileA
CreateProcessA
GetUserDefaultLangID
GetTimeZoneInformation
GetUserDefaultLCID
GetSystemDefaultLangID
GetLocaleInfoA
GetCommandLineA
GetWindowsDirectoryA
ResumeThread
SuspendThread
GetVersionExA
GetComputerNameA
GlobalMemoryStatus
GlobalUnlock
GlobalLock
GlobalSize
GlobalFree
GlobalAlloc
ReadFile
FlushFileBuffers
SetFilePointer
GetFileSize
GetFileTime
SetFileTime
SetEndOfFile
GetFileAttributesA
SetFileAttributesA
MoveFileA
CopyFileA
CreateDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetDiskFreeSpaceA
CreateIoCompletionPort
GetQueuedCompletionStatus
InterlockedDecrement
InterlockedIncrement
TerminateThread
PostQueuedCompletionStatus
InterlockedCompareExchange
FreeLibrary

user32

SetClipboardData
EmptyClipboard
DispatchMessageA
TranslateMessage
SetCursorPos
ClientToScreen
ScreenToClient
GetClientRect
MessageBoxA
GetDesktopWindow
SetForegroundWindow
GetDCEx
BeginPaint
EndPaint
DefWindowProcA
UpdateWindow
GetKeyState
MessageBeep
SystemParametersInfoA
WindowFromPoint
SetWindowPlacement
GetWindowPlacement
GetForegroundWindow
SetActiveWindow
LoadImageA
SetClassLongA
DestroyIcon
ShowCursor
DrawFocusRect
SetScrollPos
FillRect
DrawTextA
ReleaseCapture
SetCapture
LoadCursorA
SetCursor
GetScrollInfo
SetScrollInfo
OpenClipboard
GetClipboardData
CloseClipboard
GetSysColor
GetSysColorBrush
GetClassLongA
CallWindowProcA
SetWindowLongA
GetDC
ReleaseDC
GetWindowTextLengthA
GetWindowTextA
TrackPopupMenu
SetWindowTextA
GetWindowInfo
PostMessageA
GetActiveWindow
DestroyWindow
SendMessageA
TranslateAcceleratorA
GetPropA
CreateMenu
CreatePopupMenu
DestroyMenu
DeleteMenu
GetMenuItemCount
InsertMenuItemA
SetMenuItemInfoA
GetMenuItemInfoA
SetMenu
DestroyAcceleratorTable
CreateAcceleratorTableA
DrawMenuBar
CreateDialogIndirectParamA
SetPropA
GetMenu
SetTimer
KillTimer
RemovePropA
EnableWindow
IsWindowEnabled
GetWindowLongA
GetParent
CreateWindowExA
SetParent
GetFocus
IsDialogMessageA
GetMessageA
PeekMessageA
GetWindowRect
GetCursorPos
GetWindow
SetFocus
ShowWindow
IsWindowVisible
InvalidateRect
SetWindowPos
RegisterClassA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

comctl32

ImageList_Destroy
ImageList_Replace
ImageList_Add
ImageList_Create
ImageList_GetImageCount
ImageList_DragEnter
ImageList_BeginDrag
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DragLeave
ImageList_EndDrag
_TrackMouseEvent
InitCommonControlsEx

winmm

timeGetTime

storm

ord506
ord465
ord503
ord268
ord569
ord252
ord578
ord508
ord405
ord570
ord421
ord253
ord265
ord269
ord251
ord266
ord294
ord509
ord571
ord302
ord572
ord507
ord541
ord545
ord548
ord581
ord544
ord575
ord267
ord271
ord542
ord590
ord288
ord280
ord552
ord595
ord551
ord472
ord463
ord279
ord401
ord403
ord474
ord479
ord476
ord504
ord399
ord543
ord501
ord563

msvcrt

qsort
atof
strtoul
atoi
_vsnprintf
_CIpow
memmove
_purecall
strrchr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_beginthreadex
_ftol
ctime
time
fclose
fprintf
setvbuf
fopen
_control87
_clearfp
??1type_info@@UAE@XZ

advapi32

RegCreateKeyExA
GetUserNameA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

gdi32

MoveToEx
CreatePen
GetBkColor
CreateRectRgnIndirect
GetStockObject
GetTextExtentPoint32A
SelectObject
DeleteObject
CreateDIBitmap
SetBkColor
SetTextColor
LineTo
SetBkMode
CreateSolidBrush
CombineRgn
FillRgn

shell32

DragAcceptFiles
FindExecutableA
ShellExecuteA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
DragQueryFileA

