D:\Develope\20190315_AMPV_1.0.27.0_WebAgreement_1.0.22.0_ChangeServer_removeExtraCollection\Release\MIFAgent.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-06-25_56dde1a218159a7f1e1571fab74e3403_bkransomware.exe
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-06-25_56dde1a218159a7f1e1571fab74e3403_bkransomware.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
2024-06-25_56dde1a218159a7f1e1571fab74e3403_bkransomware
-
Size
1.2MB
-
MD5
56dde1a218159a7f1e1571fab74e3403
-
SHA1
54835b56c62ef47d4dd9e6fc40aa62caadbe4685
-
SHA256
11987f20cf789aaa37141a8e5107d38539f57a49edb8e57d25b892dfd3836c68
-
SHA512
8747bf6b3daa70260c74cf7d78c6c33f78ef95d3dd8eb6f4cf90bf77f472377d694cafa6b9f1f6102adfed6804bc045466ea457af6d8da2e0dbe26fd3bb7aab9
-
SSDEEP
24576:+yAbxfqlOFoLCL1pFcf0B0vH5ONUeA9n/TM4NZYeNm+9MhUwd:yGiaf0B0vH5oA9n/TDbXNKd
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 2024-06-25_56dde1a218159a7f1e1571fab74e3403_bkransomware
Files
-
2024-06-25_56dde1a218159a7f1e1571fab74e3403_bkransomware.exe windows:5 windows x86 arch:x86
4ddcd0864fc19a8bdb488cc0aa87492e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
version
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
kernel32
CreateMutexA
OutputDebugStringA
ReleaseMutex
OpenFileMappingA
CreateThread
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
MultiByteToWideChar
GetFileAttributesW
LoadLibraryW
OutputDebugStringW
LocalAlloc
SetFileAttributesW
LocalFree
CreateFileW
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
GetFileSize
DeleteFileW
MoveFileW
InitializeCriticalSectionAndSpinCount
GetLocalTime
GetTickCount
GetCurrentThreadId
GlobalFree
SetLastError
GlobalAlloc
IsDBCSLeadByte
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateEventW
ReadFile
GetOverlappedResult
CancelIo
ResetEvent
WaitForMultipleObjects
DeviceIoControl
GetModuleHandleW
GetCurrentProcess
GetModuleFileNameW
GetUserGeoID
GetGeoInfoW
LoadLibraryExW
DeleteCriticalSection
CreateDirectoryW
GetTimeZoneInformation
InterlockedIncrement
CreateProcessA
FindFirstFileW
GetPrivateProfileStringW
FindClose
DecodePointer
RaiseException
GetCommandLineW
FlushInstructionCache
MulDiv
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
ExitProcess
GetModuleHandleExW
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetFileType
RtlUnwind
EncodePointer
GetConsoleMode
SetFilePointerEx
lstrcmpiW
GetLastError
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
CreateEventA
Sleep
WriteFile
SetEvent
WaitForSingleObject
VirtualAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
SetEnvironmentVariableA
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnmapViewOfFile
GetCurrentProcessId
QueryPerformanceCounter
EnumSystemLocalesW
MapViewOfFile
LoadLibraryA
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
FreeLibrary
CloseHandle
