f996c1a6a25b0ec7c0d163c676c0b326_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f996c1a6a25b0ec7c0d163c676c0b326_JaffaCakes118
Size

8.2MB
MD5

f996c1a6a25b0ec7c0d163c676c0b326
SHA1

1a087bddb64468ef3dde0797b4c1357674e439ed
SHA256

7b8e088a2942478ecef1a4da5f3e6f58d9a8e22c2c124d23566f208060027269
SHA512

b0044f3623c05f70472d63f098441b956c7b71ad396b317b2e15ffa856754bd802a97d6aeac00b78f6285b1515202a311fa0b12203f8edc19dd30c8651685e7f
SSDEEP

196608:Ay7lpHcyJVrRlKoBufAJKSd/PVqqPuB6CskVzhi8kLSE3I8opQsJwr6J8:AWHcyVlJ2A8St4qPuTFzhhE3I8oKsat

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/RedBoy 4.3.0/SkisploitAPIModule.dll	vmprotect

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RedBoy 4.3.0/Bunifu_UI_v1.5.3.dll
unpack001/RedBoy 4.3.0/LogIn.dll
unpack001/RedBoy 4.3.0/MetroFramework.dll
unpack001/RedBoy 4.3.0/RedBoy.exe
unpack001/RedBoy 4.3.0/ScintillaNET.dll
unpack001/RedBoy 4.3.0/SkisploitAPIModule.dll
unpack001/RedBoy 4.3.0/discord-rpc-w32.dll

Files

f996c1a6a25b0ec7c0d163c676c0b326_JaffaCakes118
.zip
RedBoy 4.3.0/Bunifu_UI_v1.5.3.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RedBoy 4.3.0/Discord.txt
RedBoy 4.3.0/LogIn.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\users\one eyed inspiration\documents\visual studio 2017\Projects\LogIn\LogIn\obj\Debug\LogIn.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RedBoy 4.3.0/MetroFramework.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RedBoy 4.3.0/RedBoy.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\redbo\Desktop\RedBoy_4.1.0_UI\RedBoy\obj\Debug\RedBoy.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RedBoy 4.3.0/ScintillaNET.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\jacob\Documents\Projects\ScintillaNET\src\ScintillaNET\obj\Release\ScintillaNET.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RedBoy 4.3.0/Scripts/gay - Copy.lua
RedBoy 4.3.0/Scripts/gay.lua
RedBoy 4.3.0/SkisploitAPIModule.dll
.dll windows:6 windows x86 arch:x86

34fb214303e80e61c6e5b1bd3919fb33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