mss32

_AIL_stream_user_data@8
_AIL_start_sequence@4
_AIL_resume_sequence@4
_AIL_set_sequence_loop_count@8
_AIL_sequence_user_data@8
_AIL_set_3D_velocity@20
_AIL_set_3D_sample_preference@12
_AIL_3D_sample_attribute@12
_AIL_set_3D_sample_distances@12
_AIL_set_3D_sample_cone@16
_AIL_set_3D_sample_effects_level@8
_AIL_set_sample_pan@8
_AIL_set_stream_pan@8
_AIL_stream_status@4
_AIL_sample_position@4
_AIL_3D_sample_offset@4
_AIL_stream_position@4
_AIL_stream_ms_position@12
_AIL_3D_sample_length@4
_AIL_set_sample_ms_position@8
_AIL_set_stream_ms_position@8
_AIL_set_3D_sample_obstruction@8
_AIL_set_3D_sample_occlusion@8
_AIL_close_stream@4
_AIL_DLS_compact@4
_AIL_DLS_load_memory@12
_AIL_release_sequence_handle@4
_AIL_release_sample_handle@4
_AIL_release_3D_sample_handle@4
_AIL_find_DLS@24
_AIL_extract_DLS@28
_AIL_decompress_ADPCM@12
_AIL_decompress_ASI@24
_AIL_set_stream_user_data@12
_AIL_register_stream_callback@8
_AIL_sample_user_data@8
_AIL_set_sample_loop_count@8
_AIL_sample_playback_rate@4
_AIL_set_3D_user_data@12
_AIL_set_sample_playback_rate@8
_AIL_register_3D_EOS_callback@8
_AIL_start_sample@4
_AIL_3D_user_data@8
_AIL_set_3D_sample_info@8
_AIL_set_3D_sample_loop_count@8
_AIL_3D_sample_playback_rate@4
_AIL_set_3D_sample_playback_rate@8
_AIL_resume_3D_sample@4
_AIL_open_stream@12
_AIL_set_sample_volume@8
_AIL_stop_sample@4
_AIL_set_stream_loop_count@8
_AIL_stop_3D_sample@4
_AIL_set_stream_volume@8
_AIL_pause_stream@8
_AIL_set_sequence_volume@12
_AIL_stop_sequence@4
_AIL_allocate_sequence_handle@4
_AIL_allocate_sample_handle@4
_AIL_end_3D_sample@4
_AIL_set_sequence_user_data@12
_AIL_register_sequence_callback@8
_AIL_allocate_3D_sample_handle@4
_AIL_set_sample_user_data@12
_AIL_end_sequence@4
_AIL_sequence_status@4
_AIL_sample_status@4
_AIL_3D_sample_status@4
_AIL_digital_CPU_percent@4
_AIL_set_3D_speaker_type@8
_AIL_set_3D_provider_preference@12
_AIL_set_3D_room_type@8
_AIL_set_3D_orientation@28
_AIL_set_3D_position@16
_AIL_set_XMIDI_master_volume@8
_AIL_shutdown@0
_AIL_close_3D_provider@4
_AIL_close_3D_listener@4
_AIL_open_3D_provider@4
_AIL_open_3D_listener@4
_AIL_set_3D_distance_factor@8
_AIL_enumerate_3D_providers@12
_AIL_close_XMIDI_driver@4
_AIL_open_XMIDI_driver@4
_AIL_last_error@0
_AIL_DLS_close@8
_AIL_DLS_open@28
_AIL_mem_use_malloc@4
_AIL_mem_use_free@4
_AIL_set_redist_directory@4
_AIL_startup@0
_AIL_close_digital_driver@4
_AIL_open_digital_driver@16
_AIL_set_file_callbacks@16
_AIL_file_type@8
_AIL_MIDI_to_XMI@20
_AIL_init_sequence@12
_AIL_sequence_ms_position@12
_AIL_mem_free_lock@4
_AIL_init_sample@4
_AIL_set_named_sample_file@20
_AIL_WAV_info@8
_AIL_sample_ms_position@12
_AIL_register_EOS_callback@8
_AIL_end_sample@4
_AIL_stream_playback_rate@4
_AIL_set_3D_sample_volume@8
_AIL_DLS_unload@8
_AIL_set_stream_playback_rate@8
_AIL_resume_sample@4

wsock32

listen
gethostname
ntohl
inet_addr
ntohs
ioctlsocket
recv
send
recvfrom
sendto
gethostbyname
connect
WSACleanup
WSAStartup
inet_ntoa
bind
getpeername
htons
accept
getsockname
setsockopt
socket
WSAGetLastError
closesocket
select

