Rats[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Rats.zip
Size

3.3MB
MD5

b2d863b6b70e29a61b4dfbb1cb02ae70
SHA1

066fd814cf94553335294660a7f9b5bd9e149463
SHA256

3a2a1254c0e5f4f26056dc85f0f481162da9ad9d2e69eed9743e798927e7c0a9
SHA512

5cf8624a9aa99755570bfb6ca67c2fe5112aa26eddab937a13f497f4056d5b433c81d0aa596f298066003d806ccc203e07c2a80a301a040158fe1d5ea772f709
SSDEEP

49152:HCO+zb9dVWZH1a34FUqIw2vrL3AcLNTxTNnlZ96uk5HXQhllcxsa8MQd7zmlt:iOqvVWtmiizH3AuTx5nloA5AxAmlt

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Comet Rat v1.2/AxInterop.SystemMonitor.dll
unpack002/Comet Rat v1.2/AxInterop.WMPLib.dll
unpack002/Comet Rat v1.2/IOS/mpress.exe
unpack002/Comet Rat v1.2/Interop.SystemMonitor.dll
unpack002/Comet Rat v1.2/Interop.WMPLib.dll
unpack002/Comet Rat v1.2/Mono.Cecil.dll
unpack002/Comet Rat v1.2/Stub.exe
unpack002/Comet Rat v1.2/comet v1.2.exe
unpack003/xRAT 2.0 RELEASE3/Interop.NATUPNPLib.dll
unpack003/xRAT 2.0 RELEASE3/Mono.Cecil.dll
unpack003/xRAT 2.0 RELEASE3/Vestris.ResourceLib.dll
unpack003/xRAT 2.0 RELEASE3/client.bin
unpack003/xRAT 2.0 RELEASE3/xRAT 2.exe

Files

Rats.zip
.zip
Rats/Comet Rat v1.2.zip
.zip
Comet Rat v1.2/AxInterop.SystemMonitor.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/AxInterop.WMPLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/IOS/H-092.ico
Comet Rat v1.2/IOS/Kx.wav
Comet Rat v1.2/IOS/Ls.jpg
.jpg
Comet Rat v1.2/IOS/MY.wav
Comet Rat v1.2/IOS/ico/1.ico
Comet Rat v1.2/IOS/ico/10.ico
Comet Rat v1.2/IOS/ico/11.ico
Comet Rat v1.2/IOS/ico/12.ico
Comet Rat v1.2/IOS/ico/13.ico
Comet Rat v1.2/IOS/ico/14.ico
Comet Rat v1.2/IOS/ico/15.ico
Comet Rat v1.2/IOS/ico/16.ico
Comet Rat v1.2/IOS/ico/17.ico
Comet Rat v1.2/IOS/ico/18.ico
Comet Rat v1.2/IOS/ico/2.ico
Comet Rat v1.2/IOS/ico/3.ico
Comet Rat v1.2/IOS/ico/4.ico
Comet Rat v1.2/IOS/ico/5.ico
Comet Rat v1.2/IOS/ico/6.ico
Comet Rat v1.2/IOS/ico/7.ico
Comet Rat v1.2/IOS/ico/8.ico
Comet Rat v1.2/IOS/ico/9.ico
Comet Rat v1.2/IOS/mpress.exe
.exe windows:4 windows x86 arch:x86

51e7ef6b1d43d0d05d7109dee9789560

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

imagehlp

CheckSumMappedFile

Sections

.MPRESS1
Size: 88KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.MPRESS2
Size: 1024B - Virtual size: 862B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Comet Rat v1.2/IOS/xxx.wav
Comet Rat v1.2/Interop.SystemMonitor.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/Interop.WMPLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Simon\Desktop\cecil-master\obj\net_2_0_Release\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/Stub.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\hackeng\Desktop\StubX\StubX\obj\Debug\Stub.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 584B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Comet Rat v1.2/comet v1.2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\hackeng\Desktop\comet\comet\comet\obj\Debug\comet.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rats/xRAT 2.0 RELEASE3.zip
.zip
xRAT 2.0 RELEASE3/Interop.NATUPNPLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xRAT 2.0 RELEASE3/LICENSE
xRAT 2.0 RELEASE3/Mono.Cecil.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Max\Downloads\cecil-master\obj\net_2_0_Release\Mono.Cecil.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xRAT 2.0 RELEASE3/Vestris.ResourceLib.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\Max\Desktop\resourcelib-master\Source\ResourceLib\obj\Release\Vestris.ResourceLib.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xRAT 2.0 RELEASE3/client.bin
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\Projekte\Github\xRAT\Client\obj\x86\Release\Client.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xRAT 2.0 RELEASE3/xRAT 2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\Projekte\Github\xRAT\Server\obj\x86\Release\xRAT 2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 949KB - Virtual size: 948KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
__MACOSX/Rats/._Comet Rat v1.2.zip
__MACOSX/Rats/._xRAT 2.0 RELEASE3.zip

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 17KB - Virtual size: 17KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 50KB - Virtual size: 50KB

.rsrc Size: 1024B - Virtual size: 712B

.reloc Size: 512B - Virtual size: 12B

51e7ef6b1d43d0d05d7109dee9789560

Headers

File Characteristics

Imports

kernel32

imagehlp

Sections

.MPRESS1 Size: 88KB - Virtual size: 216KB

.MPRESS2 Size: 1024B - Virtual size: 862B

.rsrc Size: 11KB - Virtual size: 11KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 55KB - Virtual size: 54KB

.rsrc Size: 1024B - Virtual size: 800B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 326KB - Virtual size: 326KB

.rsrc Size: 1024B - Virtual size: 776B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 271KB - Virtual size: 270KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 158KB - Virtual size: 157KB

.sdata Size: 512B - Virtual size: 312B

.rsrc Size: 1024B - Virtual size: 584B

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

.text
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 50KB - Virtual size: 50KB

.rsrc
Size: 1024B - Virtual size: 712B

.reloc
Size: 512B - Virtual size: 12B

.MPRESS1
Size: 88KB - Virtual size: 216KB

.MPRESS2
Size: 1024B - Virtual size: 862B

.rsrc
Size: 11KB - Virtual size: 11KB

.text
Size: 55KB - Virtual size: 54KB

.rsrc
Size: 1024B - Virtual size: 800B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 326KB - Virtual size: 326KB

.rsrc
Size: 1024B - Virtual size: 776B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 271KB - Virtual size: 270KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 158KB - Virtual size: 157KB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 1024B - Virtual size: 584B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 3.6MB - Virtual size: 3.6MB

.sdata
Size: 512B - Virtual size: 312B

.rsrc
Size: 34KB - Virtual size: 34KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 271KB - Virtual size: 270KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 74KB - Virtual size: 73KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 223KB - Virtual size: 223KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 949KB - Virtual size: 948KB

.rsrc
Size: 32KB - Virtual size: 32KB

.reloc
Size: 512B - Virtual size: 12B