c:\depot\workscd\Common\WksGen\Wbl\Release\WkWbl.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ac949e63414da1ddd7d24a3974edf63b_JaffaCakes118.dll
Resource
win7-20240704-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
ac949e63414da1ddd7d24a3974edf63b_JaffaCakes118.dll
Resource
win10v2004-20240802-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
ac949e63414da1ddd7d24a3974edf63b_JaffaCakes118
-
Size
272KB
-
MD5
ac949e63414da1ddd7d24a3974edf63b
-
SHA1
71963600c9c63a8265bfe954399d5b61f91b8dae
-
SHA256
5c346305618a004363cd6cefdda22edc56e787adff3d0c84dc030a449a1ae765
-
SHA512
9a35d59bf36401c14ca9e69d6d44cd91ddd2278a4ae217b3e9c75482c6110ae136e5fcda919286912cda3841488d553b8e5b230e5ec79ccd9e8fea79f483bba9
-
SSDEEP
3072:pL+rrS6JzUkz6fSdUHZvsIwvmb5vtQ1CvzT0s2rRsamQN6ahC1bBz7zU/WZAn538:pay6dGsIB51nT0s/76C1bxsUAnLZe73x
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ac949e63414da1ddd7d24a3974edf63b_JaffaCakes118
Files
-
ac949e63414da1ddd7d24a3974edf63b_JaffaCakes118.dll windows:4 windows x86 arch:x86
23f775d8d61259c911649b8fb456f515
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
wkwinuni
ord166
ord137
ord163
ord67
ord56
ord143
ord167
ord141
ord134
ord128
ord133
ord112
ord179
ord109
ord111
ord113
ord47
ord333
ord107
ord43
ord44
ord104
ord170
ord481
ord59
ord176
ord101
ord40
ord62
ord60
ord161
ord145
ord140
ord115
ord45
ord68
ord149
ord148
ord93
ord83
ord88
ord215
kernel32
LeaveCriticalSection
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
SizeofResource
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
FormatMessageA
WideCharToMultiByte
GetUserDefaultLangID
FindClose
IsValidLocale
LoadLibraryA
FreeLibrary
MultiByteToWideChar
GetProcAddress
GetVersionExA
GetSystemInfo
HeapDestroy
HeapReAlloc
IsValidCodePage
GetSystemDefaultLCID
GetUserDefaultLCID
GetProcessHeap
GetHandleInformation
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
RaiseException
InitializeCriticalSection
DeleteCriticalSection
FreeResource
LockResource
LoadResource
HeapCreate
HeapSize
HeapFree
VirtualQuery
GetLastError
HeapAlloc
VirtualAlloc
VirtualFree
user32
GetCursor
SetCursor
GetSysColorBrush
GetActiveWindow
wsprintfA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetTopWindow
GetDlgCtrlID
CreatePopupMenu
GetWindowRect
