0df027012e52401eaf5dfe5f14e27917_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0df027012e52401eaf5dfe5f14e27917_JaffaCakes118
Size

556KB
MD5

0df027012e52401eaf5dfe5f14e27917
SHA1

242b1fdc396825c649aa9a0f3ddf53bd38f77162
SHA256

aea98d4e9b8f05ad9cc5b3962851b4659664a0e83b46c12d7401d34b9ac9db12
SHA512

a0f7e22b332d0d412bba8db592102e1f7ef95c4fe405515032561b530a5cdebfdd152a1af3129d3756ae4ea2a0fcacf52737ad35dc313420c24ec4c1f98982a8
SSDEEP

12288:pUKcJ+MGz3vN1z5dHuRAftHTBFQB4qiTo/IjaJnx0POrHCq:p9cMDz3vP/5/KBtiToqaJFB

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
0df027012e52401eaf5dfe5f14e27917_JaffaCakes118
unpack001/Uninstall.exe
unpack001/WordDecryptor.exe
unpack001/images/uninstall.exe

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/Uninstall.exe	nsis_installer_1
static1/unpack001/images/uninstall.exe	nsis_installer_1

Files

0df027012e52401eaf5dfe5f14e27917_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ea01c2f45f212fade698cd40d7df5306

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetDiskFreeSpaceA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
LoadLibraryA
GetFileAttributesA
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentProcess
MultiByteToWideChar
FreeLibrary
GetProcAddress
SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
FindClose
FindNextFileA
MulDiv
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
CreateProcessA
GetTempFileNameA
lstrcpyA
lstrlenA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetSystemDirectoryA
RemoveDirectoryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateDirectoryA
CloseHandle
GetVersion
GetUserDefaultLangID
CopyFileA
GetTempPathA
lstrcatA
GetWindowsDirectoryA
DeleteFileA
GetCommandLineA
lstrcpynA
GetModuleHandleA
ExitProcess
GetModuleFileNameA
lstrcmpiA
FindFirstFileA

user32

GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
GetClientRect
EndDialog
CreateDialogParamA
SetClassLongA
IsWindowEnabled
DestroyWindow
SetWindowPos
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
LoadImageA
EndPaint
DrawTextA
FillRect
BeginPaint
DefWindowProcA
InvalidateRect
PostQuitMessage
ExitWindowsEx
DispatchMessageA
PeekMessageA
GetDC
IsWindow
FindWindowExA
SendMessageTimeoutA
SetForegroundWindow
SetTimer
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadBitmapA
SetWindowLongA
ShowWindow
IsWindowVisible
CallWindowProcA
GetMessagePos
ScreenToClient
wsprintfA
CheckDlgButton
GetDlgItem
SetCursor
LoadCursorA
SetWindowTextA
GetSysColor
EnableWindow
SendMessageA
CharNextA
GetWindowLongA

gdi32

CreateFontIndirectA
CreateFontA
SelectObject
SetTextColor
SetBkMode
SetBkColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA

shell32

ShellExecuteA
SHFileOperationA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

OleInitialize
CoCreateInstance
OleUninitialize

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

ea01c2f45f212fade698cd40d7df5306

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetDiskFreeSpaceA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
LoadLibraryA
GetFileAttributesA
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentProcess
MultiByteToWideChar
FreeLibrary
GetProcAddress
SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
FindClose
FindNextFileA
MulDiv
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
CreateProcessA
GetTempFileNameA
lstrcpyA
lstrlenA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetSystemDirectoryA
RemoveDirectoryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateDirectoryA
CloseHandle
GetVersion
GetUserDefaultLangID
CopyFileA
GetTempPathA
lstrcatA
GetWindowsDirectoryA
DeleteFileA
GetCommandLineA
lstrcpynA
GetModuleHandleA
ExitProcess
GetModuleFileNameA
lstrcmpiA
FindFirstFileA

user32

GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
GetClientRect
EndDialog
CreateDialogParamA
SetClassLongA
IsWindowEnabled
DestroyWindow
SetWindowPos
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
LoadImageA
EndPaint
DrawTextA
FillRect
BeginPaint
DefWindowProcA
InvalidateRect
PostQuitMessage
ExitWindowsEx
DispatchMessageA
PeekMessageA
GetDC
IsWindow
FindWindowExA
SendMessageTimeoutA
SetForegroundWindow
SetTimer
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadBitmapA
SetWindowLongA
ShowWindow
IsWindowVisible
CallWindowProcA
GetMessagePos
ScreenToClient
wsprintfA
CheckDlgButton
GetDlgItem
SetCursor
LoadCursorA
SetWindowTextA
GetSysColor
EnableWindow
SendMessageA
CharNextA
GetWindowLongA

gdi32

CreateFontIndirectA
CreateFontA
SelectObject
SetTextColor
SetBkMode
SetBkColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA

shell32

ShellExecuteA
SHFileOperationA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

OleInitialize
CoCreateInstance
OleUninitialize

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WordDecryptor.exe
.exe windows:4 windows x86 arch:x86