GetVersionExW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
InterlockedDecrement
VirtualFree
user32
UnregisterClassW
SetWindowLongW
EndDialog
SetFocus
SetDlgItemTextW
CreateWindowExW
MessageBeep
CharNextW
ShowWindow
IsWindowVisible
RedrawWindow
InvalidateRect
EnableWindow
DialogBoxParamW
GetActiveWindow
DestroyWindow
DefWindowProcW
GetWindowTextLengthW
GetWindowTextW
GetDlgItem
SetWindowTextW
SendMessageW
GetSystemMetrics
LoadImageW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
MessageBoxW
IsWindow
SetCursor
LoadCursorW
winspool.drv
EndPagePrinter
ord203
EnumPrintersW
StartDocPrinterW
StartPagePrinter
WritePrinter
EndDocPrinter
EnumPrinterDriversW
EnumJobsW
EnumPortsW
XcvDataW
GetPrinterW
ClosePrinter
OpenPrinterW
advapi32
GetSecurityDescriptorDacl
RegSetValueExW
RegCreateKeyExW
RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
FreeSid
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
SetNamedSecurityInfoW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
GetFileSecurityW
shell32
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW
ole32
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance
oleaut32
VarUI4FromStr
shlwapi
PathAppendW
PathCombineW
comctl32
InitCommonControlsEx
setupapi
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
ws2_32
getservbyname
__WSAFDIsSet
WSASetLastError
closesocket
gethostbyaddr
gethostbyname
WSAStartup
WSACleanup
ntohl
socket
bind
getservbyport
setsockopt
ntohs
htons
WSAGetLastError
select
htonl
inet_addr
recvfrom
inet_ntoa
gethostname
ioctlsocket
connect
shutdown
send
sendto
wininet
InternetSetOptionW
InternetCloseHandle
InternetQueryOptionW
InternetCrackUrlA
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
HttpAddRequestHeadersA
Exports
Exports
??0Counter@@QAE@AAV0@@Z
??0Counter@@QAE@I@Z
??0Counter@@QAE@XZ
??0Gauge@@QAE@AAV0@@Z
??0Gauge@@QAE@I@Z
??0Gauge@@QAE@XZ
??0IPAddress@@QAE@AAV0@@Z
??0IPAddress@@QAE@PAD@Z
??0IPAddress@@QAE@XZ
??0IPXAddress@@QAE@AAV0@@Z
??0IPXAddress@@QAE@PAD0@Z
??0IPXAddress@@QAE@PAD@Z
??0IPXAddress@@QAE@XZ
??0IPv6Address@@QAE@ABV0@@Z
??0IPv6Address@@QAE@PAD@Z
??0IPv6Address@@QAE@XZ
??0Integer@@QAE@AAV0@@Z
??0Integer@@QAE@H@Z
??0Integer@@QAE@XZ
??0NetworkAddress@@QAE@ABV0@@Z
??0NetworkAddress@@QAE@XZ
??0Null@@QAE@AAV0@@Z
??0Null@@QAE@XZ
??0OID@@QAE@AAV0@@Z
??0OID@@QAE@PAD@Z
??0OID@@QAE@XZ
??0OctetString@@QAE@AAV0@@Z
??0OctetString@@QAE@PADI@Z
??0OctetString@@QAE@XZ
??0PhysAddress@@QAE@AAV0@@Z
??0PhysAddress@@QAE@PAD@Z
??0PhysAddress@@QAE@XZ
??0Printer@@QAE@AAV0@@Z
??0Printer@@QAE@AAVNetworkAddress@@@Z
??0Printer@@QAE@XZ
??0ReqRespPDU@@QAE@AAV0@@Z
??0ReqRespPDU@@QAE@PAVVarBind@@H@Z
??0ReqRespPDU@@QAE@XZ
??0SNMPDataType@@QAE@ABV0@@Z
??0SNMPDataType@@QAE@XZ
??0SNMPManager@@QAE@XZ
??0Target@@QAE@AAV0@@Z
??0Target@@QAE@AAVNetworkAddress@@@Z
??0Target@@QAE@AAVNetworkAddress@@PAD1@Z
??0Target@@QAE@XZ
??0TimeTicks@@QAE@AAV0@@Z
??0TimeTicks@@QAE@I@Z
??0TimeTicks@@QAE@XZ
??0TrapPDU@@QAE@AAV0@@Z
??0TrapPDU@@QAE@XZ
??0VarBind@@QAE@AAV0@@Z
??0VarBind@@QAE@AAVOID@@@Z
??0VarBind@@QAE@XZ
??1Counter@@UAE@XZ
??1Gauge@@UAE@XZ
??1IPAddress@@UAE@XZ
??1IPXAddress@@UAE@XZ
??1IPv6Address@@UAE@XZ
??1Integer@@UAE@XZ
??1NetworkAddress@@UAE@XZ
??1Null@@UAE@XZ
??1OID@@UAE@XZ
??1OctetString@@UAE@XZ
??1PhysAddress@@UAE@XZ
??1Printer@@UAE@XZ
??1ReqRespPDU@@QAE@XZ
??1SNMPDataType@@UAE@XZ
??1SNMPManager@@QAE@XZ
??1Target@@UAE@XZ
??1TimeTicks@@UAE@XZ
??1TrapPDU@@QAE@XZ
??1VarBind@@QAE@XZ
??4Counter@@QAEAAV0@AAV0@@Z
??4Gauge@@QAEAAV0@AAV0@@Z
??4IPAddress@@QAEAAV0@AAV0@@Z
??4IPXAddress@@QAEAAV0@AAV0@@Z
??4IPv6Address@@QAEAAV0@AAV0@@Z
??4Integer@@QAEAAV0@AAV0@@Z
??4NetworkAddress@@QAEAAV0@ABV0@@Z
??4Null@@QAEAAV0@AAV0@@Z
??4OID@@QAEAAV0@AAV0@@Z
??4OctetString@@QAEAAV0@AAV0@@Z
??4PhysAddress@@QAEAAV0@AAV0@@Z
??4Printer@@QAEAAV0@AAV0@@Z
??4ReqRespPDU@@QAEAAV0@AAV0@@Z
??4SNMPDataType@@QAEAAV0@ABV0@@Z
??4SNMPManager@@QAEAAV0@ABV0@@Z
??4Target@@QAEAAV0@AAV0@@Z
??4TimeTicks@@QAEAAV0@AAV0@@Z
??4TrapPDU@@QAEAAV0@AAV0@@Z
??4VarBind@@QAEAAV0@AAV0@@Z
??_7Counter@@6B@
??_7Gauge@@6B@
??_7IPAddress@@6B@
??_7IPXAddress@@6B@
??_7IPv6Address@@6B@
??_7Integer@@6B@
??_7NetworkAddress@@6B@
??_7Null@@6B@
??_7OID@@6B@
??_7OctetString@@6B@
??_7PhysAddress@@6B@
??_7Printer@@6B@
??_7SNMPDataType@@6B@
??_7Target@@6B@
??_7TimeTicks@@6B@
?AtoH@OctetString@@AAEXPAD0K@Z
?BtoH@OctetString@@AAEED@Z
?HtoA@OctetString@@AAEXPAD0H@Z
?HtoA@SNMPManager@@AAEXPAD0H@Z
?HtoB@OctetString@@AAEEE@Z
?HtoB@SNMPManager@@AAEEE@Z
?ResolveAddress@Target@@QAEHXZ
?SNMPCleanup@@YAXXZ
?SNMPStartup@@YAHXZ
?_register@SNMPManager@@QAEHPADP6AXAAVTrapPDU@@@Z@Z
?accessSharedMem@SNMPManager@@AAEHHPAU_MESSAGE@@PAX@Z
?addVarBind@ReqRespPDU@@QAEHAAVVarBind@@@Z
?addVarBind@TrapPDU@@AAEHAAVVarBind@@@Z
?broadcast@SNMPManager@@QAEHAAVReqRespPDU@@PADHP6AX0PAVNetworkAddress@@@ZP6AXW4EnumDetectionStatType@@@Z@Z
?broadcast@SNMPManager@@QAEHAAVReqRespPDU@@PADP6AX0PAVNetworkAddress@@@ZP6AXW4EnumDetectionStatType@@@Z@Z
?broadcast@SNMPManager@@QAEHAAVReqRespPDU@@PADP6AX0PAVNetworkAddress@@@ZP6AXW4EnumDetectionStatType@@@ZW4EnumPDUType@@H@Z
?decodePacket@SNMPManager@@AAEHPADHAAVReqRespPDU@@@Z
?decodeSAPPacket@SNMPManager@@AAEHPADHAAVPrinter@@@Z
?decodeTrapPacket@SNMPManager@@AAEHPAU_MESSAGE@@AAVTrapPDU@@@Z
?deepCopy@IPAddress@@AAEHPAD@Z
?deepCopy@IPv6Address@@AAEHPAD@Z
?deepCopy@OID@@AAEHPAD@Z
?deepCopy@OctetString@@AAEHPADI@Z
?deepCopy@PhysAddress@@AAEHPAD@Z
?deleteVarBind@ReqRespPDU@@QAEHI@Z
?detectHPPrinters@SNMPManager@@QAEHPAVIPAddress@@PAH@Z
?encodePacket@SNMPManager@@AAEHAAVReqRespPDU@@AAVTarget@@PAD@Z
?errorToString@SNMPManager@@QAEPADH@Z
?get@SNMPManager@@QAEHAAVReqRespPDU@@AAVTarget@@@Z
?getAddressType@IPAddress@@UAE?AW4EnumAddressType@@XZ
?getAddressType@IPXAddress@@UAE?AW4EnumAddressType@@XZ
?getAddressType@IPv6Address@@UAE?AW4EnumAddressType@@XZ
?getAddressType@PhysAddress@@UAE?AW4EnumAddressType@@XZ
?getAvailableProtocols@SNMPManager@@QAEKXZ
?getDataType@Counter@@UAE?AW4EnumDataType@@XZ
?getDataType@Gauge@@UAE?AW4EnumDataType@@XZ
?getDataType@IPAddress@@UAE?AW4EnumDataType@@XZ
?getDataType@IPXAddress@@UAE?AW4EnumDataType@@XZ
?getDataType@IPv6Address@@UAE?AW4EnumDataType@@XZ
?getDataType@Integer@@UAE?AW4EnumDataType@@XZ
?getDataType@Null@@UAE?AW4EnumDataType@@XZ
?getDataType@OID@@UAE?AW4EnumDataType@@XZ
?getDataType@OctetString@@UAE?AW4EnumDataType@@XZ
?getDataType@PhysAddress@@UAE?AW4EnumDataType@@XZ
?getDataType@TimeTicks@@UAE?AW4EnumDataType@@XZ
?getDescription@Printer@@QAEAAVOctetString@@XZ
?getEnterprise@TrapPDU@@QAEAAVOID@@XZ
?getErrorIndex@ReqRespPDU@@QAEHXZ
?getErrorStatus@ReqRespPDU@@QAEHXZ
?getFirstAddress@Target@@QAEPAVNetworkAddress@@XZ
?getIPAddress@Target@@QAEAAVIPAddress@@XZ
?getIPXAddress@Target@@QAEAAVIPXAddress@@XZ
?getIPv6Address@Target@@QAEAAVIPv6Address@@H@Z
?getIPv6AddressCount@Target@@QAEHXZ
?getName@Printer@@QAEAAVOctetString@@XZ
?getNext@SNMPManager@@QAEHAAVReqRespPDU@@AAVTarget@@@Z
?getNextAddress@Target@@QAEPAVNetworkAddress@@XZ
?getOID@VarBind@@QAEAAVOID@@XZ
?getPDUType@ReqRespPDU@@QAE?AW4EnumPDUType@@XZ
?getPhysAddress@Target@@QAEAAVPhysAddress@@XZ
?getReadCommunity@Target@@QAEPADXZ
?getRetryCount@Target@@QAEHXZ
?getSourceAddress@TrapPDU@@QAEAAVNetworkAddress@@XZ
?getStatus@Printer@@QAEAAVInteger@@XZ
?getTimeout@Target@@QAEHXZ
?getTrapCode@TrapPDU@@QAEHXZ
?getTrapTime@TrapPDU@@QAEAAVTimeTicks@@XZ
?getTrapType@TrapPDU@@QAEHXZ
?getValue@Counter@@QAEIXZ
?getValue@Gauge@@QAEIXZ
?getValue@IPAddress@@UAEPADXZ
?getValue@IPXAddress@@UAEPADXZ
?getValue@IPv6Address@@UAEPADXZ
?getValue@Integer@@QAEHXZ
?getValue@Null@@QAEPADXZ
?getValue@OID@@QAEPADXZ
?getValue@OctetString@@QAEPBDAAI@Z
?getValue@PhysAddress@@UAEPADXZ
?getValue@TimeTicks@@QAEIXZ
?getValue@VarBind@@QAEAAVSNMPDataType@@XZ
?getVarBind@ReqRespPDU@@QAEAAVVarBind@@I@Z
?getVarBindCount@ReqRespPDU@@QAEHXZ
?getVarBindCount@TrapPDU@@QAEHXZ
?getVarBindList@ReqRespPDU@@QAEPAVVarBind@@XZ
?getVarBindList@TrapPDU@@QAEPAVVarBind@@XZ
?getWriteCommunity@Target@@QAEPADXZ
?initializeObject@Target@@AAEXXZ
?isAddressResolved@Target@@QAEHXZ
?isTrapServerRunning@SNMPManager@@AAEHXZ
?isValid@Counter@@UAEHXZ
?isValid@Gauge@@UAEHXZ
?isValid@IPAddress@@UAEHXZ
?isValid@IPXAddress@@UAEHXZ
?isValid@IPv6Address@@UAEHXZ
?isValid@Integer@@UAEHXZ
?isValid@Null@@UAEHXZ
?isValid@OID@@UAEHXZ
?isValid@OctetString@@UAEHXZ
?isValid@PhysAddress@@UAEHXZ
?isValid@Printer@@QAEHXZ
?isValid@ReqRespPDU@@QAEHXZ
?isValid@Target@@QAEHXZ
?isValid@TimeTicks@@UAEHXZ
?isValid@TrapPDU@@QAEHXZ
?isValid@VarBind@@QAEHXZ
?isValidAddress@IPAddress@@AAEHPAD@Z
?isValidAddress@IPXAddress@@AAEHPADH@Z
