b2e9b413c671a97d667c2ab504f2e371_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2e9b413c671a97d667c2ab504f2e371_JaffaCakes118
Size

316KB
MD5

b2e9b413c671a97d667c2ab504f2e371
SHA1

d423a885ae419bae597cf73b8f17eb3dc35f84b6
SHA256

4123b4c09f9284434c99a934e0083f63a1466249e7175093bf1f766db71782d8
SHA512

25e0c388d76334c604bb415a4f34e9c6ea41601544ec86b82b456a0c520695a34465e1685247dd32adb09d905ad63b807ca288d3fa609e4f92cc9695342eaf74
SSDEEP

6144:rrCGbwrrbVWj5xh3lU4FLV/741N3hIDCd7KhDswQmbq+IedsQJJ4qi:imYwVD41FsOKKwQUq+VdXJfi

Score

8^/10

macro

Malware Config

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack001/cfg/sql/report.xls

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/bin/3proxy.exe
unpack001/bin/PCREPlugin.dll
unpack001/bin/StringsPlugin.dll
unpack001/bin/TrafficPlugin.dll
unpack001/bin/WindowsAuthentication.dll
unpack001/bin/countersutil.exe
unpack001/bin/dighosts.exe
unpack001/bin/mycrypt.exe

Files

b2e9b413c671a97d667c2ab504f2e371_JaffaCakes118
.zip
Changelog
Readme
authors
bin/3proxy.exe
.exe windows:4 windows x86 arch:x86

9a46b7b03ab6bd7ed88aa848048a098c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_chsize
_close
_ftime
_lseek
_open
_read
_stat
_strdup
_strnicmp
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthreadex
_cexit
_iob
_isctype
_onexit
_pctype
_setmode
atexit
atoi
ctime
fclose
fflush
fgets
fopen
fprintf
fputs
free
freopen
fseek
ftell
fwrite
gmtime
localtime
malloc
memcpy
memmove
memset
mktime
perror
printf
rand
realloc
remove
rewind
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strrchr
strstr
strtok
system
time
tolower
toupper

advapi32

CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FreeConsole
GetCurrentProcessId
GetCurrentThreadId
GetFullPathNameA
GetLastError
GetProcAddress
GetVersionExA
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
SearchPathA
SetUnhandledExceptionFilter
Sleep

odbc32

SQLAllocHandle
SQLConnect
SQLDisconnect
SQLExecDirect
SQLFreeHandle
SQLSetConnectAttr
SQLSetEnvAttr

user32

MessageBoxA

ws2_32

WSAAccept
WSAGetLastError
WSASocketA
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyname
gethostname
getpeername
getservbyport
getsockname
htonl
htons
ioctlsocket
listen
ntohl
ntohs
recvfrom
select
send
sendto
setsockopt
shutdown

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/PCREPlugin.dll
.dll windows:4 windows x86 arch:x86

db137c950e0eda51856394fb5fc5b24d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
__mb_cur_max
_errno
_isctype
_pctype
atoi
fflush
free
malloc
memcpy
memmove
memset
sprintf
strchr
strcmp
strlen
strncmp
strncpy
strstr
tolower
toupper

kernel32

EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection

Exports

Exports

pcre_plugin
regcomp
regerror
regexec
regfree

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 188B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/StringsPlugin.dll
.dll windows:4 windows x86 arch:x86

29b556dcca83deb8a15b848cf0ea5f2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_errno
_iob
fclose
fflush
fgets
fopen
fprintf
free
fseek
malloc
strcat
strcpy
strlen
strstr

Exports

Exports

start

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 156B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/TrafficPlugin.dll
.dll windows:4 windows x86 arch:x86

560bf37f28c1036a6fbc09a67d42f5b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_errno
_iob
atof
atoi
fflush
fprintf
free
fwrite
malloc

Exports

Exports

start

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 196B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/WindowsAuthentication.dll
.dll windows:4 windows x86 arch:x86

162ca9640f47eadf5651350def28efed

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_errno
fflush
free
malloc
strchr
tolower

advapi32

GetLengthSid
GetTokenInformation
LogonUserA
LookupAccountNameA

kernel32

CloseHandle
GetLastError

Exports

Exports

WindowsAuthentication

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 98B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/countersutil.exe
.exe windows:4 windows x86 arch:x86

538fb60cbc6557e90a776cd9300cd65b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_lseek
_open
_read
_write
__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
fgets
fopen
fprintf
fwrite
signal
sscanf
time

kernel32

ExitProcess
SetUnhandledExceptionFilter

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 104B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/dighosts.exe
.exe windows:4 windows x86 arch:x86

49c6108cbf0825643d5c9f221c97b5da

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

_ftime
_strdup
_strnicmp
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_isctype
_onexit
_pctype
_setmode
atexit
atoi
fclose
fflush
fopen
fprintf
fputc
free
fwrite
gmtime
localtime
memcpy
perror
rand
signal
sprintf
srand
sscanf
strchr
strcpy
strlen
system
time

kernel32

ExitProcess
SetUnhandledExceptionFilter

ws2_32

WSASocketA
WSAStartup
__WSAFDIsSet
bind
closesocket
connect
gethostbyname
getsockname
htonl
htons
ioctlsocket
ntohl
ntohs
recv
select
send
setsockopt
shutdown

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 80B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/mycrypt.exe
.exe windows:4 windows x86 arch:x86

16cafb0be1d6f0e5e864c15bc2a84773

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
atexit
fprintf
printf
signal
sprintf
strchr
strcpy
strlen
strncat

kernel32

ExitProcess
SetUnhandledExceptionFilter

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 72B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
bin/rus-koi8-r.3ps
bin/rus-win1251.3ps
cfg/0.scenario.txt
cfg/3proxy.cfg.sample
.sh linux
cfg/counters.sample
cfg/sql/3proxy.cfg
cfg/sql/create.sql
cfg/sql/report.xls
.xls windows office2003

ЭтаКнига

Лист1

Лист2

Лист3

Module1
copying
doc/devel/devref.rtf
.rtf
doc/html/faqe.html
doc/html/faqr.html
doc/html/howtoe.html
doc/html/howtor.html
doc/html/index.html
.html
doc/html/man3/3proxy.cfg.3.html
doc/html/man8/3proxy.8.html
doc/html/man8/3proxy.conf.3.html
doc/html/man8/ftppr.8.html
doc/html/man8/icqpr.8.html
doc/html/man8/pop3p.8.html
doc/html/man8/proxy.8.html
doc/html/man8/smtpp.8.html
doc/html/man8/socks.8.html
doc/html/man8/tcppm.8.html
doc/html/man8/udppm.8.html
doc/html/securityen.html
doc/ru/3proxy_for_dummies.rtf
.rtf
doc/ru/example1.txt
doc/ru/iodbc.txt
doc/ru/odbc.txt
news

Sharing

General

Malware Config

Signatures

Files

9a46b7b03ab6bd7ed88aa848048a098c

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

odbc32

user32

ws2_32

Sections

.text Size: 114KB - Virtual size: 113KB

.data Size: 6KB - Virtual size: 6KB

.rdata Size: 20KB - Virtual size: 19KB

.bss Size: - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

db137c950e0eda51856394fb5fc5b24d

Headers

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 74KB - Virtual size: 73KB

.data Size: 1024B - Virtual size: 740B

.rdata Size: 36KB - Virtual size: 35KB

.bss Size: - Virtual size: 188B

.edata Size: 512B - Virtual size: 150B

.idata Size: 1024B - Virtual size: 704B

.reloc Size: 4KB - Virtual size: 3KB

29b556dcca83deb8a15b848cf0ea5f2c

Headers

File Characteristics

Imports

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 4B

.rdata Size: 512B - Virtual size: 488B

.bss Size: - Virtual size: 156B

.edata Size: 512B - Virtual size: 74B

.idata Size: 512B - Virtual size: 392B

.reloc Size: 512B - Virtual size: 236B

560bf37f28c1036a6fbc09a67d42f5b9

Headers

File Characteristics

Imports

msvcrt

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 4B

.rdata Size: 1024B - Virtual size: 528B

.bss Size: - Virtual size: 196B

.edata Size: 512B - Virtual size: 74B

.idata Size: 512B - Virtual size: 284B

.reloc Size: 512B - Virtual size: 236B

162ca9640f47eadf5651350def28efed

Headers

File Characteristics

Imports

msvcrt

advapi32

kernel32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 8B

.rdata Size: 512B - Virtual size: 8B

.text
Size: 114KB - Virtual size: 113KB

.data
Size: 6KB - Virtual size: 6KB

.rdata
Size: 20KB - Virtual size: 19KB

.bss
Size: - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.text
Size: 74KB - Virtual size: 73KB

.data
Size: 1024B - Virtual size: 740B

.rdata
Size: 36KB - Virtual size: 35KB

.bss
Size: - Virtual size: 188B

.edata
Size: 512B - Virtual size: 150B

.idata
Size: 1024B - Virtual size: 704B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 4B

.rdata
Size: 512B - Virtual size: 488B

.bss
Size: - Virtual size: 156B

.edata
Size: 512B - Virtual size: 74B

.idata
Size: 512B - Virtual size: 392B

.reloc
Size: 512B - Virtual size: 236B

.text
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 4B

.rdata
Size: 1024B - Virtual size: 528B

.bss
Size: - Virtual size: 196B

.edata
Size: 512B - Virtual size: 74B

.idata
Size: 512B - Virtual size: 284B

.reloc
Size: 512B - Virtual size: 236B

.text
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 8B

.bss
Size: - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 98B

.idata
Size: 512B - Virtual size: 504B

.reloc
Size: 512B - Virtual size: 120B

.text
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 92B

.rdata
Size: 1024B - Virtual size: 572B

.bss
Size: - Virtual size: 104B

.idata
Size: 1024B - Virtual size: 692B

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 524B

.rdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 80B

.idata
Size: 2KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 268B

.rdata
Size: 1024B - Virtual size: 552B

.bss
Size: - Virtual size: 72B

.idata
Size: 1024B - Virtual size: 588B