asyncrat | 2Take1Cracked[.]rar

Resubmissions

Sharing

Copy URL

Twitter E-mail

General

Target

2Take1Cracked.rar
Size

16.1MB
MD5

04767214e9160157c9f9b80acd2ed1e0
SHA1

66b083327e90ce3513ec1222f5232f05de370f1a
SHA256

6cabe90b2d006dbc2a8e66f9f3b714bc840f12325e206a14f9b65b2dd68c8a3c
SHA512

49f3b997b063da780f3ecbc2681110c3dc5da0c2be4c5ebca68837ed179ace78f5ca86db5b35ecea51fed65fb0cc8c83c3fdaba5685b65ad0978713b4c2c9748
SSDEEP

393216:UbxqYxle/g+Yif6RksIGP99MJ23BQkkR8Yi2ModTcq:UbxZxle/g+Yi8kbGP9G23y7eKcq

Score

10^/10

rat venom clients asyncrat

Malware Config

Extracted

Family

asyncrat

Version

5.0.5

Botnet

Venom Clients

127.0.0.1:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes

delay
1
install
false
install_folder
%AppData%

aes.plain

Signatures

Async RAT payload 1 IoCs

rat

resource	yara_rule
static1/unpack001/2Take1Cracked/2Take1Crack.exe	family_asyncrat

Asyncrat family
asyncrat

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/2Take1Cracked/2Take1Crack.exe
unpack001/2Take1Cracked/Launcher.exe
unpack001/2Take1Cracked/Updater.exe
unpack001/2Take1Cracked/lua.dll
unpack001/2Take1Cracked/spel64.dll

Files

2Take1Cracked.rar
.rar
2Take1Cracked/2Take1Crack.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2Take1Cracked/2Take1MenuVIP.bin
2Take1Cracked/2Take1MenuVIP.cx
2Take1Cracked/2Take1Prep.bin
2Take1Cracked/2Take1Prep.cx
2Take1Cracked/KEYS.txt
2Take1Cracked/LICENSE.txt
2Take1Cracked/Launcher.dat
2Take1Cracked/Launcher.exe
.exe windows:6 windows x64 arch:x64

7f6eea2f59a9c61cb20de952d336acc8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OpenThread
GetCurrentProcess
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
GetLastError
VirtualAllocEx
GetModuleFileNameA
Process32Next
Process32First
CreateToolhelp32Snapshot
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
SetThreadContext
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
CreateFileA
GetFileSizeEx
WaitForSingleObjectEx
FormatMessageA
SetLastError
RtlDeleteFunctionTable
ReadProcessMemory
GetThreadContext
VirtualProtectEx
ResumeThread
SuspendThread
Thread32First
Thread32Next
GetProcessId
RtlAddFunctionTable
VirtualAlloc
VirtualFree
GetStartupInfoW
LoadLibraryA
GetProcAddress
GetModuleHandleA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
QueryPerformanceCounter
TerminateProcess
CreateProcessA
Sleep
CreateThread
OpenProcess
ReleaseMutex
WaitForSingleObject
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenMutexA
GetCurrentThreadId
GetFileAttributesA
CreateDirectoryA
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
QueryPerformanceFrequency
VerSetConditionMask
FreeLibrary
SleepEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
ReadFile
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
CreateMutexExA

user32

PostQuitMessage
SendMessageA
CallWindowProcA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
ShowWindow
GetMessageA
TranslateMessage
GetDC
SetWindowLongPtrA
BeginPaint
IsWindowVisible
EndPaint
SetWindowTextA
FindWindowA
GetFocus
MessageBoxA
SetWindowPos
GetSystemMetrics
DefWindowProcA
DispatchMessageA
GetWindowLongPtrA
GetWindowRect
FillRect
SetFocus
LoadBitmapA
UpdateWindow
InvalidateRect

gdi32

TextOutA
SetTextAlign
SetTextColor
SetBkMode
SetBkColor
CreateFontA
CreateSolidBrush
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleDC

comdlg32

GetOpenFileNameA

advapi32

CryptReleaseContext
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptDestroyKey

spel64

load_library

msvcp140

??Bid@locale@std@@QEAA_KXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
_Strxfrm
_Strcoll
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?_Xbad_alloc@std@@YAXXZ
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
??0facet@locale@std@@IEAA@_K@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??1facet@locale@std@@MEAA@XZ
??0_Lockit@std@@QEAA@H@Z
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Lockit@std@@QEAA@XZ
??1_Locinfo@std@@QEAA@XZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Incref@facet@locale@std@@UEAAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Xlength_error@std@@YAXPEBD@Z
?id@?$ctype@D@std@@2V0locale@2@A

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
__current_exception_context
_CxxThrowException
memcmp
memmove
memset
__current_exception
__std_terminate
__C_specific_handler
strstr
strrchr
_purecall
strchr
__std_exception_destroy
__std_exception_copy
memchr
__RTDynamicCast

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
realloc
free
calloc
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_initterm
_get_narrow_winmain_command_line
exit
_set_app_type
_seh_filter_exe
terminate
strerror
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_c_exit
_register_thread_local_exe_atexit_callback
_beginthreadex
__sys_nerr
_initterm_e
_invalid_parameter_noinfo
_errno
_getpid
_invalid_parameter_noinfo_noreturn
_exit

api-ms-win-crt-time-l1-1-0

clock
_gmtime64
_time64
strftime
_localtime64_s

api-ms-win-crt-string-l1-1-0

strcpy_s
tolower
_stricmp
strcat_s
_strdup
strncmp
strncpy
strpbrk
isupper
strspn
strcspn
strcmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fgets
fopen_s
_set_fmode
fseek
fputs
ftell
__acrt_iob_func
fopen
__stdio_common_vsscanf
__p__commode
rewind
__stdio_common_vsprintf
_read
_write
fread
fclose
fwrite
_open
_lseeki64
_get_stream_buffer_pointers
_close
fputc
ungetc
fgetc
fgetpos
_fseeki64
fsetpos
setvbuf
fflush

api-ms-win-crt-convert-l1-1-0

strtoul
strtoll
strtol
atoi

api-ms-win-crt-filesystem-l1-1-0

_stat64
_unlock_file
_fstat64
_lock_file
_unlink
remove
_access
rename

api-ms-win-crt-utility-l1-1-0

rand_s
srand
rand
qsort

api-ms-win-crt-environment-l1-1-0

_dupenv_s
getenv

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk
_mbsncmp
_mbschr
_mbsnbcpy

api-ms-win-crt-math-l1-1-0

ceilf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

crypt32

CertFindCertificateInStore
CertCloseStore
CertFreeCertificateContext
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringA
CertCreateCertificateChainEngine
CertEnumCertificatesInStore
CryptStringToBinaryA

ws2_32

socket
WSAStartup
ntohl
gethostname
htonl
WSACleanup
getaddrinfo
freeaddrinfo
accept
listen
recvfrom
sendto
__WSAFDIsSet
select
bind
WSAIoctl
closesocket
WSASetLastError
getpeername
getsockname
ioctlsocket
ntohs
connect
getsockopt
htons
setsockopt
send
WSAGetLastError
recv

wldap32

ord32
ord211
ord26
ord30
ord301
ord50
ord143
ord60
ord217
ord41
ord33
ord79
ord200
ord27
ord35
ord45
ord46
ord22

Sections

.text
Size: 501KB - Virtual size: 500KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 669KB - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 3.2MB - Virtual size: 8.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2Take1Cracked/README.txt
2Take1Cracked/Updater.exe
.exe windows:6 windows x64 arch:x64

91533cd0901a926548d904883f897c08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
SleepEx
FreeLibrary
VerSetConditionMask
GetProcAddress
FormatMessageA
LoadLibraryA
UnhandledExceptionFilter
GetModuleHandleA
VerifyVersionInfoA
CreateDirectoryA
GetFileAttributesA
GetLastError
GetCurrentThreadId
SetLastError
ExpandEnvironmentStringsA
ReadFile
GetStdHandle
WaitForMultipleObjects
PeekNamedPipe
GetFileType
WaitForSingleObjectEx
GetFileSizeEx
CreateFileA
RtlCaptureContext
RtlLookupFunctionEntry
QueryPerformanceFrequency
RtlVirtualUnwind
GetModuleHandleW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleFileNameW
CloseHandle
CreateProcessA
Sleep
GetSystemDirectoryA
SetConsoleTitleA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

msvcp140

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?uncaught_exception@std@@YA_NXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_copy
__std_terminate
memcpy
__C_specific_handler
memmove
memchr
strrchr
__std_exception_destroy
__current_exception
strchr
memcmp
strstr
memset
_CxxThrowException
_local_unwind
__current_exception_context

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_register_thread_local_exe_atexit_callback
_crt_atexit
_register_onexit_function
_exit
_initialize_narrow_environment
_set_app_type
__p___argc
terminate
_beginthreadex
exit
__p___argv
_getpid
__sys_nerr
_get_initial_narrow_environment
_initterm
strerror
_configure_narrow_argv
_initterm_e
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_c_exit
_cexit
_errno

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
_set_new_mode
_callnewh
free

api-ms-win-crt-stdio-l1-1-0

fgetc
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
fputc
_get_stream_buffer_pointers
fclose
fopen_s
fseek
ftell
rewind
__acrt_iob_func
__stdio_common_vfprintf_s
__stdio_common_vfwprintf_s
__stdio_common_vsprintf_s
ungetc
_close
_open
_write
_read
__p__commode
_set_fmode
_lseeki64
fgets
__stdio_common_vsscanf
fputs
fopen
__stdio_common_vsprintf
fread

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
remove
_unlink
_fstat64
_lock_file
_access
_stat64

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64
_gmtime64
strftime

api-ms-win-crt-convert-l1-1-0

strtol
atoi
strtoul
strtoll

api-ms-win-crt-string-l1-1-0

strncmp
tolower
_strdup
_stricmp
isupper
strpbrk
strspn
strcspn
strcmp
strncpy

api-ms-win-crt-environment-l1-1-0

_dupenv_s
getenv

api-ms-win-crt-multibyte-l1-1-0

_mbschr
_mbsnbcpy
_mbsncmp
_mbspbrk

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

crypt32

CertFreeCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertFindCertificateInStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChainEngine
CertAddCertificateContextToStore
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringA
CertCreateCertificateChainEngine
CryptStringToBinaryA

ws2_32

recvfrom
sendto
freeaddrinfo
ioctlsocket
__WSAFDIsSet
select
bind
WSAIoctl
closesocket
getaddrinfo
WSASetLastError
htonl
getpeername
gethostname
ntohl
send
accept
setsockopt
getsockname
recv
socket
WSAStartup
WSACleanup
listen
htons
ntohs
getsockopt
connect
WSAGetLastError

wldap32

ord79
ord143
ord200
ord27
ord26
ord41
ord46
ord50
ord301
ord211
ord30
ord217
ord35
ord33
ord32
ord45
ord60
ord22

advapi32

CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptAcquireContextA
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext

Sections

.text
Size: 372KB - Virtual size: 372KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 363KB - Virtual size: 363KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.vlizer
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
2Take1Cracked/appdata_popstar.lnk
.lnk
2Take1Cracked/lua.dll
.dll windows:6 windows x64 arch:x64

56203b2bac2bab924e77400d5fb1a89e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
LoadLibraryExA
GetLastError
GetProcAddress
FreeLibrary
FormatMessageA
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
longjmp
strchr
strstr
strrchr
__intrinsic_setjmp
memcpy
memcmp
memchr
memset

api-ms-win-crt-stdio-l1-1-0

getc
fclose
fflush
__acrt_iob_func
feof
fread
__stdio_common_vfprintf
fopen
fwrite
fgets
ferror
freopen
clearerr
tmpnam
__stdio_common_vsprintf
_pclose
tmpfile
_fseeki64
_ftelli64
setvbuf
ungetc
_popen

api-ms-win-crt-heap-l1-1-0

realloc
free

api-ms-win-crt-string-l1-1-0

isgraph
isxdigit
strpbrk
isupper
tolower
isalpha
isdigit
strspn
iscntrl
isalnum
toupper
ispunct
strncmp
islower
isspace
strcoll

api-ms-win-crt-runtime-l1-1-0

abort
strerror
_errno
system
_cexit
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
exit
_execute_onexit_table

api-ms-win-crt-locale-l1-1-0

setlocale
localeconv

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_mktime64
clock
_difftime64
_time64
_gmtime64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-convert-l1-1-0

strtod

api-ms-win-crt-math-l1-1-0

cos
sin
log10
sqrt
ldexp
ceil
log
fmod
floor
atan2
asin
pow
exp
frexp
acos
tan

api-ms-win-crt-filesystem-l1-1-0

remove
rename

Exports

Exports

luaL_addgsub
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_buffinitsize
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_checkversion_
luaL_error
luaL_execresult
luaL_fileresult
luaL_getmetafield
luaL_getsubtable
luaL_gsub
luaL_len
luaL_loadbufferx
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffsize
luaL_pushresult
luaL_pushresultsize
luaL_ref
luaL_requiref
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_tolstring
luaL_traceback
luaL_typeerror
luaL_unref
luaL_where
lua_absindex
lua_arith
lua_atpanic
lua_callk
lua_checkstack
lua_close
lua_closeslot
lua_compare
lua_concat
lua_copy
lua_createtable
lua_dump
lua_error
lua_gc
lua_getallocf
lua_getfield
lua_getglobal
lua_gethook
lua_gethookcount
lua_gethookmask
lua_geti
lua_getinfo
lua_getiuservalue
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_iscfunction
lua_isinteger
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_len
lua_load
lua_newstate
lua_newthread
lua_newuserdatauv
lua_next
lua_pcallk
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawgetp
lua_rawlen
lua_rawset
lua_rawseti
lua_rawsetp
lua_resetthread
lua_resume
lua_rotate
lua_setallocf
lua_setcstacklimit
lua_setfield
lua_setglobal
lua_sethook
lua_seti
lua_setiuservalue
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_setwarnf
lua_status
lua_stringtonumber
lua_toboolean
lua_tocfunction
lua_toclose
lua_tointegerx
lua_tolstring
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_warning
lua_xmove
lua_yieldk
luaopen_base
luaopen_coroutine
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table
luaopen_utf8

Sections

.text
Size: 230KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2Take1Cracked/lua.md
.js
2Take1Cracked/spel64.dll
.dll windows:6 windows x64 arch:x64

2e7b0100a9237666ee729368d7009231

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
VirtualFree
VirtualAlloc
GetProcessId
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
Sleep
LoadLibraryA
CloseHandle
GetThreadContext
GetProcAddress
VirtualAllocEx
ReadProcessMemory
VirtualFreeEx
SetThreadContext
OpenThread
GetCurrentProcess
CreateRemoteThread
WaitForSingleObject
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext

msvcp140

?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcpy
memset
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
__C_specific_handler
__std_type_info_destroy_list
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
fputc
fwrite
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fgetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_register_onexit_function
_cexit
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_initialize_narrow_environment
_seh_filter_dll
_execute_onexit_table
_initterm_e
_initterm
_configure_narrow_argv

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

free_library
free_library_ex
hijack_first_thread
hijack_thread
load_library
load_library_ex

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2Take1Cracked/updater.log

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 58KB - Virtual size: 58KB

.rsrc Size: 365KB - Virtual size: 365KB

.reloc Size: 512B - Virtual size: 12B

7f6eea2f59a9c61cb20de952d336acc8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

spel64

msvcp140

version

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

crypt32

ws2_32

wldap32

Sections

.text Size: 501KB - Virtual size: 500KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 4KB - Virtual size: 7KB

.pdata Size: 21KB - Virtual size: 20KB

.rsrc Size: 669KB - Virtual size: 669KB

.reloc Size: - Virtual size: 1KB

.vlizer Size: 3.2MB - Virtual size: 8.4MB

91533cd0901a926548d904883f897c08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

msvcp140

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

crypt32

ws2_32

wldap32

.text
Size: 58KB - Virtual size: 58KB

.rsrc
Size: 365KB - Virtual size: 365KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 501KB - Virtual size: 500KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 4KB - Virtual size: 7KB

.pdata
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 669KB - Virtual size: 669KB

.reloc
Size: - Virtual size: 1KB

.vlizer
Size: 3.2MB - Virtual size: 8.4MB

.text
Size: 372KB - Virtual size: 372KB

.rdata
Size: 95KB - Virtual size: 95KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 363KB - Virtual size: 363KB

.reloc
Size: - Virtual size: 1KB

.vlizer
Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 230KB - Virtual size: 229KB

.rdata
Size: 39KB - Virtual size: 39KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 14KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 916B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 120B