0dc8c0f7cc9bb74c9edd7707cdf43795_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0dc8c0f7cc9bb74c9edd7707cdf43795_JaffaCakes118
Size

811KB
MD5

0dc8c0f7cc9bb74c9edd7707cdf43795
SHA1

e4c159f9eb539d74df09dfc344f1ead544a4faa2
SHA256

aed119c8fc67371492da615718cc583201712d0247e9ab219af8302a0dd76034
SHA512

57e3700d5e16df47840618cc55ed2557d74df1b25333fb39c258b43242a16772204a2f1ab583301587d74cabd3d25d55098f8b73f3ded618ef772beec834110b
SSDEEP

12288:/COiVnW1GRjI2zkUwhRsX40VhFCEBW9oQm03MkbEf4nNhJiX828k5EkJ5frt+JwC:c3NXzNSsX4kC2WjmFkbEfcHDUN06s4EP

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/一纬企业名录王/GetHtmlContent.dll
unpack001/一纬企业名录王/MakeMD5.dll
unpack001/一纬企业名录王/addrdat/GetHtmlContent.dll
unpack001/一纬企业名录王/企业名录王破解版.exe

Files

0dc8c0f7cc9bb74c9edd7707cdf43795_JaffaCakes118
.rar
一纬企业名录王/GetHtmlContent.dll
.dll windows:4 windows x86 arch:x86

9ad82e1df61cb134f5ed741bc1dbba45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord535
ord4129
ord6648
ord6877
ord4202
ord541
ord6928
ord2818
ord540
ord537
ord6282
ord6283
ord858
ord2764
ord4278
ord800
ord860
ord2614
ord801
ord825
ord1182
ord823
ord1168
ord342
ord1253
ord6930

msvcrt

_mbscmp
__CxxFrameHandler
??8type_info@@QBEHABV0@@Z
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??0exception@@QAE@ABQBD@Z
_purecall
memmove
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z

kernel32

InterlockedExchange
MultiByteToWideChar
VirtualProtect
VirtualFree
VirtualQuery
GetSystemInfo
GetStringTypeExA
LCMapStringA
GetUserDefaultLCID
FreeLibrary
LoadLibraryA
Sleep
InterlockedCompareExchange
WideCharToMultiByte

msvcp60

?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??1logic_error@std@@UAE@XZ
??0bad_exception@std@@QAE@ABV01@@Z
??1bad_exception@std@@UAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?what@logic_error@std@@UBEPBDXZ
??0logic_error@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??_7logic_error@std@@6B@
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??1runtime_error@std@@UAE@XZ
??_7runtime_error@std@@6B@
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??Nstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0bad_exception@std@@QAE@PBD@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0Init@ios_base@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

user32

LoadStringA

Exports

Exports

??0CGetStrNum@@QAE@ABV0@@Z
??0CGetStrNum@@QAE@XZ
??1CGetStrNum@@UAE@XZ
??4CGetStrNum@@QAEAAV0@ABV0@@Z
??_7CGetStrNum@@6B@
?Convert@CGetStrNum@@QAE?AVCString@@V2@HH@Z
?HtmlStrDealGetEmail@CGetStrNum@@QAEHVCString@@AAV2@@Z
?HtmlStrDealGetFax@CGetStrNum@@QAEHVCString@@AAV2@@Z
?HtmlStrDealGetPhone@CGetStrNum@@QAEHVCString@@AAV2@@Z

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
一纬企业名录王/MakeMD5.dll
.dll windows:4 windows x86 arch:x86

465fc64febef15f1c36a9deaca1f1b33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42d

ord2256
ord1164
ord333
ord719
ord1114
ord1179
ord492
ord684
ord734
ord2640
ord485
ord3481
ord945
ord899
ord901
ord2129
ord736
ord880
ord1510
ord4443
ord721
ord4258
ord2636
ord714
ord590
ord903
ord900
ord1100
ord3042
ord4405
ord4403
ord4123
ord342
ord3255
ord3555
ord2127

msvcrtd

__CxxFrameHandler
fputs
remove
fclose
fgets
ftell
fseek
fopen
_chkesp
sprintf
__dllonexit
_onexit
_free_dbg
_initterm
_malloc_dbg
_adjust_fdiv

Exports

Exports

MakeMd5

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
一纬企业名录王/addrdat/GetHtmlContent.dll
.dll windows:4 windows x86 arch:x86

9ad82e1df61cb134f5ed741bc1dbba45

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord535
ord4129
ord6648
ord6877
ord4202
ord541
ord6928
ord2818
ord540
ord537
ord6282
ord6283
ord858
ord2764
ord4278
ord800
ord860
ord2614
ord801
ord825
ord1182
ord823
ord1168
ord342
ord1253
ord6930

msvcrt

_mbscmp
__CxxFrameHandler
??8type_info@@QBEHABV0@@Z
_adjust_fdiv
malloc
_initterm
free
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??0exception@@QAE@ABQBD@Z
_purecall
memmove
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z

kernel32

InterlockedExchange
MultiByteToWideChar
VirtualProtect
VirtualFree
VirtualQuery
GetSystemInfo
GetStringTypeExA
LCMapStringA
GetUserDefaultLCID
FreeLibrary
LoadLibraryA
Sleep
InterlockedCompareExchange
WideCharToMultiByte

msvcp60

?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??1logic_error@std@@UAE@XZ
??0bad_exception@std@@QAE@ABV01@@Z
??1bad_exception@std@@UAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Xlen@std@@YAXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?what@logic_error@std@@UBEPBDXZ
??0logic_error@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??_7logic_error@std@@6B@
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
??1runtime_error@std@@UAE@XZ
??_7runtime_error@std@@6B@
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??Nstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0bad_exception@std@@QAE@PBD@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0Init@ios_base@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0runtime_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z

user32

LoadStringA

Exports

Exports

??0CGetStrNum@@QAE@ABV0@@Z
??0CGetStrNum@@QAE@XZ
??1CGetStrNum@@UAE@XZ
??4CGetStrNum@@QAEAAV0@ABV0@@Z
??_7CGetStrNum@@6B@
?Convert@CGetStrNum@@QAE?AVCString@@V2@HH@Z
?HtmlStrDealGetEmail@CGetStrNum@@QAEHVCString@@AAV2@@Z
?HtmlStrDealGetFax@CGetStrNum@@QAEHVCString@@AAV2@@Z
?HtmlStrDealGetPhone@CGetStrNum@@QAEHVCString@@AAV2@@Z

Sections

.text
Size: 104KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
一纬企业名录王/addrdat/add.dat
一纬企业名录王/addrdat/baidu/保存关键字
一纬企业名录王/addrdat/compandata.mdb
一纬企业名录王/addrdat/maimai/area.txt
一纬企业名录王/addrdat/zghz/area.txt
一纬企业名录王/企业名录王破解版.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 504KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 616KB - Virtual size: 613KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_stext
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ad82e1df61cb134f5ed741bc1dbba45

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

msvcp60

user32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 8KB - Virtual size: 6KB

465fc64febef15f1c36a9deaca1f1b33

Headers

File Characteristics

Imports

mfc42d

msvcrtd

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 86KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 1KB

.idata Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

9ad82e1df61cb134f5ed741bc1dbba45

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

msvcp60

user32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 102KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 8KB - Virtual size: 6KB

Headers

File Characteristics

Sections

.text Size: 504KB - Virtual size: 500KB

.rdata Size: 92KB - Virtual size: 89KB

.data Size: 44KB - Virtual size: 43KB

.rsrc Size: 616KB - Virtual size: 613KB

_stext Size: 40KB - Virtual size: 36KB

_rdata Size: 4KB - Virtual size: 3KB

_data Size: 4KB - Virtual size: 15KB

_idata Size: 4KB - Virtual size: 4KB

_rsrc Size: 12KB - Virtual size: 12KB

_reloc Size: 3KB - Virtual size: 3KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 88KB - Virtual size: 86KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 104KB - Virtual size: 102KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 8KB - Virtual size: 6KB

.text
Size: 504KB - Virtual size: 500KB

.rdata
Size: 92KB - Virtual size: 89KB

.data
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 616KB - Virtual size: 613KB

_stext
Size: 40KB - Virtual size: 36KB

_rdata
Size: 4KB - Virtual size: 3KB

_data
Size: 4KB - Virtual size: 15KB

_idata
Size: 4KB - Virtual size: 4KB

_rsrc
Size: 12KB - Virtual size: 12KB

_reloc
Size: 3KB - Virtual size: 3KB