TrackPopupMenuEx
DestroyMenu
WindowFromPoint
GetWindow
UnregisterClassA
GetDesktopWindow
ClientToScreen
CharNextA
GetParent
gdi32
CreateCompatibleDC
CreateDIBSection
SelectObject
GetDeviceCaps
GetClipBox
DeleteObject
DeleteDC
BitBlt
SetBkColor
CreateBitmap
CreateCompatibleBitmap
GetDCOrgEx
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
shell32
SHGetSpecialFolderLocation
SHGetMalloc
ole32
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
oleaut32
VarUI4FromStr
SysFreeString
msvcp71
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
msvcr71
__CppXcptFilter
_initterm
_adjust_fdiv
??1exception@@UAE@XZ
??0exception@@QAE@XZ
__CxxFrameHandler
memset
memcpy
memmove
swscanf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_except_handler3
_onexit
free
_purecall
malloc
vswprintf
wcscmp
_wtoi
realloc
??1type_info@@UAE@XZ
__security_error_handler
?terminate@@YAXXZ
__dllonexit
Exports
Exports
??0COStrMan@@QAE@XZ
??0CWblCommandLineParseResult@@QAE@ABV0@@Z
??0CWblCommandLineParseResult@@QAE@XZ
??0CWblMessages@@QAE@ABV0@@Z
??0CWblMessages@@QAE@XZ
??0CWfxContextHelp@@QAE@ABV0@@Z
??0CWfxContextHelp@@QAE@XZ
??0CWksWaitCursor@@QAE@PBG_N@Z
??0MWblIntl@@AAE@XZ
??0MWblIntlFeatures@@AAE@XZ
??0MWblStrings@@AAE@XZ
??0MWblStringsWin32@@AAE@XZ
??1COStrMan@@QAE@XZ
??1CWblCommandLineParseResult@@QAE@XZ
??1CWksWaitCursor@@QAE@XZ
??1MWblIntl@@AAE@XZ
??1MWblIntlFeatures@@AAE@XZ
??1MWblStrings@@AAE@XZ
??1MWblStringsWin32@@AAE@XZ
??2@YAPAXIPAXK@Z
??3@YAXPAX0K@Z
??4COStrMan@@QAEAAV0@ABV0@@Z
??4CWblCommandLineParseResult@@QAEAAV0@ABV0@@Z
??4CWblMessages@@QAEAAV0@ABV0@@Z
??4CWfxContextHelp@@QAEAAV0@ABV0@@Z
??4CWksWaitCursor@@QAEAAV0@ABV0@@Z
??4MWblIntl@@QAEAAV0@ABV0@@Z
??4MWblIntlFeatures@@QAEAAV0@ABV0@@Z
??4MWblStrings@@QAEAAV0@ABV0@@Z
??4MWblStringsWin32@@QAEAAV0@ABV0@@Z
??_7CWblMessages@@6B@
??_FCWksWaitCursor@@QAEXXZ
?AddParseError@CWblCommandLineParseResult@@QAEXK@Z
?BAddItem@CWblCommandLineParseResult@@QAE_NJPAG0@Z
?BAlphaNumWch@MWblStrings@@SA_NG@Z
?BAlphaWch@MWblStrings@@SA_NG@Z
?BCheckResources@@YA_N_NIII@Z
?BChina@MWblIntl@@SA_NK@Z
?BDigitWch@MWblStrings@@SA_NG@Z
?BEnableDoubleFontDialog@MWblIntlFeatures@@SA_NXZ
?BEnableVerticalTextbox@MWblIntlFeatures@@SA_NXZ
?BEqualRgwch@MWblStrings@@SA_NPBGH0HW4EStringCompareType@@@Z
