d99efe82e1eeaac6573af9d6ffff9657_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d99efe82e1eeaac6573af9d6ffff9657_JaffaCakes118
Size

5.0MB
MD5

d99efe82e1eeaac6573af9d6ffff9657
SHA1

bf791c3516fdb79bb5e0b523974216e069004037
SHA256

137a6f3b8416bfbd8b752e5f927d01eff0cc197ac31b6f941b4a4d87d0bc00d7
SHA512

0dcfb9c2815cdeed441227223fafdc0d970500a64e4bd1263db5cc592bb1e30b9cbca4f69d960333326f3049ea70a277137f6b4d8e5aa192dd602b8de6a5471a
SSDEEP

98304:RbPaZZKNVaRrcduNcjwiO2TVDilDVSUHXXTjW2zcHscP8nUGnYv1Hbxsth3:xA8Nk9pcM26rnTjWlbHftHbxsth3

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ts-闪速启动/Monitoring.dll
unpack001/Ts-闪速启动/RightFun.dll
unpack001/Ts-闪速启动/RightKM.exe
unpack001/Ts-闪速启动/Ts-Fs_Start.exe
unpack001/Ts-闪速启动/Update.exe

Files

d99efe82e1eeaac6573af9d6ffff9657_JaffaCakes118
.rar
Ts-闪速启动/Help.doc
.doc windows office2003
Ts-闪速启动/Images/Icons/4D folder.ico
Ts-闪速启动/Images/Icons/AVI.ico
Ts-闪速启动/Images/Icons/Appleworks folder.ico
Ts-闪速启动/Images/Icons/BAT.ico
Ts-闪速启动/Images/Icons/BMP.ico
Ts-闪速启动/Images/Icons/CAB.ico
Ts-闪速启动/Images/Icons/CustomizeBox.ico
Ts-闪速启动/Images/Icons/DownloadBox.ico
Ts-闪速启动/Images/Icons/Error.ico
Ts-闪速启动/Images/Icons/Favorites.ico
Ts-闪速启动/Images/Icons/GIF.ico
Ts-闪速启动/Images/Icons/Globe Connected.ico
Ts-闪速启动/Images/Icons/HTML.ico
Ts-闪速启动/Images/Icons/IP.ico
Ts-闪速启动/Images/Icons/Illustrator File.ico
Ts-闪速启动/Images/Icons/ImageBox.ico
Ts-闪速启动/Images/Icons/InDesign File.ico
Ts-闪速启动/Images/Icons/JPG.ico
Ts-闪速启动/Images/Icons/MP3.ico
Ts-闪速启动/Images/Icons/PNG.ico
Ts-闪速启动/Images/Icons/Program.ico
Ts-闪速启动/Images/Icons/REG.ico
Ts-闪速启动/Images/Icons/RTF.ico
Ts-闪速启动/Images/Icons/SysExe.ico
Ts-闪速启动/Images/Icons/SysFolder.ico
Ts-闪速启动/Images/Icons/TXT.ico
Ts-闪速启动/Images/Icons/WRI.ico
Ts-闪速启动/Images/Icons/ZIP.ico
Ts-闪速启动/Images/Icons/akregator.ico
Ts-闪速启动/Images/Icons/indeximg.ico
Ts-闪速启动/Images/Icons/kblackbox.ico
Ts-闪速启动/Images/Icons/kcmdevice.ico
Ts-闪速启动/Images/Icons/kcmkwm.ico
Ts-闪速启动/Monitoring.dll
.dll windows:4 windows x86 arch:x86

7f0e03f14ae51768c83ab0b4b096d53b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord540
ord1570
ord1253
ord1255
ord6467
ord1578
ord600
ord826
ord269
ord1243
ord342
ord5572
ord5683
ord4129
ord858
ord924
ord537
ord2915
ord800
ord1116
ord1176
ord1575
ord1182
ord1168
ord1577
ord1197

msvcrt

__CxxFrameHandler
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
??2@YAPAXI@Z

kernel32

LocalAlloc
ExitThread
LocalFree
GetModuleFileNameA
GetPrivateProfileStringA
CreateThread
CreateFileA
WideCharToMultiByte
ReadDirectoryChangesW

user32

FindWindowA
SetWindowTextA
ShowWindow
SetForegroundWindow
SetActiveWindow
SendMessageA

shlwapi

PathFileExistsA

Exports

Exports

ExitThread
SetThread

Sections

.text
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ts-闪速启动/RightFun.dll
.dll windows:5 windows x86 arch:x86

b4ffc071678ae3766ccb8a244aebc2b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
ShowWindow
SetWindowTextW
SetForegroundWindow
SetActiveWindow
SendMessageW
MessageBoxW
LoadStringW
GetSystemMetrics
FindWindowW
CharUpperBuffW
CharNextW

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualFree
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LeaveCriticalSection
InitializeCriticalSection
GetVolumeInformationW
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

Exports

Exports

DeleteMenuKey
MenuExists
MenuGetAddToLnk
RemoveRMN
SetFileMenu
SetFolderMenu

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ts-闪速启动/RightKM.exe
.exe windows:5 windows x86 arch:x86

4da38443633285ac476af73bae4aca84

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

user32

LoadStringW
MessageBoxA
CharNextW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharNextW

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualFree
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
GetThreadLocale
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

rightfun

MenuGetAddToLnk

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Ts-闪速启动/Skins/2010Black_Aero.skn
Ts-闪速启动/Skins/2010Blue_Aero.skn
Ts-闪速启动/Skins/2010Blue_Ext.skn
Ts-闪速启动/Skins/2010Silver_Aero.skn
Ts-闪速启动/Skins/2010Silver_Ext.skn
Ts-闪速启动/Skins/2010black_Ext.skn
Ts-闪速启动/Skins/Air.skn
Ts-闪速启动/Skins/Air2.skn
Ts-闪速启动/Skins/Air2_Aero.skn
Ts-闪速启动/Skins/Air_Aero.skn
Ts-闪速启动/Skins/Amazing_Aero.skn
Ts-闪速启动/Skins/Andromeda.skn
Ts-闪速启动/Skins/BlackBrilliant.skn
Ts-闪速启动/Skins/BlueBrilliant.skn
Ts-闪速启动/Skins/BlueBrilliant_Aero.skn
Ts-闪速启动/Skins/BlueBrilliant_Ext.skn
Ts-闪速启动/Skins/Charm.skn
Ts-闪速启动/Skins/Charm_Aero.skn
Ts-闪速启动/Skins/Charm_Ext.skn
Ts-闪速启动/Skins/InnovEx.skn
Ts-闪速启动/Skins/Laconic.skn
Ts-闪速启动/Skins/Laconic_Ext.skn
Ts-闪速启动/Skins/LightBusiness.skn
Ts-闪速启动/Skins/Magnificient.skn
Ts-闪速启动/Skins/Office2007_Remix.skn
Ts-闪速启动/Skins/Office2010_Black.skn
Ts-闪速启动/Skins/Office2010_Blue.skn
Ts-闪速启动/Skins/Office2010_Silver.skn
Ts-闪速启动/Skins/SLMedia.skn
Ts-闪速启动/Skins/SLMedia_Aero.skn
Ts-闪速启动/Skins/SnowLeopard.skn
Ts-闪速启动/Skins/Superiority.skn
Ts-闪速启动/Skins/VisionEx.skn
Ts-闪速启动/Skins/ipx.skn
Ts-闪速启动/TextFile/Config.ini
Ts-闪速启动/TextFile/Lists.ini
Ts-闪速启动/TextFile/TsInfo.xml
.xml
Ts-闪速启动/TextFile/网页_List.ini
Ts-闪速启动/Ts-Fs_Start.exe
.exe windows:5 windows x86 arch:x86

ffa6caba193968d97359a090d9cd4789

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExW

user32

LoadStringW

msimg32

AlphaBlend

gdi32

UnrealizeObject

version

VerQueryValueW

mpr

WNetOpenEnumW

olepro32

OleLoadPicture

ole32

CreateStreamOnHGlobal

comctl32

UninitializeFlatSB

shell32

SHGetFileInfoW

comdlg32

GetSaveFileNameW

winspool.drv

OpenPrinterW

winmm

waveOutWrite

gdiplus

GdipGetImageGraphicsContext

oleacc

LresultFromObject

monitoring

SetThread

rightfun

DeleteMenuKey

msacm32

acmFormatSuggest

Sections

.text
Size: 1.4MB - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Ts-闪速启动/Update.exe
.exe windows:5 windows x86 arch:x86

7e3d62844d7d2d02b72869bb342c95fe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

oleaut32

SysFreeString

advapi32

RegQueryValueExW

user32

LoadStringW

msimg32

AlphaBlend

gdi32

UnrealizeObject

version

VerQueryValueW

mpr

WNetGetConnectionW

ole32

CreateStreamOnHGlobal

comctl32

InitializeFlatSB

shell32

ShellExecuteW

comdlg32

GetOpenFileNameW

gdiplus

GdipGetImagePixelFormat

Sections

.text
Size: 508KB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Ts-闪速启动/WAV/notify.wav

Sharing

General

Malware Config

Signatures

Files

7f0e03f14ae51768c83ab0b4b096d53b

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 2KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1016B

.reloc Size: 4KB - Virtual size: 432B

b4ffc071678ae3766ccb8a244aebc2b8

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 232KB - Virtual size: 231KB

.itext Size: 2KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 4KB

.bss Size: - Virtual size: 19KB

.idata Size: 4KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 190B

.reloc Size: 23KB - Virtual size: 22KB

.rsrc Size: 39KB - Virtual size: 39KB

4da38443633285ac476af73bae4aca84

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

rightfun

Sections

.text Size: 234KB - Virtual size: 234KB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 5KB - Virtual size: 4KB

.bss Size: - Virtual size: 19KB

.idata Size: 3KB - Virtual size: 3KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 22KB - Virtual size: 22KB

.rsrc Size: 40KB - Virtual size: 40KB

ffa6caba193968d97359a090d9cd4789

Headers

File Characteristics

Imports

kernel32

oleaut32

advapi32

user32

msimg32

gdi32

version

mpr

olepro32

ole32

comctl32

shell32

comdlg32

winspool.drv

winmm

gdiplus

.text
Size: 4KB - Virtual size: 2KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1016B

.reloc
Size: 4KB - Virtual size: 432B

.text
Size: 232KB - Virtual size: 231KB

.itext
Size: 2KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 4KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 190B

.reloc
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 39KB - Virtual size: 39KB

.text
Size: 234KB - Virtual size: 234KB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 5KB - Virtual size: 4KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 3KB - Virtual size: 3KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 40KB - Virtual size: 40KB

.text
Size: 1.4MB - Virtual size: 5.3MB

.rsrc
Size: 44KB - Virtual size: 44KB

.text
Size: 508KB - Virtual size: 1.9MB

.rsrc
Size: 31KB - Virtual size: 32KB