7c55c62ca28c47a486e5be7f437fb773

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GlobalAddAtomA
GetModuleHandleA
GlobalFree
GlobalDeleteAtom
GlobalGetAtomNameA
FreeConsole
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetProcAddress
GetLastError
LoadLibraryA
SetLastError
GetVersionExA
SetThreadPriority
GetCurrentThread
CreateProcessA
GetCommandLineA
GetStartupInfoA
SetEnvironmentVariableA
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
GetCurrentThreadId
CloseHandle
ReadFile
GetFileSize
CreateFileA
VirtualQueryEx
FindClose
FindFirstFileA
FindFirstFileW
GetModuleFileNameW
GetExitCodeProcess
ReadProcessMemory
ContinueDebugEvent
SetThreadContext
GetThreadContext
WaitForDebugEvent
SuspendThread
DebugActiveProcess
ResumeThread
CreateProcessW
GlobalAlloc
GetStartupInfoW
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
VirtualProtectEx
WriteProcessMemory
ExitProcess
CompareStringA
FlushFileBuffers
LCMapStringW
LCMapStringA
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
CompareStringW
MultiByteToWideChar
SetFilePointer
HeapReAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapFree
HeapAlloc
GetVersion
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
TerminateProcess
GlobalLock
GlobalUnlock
CreateThread
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetCurrentProcessId
GetModuleFileNameA
GetCommandLineW
GetShortPathNameA

user32

GetDesktopWindow
MoveWindow
SetPropA
EnumThreadWindows
GetPropA
WaitForInputIdle
GetMessageA
BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
GetSystemMetrics
SetTimer
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
LoadStringA
LoadStringW
FindWindowA
DestroyWindow
MessageBoxA
InSendMessage
UnpackDDElParam
FreeDDElParam
DefWindowProcA
LoadCursorA
CreateWindowExA
GetWindowThreadProcessId
SendMessageA
PeekMessageA
TranslateMessage
DispatchMessageA
EnumWindows
PackDDElParam
PostMessageA
IsWindow
RegisterClassA

gdi32

DeleteObject
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreatePalette

Sections

.text
Size: - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 36KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 292KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
contacts.html
.html
images/button_add.gif
images/buttons_pr.gif
images/uninstall.exe
.exe windows:4 windows x86 arch:x86

ea01c2f45f212fade698cd40d7df5306

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ord17
ImageList_Destroy
ImageList_Create

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetDiskFreeSpaceA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
CreateThread
LoadLibraryA
GetFileAttributesA
SetFilePointer
ReadFile
WriteFile
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentProcess
MultiByteToWideChar
FreeLibrary
GetProcAddress
SetErrorMode
GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
FindClose
FindNextFileA
MulDiv
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
CreateProcessA
GetTempFileNameA
lstrcpyA
lstrlenA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetSystemDirectoryA
RemoveDirectoryA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateDirectoryA
CloseHandle
GetVersion
GetUserDefaultLangID
CopyFileA
GetTempPathA
lstrcatA
GetWindowsDirectoryA
DeleteFileA
GetCommandLineA
lstrcpynA
GetModuleHandleA
ExitProcess
GetModuleFileNameA
lstrcmpiA
FindFirstFileA

user32

GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
GetClientRect
EndDialog
CreateDialogParamA
SetClassLongA
IsWindowEnabled
DestroyWindow
SetWindowPos
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
LoadImageA
EndPaint
DrawTextA
FillRect
BeginPaint
DefWindowProcA
InvalidateRect
PostQuitMessage
ExitWindowsEx
DispatchMessageA
PeekMessageA
GetDC
IsWindow
FindWindowExA
SendMessageTimeoutA
SetForegroundWindow
SetTimer
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
LoadBitmapA
SetWindowLongA
ShowWindow
IsWindowVisible
CallWindowProcA
GetMessagePos
ScreenToClient
wsprintfA
CheckDlgButton
GetDlgItem
SetCursor
LoadCursorA
SetWindowTextA
GetSysColor
EnableWindow
SendMessageA
CharNextA
GetWindowLongA

gdi32

CreateFontIndirectA
CreateFontA
SelectObject
SetTextColor
SetBkMode
SetBkColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect

advapi32

RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA

shell32

ShellExecuteA
SHFileOperationA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA

ole32

OleInitialize
CoCreateInstance
OleUninitialize

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
images/word.gif
images/worddec.jpg
.jpg
index.html
.html
license.html
.html
support.html
.html

Sharing

General

Malware Config

Signatures

Files

ea01c2f45f212fade698cd40d7df5306

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 7KB - Virtual size: 8KB

ea01c2f45f212fade698cd40d7df5306

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 7KB - Virtual size: 8KB

7c55c62ca28c47a486e5be7f437fb773

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Sections

.text Size: - Virtual size: 107KB

.rdata Size: - Virtual size: 12KB

.data Size: - Virtual size: 8KB

.data1 Size: - Virtual size: 7KB

.text1 Size: 192KB - Virtual size: 192KB

.adata Size: 52KB - Virtual size: 64KB

.data2 Size: 36KB - Virtual size: 128KB

.pdata Size: 292KB - Virtual size: 320KB

.rsrc Size: 12KB - Virtual size: 76KB

ea01c2f45f212fade698cd40d7df5306

Headers

File Characteristics

Imports

comctl32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 107KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 7KB - Virtual size: 8KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 7KB - Virtual size: 8KB

.text
Size: - Virtual size: 107KB

.rdata
Size: - Virtual size: 12KB

.data
Size: - Virtual size: 8KB

.data1
Size: - Virtual size: 7KB

.text1
Size: 192KB - Virtual size: 192KB

.adata
Size: 52KB - Virtual size: 64KB

.data2
Size: 36KB - Virtual size: 128KB

.pdata
Size: 292KB - Virtual size: 320KB

.rsrc
Size: 12KB - Virtual size: 76KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 107KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 7KB - Virtual size: 8KB