b25ae1d9f3bf04dd5ca13a4ea5ea665a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b25ae1d9f3bf04dd5ca13a4ea5ea665a_JaffaCakes118
Size

542KB
MD5

b25ae1d9f3bf04dd5ca13a4ea5ea665a
SHA1

b399373f71555f783882780369d2ec0a5687f186
SHA256

0ad7e0bc87efed2eefffa754d4b93aa8f21fd3a5c741636e3336e2a757ddda00
SHA512

87dfc9ee7456bca84eb4a07c470755dc35f366db4e9532e57222167e5b51c0a6ec9f820fb969d90db6b6d8687c5c1aeac4a44a3f3102535673032e0983d938b9
SSDEEP

12288:ErRQ+lFnKTelIfhyLUdCZWrX2zyiKLI3R1i8dx:E1ldLiCZWk15z

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Plato Screen Recorder/Player.exe
unpack001/Plato Screen Recorder/hook.dll
unpack001/Plato Screen Recorder/screenrecord.exe

Files

b25ae1d9f3bf04dd5ca13a4ea5ea665a_JaffaCakes118
.rar
Plato Screen Recorder/Help.ico
Plato Screen Recorder/Home.ico
Plato Screen Recorder/Player.exe
.exe windows:4 windows x86 arch:x86

51b69a68415f5e9c8fa19cd1ad5e4806

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

MCIWndCreateA
ord2

kernel32

lstrcpyA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTempPathA
GetModuleFileNameA
InterlockedExchange
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep

user32

GetMessageA
TranslateMessage
DispatchMessageA
MessageBeep
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMenu
DestroyWindow
IsIconic
MoveWindow
DefWindowProcA
PostQuitMessage
BeginPaint
EndPaint
DialogBoxParamA
GetWindowRect
AdjustWindowRect
SetWindowPos
GetSystemMetrics
PostMessageA
SendMessageA
ShowWindow
InvalidateRect
UpdateWindow
LoadStringA
MessageBoxA
EndDialog
wsprintfA
SetWindowTextA
EnableMenuItem
DrawMenuBar
GetWindowLongA

comdlg32

GetOpenFileNameA

msvcr80

fread
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_crt_debugger_hook
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
memset
fclose
fwrite
_unlink
fseek
free
fopen
malloc
_stat64i32
fputc
fgetc
??2@YAPAXI@Z
??3@YAXPAX@Z
ftell
printf
_splitpath
__CxxFrameHandler3
_amsg_exit
__getmainargs

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 923KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plato Screen Recorder/RecordLayout.ini
Plato Screen Recorder/RecordShapes.ini
Plato Screen Recorder/Recorddata.ini
Plato Screen Recorder/Uninstall.ico
Plato Screen Recorder/hook.dll
.dll windows:4 windows x86 arch:x86

efde4d0b51ddd120e351f38065d44736

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

timeGetTime

kernel32

GetCPInfo
GetOEMCP
WriteFile
SetFilePointer
FlushFileBuffers
GetCurrentProcess
CreateFileA
HeapFree
HeapReAlloc
VirtualAlloc
RtlUnwind
GetCommandLineA
GetProcessHeap
RaiseException
HeapSize
ExitProcess
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
LoadLibraryA
lstrcmpW
GetVersionExA
GetThreadLocale
GlobalGetAtomNameA
GlobalFlags
lstrcmpA
GetCurrentThreadId
CloseHandle
InterlockedIncrement
FreeLibrary
InterlockedDecrement
GetModuleHandleA
GetProcAddress
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
FindResourceA
LoadResource
LockResource
SizeofResource
SetLastError
lstrlenA
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
HeapAlloc

user32

PostQuitMessage
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
UnregisterClassA
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GrayStringA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
SetWindowsHookExA
RegisterWindowMessageA
GetCursor
PostMessageA
CallNextHookEx
UnhookWindowsHookEx

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

SetWindowExtEx
ScaleWindowExtEx
DeleteObject
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
ExtTextOutA
SaveDC
RestoreDC
DeleteDC
GetStockObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetDeviceCaps
SetMapMode

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

InstallMyHook
UninstallMyHook

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARE
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Plato Screen Recorder/screenrecord.exe
.exe windows:4 windows x86 arch:x86

3ea07dd2750d2f7a0d2e9df33b8588ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

timeGetTime
waveInGetDevCapsA
mciSendCommandA
mciGetErrorStringA
waveInReset
waveInStop
waveInClose
waveInPrepareHeader
waveInAddBuffer
waveInGetErrorTextA
waveInOpen
waveInStart
waveInUnprepareHeader
mmioAscend
mmioClose
mmioWrite
mmioRead
mmioOpenA
mmioCreateChunk
mmioDescend
waveInGetNumDevs
mixerClose
mixerGetNumDevs
mixerOpen
mixerGetDevCapsA
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
mixerSetControlDetails
waveOutGetNumDevs
sndPlaySoundA

avicap32

capCreateCaptureWindowA

msvfw32

ICClose
ICGetInfo
ICOpen
ICInfo
ord2
ICSendMessage

avifil32

AVIFileOpenA
AVIFileGetStream
CreateEditableStream
AVIFileRelease
AVIStreamWrite
AVIStreamSetFormat
AVIMakeCompressedStream
AVIFileCreateStreamA
AVIFileExit
AVISaveOptionsFree
AVISaveVW
AVIStreamStart
AVIStreamReadFormat
AVIStreamInfoA
AVIStreamOpenFromFileA
AVIStreamRelease
AVIFileInit

msacm32

acmFormatChooseA
acmFormatTagDetailsA
acmMetrics
acmFormatSuggest

kernel32

ResumeThread
SetEvent
SuspendThread
CreateEventA
GetProfileIntA
GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
InitializeCriticalSection
TlsAlloc
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetCPInfo
GetOEMCP
FileTimeToSystemTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetCurrentDirectoryA
GetTickCount
GetDriveTypeA
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitThread
CreateThread
HeapSize
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
GetConsoleCP
GetConsoleMode
GetACP
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
WritePrivateProfileStringA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GetCurrentProcessId
InterlockedDecrement
GetModuleFileNameW
FormatMessageA
LocalFree
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
SetLastError
lstrcatA
WriteFile
GetVersion
CompareStringA
GetLastError
InterlockedExchange
CompareStringW
lstrcpyA
GlobalReAlloc
GetModuleHandleA
WinExec
CopyFileA
CreateFileA
SetThreadPriority
FindClose
FindFirstFileA
GetModuleFileNameA
GetVersionExA
GetCurrentThreadId
DeleteFileA
CloseHandle
OpenFile
Sleep
MultiByteToWideChar
lstrlenA
MulDiv
FreeResource
GetProcAddress
FreeLibrary
LoadLibraryA
GlobalHandle
GetWindowsDirectoryA
WideCharToMultiByte
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
SizeofResource
LockResource
LoadResource
FindResourceA
TlsSetValue

user32

GetLastActivePopup
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
IsChild
WinHelpA
GetMenuState
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
BeginPaint
EndPaint
GetWindowThreadProcessId
MapDialogRect
SetWindowContextHelpId
ValidateRect
GetMessageA
GetDCEx
UnregisterClassA
CharNextA
CopyAcceleratorTableA
IsRectEmpty
InvalidateRgn
RegisterClipboardFormatA
PostThreadMessageA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DefWindowProcA
CallWindowProcA
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
SetWindowPos
SetFocus
MoveWindow
GetDlgCtrlID
IsDialogMessageA
SendDlgItemMessageA
SetActiveWindow
CreateDialogIndirectParamA
IsWindowEnabled
EndDialog
GetKeyState
GetSysColorBrush
GetClassNameA
GrayStringA
DrawTextA
TabbedTextOutA
GetMessagePos
MessageBeep
FrameRect
CreateIconIndirect
FillRect
DrawFocusRect
TrackPopupMenuEx
GetActiveWindow
GetNextDlgTabItem
DestroyMenu
DestroyCursor
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
GetNextDlgGroupItem
LoadImageA
InflateRect
DrawEdge
DrawStateA
GetCapture
DestroyIcon
SetRectEmpty
GetSysColor
OffsetRect
CheckMenuItem
DrawTextExA
GetMenuItemID
TrackPopupMenu
SetMenuDefaultItem
CharUpperA
PostQuitMessage
ShowWindow
GetDlgItem
RedrawWindow
GetParent
ScreenToClient
WindowFromPoint
ClientToScreen
UpdateWindow
EnableMenuItem
AppendMenuA
CreatePopupMenu
ModifyMenuA
GetSubMenu
LoadMenuA
SetForegroundWindow
CopyRect
GetSystemMetrics
IsIconic
GetWindow
DrawIcon
GetIconInfo
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
SetWindowTextA
RegisterHotKey
UnregisterHotKey
RegisterWindowMessageA
MessageBoxExA
SetTimer
SetRect
KillTimer
GetWindowRect
GetWindowLongA
SetWindowLongA
IsWindowVisible
DestroyWindow
IsWindow
GetClientRect
SetWindowRgn
LoadBitmapA
ReleaseCapture
SetCapture
InvalidateRect
SetCursor
PtInRect
GetCursorPos
LoadCursorA
GetWindowDC
SendMessageA
LoadCursorFromFileA
GetTopWindow
GetMessageTime
MapWindowPoints
GetCursor
LoadIconA
GetFocus
GetDesktopWindow
ReleaseDC
GetMenu
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetDC
MessageBoxA
EnableWindow
SetCursorPos

gdi32

RoundRect
CreateBrushIndirect
CreateEllipticRgn
CreateFontIndirectA
CreateRoundRectRgn
CreatePenIndirect
ExtCreateRegion
CreateDIBSection
PatBlt
SetBkMode
SetTextColor
BeginPath
EndPath
OffsetRgn
CombineRgn
CreateRectRgn
GetPixel
FillPath
CreateDCA
StretchDIBits
Ellipse
SetStretchBltMode
SetDIBitsToDevice
CreateBitmap
SetBkColor
SetPixel
SetROP2
SetMapMode
ExcludeClipRect
Rectangle
MoveToEx
SelectClipRgn
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SaveDC
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateRectRgnIndirect
UnrealizeObject
SetRectRgn
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
GetClipBox
GetTextExtentPointA
Escape
ExtTextOutA
TextOutA
CreateSolidBrush
CreatePen
SelectObject
GetDIBits
GetStockObject
GetObjectA
StretchBlt
BitBlt
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
CreateDIBitmap
SetDIBits
LineTo
GetDeviceCaps
RectVisible
PtVisible
RestoreDC

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegCreateKeyA
RegQueryValueA
RegSetValueA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA

shell32

Shell_NotifyIconA
ShellExecuteExA
ShellExecuteA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
StgOpenStorageOnILockBytes
CoGetClassObject
StgCreateDocfileOnILockBytes
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
OleLoadPicture
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
SysAllocString

Exports

Exports

InstallMyHook
UninstallMyHook

Sections

.text
Size: 464KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 953KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARE
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Plato Screen Recorder/screenrecorder.ico
Plato Screen Recorder/新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

51b69a68415f5e9c8fa19cd1ad5e4806

Headers

File Characteristics

Imports

msvfw32

kernel32

user32

comdlg32

msvcr80

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 923KB

.rsrc Size: 56KB - Virtual size: 54KB

efde4d0b51ddd120e351f38065d44736

Headers

File Characteristics

Imports

winmm

kernel32

user32

oleacc

gdi32

winspool.drv

oleaut32

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 21KB

.SHARE Size: 4KB - Virtual size: 16B

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 20KB - Virtual size: 17KB

3ea07dd2750d2f7a0d2e9df33b8588ee

Headers

File Characteristics

Imports

winmm

avicap32

msvfw32

avifil32

msacm32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Exports

Exports

Sections

.text Size: 464KB - Virtual size: 461KB

.rdata Size: 104KB - Virtual size: 100KB

.data Size: 16KB - Virtual size: 953KB

.SHARE Size: 4KB - Virtual size: 16B

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 923KB

.rsrc
Size: 56KB - Virtual size: 54KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 21KB

.SHARE
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 464KB - Virtual size: 461KB

.rdata
Size: 104KB - Virtual size: 100KB

.data
Size: 16KB - Virtual size: 953KB

.SHARE
Size: 4KB - Virtual size: 16B

.rsrc
Size: 2.7MB - Virtual size: 2.7MB