?isValidAddress@IPv6Address@@AAEHPAD@Z
?isValidAddress@PhysAddress@@AAEHPAD@Z
?isValidCommunity@Target@@AAEHPAD@Z
?isValidIPv4Address@Target@@SAHPAD@Z
?isValidIPv6Address@Target@@SAHPAD@Z
?isValidValue@Counter@@AAEHI@Z
?isValidValue@Gauge@@AAEHI@Z
?isValidValue@Integer@@AAEHH@Z
?isValidValue@OID@@AAEHPAD@Z
?isValidValue@OctetString@@AAEHPADI@Z
?isValidValue@TimeTicks@@AAEHI@Z
?isValidVarBindList@ReqRespPDU@@AAEHPAVVarBind@@H@Z
?isValidVarBindList@TrapPDU@@AAEHPAVVarBind@@H@Z
?keepAlive@SNMPManager@@QAEXAAVReqRespPDU@@PADK@Z
?makePrinterObject@SNMPManager@@AAEHAAVReqRespPDU@@AAVPrinter@@@Z
?operateBroadcast@SNMPManager@@AAEHAAVReqRespPDU@@PAUBCastOptions@@W4EnumPDUType@@@Z
?operateUnicast@SNMPManager@@AAEHAAVReqRespPDU@@AAVTarget@@W4EnumPDUType@@@Z
?set@SNMPManager@@QAEHAAVReqRespPDU@@AAVTarget@@@Z
?setAgentAddress@Target@@QAEHPAD@Z
?setIPAddress@Target@@QAEHAAVIPAddress@@@Z
?setIPAddressOrder@Target@@QAEXH@Z
?setIPXAddress@Target@@QAEHAAVIPXAddress@@@Z
?setIPv6Address@Target@@QAEHAAVIPv6Address@@@Z
?setNetworkAddress@Target@@AAEHAAVNetworkAddress@@@Z
?setOID@VarBind@@QAEHAAVOID@@@Z
?setPhysAddress@Target@@QAEHAAVPhysAddress@@@Z
?setReadCommunity@Target@@QAEHPAD@Z
?setRetryCount@Target@@QAEHH@Z
?setSourceAddress@TrapPDU@@AAEHAAVNetworkAddress@@@Z
?setTimeout@Target@@QAEHH@Z
?setValue@Counter@@QAEHI@Z
?setValue@Gauge@@QAEHI@Z
?setValue@IPAddress@@UAEHPAD@Z
?setValue@IPXAddress@@QAEHPAD0@Z
?setValue@IPXAddress@@UAEHPAD@Z
?setValue@IPv6Address@@UAEHPAD@Z
?setValue@Integer@@QAEHH@Z
?setValue@Null@@QAEHXZ
?setValue@OID@@QAEHPAD@Z
?setValue@OctetString@@QAEHPADI@Z
?setValue@PhysAddress@@UAEHPAD@Z
?setValue@TimeTicks@@QAEHI@Z
?setValue@VarBind@@QAEHAAVSNMPDataType@@@Z
?setVarBind@ReqRespPDU@@QAEHIAAVVarBind@@@Z
?setVarBind@TrapPDU@@AAEHAAVVarBind@@I@Z
?setVarBindList@ReqRespPDU@@QAEHPAVVarBind@@H@Z
?setVarBindList@TrapPDU@@AAEHPAVVarBind@@H@Z
?setWriteCommunity@Target@@QAEHPAD@Z
?toDateAndTimeString@OctetString@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?toDateAndTimeString@OctetString@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBEI@Z
?toFormattedString@TimeTicks@@QAEPADXZ
?toHexString@IPAddress@@QAEPADXZ
?toHexString@OctetString@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?toString@Counter@@UAEPADXZ
?toString@Gauge@@UAEPADXZ
?toString@IPAddress@@UAEPADXZ
?toString@IPXAddress@@UAEPADXZ
?toString@IPv6Address@@UAEPADXZ
?toString@Integer@@UAEPADXZ
?toString@Null@@UAEPADXZ
?toString@OID@@UAEPADXZ
?toString@OctetString@@UAEPADXZ
?toString@PhysAddress@@UAEPADXZ
?toString@TimeTicks@@UAEPADXZ
?unregister@SNMPManager@@QAEHXZ
Sections
.text Size: 512KB - Virtual size: 511KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 110KB - Virtual size: 109KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 592KB - Virtual size: 596KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE