d:\NPS_VSS_ROOT\NPS2\bin\release\program files\NPSTimeTable.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3b631e3d7f818838321dfc1f59f455be_JaffaCakes118.exe
Resource
win7-20240708-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
3b631e3d7f818838321dfc1f59f455be_JaffaCakes118.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
3b631e3d7f818838321dfc1f59f455be_JaffaCakes118
-
Size
421KB
-
MD5
3b631e3d7f818838321dfc1f59f455be
-
SHA1
aef136936ebfc6749e950958f630e9a9c79c3311
-
SHA256
c57885540b4564c73df94a1bd16b4a199ff84a8262f0e52859ff03d08591898f
-
SHA512
3e04a6894ff1e4c2c2b2a556d6938a1e11ff4dc3a6eae8a063d536066e9d98bf422db84a27aa5262d1f38a621144b8243e77f1ea7a8516d57efd235212631946
-
SSDEEP
6144:mf9Bm2pmk2T6YzEcDo4hXSKcNEu/zAEVMouiguguEXl8OJrTO6u2p:Mbm2Ih6LcDokzeMEbuiguwVBhp
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3b631e3d7f818838321dfc1f59f455be_JaffaCakes118
Files
-
3b631e3d7f818838321dfc1f59f455be_JaffaCakes118.exe windows:4 windows x86 arch:x86
dc1e100f8cc897b818d8eb81b847ac4b
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
npscomnctrl
??1CWndShadow@@UAE@XZ
?TrackPopupMenu@CNPSTransMenu@@QAEXIHHPAVCWnd@@PBUtagRECT@@H@Z
NPSLOG
?Create@CWndShadow@@QAEXPAUHWND__@@@Z
?InitShadow@CWndShadow@@QAEXXZ
??0CNPSTransMenu@@QAE@XZ
?NPSSkinEnableRTL@@YAXH@Z
??1CNPSTransMenu@@UAE@XZ
?LoadMenuW@CNPSTransMenu@@QAEHI@Z
??0CWndShadow@@QAE@XZ
?NPSMessageBox@@YAHPAUHWND__@@PB_W1I@Z
?Uninitialize@NPSGdiPlusUtil@@YAXXZ
?SetThreadLocaleEx@@YAHK@Z
?Initialize@CWndShadow@@SA_NPAUHINSTANCE__@@@Z
?Initialize@NPSGdiPlusUtil@@YAXXZ
??0NPSSystemDateTime@@QAE@XZ
??1NPSSystemDateTime@@QAE@XZ
?GetSysTimeFormat@NPSSystemDateTime@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?DrawStrechPNG@NPSGdiPlusUtil@@YAHPAVCDC@@PAVBitmap@Gdiplus@@HHHHHHHH@Z
??0CNPSDragDropText@@QAE@XZ
??1CNPSDragDropText@@QAE@XZ
?CheckDragText@CNPSDragDropText@@QAEHH@Z
?CheckHeader@CNPSDragDropText@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@HH@Z
??0CNPSDropTarget@@QAE@XZ
??1CNPSDropTarget@@UAE@XZ
?SetExportFileName@CNPSDragDropText@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?SendStringData@CNPSDragDropText@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@HH@Z
?Ole2SysTime@NPSSystemDateTime@@QAE?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@VCOleDateTime@3@HH@Z
?LoadBitmapFromResource@NPSGdiPlusUtil@@YAPAVBitmap@Gdiplus@@PAUHINSTANCE__@@PB_W1@Z
npscustomctrl
?OnNotify@CNPSPrintDlg@@MAEHIJPAJ@Z
?OnCommand@CNPSPrintDlg@@MAEHIJ@Z
?GetMessageMap@CNPSPrintDlg@@MBEPBUAFX_MSGMAP@@XZ
?GetRuntimeClass@CNPSPrintDlg@@UBEPAUCRuntimeClass@@XZ
??1CNPSPrintDlg@@UAE@XZ
??0CNPSPrintDlg@@QAE@HKPAVCWnd@@@Z
?getKeyValue@CWin32Registry@@QAEHV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@0PAV23@PB_W@Z
??1CWin32Registry@@UAE@XZ
??0CWin32Registry@@QAE@H@Z
?GetMenuRect@CNPSFrame2@@IAE?AVCRect@@XZ
??1CNPSFrameTopBar_SyncBt@@UAE@XZ
?GetThisClass@CNPSFrame2@@SGPAUCRuntimeClass@@XZ
??0CNPSFrameTopBar_SyncBt@@QAE@XZ
??1CNPSFrameTopBar_DeviceSelect@@UAE@XZ
?PreCreateWindow@CNPSFrame2@@MAEHAAUtagCREATESTRUCTW@@@Z
??0CNPSFrameTopBar_DeviceSelect@@QAE@XZ
?SetHandle@CNPSFrame2@@QAEXPAUHWND__@@0@Z
?OnInitDialog@CNPSPrintDlg@@UAEHXZ
?IsRTL@CNPSFrame2@@IAEHXZ
??0CNPSFrame2@@IAE@XZ
?GetThisMessageMap@CNPSFrame2@@KGPBUAFX_MSGMAP@@XZ
?SetSelectedTab@CNPSFrameTopBar_SyncBt@@QAEXH@Z
?SetSmallSize@CNPSFrameTopBar_SyncBt@@QAEXXZ
?InitTabBtn@CNPSFrameTopBar_SyncBt@@QAEXAAVCStringArray@@_N@Z
?CreateA@CNPSFrameTopBar_SyncBt@@QAEHPAVCWnd@@II_N@Z
?SetBottomBarButtonEnable@CNPSFrame2@@QAEX_NV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?EnableSecondTab@CNPSFrameTopBar_SyncBt@@QAEXH@Z
?initFrameToolTipText@CNPSFrame2@@QAEXPB_W00000@Z
?PreTranslateMessage@CNPSFrame2@@MAEHPAUtagMSG@@@Z
?setAppIcon@CNPSFrame2@@QAEXI@Z
?setPopupMenu@CNPSFrame2@@QAEXIV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?OnBnClickedBtnFunc@CNPSFrame2@@MAEXXZ
?OnCreate@CNPSFrame2@@IAEHPAUtagCREATESTRUCTW@@@Z
?initFrame@CNPSFrame2@@QAEXIIIIHIIIIIIVCSize@@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?EnableCloseSysBtn@CNPSFrame2@@QAEXH@Z
?DoDataExchange@CNPSFrame2@@MAEXPAVCDataExchange@@@Z
?SetUTGuide@CNPSFrame2@@QAEX_N@Z
??1CNPSFrame2@@MAE@XZ
??0CNPSAboutDlg@@QAE@PAVCWnd@@AAV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@G@Z
?SetText@CNPSTransferWnd@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@H@Z
?ShowTransferStatus@CNPSTransferWnd@@QAEXHW4eTransferType@1@@Z
?SetStatusText@CNPSFrame2@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
??1CNPSTransferWnd@@UAE@XZ
??0CNPSTransferWnd@@QAE@XZ
?SetBtnText@CNPSTransferWnd@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?OnClose@CNPSFrame2@@IAEXXZ
?PreTranslateMessage@CNPSTransferWnd@@MAEHPAUtagMSG@@@Z
?PreCreateWindow@CNPSTransferWnd@@MAEHAAUtagCREATESTRUCTW@@@Z
?GetMessageMap@CNPSTransferWnd@@MBEPBUAFX_MSGMAP@@XZ
?GetRuntimeClass@CNPSTransferWnd@@UBEPAUCRuntimeClass@@XZ
?SetLabelLimitText@CLabelEditLimited@@QAEXJH@Z
??1CLabelEditLimited@@UAE@XZ
??0CLabelEditLimited@@QAE@XZ
?SetLabel@CLabelEdit@@QAEXV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@Z
?DoModal@CNPSDialog@@UAEHXZ
??1CNPSAboutDlg@@UAE@XZ
??0CNPSButton@@QAE@XZ
??1CNPSButton@@UAE@XZ
?SetImage@CNPSButton@@QAEXIKH@Z
?SetToolTipText@CNPSButton@@QAEXPB_W@Z
?GetSysButtonRect@CNPSFrame2@@IAE?AVCRect@@H@Z
npsconvey
ord1
npsdbproxy
?FlushStaleReads@CNPSDBProxy@@QAEJXZ
?ExecuteQuery@CNPSDBProxy@@QAEHPB_WH@Z
?BeginTrans@CNPSDBProxy@@QAEHXZ
?Commit@CNPSDBProxy@@QAEHXZ
?ExistTable@CNPSDBProxy@@QAEHPB_W@Z
?Close@CNPSDBProxy@@QAEHXZ
??0CNPSDBProxy@@QAE@XZ
??1CNPSDBProxy@@QAE@XZ
?Open@CNPSDBProxy@@QAEHPB_W0H@Z
?ExecuteQuery@CNPSDBProxy@@QAEHPB_WAAV?$vector@V?$vector@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V?$allocator@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@std@@@std@@V?$allocator@V?$vector@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@V?$allocator@V?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@@std@@@std@@@2@@std@@@Z
mfc80u
ord4300
ord5373
ord5982
ord3344
ord5981
ord1545
ord2648
ord3570
ord1198
ord4162
ord2468
ord5398
ord899
ord896
ord3639
ord3444
ord4560
ord2608
ord2615
ord6234
ord2007
ord2042
ord5152
ord5588
ord1370
ord5408
ord2736
ord5491
ord4251
ord4846
ord1913
ord4216
ord3034
ord2762
ord5930
ord6039
ord4476
ord4258
ord764
ord3436
ord2402
ord2407
ord6061
ord2390
ord357
ord2392
ord606
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord501
ord925
ord709
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord3636
ord4255
ord4480
ord4179
ord3943
ord4290
ord2638
ord5067
ord4119
ord3703
ord1899
ord3713
ord3712
ord4238
ord1393
ord2527
ord3940
ord2640
ord1608
ord2534
ord1611
ord2856
ord2708
ord6721
ord1079
ord4301
ord2829
ord2725
ord2531
ord1953
ord6115
ord5196
ord5157
ord6063
ord1590
ord5198
ord1646
ord6265
ord1647
ord5141
ord4109
ord5909
ord1338
ord1353
ord1334
ord3983
ord4961
ord4980
ord577
ord1894
ord3339
ord1343
ord6275
ord2030
ord3796
ord2068
ord2155
ord6273
ord2072
ord1513
ord1903
ord2163
ord3981
ord2169
ord5351
ord2399
ord3923
ord2381
ord4190
ord2379
ord6010
ord2397
ord2409
ord2386
ord1543
ord6271
ord553
ord742
ord5911
ord562
ord2424
ord751
ord4259
ord4271
ord1297
ord2164
ord557
ord745
ord283
ord5144
ord3939
ord1548
ord4336
ord5712
ord280
ord2418
ord2419
ord2986
ord5352
ord940
ord762
ord2933
ord4129
ord4303
ord5006
ord5003
ord2365
ord2609
ord1904
ord2237
ord1955
ord2361
ord1118
ord2311
ord1925
ord3204
ord347
ord602
ord3174
ord3155
ord5715
ord5917
ord5397
ord5410
ord5584
ord293
ord5519
ord5643
ord5638
ord5723
ord6033
ord5884
ord6053
ord4155
ord6050
ord5604
ord1270
ord6056
ord5607
ord2521
ord1271
ord2255
ord3417
ord2077
ord2985
ord2366
ord3158
ord760
ord572
ord587
ord5210
ord3678
ord563
ord2889
ord1006
ord6251
ord1957
ord330
ord3756
ord589
ord5609
ord5171
ord5148
ord4226
ord2362
ord1536
ord4256
ord1392
ord5908
ord6720
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord1472
ord3435
ord5829
ord354
ord605
ord6086
ord5199
ord3635
ord4574
ord4112
ord774
ord4228
ord1538
ord1474
ord1922
ord3424
ord4092
ord2080
ord3165
ord591
ord2893
ord266
ord1182
ord776
ord1178
ord1476
ord3198
ord1176
ord3281
ord1086
ord3542
ord5170
ord4297
ord4778
ord5637
ord5044
ord3079
ord4117
ord5045
ord1047
ord3995
ord3658
ord3460
ord506
ord4267
ord712
ord3157
ord1351
ord3338
ord2651
ord5147
ord3968
ord2461
ord4854
ord2086
ord4857
ord1582
ord4373
ord4234
ord4928
ord4378
ord4375
ord4393
ord2662
ord4395
ord3311
ord4380
ord4768
ord4585
ord4447
ord4173
ord4711
ord4166
ord4780
ord4974
ord5068
ord4385
ord5069
ord4775
ord5779
ord5636
ord4198
ord4026
ord4784
ord4437
ord4438
ord3734
ord1348
ord5134
ord741
ord4631
ord4355
ord5022
ord4293
ord4946
ord4733
ord5201
ord4013
ord4898
ord395
ord635
ord3642
ord5161
ord1156
ord2038
ord1289
ord1117
ord1177
ord2035
ord2629
ord1352
ord1719
ord4855
ord547
ord4858
ord956
ord4175
ord4771
ord4465
ord3585
ord565
ord756
ord3676
ord511
ord2025
ord313
ord1189
ord4728
ord4205
ord334
ord593
ord3104
ord4100
ord4314
ord5221
ord1479
ord1058
ord1155
ord3327
ord2239
ord282
ord4475
ord2832
ord5562
ord5209
ord4461
ord5226
ord4463
ord4562
ord3677
ord3942
ord5222
ord6700
ord5220
ord2925
ord1911
ord566
ord3826
ord757
ord5378
ord6215
ord5096
ord1007
ord3800
ord1785
ord5579
ord2054
ord4320
ord6274
ord3795
ord3824
ord6272
ord4008
ord3990
ord4032
ord1121
ord1049
ord5971
ord2261
ord4025
ord739
ord1541
ord6036
ord3172
ord599
ord3189
ord5727
ord6031
ord3679
ord620
ord1638
ord1580
ord3309
ord3590
ord4347
ord6293
ord2340
ord5327
ord6282
ord1172
ord5316
ord265
ord1571
ord3249
ord368
ord616
ord4699
msvcr80
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
exit
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_unlock
__CxxFrameHandler3
_CxxThrowException
memset
floor
_purecall
wprintf
_invalid_parameter_noinfo
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
memmove_s
swprintf_s
ceil
swscanf_s
free
_wtoi
_wcsdup
_localtime64_s
_time64
__RTDynamicCast
_wtof
wcsftime
vswprintf_s
kernel32
LoadLibraryW
CloseHandle
CreateThread
Sleep
GetThreadLocale
InterlockedDecrement
GetCurrentProcessId
FormatMessageW
lstrlenW
HeapAlloc
HeapFree
GetACP
GetLocaleInfoA
GetVersionExA
GetProcessHeap
FreeLibrary
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
MultiByteToWideChar
CreateFileW
ReadFile
GetPrivateProfileIntW
GetPrivateProfileStringW
GetLocaleInfoW
GetLastError
CreateMutexW
user32
IsWindowVisible
GetSystemMetrics
ScreenToClient
GetScrollInfo
FillRect
GetCursorPos
PtInRect
DefWindowProcW
UpdateWindow
GetActiveWindow
SendMessageA
GetDC
LoadIconW
ReleaseDC
GetParent
CreateWindowExW
GetSysColor
SetWindowPos
GetWindowRect
IsWindowEnabled
ReleaseCapture
SetCapture
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
CopyRect
IsWindow
InvalidateRect
EnableWindow
GetClientRect
SendMessageW
GetSubMenu
DeleteMenu
DestroyMenu
PostMessageW
EnableMenuItem
RegisterWindowMessageW
gdi32
BitBlt
Escape
CreateCompatibleDC
PtVisible
GetObjectW
SetLayout
TextOutW
GetBkColor
LPtoDP
CreateFontW
CreatePen
CreateSolidBrush
Rectangle
RectVisible
SelectObject
GetTextColor
ExtTextOutW
GetTextMetricsW
DeleteObject
GetTextExtentPoint32W
GetDeviceCaps
CreateCompatibleBitmap
comctl32
_TrackMouseEvent
InitCommonControlsEx
ole32
OleRun
CoCreateInstance
CLSIDFromProgID
oleaut32
SafeArrayGetLBound
VariantClear
VarDateFromStr
VarUdateFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
SysFreeString
SafeArrayUnlock
SafeArrayLock
SafeArrayDestroy
SafeArrayGetVartype
SafeArrayGetUBound
GetErrorInfo
toolkitpro1331vc80u
?GetColor@CXTPColorManager@@QBEKH@Z
?Instance@CXTPColorManager@@CAAAV1@XZ
??0CXTPPaintManagerColorGradient@@QAE@K@Z
??0CXTMemDC@@QAE@PAVCDC@@ABVCRect@@VCXTPPaintManagerColorGradient@@H@Z
??1CXTMemDC@@UAE@XZ
??0CXTPClientRect@@QAE@PBVCWnd@@@Z
?InitCommandBars@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@UAEHPAUCRuntimeClass@@@Z
?OnSetPreviewMode@?$CXTPFrameWndBase@VCFrameWnd@@@@UAEXHPAUCPrintPreviewState@@@Z
?LoadFrame@?$CXTPFrameWndBase@VCFrameWnd@@@@UAEHIKPAVCWnd@@PAUCCreateContext@@@Z
?OnHookMessage@CXTPOffice2007FrameHook@@MAEHPAUHWND__@@IAAIAAJ2@Z
?OnWndMsg@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@MAEHIIJPAJ@Z
?LoadCommandBars@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@UAEXPB_WH@Z
?SaveCommandBars@?$CXTPCommandBarsSiteBase@VCFrameWnd@@@@UAEXPB_W@Z
dump
?RegisterCrashHandler@@YAHPB_W0@Z
msvcp80
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
gdiplus
GdipSetStringFormatAlign
GdipCloneBrush
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatFlags
GdipGetImageWidth
GdipGetImageHeight
GdipDrawString
GdipGraphicsClear
GdipAlloc
GdipFree
GdipDrawCachedBitmap
GdipCreateBitmapFromScan0
GdipFillRectangle
GdipDisposeImage
GdipDeleteBrush
GdipCreateFont
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipGetImageGraphicsContext
GdipCreateFontFamilyFromName
GdipCreateCachedBitmap
GdipDeleteCachedBitmap
GdipDrawImageRectI
GdipResetWorldTransform
GdipTranslateWorldTransform
GdipScaleWorldTransform
GdipDeletePen
GdipCreatePen1
GdipDrawLineI
GdipDrawRectangle
GdipCloneImage
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFontFromLogfontW
GdipCreateSolidFill
GdipDrawImageRect
GdipDrawImageRectRect
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipCreateFromHDC
GdipDeleteGraphics
winmm
PlaySoundW
Sections
.text Size: 212KB - Virtual size: 209KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 76KB - Virtual size: 75KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 4KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 48KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.erdata Size: 72KB - Virtual size: 72KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE