d:\LocalSvnForDailyBuild\guanxi_branch_eurp\bin\Release\bin\CabalRider.pdb
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bc8ab476fb5d6913a4288fa3eae5da4a_JaffaCakes118.exe
Resource
win7-20240705-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
bc8ab476fb5d6913a4288fa3eae5da4a_JaffaCakes118.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
bc8ab476fb5d6913a4288fa3eae5da4a_JaffaCakes118
-
Size
1.1MB
-
MD5
bc8ab476fb5d6913a4288fa3eae5da4a
-
SHA1
500a71e368b0a0ea95c424ae1cac7f1cb09f728c
-
SHA256
81ef35a59941ba4cfd1de1ddaed6ca56cd4c038c55c796cc9708812dd55cb422
-
SHA512
d43bd9cc2867c3d9eedca060baaf99ff60faea6e468f1e93583df92fd50783e9395dc22a9d34079fe9b3d2f48de5f3de57bc0200d4cd4d5caa30d4dd087b52f1
-
SSDEEP
12288:Afa64DnRqh1CuYr2NH3g4xerb1hJ57Fa9dPtnt4r/APiChVzUy/n++beHI/7qmG:RDP6NH3gkPnzz/n+WeHIi9K3NjER2nJ
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource bc8ab476fb5d6913a4288fa3eae5da4a_JaffaCakes118
Files
-
bc8ab476fb5d6913a4288fa3eae5da4a_JaffaCakes118.exe windows:4 windows x86 arch:x86
c14cc5772b505668297047b83c1c011d
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
imagehlp
CheckSumMappedFile
psapi
GetModuleInformation
kernel32
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
CreateFileA
GetFileAttributesA
GetFileTime
SetErrorMode
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
CreateThread
ExitProcess
HeapReAlloc
HeapAlloc
TlsGetValue
GetSystemInfo
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
WriteConsoleW
GetFileType
GetStdHandle
HeapSize
SetStdHandle
GetTimeZoneInformation
HeapDestroy
HeapCreate
VirtualFree
GetACP
IsValidCodePage
SetHandleCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LoadLibraryW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoW
CreateFileW
SetEnvironmentVariableA
RaiseException
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetThreadLocale
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
lstrcmpA
GlobalLock
GlobalUnlock
MulDiv
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
SetLastError
lstrcmpW
InterlockedIncrement
OpenFileMappingA
GetLocaleInfoA
GetPrivateProfileStringA
GetThreadContext
FlushInstructionCache
SetThreadContext
CreateRemoteThread
GetCurrentProcessId
InterlockedCompareExchange
VirtualProtectEx
ReadProcessMemory
VirtualAllocEx
WriteProcessMemory
Module32First
Module32Next
IsBadReadPtr
Thread32First
OpenThread
SuspendThread
Thread32Next
GetVersionExA
WaitForSingleObject
GetLocalTime
WritePrivateProfileStringA
OutputDebugStringA
VirtualQuery
CreateMutexA
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
GetPrivateProfileIntA
QueryPerformanceCounter
GetCurrentThreadId
CopyFileA
GetProcAddress
LoadLibraryA
GetTickCount
InterlockedDecrement
GetLastError
MultiByteToWideChar
lstrlenA
CompareStringW
lstrcmpiA
GetVersion
CompareStringA
SizeofResource
InterlockedExchange
GetCurrentProcess
LoadResource
WinExec
FindResourceA
Sleep
ResumeThread
UnmapViewOfFile
LockResource
CloseHandle
MapViewOfFile
CreateFileMappingA
CreateProcessA
GetModuleHandleA
VirtualProtect
OpenProcess
GetModuleFileNameA
TerminateProcess
GetTempPathA
WideCharToMultiByte
Process32Next
CreateToolhelp32Snapshot
GetModuleFileNameW
VirtualAlloc
user32
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
LoadCursorA
GetSysColorBrush
DestroyMenu
SetCursor
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
RegisterClipboardFormatA
PostQuitMessage
CharNextA
IsWindowEnabled
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
SetCapture
GetFocus
SetFocus
GetWindowTextA
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
IsWindowVisible
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
UnregisterClassA
EqualRect
MessageBeep
GetNextDlgGroupItem
PostThreadMessageA
EndPaint
ReleaseCapture
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetClassNameW
GetWindowTextW
SetWindowTextW
IsWindow
EnumChildWindows
CharUpperA
GetClientRect
GetWindowThreadProcessId
GetSystemMetrics
IsIconic
MessageBoxA
PostMessageA
LoadIconA
SetTimer
SetForegroundWindow
ShowWindow
FindWindowA
CopyRect
EnableWindow
SendMessageA
RemovePropA
InvalidateRgn
GetForegroundWindow
gdi32
GetStockObject
GetDeviceCaps
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetMapMode
GetRgnBox
ScaleViewportExtEx
CreateBitmap
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetBkColor
SetTextColor
GetClipBox
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
comdlg32
GetFileTitleA
winspool.drv
ClosePrinter
OpenPrinterA
DocumentPropertiesA
advapi32
RegOpenKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegEnumValueA
shell32
SHFileOperationA
ShellExecuteA
comctl32
InitCommonControlsEx
shlwapi
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA
oledlg
ord8
ole32
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
oleaut32
SysAllocStringLen
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantCopy
VariantClear
VariantInit
VariantChangeType
SysAllocString
VariantTimeToSystemTime
SystemTimeToVariantTime
ws2_32
inet_addr
connect
closesocket
select
WSACleanup
send
setsockopt
gethostbyname
gethostname
htons
WSAStartup
WSAIoctl
bind
socket
recv
WSASetLastError
wininet
InternetQueryDataAvailable
HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
Exports
Exports
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@V?$vector@VPromotionRule@@V?$allocator@VPromotionRule@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VChangePassTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VEffectivOnline_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VExtendTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserLogin_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VFreshUserRegist_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VGetUserInfoEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VGetUserInfoTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLogOffTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VOnlineTrasaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VPromotionRule@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VReadConfigFile_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VRegNewCustomerTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VShareHitchAcount@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VShareUserInfo@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VSimpleLoginTrans_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestLargeDataSend_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestOnlineSession_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VTestTransaction_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUserEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadGameOnlineUser_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScriptEcho@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoadScript_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?load_object_data@?$iserializer@Vbinary_iarchive@archive@boost@@VUpLoad_C_S@@@detail@archive@boost@@UBEXAAVbasic_iarchive@234@PAXI@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@V?$vector@VPromotionRule@@V?$allocator@VPromotionRule@@@std@@@std@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VChangePassTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VEffectivOnline_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VExtendTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserLogin_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VFreshUserRegist_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VGetUserInfoEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VGetUserInfoTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLogOffTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VOnlineEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VPromotionRule@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VReadConfigFile_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VRegNewCustomerTransaction_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VShareHitchAcount@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VShareUserInfo@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginEcho@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VSimpleLoginTrans_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadGameOnlineUser_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoadScript_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
?save_object_data@?$oserializer@Vbinary_oarchive@archive@boost@@VUpLoad_C@@@detail@archive@boost@@UBEXAAVbasic_oarchive@234@PBX@Z
Sections
.text Size: 780KB - Virtual size: 777KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 148KB - Virtual size: 146KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 36KB - Virtual size: 124KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.vmp0 Size: 124KB - Virtual size: 123KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 536B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