Win32[.]ZeroCleare[.]zip

Resubmissions

29/06/2024, 20:48

240629-zlmr7awbre 8

29/06/2024, 20:47

240629-zlcbfswbra 8

Sharing

Copy URL

Twitter E-mail

General

Target

Win32.ZeroCleare.zip
Size

560KB
MD5

a63b2fdcc4a32b00d5b475f56f9c4ac9
SHA1

b8aa7a6c2c975d1711cc6b9344c58f5594cfb386
SHA256

fb9c25da973a81fbbaca16011aba651bf9b5e1d98f1f1a5a500ab00c781ebcb8
SHA512

d1e5c61c2524d17c8aea641b441cb40758428fd30583c1953778f775470e126c0c4f33e275989623173b515fb0245b02f9fe715d695784b6a1125e475b7aba7f
SSDEEP

12288:nkhWmek8cSrovkD07vA3jT0fFZ2ArMKFU1jHw1FphcIoQSp2r:nkhWmek8cSavA3vgCF1jHs5SIr

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ClientUpdate.exe (x64).bin
unpack001/ClientUpdate.exe (x86).bin
unpack001/Dustman.exe
unpack001/agent.exe
unpack006/1EF610B1F9646063F96AD880AAD9569D.bin

Files

Win32.ZeroCleare.zip
.zip

Password: infected
ClientUpdate.exe (x64).bin
.exe windows:6 windows x64 arch:x64

Password: infected

bbe6985c2fe1daabb9a70eb12e8b1eb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Developer\source\repos\ZeroCleare\x64\Release\zeroclear.pdb

Imports

kernel32

DeviceIoControl
GetLogicalDrives
CreateProcessA
GetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
WaitForSingleObject
CreateFileW
CloseHandle
GetSystemDirectoryW
DecodePointer
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
DuplicateHandle
Sleep
SwitchToThread
GetCurrentThread
GetExitCodeThread
TryEnterCriticalSection
FormatMessageW
WideCharToMultiByte
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
OutputDebugStringW
InitializeCriticalSectionEx
FreeLibrary
LoadLibraryW
MultiByteToWideChar
WriteFile
FindNextFileW
GetVersionExW
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetCommandLineA
GetCommandLineW
CreateThread
ExitThread
FreeLibraryAndExitThread
FindClose
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
LCMapStringW
GetFileType
SetStdHandle
GetStringTypeW
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
GetLastError
RaiseException

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ClientUpdate.exe (x86).bin
.exe windows:6 windows x86 arch:x86

Password: infected

9094b41f639b9a1d2adec24f8bc3b83b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Developer\source\repos\ZeroCeare32\Release\zeroclear.pdb

Imports

kernel32

DeviceIoControl
GetLogicalDrives
CreateProcessW
GetStdHandle
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetModuleFileNameW
WaitForSingleObject
CreateFileW
CloseHandle
GetSystemDirectoryW
DecodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FormatMessageW
WideCharToMultiByte
DuplicateHandle
Sleep
SwitchToThread
GetCurrentThread
GetExitCodeThread
TryEnterCriticalSection
EncodePointer
MultiByteToWideChar
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLastError
GetStringTypeW
GetCPInfo
OutputDebugStringW
FreeLibrary
LoadLibraryW
GetVersionExW
ReadFile
WriteFile
FindNextFileW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
CreateThread
ExitThread
FreeLibraryAndExitThread
FindClose
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadConsoleW
WriteConsoleW
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetModuleHandleA
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
GetLocaleInfoW
RaiseException

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dustman.exe
.exe windows:6 windows x64 arch:x64

Password: infected

47cb8a71a145ac31ea5df1b531c7fa09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Admin\Desktop\Dustman\x64\Release\Dustman.pdb

Imports

kernel32

DeviceIoControl
CreateMutexW
ExitProcess
CreateProcessA
GetModuleHandleW
GetLogicalDriveStringsW
VirtualAlloc
WideCharToMultiByte
GetFileAttributesW
GetDriveTypeW
GetCurrentDirectoryW
GetStdHandle
Sleep
SetLastError
GetLastError
CloseHandle
CreateFileW
GetTickCount
GetProcessHeap
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
RtlUnwindEx
TlsGetValue
TlsSetValue
FreeLibrary
GetProcAddress
LoadLibraryExW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter

user32

wsprintfW

advapi32

QueryServiceStatusEx
RegOpenKeyExW
RegCloseKey
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle

ntdll

NtCreateFile
NtQueryDirectoryObject
NtClose
NtQuerySystemInformation
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
LdrFindResource_U
LdrAccessResource
NtFlushBuffersFile
NtOpenDirectoryObject
NtDeleteFile
RtlImageNtHeader
RtlGetVersion
RtlInitUnicodeString
RtlInitString
LdrLoadDll
LdrGetProcedureAddress
RtlAllocateHeap
NtWriteFile
NtFreeVirtualMemory
NtAllocateVirtualMemory

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 205KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
agent.exe
.exe windows:6 windows x64 arch:x64

Password: infected

75f159bf634600808810849f244592eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Admin\Desktop\Dustman\Furutaka\drv\agent.plain.pdb

Imports

kernel32

ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetSystemDirectoryW
DeleteCriticalSection
InitializeCriticalSectionEx
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
CreateFileW
SetLastError
CloseHandle
DeviceIoControl
GetProcAddress
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
WriteFile
FindNextFileW
GetCurrentProcess
GetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
CompareStringW
LCMapStringW
GetFileType
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
RaiseException

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
soy.exe
.zip

Password: infected
1EF610B1F9646063F96AD880AAD9569D.bin
.exe windows:6 windows x64 arch:x64

Password: infected

a77e151298bfc1aa0db93ca8a3cbc2a9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\SD\Desktop\TDL\Source\Furutaka\output\x64\Release\soy.pdb

Imports

kernel32

GetModuleHandleW
GetTickCount
ExitProcess
WideCharToMultiByte
CreateMutexW
DeviceIoControl
GetFileAttributesW
GetCurrentDirectoryW
Sleep
SetLastError
GetLastError
CloseHandle
CreateFileW
VirtualAlloc
GetProcessHeap
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
LCMapStringW
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
RtlUnwindEx
TlsGetValue
TlsSetValue
FreeLibrary
GetProcAddress
LoadLibraryExW
IsProcessorFeaturePresent
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter

user32

wsprintfW

advapi32

QueryServiceStatusEx
RegOpenKeyExW
RegCloseKey
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle

ntdll

NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
NtQuerySystemInformation
RtlFreeHeap
RtlDosPathNameToNtPathName_U
RtlFreeUnicodeString
LdrFindResource_U
LdrAccessResource
NtFlushBuffersFile
NtCreateFile
NtDeleteFile
RtlImageNtHeader
RtlGetVersion
RtlInitUnicodeString
RtlInitString
LdrLoadDll
LdrGetProcedureAddress
RtlAllocateHeap
NtWriteFile
NtFreeVirtualMemory
NtAllocateVirtualMemory

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

bbe6985c2fe1daabb9a70eb12e8b1eb9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 82KB - Virtual size: 81KB

.data Size: 9KB - Virtual size: 20.0MB

.pdata Size: 14KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

Password: infected

9094b41f639b9a1d2adec24f8bc3b83b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 79KB - Virtual size: 78KB

.data Size: 8KB - Virtual size: 20.0MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 15KB - Virtual size: 14KB

Password: infected

47cb8a71a145ac31ea5df1b531c7fa09

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ntdll

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 205KB - Virtual size: 204KB

.reloc Size: 1KB - Virtual size: 1KB

Password: infected

75f159bf634600808810849f244592eb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 20.0MB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

Password: infected

Password: infected

a77e151298bfc1aa0db93ca8a3cbc2a9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 82KB - Virtual size: 81KB

.data
Size: 9KB - Virtual size: 20.0MB

.pdata
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 79KB - Virtual size: 78KB

.data
Size: 8KB - Virtual size: 20.0MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 15KB - Virtual size: 14KB

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 205KB - Virtual size: 204KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 20.0MB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 91KB - Virtual size: 91KB

.reloc
Size: 1KB - Virtual size: 1KB