?BEqualWz@MWblStrings@@SA_NPBG0W4EStringCompareType@@@Z
?BFEWch@MWblStrings@@SA_NG@Z
?BFEWz@MWblStrings@@SA_NPBG@Z
?BFarEast@MWblIntl@@SA_NK@Z
?BGetSpecialFolder@@YA_NHPAG@Z
?BHexDigitWch@MWblStrings@@SA_NG@Z
?BHrIsOutOfDiskSpace@@YA_NJ@Z
?BHrIsOutOfMemory@@YA_NJ@Z
?BInit@CWblCommandLineParseResult@@QAE_NI@Z
?BIsAnsi@MWblStrings@@CA_NG@Z
?BIsOn@CWksWaitCursor@@QAE_NXZ
?BJapan@MWblIntl@@SA_NK@Z
?BKorea@MWblIntl@@SA_NK@Z
?BLowerCaseWch@MWblStrings@@SA_NG@Z
?BOsIsWide@@YG_NXZ
?BPreMessageBox@CWblMessages@@MAE_NXZ
?BPuncWch@MWblStrings@@SA_NG@Z
?BSpaceWch@MWblStrings@@SA_NG@Z
?BSzToRgwch@MWblStrings@@SA_NPBDPAGH@Z
?BTaiwan@MWblIntl@@SA_NK@Z
?BUpperCaseWch@MWblStrings@@SA_NG@Z
?BWzToRgch@MWblStrings@@SA_NPBGPADH@Z
?BuildLocalePath@MWblIntl@@SAXKPAG0PAUHINSTANCE__@@@Z
?CbFromSz@MWblStrings@@SAHPBD@Z
?CbFromWz@MWblStrings@@SAHPBG@Z
?CbRgwchToRgch@MWblStrings@@SAHPBGHPADH@Z
?CbRgwchToRgchCp@MWblStrings@@SAHIPBGHPADH@Z
?CbWzToSz@MWblStrings@@SAHPBGPAD@Z
?CchFromSz@MWblStrings@@SAHPBD@Z
?CharLowerCaseLid@MWblStringsWin32@@SAGGG@Z
?CharUpperCaseLid@MWblStringsWin32@@SAGGG@Z
?CompareMemory@MWblStringsWin32@@SAHPBX0I@Z
?CountryCodeFromLcid@MWblIntl@@KAHK@Z
?CpeParseErrors@CWblCommandLineParseResult@@QAEKXZ
?CwchDoubleToWz@MWblStrings@@SAHNPAG@Z
?CwchFormatWz@MWblStrings@@SAHPAUHINSTANCE__@@HPAGHPAH@Z
?CwchFormatWz@MWblStrings@@SAHPAUHINSTANCE__@@HPAGHPAPAG@Z
?CwchFormatWz@MWblStrings@@SAHPAUHINSTANCE__@@PBGPAGHPAH@Z
?CwchFormatWz@MWblStrings@@SAHPBGPAGHPAPAG@Z
?CwchFromWz@MWblStrings@@SAHPBG@Z
?CwchFromWzIgnoreTrailingSpace@MWblStrings@@SAHPBG@Z
?CwchIntToWz@MWblStrings@@SAHHHPAG@Z
?CwchLoadMeasurement@MWblIntl@@SAHPAUHINSTANCE__@@IW4MEASURE@@PAN@Z
?CwchLoadStringCore@COStrMan@@IAEHPAUHINSTANCE__@@IPAGHI@Z
?CwchLoadStringFromDLL@COStrMan@@QAEHPAUHINSTANCE__@@IPAGHI@Z
?CwchLoadStringFromDLL@MWblIntl@@SAHPAUHINSTANCE__@@IPAGHI@Z
?CwchLoadWz@COStrMan@@QAEHPAUHINSTANCE__@@IPAGH@Z
?CwchLoadWz@MWblIntl@@SAHPAUHINSTANCE__@@IPAGH@Z
?CwchRgchToRgwch@MWblStrings@@SAHPBDHPAGH@Z
?CwchRgchToRgwchCp@MWblStrings@@SAHIPBDHPAGH@Z
?CwchSzToWz@MWblStrings@@SAHPBDPAG@Z
?CwchTimeToWz@MWblStrings@@SAHPAU_SYSTEMTIME@@PAG@Z
?CwchUintToWz@MWblStrings@@SAHIHPAG@Z
?CwchWzToDouble@MWblStrings@@SAHPBGPAN@Z
?CwchWzToHexInt@MWblStrings@@SAHPBGPAH@Z
?CwchWzToInt@MWblStrings@@SAHPBGPAH@Z
?CwchWzToUint@MWblStrings@@SAHPBGPAI@Z
?DitherBlt@@YAXPAUHDC__@@HHHH0PAUHBITMAP__@@HH@Z
?FMemAlert@@YAHXZ
?Failure@CWblMessages@@QAEXPAUHWND__@@H@Z
?Failure@CWblMessages@@QAEXPAUHWND__@@PBG@Z
?FailureDiskSpace@CWblMessages@@QAEXPAUHWND__@@@Z
?FailureF@CWblMessages@@QAAXPAUHWND__@@HZZ
?FailureF@CWblMessages@@QAAXPAUHWND__@@PBGZZ
?FailureFormatWz@CWblMessages@@QAEXPAUHWND__@@HPAH@Z
?FailureFormatWz@CWblMessages@@QAEXPAUHWND__@@HPAPAG@Z
?FailureFormatWz@CWblMessages@@QAEXPAUHWND__@@PBGPAH@Z
?FailureFormatWz@CWblMessages@@QAEXPAUHWND__@@PBGPAPAG@Z
?FailureHr@CWblMessages@@QAEXPAUHWND__@@J@Z
?FailureMemory@CWblMessages@@QAEXPAUHWND__@@@Z
?FailureMustClose@CWblMessages@@QAEXPAUHWND__@@@Z
?FailureOther@CWblMessages@@QAEXPAUHWND__@@@Z
?FailureReinstall@CWblMessages@@QAEXPAUHWND__@@PBG@Z
?FailureReinstallApp@CWblMessages@@QAEXPAUHWND__@@PBG1@Z
?GetDefaultLangId@MWblStrings@@SAGXZ
?GetHelpLcid@MWblIntl@@SAKXZ
?GetInstallLcid@MWblIntl@@SAKXZ
?GetResourceDLL@@YAPAUHINSTANCE__@@XZ
?GetSystemLcid@MWblIntl@@SAKXZ
?GetUILcid@MWblIntl@@SAKXZ
?GetUserLcid@MWblIntl@@SAKXZ
?HrWblParseCommandLine@@YAJAAUSClpRules@@PBGAAVCWblCommandLineParseResult@@@Z
?Init@CWblMessages@@QAEXPAUHINSTANCE__@@@Z
?Initialize@MWblIntl@@SAJXZ
?Initialize@MWblStrings@@SAJXZ
?LoadLocResourceDLL@MWblIntl@@SAPAUHINSTANCE__@@KPAGPAU2@@Z
?LoadResourceDLL@MWblIntl@@SAPAUHINSTANCE__@@PBG@Z
?LoadUIResourceDLL@MWblIntl@@SAPAUHINSTANCE__@@PAGPAU2@@Z
?NCompareLocRgwch@MWblStrings@@SAHPBGH0HW4EStringCompareType@@@Z
?NCompareLocRgwchLoc@MWblStrings@@SAHPBGH0HW4EStringCompareType@@GG@Z
?NCompareLocWz@MWblStrings@@SAHPBG0W4EStringCompareType@@@Z
?NCompareRgwch@MWblStrings@@SAHPBGH0H_N@Z
?NCompareWz@MWblStrings@@SAHPBG0_N@Z
?NFindNotWchInRgwch@MWblStrings@@SAHPBGHG@Z
?NFindNotWchInWz@MWblStrings@@SAHPBGG@Z
?NFindOneOfInWz@MWblStrings@@SAHPBG0@Z
?NFindRightWchInRgwch@MWblStrings@@SAHPBGHG@Z
?NFindRightWchInWz@MWblStrings@@SAHPBGG@Z
?NFindWchInRgwch@MWblStrings@@SAHPBGHG@Z
?NFindWchInWz@MWblStrings@@SAHPBGG@Z
?NFromWz@MWblStrings@@SAHPBG@Z
?NMessageBox@CWblMessages@@QAEHPAUHWND__@@IH@Z
?NMessageBox@CWblMessages@@QAEHPAUHWND__@@IPBG@Z
?NMessageBoxF@CWblMessages@@QAAHPAUHWND__@@IHZZ
?NMessageBoxF@CWblMessages@@QAAHPAUHWND__@@IPBGZZ
?NMessageBoxFormatWz@CWblMessages@@QAEHPAUHWND__@@IHPAH@Z
?NMessageBoxFormatWz@CWblMessages@@QAEHPAUHWND__@@IHPAPAG@Z
?NMessageBoxFormatWz@CWblMessages@@QAEHPAUHWND__@@IPBGPAH@Z
?NMessageBoxFormatWz@CWblMessages@@QAEHPAUHWND__@@IPBGPAPAG@Z
?NMessageBoxTitle@CWblMessages@@QAEHPAUHWND__@@IHH@Z
?NMessageBoxTitle@CWblMessages@@QAEHPAUHWND__@@IPBG1@Z
?NRgPosrFromRid@COStrMan@@IAEHK@Z
?NYI@CWblMessages@@QAEXPAUHWND__@@@Z
?Off@CWksWaitCursor@@QAEXXZ
?On@CWksWaitCursor@@QAEXPBG@Z
?OnWksContextMenu@CWfxContextHelp@@QAEJIIJAAH@Z
?OnWksHelp@CWfxContextHelp@@QAEJIIJAAH@Z
?OperatorDelete@@YAXPAX@Z
?OperatorNew@@YAPAXIPAXK@Z
?PosrFromCachedRid@COStrMan@@IAEPAUSOsr@@KPAUHINSTANCE__@@@Z
?PosrFromRid@COStrMan@@IAEPAUSOsr@@KPAUHINSTANCE__@@@Z
?PostMessageBox@CWblMessages@@MAEXXZ
?ProcessWindowMessage@CWfxContextHelp@@QAEHPAUHWND__@@IIJAAJK@Z
?PvBaseFromPv@@YAPAXPAX@Z
?PvBaseFromPvFixed@@YAPAXPAX@Z
?PwchFindNotWchInRgwch@MWblStrings@@SAPAGPBGHG@Z
?PwchFindNotWchInWz@MWblStrings@@SAPAGPBGG@Z
?PwchFindOneOfInWz@MWblStrings@@SAPAGPBG0@Z
?PwchFindRightWchInRgwch@MWblStrings@@SAPAGPBGHG@Z
?PwchFindRightWchInWz@MWblStrings@@SAPAGPBGG@Z
?PwchFindWchInRgwch@MWblStrings@@SAPAGPBGHG@Z
?PwchFindWchInWz@MWblStrings@@SAPAGPBGG@Z
?PwchSkipLeadingWch@MWblStrings@@SAPAGPAGG@Z
?PwchSkipWhiteSpace@MWblStrings@@SAPAGPBG@Z
?RClpResultItemAt@CWblCommandLineParseResult@@QAEAAUSClpResultItem@@I@Z
?RCommands@CWblCommandLineParseResult@@QAEAAV?$CWksDynamicArray@USCommands@@V?$CWksAllocator@USCommands@@@@@@XZ
?Refresh@MWblIntl@@SAJXZ
?RgwchStrStr@MWblStrings@@SAPAGPBGH0H@Z
?RgwchStrStrEx@MWblStrings@@SAPAGPBGH0HW4EStringCompareType@@@Z
?SetDefaultLangId@MWblStrings@@SAXG@Z
?SetDefaultParent@CWblMessages@@QAEXPAUHWND__@@@Z
?SetDefaultSection@COStrMan@@QAEXG@Z
?SetDefaultSection@MWblIntl@@SAXG@Z
?SetResourceCodePage@COStrMan@@QAEXI@Z
?SetResourceCodePage@MWblIntl@@SAXI@Z
?SetResourceDLL@@YAXPAUHINSTANCE__@@@Z
?ShowContextHelp@CWfxContextHelp@@QAEXPAUtagHELPINFO@@@Z
?ShowLangDllError@@YAXXZ
?StCountResultItems@CWblCommandLineParseResult@@QAEIXZ
?SzToWzSimple@MWblStrings@@SAXPBDPAG@Z
?UCodePageFromLcid@MWblIntl@@SAIK@Z
?UResourceCodePage@COStrMan@@QAEIXZ
?UResourceCodePage@MWblIntl@@SAIXZ
?WDefaultSection@COStrMan@@QAEGXZ
?WDefaultSection@MWblIntl@@SAGXZ
?WGetCType1Wch@MWblStringsWin32@@SAGG@Z
?WGetCType2Wch@MWblStringsWin32@@SAGG@Z
?WGetCType3Wch@MWblStringsWin32@@SAGG@Z
?WblRegQueryValueEx@@YGJPAUHKEY__@@PBGPAK2PAE2@Z
?WchStripAccent@MWblStrings@@SAGG@Z
?WchToLowerCase@MWblStrings@@SAGG@Z
?WchToUpperCase@MWblStrings@@SAGG@Z
?WhFromPv@@YAPAXPAX@Z
?WksBGetModuleVersion@@YG_NPAUHINSTANCE__@@PAK1@Z
?WksGettingStartedManual@@YAPAUHWND__@@PAU1@@Z
?WksHeapValidate@@YAHPAX@Z
?WksHeapValidate@@YAHPAXKPBX@Z
?WksHtmlHelp@@YAPAUHWND__@@PAU1@PBG1_N@Z
?WksParseSimpleFontInfo@@YAXPAGPAH@Z
?WzAppend@MWblStrings@@SAPAGPBGPAG@Z
?WzCopy@MWblStrings@@SAPAGPBGPAG@Z
?WzCopyRgwchToWz@MWblStrings@@SAPAGPBGHPAG@Z
?WzLowerCase@MWblStrings@@SAPAGPAG@Z
?WzStrStr@MWblStrings@@SAPAGPBG0@Z
?WzStrStrEx@MWblStrings@@SAPAGPBG0W4EStringCompareType@@@Z
?WzStripLeadingWch@MWblStrings@@SAPAGPAGG@Z
?WzStripLeadingWhiteSpace@MWblStrings@@SAPAGPAG@Z
?WzStripTrailingWch@MWblStrings@@SAPAGPAGG@Z
?WzStripTrailingWhiteSpace@MWblStrings@@SAPAGPAG@Z
?WzToSzSimple@MWblStrings@@SAXPBGPAD@Z
?WzUpperCase@MWblStrings@@SAPAGPAG@Z
?_FHgReAlloc@@YAHPAXKK@Z
?_FPvReAlloc@@YAHPAXKK@Z
?_FWksHeapReAlloc@@YAHPAXKPAPAXK@Z
?_FailureF@CWblMessages@@IAAXPAUHINSTANCE__@@PAUHWND__@@HZZ
?_FailureVa@CWblMessages@@IAEXPAUHINSTANCE__@@PAUHWND__@@HPAD@Z
?_FailureVa@CWblMessages@@IAEXPAUHINSTANCE__@@PAUHWND__@@PBGPAD@Z
?_HgAlloc@@YAPAXKK@Z
?_HgFree@@YAPAXPAX@Z
?_HgSize@@YAKPAX@Z
?_NMessageBoxTitleVa@CWblMessages@@IAEHPAUHWND__@@IPBG1PAD@Z
?_NMessageBoxVa@CWblMessages@@IAEHPAUHWND__@@IPBGPAD@Z
?_PvAlloc@@YAPAXKKK@Z
?_PvFree@@YAXPAX@Z
?_PvSize@@YAKPAX@Z
?_WblMemoryInit@@YAHXZ
?_WksHeapAlloc@@YAPAXPAXKK@Z
?_WksHeapCreate@@YAPAXKKK@Z
?_WksHeapDestroy@@YAPAXPAX@Z
?_WksHeapFree@@YAPAXPAXK0@Z
?_WksHeapReAlloc@@YAPAXPAXKPAPAXK@Z
?_WksHeapSize@@YAKPAXK0@Z
?m_OStrMan@MWblIntl@@0VCOStrMan@@A
?m_bInitialized@MWblIntl@@0_NA
?s_bWarningActive@CWblMessages@@0_NA
?s_lcidHelp@MWblIntl@@0KA
?s_lcidInstall@MWblIntl@@0KA
?s_lcidUI@MWblIntl@@0KA
?s_lidDefaultLanguage@MWblStrings@@0GA
Sections
.text Size: 48KB - Virtual size: 44KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 40KB - Virtual size: 36KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 952B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.text Size: 168KB - Virtual size: 168KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE