Tomware[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Tomware.exe
Size

1.3MB
MD5

0ae93ba9eac8ed73d962af3123625a3e
SHA1

af2caefe8e653cb23dd978171a0504b1f4e17600
SHA256

f6defe01bff66d14c5d90aefed5d8c96877371c39ffb86dc40ce32826d2295da
SHA512

c23dee9f9276090e769cbcc35b01da47862faf12fed7b1c5a3a437a57d6c2c8bf6bbbb24fcbd1b94911b5d964ef4bd11a758c11bc84fa034082a5a3d6b98b140
SSDEEP

24576:TdaVO9+bZcKGCZTsp7b5TcjN5Nd8znalyyoYfsC352DD2/frXHlOMBnfVKqanf0T:TEVO9+bsZcjN5Nd8znalyyoYfsCM2/fB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Tomware.exe

Files

Tomware.exe
.exe windows:6 windows x64 arch:x64

ce1130b9a2f341ba5ab2a13ce817025e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFirmwareType
InitializeCriticalSectionEx
DeleteCriticalSection
FormatMessageA
LocalFree
GetModuleFileNameA
FreeLibrary
VerifyVersionInfoW
SetFileCompletionNotificationModes
CloseThreadpoolIo
CancelThreadpoolIo
StartThreadpoolIo
CreateThreadpoolIo
GetOverlappedResult
WriteFile
ReadFile
CreateFileW
FormatMessageW
OutputDebugStringW
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitOnceComplete
InitOnceBeginInitialize
QueryPerformanceFrequency
QueryPerformanceCounter
VerSetConditionMask
WideCharToMultiByte
TerminateProcess
ExitProcess
GetCurrentProcess
WaitForSingleObject
GetLastError
CloseHandle
FindNextFileA
FindFirstFileA
GetLocaleInfoEx
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetCurrentThread
Sleep
GetUserDefaultLocaleName
GetFirmwareEnvironmentVariableA
LoadLibraryA
GetProcAddress
InitializeSListHead
GetModuleHandleA
GetFileSizeEx
FindClose

user32

TrackMouseEvent
EmptyClipboard
GetClipboardData
OpenClipboard
SetClipboardData
IsChild
CloseClipboard
GetCapture
SetCapture
ReleaseCapture
GetForegroundWindow
LoadIconA
GetClientRect
SetCursorPos
SetCursor
GetDesktopWindow
UpdateWindow
ShowWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
PostQuitMessage
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
GetKeyState

advapi32

RegQueryValueExA
AdjustTokenPrivileges
RegGetValueA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegCloseKey
GetUserNameW
LookupPrivilegeValueA

shell32

ShellExecuteExA

msvcp140

??Bios_base@std@@QEBA_NXZ
?setf@ios_base@std@@QEAAHHH@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
?_Random_device@std@@YAIXZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exceptions@std@@YAHXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?fail@ios_base@std@@QEBA_NXZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Xbad_function_call@std@@YAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??Bid@locale@std@@QEAA_KXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?classic@locale@std@@SAAEBV12@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_destroy_in_situ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
_Mtx_init_in_situ
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?uncaught_exception@std@@YA_NXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

concrt140

?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CryptUnprotectMemory

bcrypt

BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash

winhttp

WinHttpConnect
WinHttpReadData
WinHttpCloseHandle
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpSetStatusCallback
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpQueryOption
WinHttpSetOption
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl

d3d11

D3D11CreateDeviceAndSwapChain

vcruntime140

_CxxThrowException
memchr
__std_exception_destroy
__std_exception_copy
__current_exception_context
__current_exception
__C_specific_handler
_purecall
memcmp
strstr
memset
memmove
memcpy
__std_terminate

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_seh_filter_exe
_set_app_type
_crt_atexit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_c_exit
_invalid_parameter_noinfo_noreturn
_exit
_get_narrow_winmain_command_line
exit
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_initterm_e
abort
_initterm
terminate
_beginthreadex
_errno

api-ms-win-crt-string-l1-1-0

isdigit
strcmp
strncmp
strncpy
isxdigit
strcat_s
strcpy_s
isalpha

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
_set_fmode
ferror
feof
fflush
fgetc
fgetpos
__acrt_iob_func
setvbuf
fputc
fread
fsetpos
_fseeki64
ungetc
__stdio_common_vsprintf_s
fwrite
fopen_s
fclose
__p__commode
__stdio_common_vsscanf
__stdio_common_vsprintf
ftell
fseek
_wfopen

api-ms-win-crt-heap-l1-1-0

_callnewh
free
realloc
_set_new_mode
malloc

api-ms-win-crt-convert-l1-1-0

wcstombs_s
strtol
atoi
wcstol

api-ms-win-crt-filesystem-l1-1-0

_mkdir
remove
_lock_file
_unlock_file
_access_s

api-ms-win-crt-time-l1-1-0

_time64
_localtime64
strftime
_localtime64_s

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

powf
fmodf
sqrtf
__setusermatherr
ceilf
acosf
cosf
sinf
ldexp

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 827KB - Virtual size: 826KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 270KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce1130b9a2f341ba5ab2a13ce817025e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

concrt140

imm32

d3dcompiler_47

dwmapi

crypt32

bcrypt

winhttp

d3d11

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 827KB - Virtual size: 826KB

.rdata Size: 212KB - Virtual size: 212KB

.data Size: 270KB - Virtual size: 273KB

.pdata Size: 40KB - Virtual size: 39KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 827KB - Virtual size: 826KB

.rdata
Size: 212KB - Virtual size: 212KB

.data
Size: 270KB - Virtual size: 273KB

.pdata
Size: 40KB - Virtual size: 39KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 6KB - Virtual size: 6KB