222c05bd0b3d20a336cb01cfb809365d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

222c05bd0b3d20a336cb01cfb809365d_JaffaCakes118
Size

3.4MB
MD5

222c05bd0b3d20a336cb01cfb809365d
SHA1

799f864e45bcba2d619313096785f77917bb025b
SHA256

6759e920e8d3aee6d1dd08cd2cdaf06edb57b4566e4ea27977cbfeff4b36db88
SHA512

a89585a0f9952647157a6e565c7278f11eb870cd4dedef44ecd35640a4de81f207acc0ece92a1d7f3a64faf0dbc908e17f68cf7072acbbc13c6edb1448896ade
SSDEEP

98304:p35IBo2GbOzUerPLGtLHAsqLmP4LIB+0xU:pQo2GbBebLGtfumP4LC+0xU

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/drakensang.exe
unpack001/drakensanga1.exe
unpack001/rld.dll
unpack001/run_first.exe

Files

222c05bd0b3d20a336cb01cfb809365d_JaffaCakes118
.7z
de-draa1.nfo
drakensang.exe
.exe windows:5 windows x86 arch:x86

fd69b2a1515bea2bebe93912f773f95f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
Sleep
OutputDebugStringA
InterlockedCompareExchange
GetCurrentThreadId
CreateSemaphoreA
CloseHandle
WaitForSingleObject
ReleaseSemaphore
HeapCreate
HeapDestroy
GetSystemInfo
CreateEventA
SetEvent
CreateThread
SetThreadPriority
SetThreadIdealProcessor
ResumeThread
GetExitCodeThread
RaiseException
SetUnhandledExceptionFilter
CreateFileA
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameA
GetLocalTime
GetStdHandle
GetConsoleMode
WriteConsoleA
HeapSetInformation
PeekConsoleInputA
FlushConsoleInputBuffer
ReadConsoleA
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
SetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
CompareFileTime
AreFileApisANSI
GetSystemTime
DeleteFileW
LockFileEx
GetTempPathW
CreateFileW
GetFileAttributesW
InitializeCriticalSection
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetFullPathNameW
OutputDebugStringW
DebugBreak
LoadLibraryW
GetModuleFileNameW
ExitThread
HeapUnlock
HeapWalk
HeapLock
HeapQueryInformation
GetProcessHeap
GetProcessHeaps
HeapCompact
GlobalMemoryStatusEx
HeapReAlloc
HeapAlloc
WriteFile
GetCommandLineA
GetStartupInfoA
VirtualFree
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
GetLastError
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
VirtualAlloc
TerminateProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
RtlUnwind
SetFilePointer
GetConsoleCP
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
GetLocaleInfoW
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
QueryPerformanceFrequency
ReadFile
GetOverlappedResult
CreateMutexA
GetTempPathA
DeleteFileA
RemoveDirectoryA
FormatMessageA
LocalFree
GetFileSize
GetFileTime
FindClose
FindFirstFileA
FindNextFileA
GetVersionExA
ReleaseMutex
SetFileTime
CreateDirectoryA
GlobalLock
GlobalUnlock
HeapFree
VirtualQuery

user32

SetWindowLongA
DestroyWindow
DestroyAcceleratorTable
UnregisterClassA
PeekMessageA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetWindowLongA
DefWindowProcA
GetClientRect
CallNextHookEx
CreateWindowExA
SetCapture
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
SetForegroundWindow
GetForegroundWindow
MessageBoxW
MessageBoxA
FindWindowA
ShowWindow
SendMessageA
LoadCursorA
RegisterClassExA
SetWindowPos
AdjustWindowRect
GetMonitorInfoA
SetClassLongA
LoadIconA
SetWindowTextA
SetCursor
ReleaseCapture
IsIconic

wsock32

gethostname
htonl
WSAStartup
socket
shutdown
closesocket
setsockopt
getsockopt
inet_ntoa
bind
listen
accept
connect
WSAGetLastError
select
gethostbyname
ioctlsocket
ntohs
htons
recv
send
WSACleanup
inet_addr

dbghelp

MiniDumpWriteDump

gdi32

GetStockObject
AddFontResourceExA
RemoveFontResourceExA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathA

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx

d3d9

Direct3DCreate9

d3dx9_41

D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCompileShader
D3DXSaveSurfaceToFileA
D3DXCreateFontA
D3DXCreateEffect
D3DXGetVertexShaderProfile
D3DXCreateSprite
D3DXSaveTextureToFileA
D3DXCreateCubeTexture
D3DXCreateTexture
D3DXGetPixelShaderProfile
D3DXCreateTextureFromFileInMemoryEx
D3DXGetImageInfoFromFileInMemory
D3DXCreateTeapot
D3DXCreateTorus
D3DXCreateSphere
D3DXCreateCylinder
D3DXCreateBox
D3DXCreateLine
D3DXCreateEffectPool

dinput8

DirectInput8Create

dsound

ord11

x3daudio1_6

X3DAudioCalculate
X3DAudioInitialize

rpcrt4

UuidCompare
UuidIsNil
UuidCreate
UuidToStringA
RpcStringFreeA
UuidHash
UuidFromStringA

binkw32

_BinkShouldSkip@4
_BinkDoFrame@4
_BinkOpen@8
_BinkOpenDirectSound@4
_BinkNextFrame@4
_BinkWait@4
_BinkRegisterFrameBuffers@8
_BinkGetFrameBuffersInfo@8
_BinkSetSoundSystem@8
_BinkClose@4

Exports

Exports

Sections

.text
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.1MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.secu
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
drakensanga1.exe
.exe windows:5 windows x86 arch:x86

1e49d4ea79188c9084d149f078b4deb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
Sleep
OutputDebugStringA
InterlockedCompareExchange
GetCurrentThreadId
CreateSemaphoreA
CloseHandle
WaitForSingleObject
ReleaseSemaphore
HeapCreate
HeapDestroy
GetSystemInfo
CreateEventA
SetEvent
CreateThread
SetThreadPriority
SetThreadIdealProcessor
ResumeThread
GetExitCodeThread
RaiseException
SetUnhandledExceptionFilter
CreateFileA
GetCurrentProcess
GetCurrentProcessId
GetModuleFileNameA
GetLocalTime
GetStdHandle
GetConsoleMode
WriteConsoleA
HeapSetInformation
PeekConsoleInputA
FlushConsoleInputBuffer
ReadConsoleA
MultiByteToWideChar
WideCharToMultiByte
GetFileAttributesA
SetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
CompareFileTime
AreFileApisANSI
GetSystemTime
DeleteFileW
LockFileEx
GetTempPathW
CreateFileW
GetFileAttributesW
InitializeCriticalSection
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GetFullPathNameW
OutputDebugStringW
DebugBreak
LoadLibraryW
GetModuleFileNameW
ExitThread
HeapUnlock
HeapWalk
HeapLock
HeapQueryInformation
GetProcessHeap
GetProcessHeaps
HeapCompact
GlobalMemoryStatusEx
HeapReAlloc
HeapAlloc
WriteFile
GetCommandLineA
GetStartupInfoA
VirtualFree
GetModuleHandleW
GetProcAddress
UnhandledExceptionFilter
GetLastError
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
QueryPerformanceCounter
GetTickCount
VirtualAlloc
TerminateProcess
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
RtlUnwind
SetFilePointer
GetConsoleCP
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
GetLocaleInfoW
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
QueryPerformanceFrequency
ReadFile
GetOverlappedResult
CreateMutexA
GetTempPathA
DeleteFileA
RemoveDirectoryA
FormatMessageA
LocalFree
GetFileSize
GetFileTime
FindClose
FindFirstFileA
FindNextFileA
GetVersionExA
ReleaseMutex
SetFileTime
CreateDirectoryA
GlobalLock
GlobalUnlock
HeapFree
VirtualQuery

user32

SetWindowLongA
DestroyWindow
DestroyAcceleratorTable
UnregisterClassA
PeekMessageA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetWindowLongA
DefWindowProcA
GetClientRect
CallNextHookEx
CreateWindowExA
SetCapture
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
SetForegroundWindow
GetForegroundWindow
MessageBoxW
MessageBoxA
FindWindowA
ShowWindow
SendMessageA
LoadCursorA
RegisterClassExA
SetWindowPos
AdjustWindowRect
GetMonitorInfoA
SetClassLongA
LoadIconA
SetWindowTextA
SetCursor
ReleaseCapture
IsIconic

wsock32

htonl
WSAStartup
socket
shutdown
closesocket
setsockopt
getsockopt
inet_ntoa
bind
listen
accept
connect
WSAGetLastError
select
gethostbyname
ioctlsocket
gethostname
ntohs
htons
recv
send
WSACleanup
inet_addr

dbghelp

MiniDumpWriteDump

gdi32

GetStockObject
AddFontResourceExA
RemoveFontResourceExA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathA

ole32

CoTaskMemFree
CoInitializeEx
CoCreateInstance

d3d9

Direct3DCreate9

d3dx9_41

D3DXCreateFontA
D3DXCreateEffect
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCompileShader
D3DXSaveSurfaceToFileA
D3DXGetVertexShaderProfile
D3DXCreateSprite
D3DXSaveTextureToFileA
D3DXCreateCubeTexture
D3DXCreateTexture
D3DXGetPixelShaderProfile
D3DXCreateTextureFromFileInMemoryEx
D3DXGetImageInfoFromFileInMemory
D3DXCreateTeapot
D3DXCreateTorus
D3DXCreateSphere
D3DXCreateCylinder
D3DXCreateBox
D3DXCreateLine
D3DXCreateEffectPool