OpenClipboard
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

advapi32

CryptEncrypt

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ

wininet

InternetOpenUrlA

vcruntime140

_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-math-l1-1-0

_libm_sse2_exp_precise

api-ms-win-crt-utility-l1-1-0

srand

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_mktime64

api-ms-win-crt-filesystem-l1-1-0

_fstat64

ws2_32

recvfrom

crypt32

CertCloseStore

wldap32

ord22

normaliz

IdnToAscii

wtsapi32

WTSSendMessageW

Exports

Exports

��O �g@t��V;��w��l_�]q5l�q�a�]��B�+N?��Č��ǈ�LgQ ��g��&��7�� ]?M�6>�z�T�w�A��ش<y <ub\ޙ��F��F��A��%�Q�@�V��D?��ٚ�s��x��e�� j��Ir��x4mx��5n��В��5� ��H��~��J�$��&lfiU��v�.��g><�,��s��B��bb؛��1Sr<��|`y�|v��o�z9�B��b��+�d�A4�|g��cV*|�~U]��L�.��A�/yFn'�h��P�)~؆��"1AIq�Tji��.�*��s-a��O�.("A��C:��z�֭$��7"f��O�Q;�N�Jy6��9� �_f��Z��acE��S��fe7��4(2mӦf�+/�H��X��Ք+��!hڪﾈ�w�0TQ��@|��y%e6�#�i�1��sj��q��n�X=��aV��qֵ��>Ѡ.��O�=FlS{�e��e��bs2��{Rh��@'0<��b��+-d�Ɔ��%Ί�jߒ�*w��0�+Xh�Ҍ|+gg��ǟ�G�/��PD��>�O��b�4|M�I��x��L��q��.��׺�!3+��Mt�į��_ah��: ��mO󡓡^38KDB�,5�wY��w��W��ihE[�,H� ��7�V}�Y,��%��H�v�Daj%��<?Hbee��꽒�H��klQ��Vj#c@�+��ڂT|v>��\V@[��a��J�J�R�� ;�d��`��t�L�`N�/�{ As��ƉQl��3��4�g��T�:}��TE��}9$v7>B��/��6�1ڒz�դ��L��\">��E6�v�?w :E^p��Y�J��/�[��v�/7��=�k�ޘ��֧! 2o�og�$�r�|='��A��>�@��i?�F,�<7�f�Z��w�a�ι̖��Hi��0.�[N쎴��'��%�y��ùj<��=��*.1��?`��ҶE#��`��X��n�f�� VQeQ�+D�=��p��Kf�#��3��'�ͷ3(��\��@R��3*)�� V�ݛe�Az��,�>(Z��aӧ�5�/�<�= {��$�OU�ZƮU!'��г��&4oCW��/�L��l >��3��h��C�곱��Q�#�&��^�_V̲�ѻy��L\�RM�A�#/��(}F`�UT�G�2e��8�-�a��:��R��ˊ`��FT�{��C{�x=��OW�a�ը�&��X�b)�5�;��Q�� X��P�$hb��%� � 5<�.�&�P{N�^�.X4��i&��tc��m�-��t�]�tUծ��G��v��-��}�T�qz��_Q�V��Q��2��з |�nb�55��҆:�0�j_�'z�BH@e�]&)��3��)��'zIfyDpS~��nV��#��~�6 I��:��3ʶ_P_e�y�� : �G#=�bu��7$�M�UK��f{BSL�N7ٕ��//��s6��'nO��Z<ɖW�Ȥk��ϫ�ء>�Dq�5�m��4�z�*F��H1��}��M��Z��O�� _f9��u��UX��>[X~�L�^~�=䡰�re�j�ZA'J��b��7J��Q'��E�:G0C�gQ �MM؍K%H5zә�9X��5!��0��R��u�\Z�c�W��n��!Yȕ�կ�b��%j~�#��q�u�]�`�U�{�| ��:'[ ��)z�^�W/�}07��KO!�ᅺLh�4��D.XW��69΂��s�A��o�a�d��K��9<�ХE\w�~eff��:��A{sZ��/,ܜ�3){8�s%�%˻K��"Vn9��6�&("m]R��i!9��oT��7K�;�Vz��o\��﵀�qR8V�Ř2�jI�h�?��!K��)L�b��l��~��X[�Δ��j�m�͜n�`.��SB�7X��2�[��xSّ�f�E��ͭ�Y�BW�IV��[dY�/��k��e8/{:,=�y�E��{�z��pE�p?.Mw��=�!G��v dl��tj�qN�P�#�.WUT�40��S��$̳�yݟ%7��Ν��sZ��%F��}s�OِB�ܓ(�a��0��F��I.�fu>�avV�W�`9�-�*\ �P*Zw.J�h�i w�6�@�5 w\�MJ?َPj��G�|��,��ib��i��n��vs��k�:1��/_ [��O��hr-L� H��!��(��a��O�7f�v�< �� m��y{E��v�9t�U�V�|�l�u��o8�فN{��X�(� ��U��S�&��?Xa�=��k�i�N��ՂtJ׌sR�_sL�訩2��$iˢ��>[<�ŕqV��%`��Q��=w��h��)L�I��f37��k��y��ZqL�fN��~�w�a�/ ⑵� Gc�4��Xqc�~��f�% ��t�7�k�Z�o5S��2BE�U�~¸��"�Vo� �"&�ػ�*�&|��٬R6K�� 3<�o�@�ӹ�Sf�Ër�`Sp�e1�k3�[s+�)�!|'�cV��M�v1X��Ey�2�Q^��1?-'4t��W ��oZ��ʕ�_�!ɦ\�Nw5�~��y��!Y�UL�ԍ\��{�Ⱥ� q��^ @��XK�qt��ؠV�Ȃ%�,ߓ�f.#�b�U�,�ڲQ��8�Bn��s��\�`��>�hw�3�(z�0Uc�^R�9(��"��2�I��hQL�0��PC�c��H��i��Ǩ5��4ق��el_J��綥0Z�q��ɕ

Sections

.text
Size: - Virtual size: 481KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RedBoy 4.3.0/discord-rpc-w32.dll
.dll windows:6 windows x86 arch:x86

6310e6aa09f46f952e994ef81548691a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitNamedPipeW
GetCurrentProcessId
GetCurrentProcess
PeekNamedPipe
lstrlenW
MultiByteToWideChar
K32GetModuleFileNameExW
GetLastError
CloseHandle
WriteFile
ReadFile
lstrcpyW
CreateFileW
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
GetCurrentThreadId
GetExitCodeThread
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
SetEvent
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
EncodePointer
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RtlUnwind
RaiseException
ExitThread
GetModuleHandleExW
HeapAlloc
HeapFree
ExitProcess
GetModuleFileNameA
LCMapStringW
DecodePointer
GetStdHandle
GetFileType
GetACP
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
WriteConsoleW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetKeyValueW

Exports

Exports

Discord_Initialize
Discord_Respond
Discord_RunCallbacks
Discord_Shutdown
Discord_UpdatePresence

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 320KB - Virtual size: 320KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 86KB - Virtual size: 86KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 342KB - Virtual size: 342KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

34fb214303e80e61c6e5b1bd3919fb33

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

wininet

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

.text
Size: 320KB - Virtual size: 320KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 342KB - Virtual size: 342KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: - Virtual size: 481KB

.rdata
Size: - Virtual size: 73KB

.data
Size: - Virtual size: 2KB

.vmp0
Size: - Virtual size: 3.4MB

.vmp1
Size: 5.8MB - Virtual size: 5.8MB

.reloc
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 469B

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 226KB

.gfids
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 11KB