imm32

ImmAssociateContextEx
ImmAssociateContext

wininet

InternetCanonicalizeUrlA

Exports

Exports

A1
A2
A3
A4
A5
A6
AA
AB
AG
AL
AM
AN
AQ
AU
Ac
Aj
Ak
Al
Am
Ao
Ap
Aq
Ar
As
At
Au
Av
Aw
Ax
Ay
Az
B0
B1
B2
B3
B4
B5
B6
B7
B9
BA
BB
BC
BD
BE
BF
BG
BH
BI
BJ
BK
BL
BM
BN
BO
BP
BQ
BR
BS
BT
BU
BV
BW
BX
BY
BZ
Ba
Bb
Bc
Bd
Be
Bf
Bg
Bh
Bi
Bj
Bk
Bl
Bm
Bn
Bo
Bp
Bq
Br
Bs
Bt
Bu
Bv
Bw
Bx
By
Bz
C0
C1
C4
C5
C6
C7
C8
C9
CA
CB
CC
CD
CE
CF
CG
CH
CI
CJ
CK
CL
CM
CN
CO
CP
CQ
CR
CS
CT
CU
CV
CW
CX
CY
CZ
Cc
Cd
Ce
Cf
Cg
Ch
Ci
Cj
Ck
Cl
Cm
Cn
Co
Cp
Cq
Cr
Cs
Ct
Cu
Cv
Cw
Cx
Cy
Cz
D0
D1
D2
D3
D4
D5
D6
D7
D8
D9
DA
DB
DC
DD
DE
DF
DG
DH
DI
DJ
DK
DL
DM
DN
DO
DP
DQ
DR
DS
DT
DU
DV
DW
DX
DY
DZ
Da
Db
Dc
Dd
De
Df
Dg
Dh
Di
Dj
Dk
Dl
Dm
Dn
Do
Dq
Dr
Ds
Dt
Du
Dv
Dw
Dx
Dy
Dz
E0
E1
E2
E3
E4
E5
E6
E7
E8
E9
EA
EB
EC
ED
EE
EF
EG
EH
EI
EJ
EK
EL
EM
EN
EO
EP
EQ
ER
ES
ET
EU
EV
EW
EX
EY
EZ
Ea
Eb
Ec
Ed
Ef
Eg
Eh
Ei
Ej
Ek
El
Em
Eo
Ep
Eq
Er
Et
Eu
Ev
Ew
Ex
Ey
Ez
F0
F1
F2
F3
F4
F5
F6
F7
F8
F9
FA
FB
FC
FD
FE
FF
FG
FH
FI
FJ
FK
FL
FM
FN
FO
FP
FQ
FR
FS
FT
FU
FV
FW
FX
FY
FZ
Fa
Fb
Fc
Fd
Fe
Ff
Fg
Fh
Fi
Fj
Fk
Fl
Fm
Fn
Fo
Fp
Fq
Fr
Fs
Ft
Fu
Fv
Fw
Fx
Fy
Fz
G0
G1
G2
G3
G4
G5
G6
G7
G8
G9
GA
GB
GC
GD
GE
GF
GG
GH
GI
GJ
GK
GL
GM
GN
GO
GP
GQ
GR
GS
GT
GU
GV
GW
GX
GY
GZ
Ga
Gb
Gc
Gd
Ge
Gf
Gg
Gh
Gi
Gj
Gk
Gl
Gm
Gn
Go
Gp
Gq
Gr
Gs
Gt
Gu
Gv
Gw
Gx
Gy
Gz
H0
H1
H2
H3
H4
H5
H6
H7
H8
H9
HA
HB
HC
HD
HE
HF
HG
HH
HI
HJ
HK
HL
HM
HN
HO
HP
HQ
HR
HS
HT
HU
HV
HW
HX
HY
HZ
Ha
Hb
Hc
Hd
He
Hf
Hg
Hh
Hi
Hj
Hk
Hl
Hm
Hn
Ho
Hp
Hq
Hr
Hs
Ht
Hu
Hv
Hw
Hx
Hy
Hz
I0
I1
I2
I3
I4
I5
I6
I7
I8
I9
IA
IB
IC
ID
IE
IF
IG
IH
II
IJ
IK
IL
IM
IN
IO
IP
IQ
IR
IT
IW
IX
IY
IZ
Ia
Ib
Ic
Id
Ie
If
Ig
Ih
Ii
Ij
Ik

Sections

.text
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

973c360562dcfd29bc2bff01dfaf0a17

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 196KB - Virtual size: 193KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 368KB

UPX1 Size: 217KB - Virtual size: 220KB

.rsrc Size: 8KB - Virtual size: 8KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 399KB - Virtual size: 398KB

.rdata Size: 56KB - Virtual size: 56KB

.data Size: 11KB - Virtual size: 99KB

.rsrc Size: 16KB - Virtual size: 16KB

01617d329b6552765264fd0f2a7a35ff

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

comctl32

winmm

storm

msvcrt

advapi32

gdi32

shell32

mss32

wsock32

imm32

wininet

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 292KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 20KB - Virtual size: 60KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 196KB - Virtual size: 193KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB

UPX0
Size: - Virtual size: 368KB

UPX1
Size: 217KB - Virtual size: 220KB

.rsrc
Size: 8KB - Virtual size: 8KB

.text
Size: 399KB - Virtual size: 398KB

.rdata
Size: 56KB - Virtual size: 56KB

.data
Size: 11KB - Virtual size: 99KB

.rsrc
Size: 16KB - Virtual size: 16KB

.text
Size: 296KB - Virtual size: 292KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 20KB - Virtual size: 60KB

.rsrc
Size: 48KB - Virtual size: 45KB