dinput8

DirectInput8Create

dsound

ord11

x3daudio1_6

X3DAudioCalculate
X3DAudioInitialize

rpcrt4

UuidCompare
UuidIsNil
UuidCreate
UuidToStringA
RpcStringFreeA
UuidHash
UuidFromStringA

binkw32

_BinkWait@4
_BinkNextFrame@4
_BinkShouldSkip@4
_BinkDoFrame@4
_BinkRegisterFrameBuffers@8
_BinkSetVolume@12
_BinkClose@4
_BinkGetFrameBuffersInfo@8
_BinkSetSoundSystem@8
_BinkOpenDirectSound@4
_BinkOpen@8

Exports

Exports

Sections

.text
Size: 10.5MB - Virtual size: 10.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4.2MB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 41B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.secu
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
rld.dll
.dll windows:5 windows x86 arch:x86

b3004665371186b7d42c75f7eef1e389

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
lstrcpyA
HeapAlloc
WideCharToMultiByte
lstrlenW
SetLastError
VirtualFree
CloseHandle
WriteFile
ReadFile
CreateFileA
VirtualAlloc
CopyFileA
lstrcmpiA
MultiByteToWideChar
GetModuleHandleA
lstrcatA
lstrlenA
SetFilePointer
CreateEventA
GetCurrentProcessId
lstrcmpA
HeapDestroy
GetLastError
CreateDirectoryA
GetTempPathA
GetModuleFileNameA
HeapCreate
CompareFileTime
GetProcessTimes
GetCurrentProcess
GetFileTime
TerminateProcess
LoadLibraryA
CreateFileW
WriteProcessMemory
ReadProcessMemory
OpenEventA
GetTickCount
ExitThread
SetEvent
WaitForSingleObject
WaitForMultipleObjects
CreateThread
GetProcessHeap
VirtualProtect

user32

CharLowerA
wsprintfA
MessageBoxA
DefWindowProcA
SetWindowLongA
SendMessageA
GetWindowLongA
DispatchMessageA
GetMessageA
UnregisterClassA
DestroyWindow
CreateWindowExA
RegisterClassExA
PostMessageA
KillTimer
SetTimer

Exports

Exports

DllInit

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RLD0
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.RLD1
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
run_first.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd69b2a1515bea2bebe93912f773f95f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wsock32

dbghelp

gdi32

advapi32

shell32

ole32

d3d9

d3dx9_41

dinput8

dsound

x3daudio1_6

rpcrt4

binkw32

Exports

Exports

Sections

.text Size: 10.5MB - Virtual size: 10.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 4.1MB - Virtual size: 4.6MB

.tls Size: 512B - Virtual size: 41B

.rsrc Size: 15KB - Virtual size: 14KB

.secu Size: 243KB - Virtual size: 242KB

1e49d4ea79188c9084d149f078b4deb1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

wsock32

dbghelp

gdi32

advapi32

shell32

ole32

d3d9

d3dx9_41

dinput8

dsound

x3daudio1_6

rpcrt4

binkw32

Exports

Exports

Sections

.text Size: 10.5MB - Virtual size: 10.5MB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 4.2MB - Virtual size: 4.7MB

.tls Size: 512B - Virtual size: 41B

.rsrc Size: 279KB - Virtual size: 279KB

.secu Size: 208KB - Virtual size: 207KB

b3004665371186b7d42c75f7eef1e389

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 2KB

.RLD0 Size: 2KB - Virtual size: 1KB

.RLD1 Size: 93KB - Virtual size: 92KB

.reloc Size: 1024B - Virtual size: 1000B

Headers

.text
Size: 10.5MB - Virtual size: 10.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 4.1MB - Virtual size: 4.6MB

.tls
Size: 512B - Virtual size: 41B

.rsrc
Size: 15KB - Virtual size: 14KB

.secu
Size: 243KB - Virtual size: 242KB

.text
Size: 10.5MB - Virtual size: 10.5MB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 4.2MB - Virtual size: 4.7MB

.tls
Size: 512B - Virtual size: 41B

.rsrc
Size: 279KB - Virtual size: 279KB

.secu
Size: 208KB - Virtual size: 207KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 2KB

.RLD0
Size: 2KB - Virtual size: 1KB

.RLD1
Size: 93KB - Virtual size: 92KB

.reloc
Size: 1024B - Virtual size: 1000B

CODE
Size: 111KB - Virtual size: 111KB

DATA
Size: 2KB - Virtual size: 1KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: - Virtual size: 12B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 6KB - Virtual size: 6KB