13406678a34090425b1b207073941bdb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13406678a34090425b1b207073941bdb_JaffaCakes118
Size

828KB
MD5

13406678a34090425b1b207073941bdb
SHA1

26225aac83ad1619e56508b350fddc07ef7a0f86
SHA256

a12ecaa8f22e124a45bb8302a2b07d9b8f9f683874223b16dd41e13add16dff2
SHA512

cbc12c2a062114a7b7c55627687ae7a2912d56105b6cca2df18f683132177cd67a8b69b611d29dabcaafdc8d99f158f5b9e7e8f9037882b9ebc7278567b59eab
SSDEEP

12288:dC2oRxXT4tcBiYd9WkbCcCfFeYg21hZKl7PbhnNBYn0+1G9RmUowjOggx4ah8Se:c2mxctWWjTfFeb2jZqjhNXaPtwyLDHe

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Tym otwieraj.exe
unpack001/mc.dll
unpack001/mc.exe

Files

13406678a34090425b1b207073941bdb_JaffaCakes118
.rar
Tym otwieraj.exe
.exe windows:4 windows x86 arch:x86

d125cbfd58b5d667bfdda48f6d313795

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetSystemMetrics
wsprintfA
MessageBoxA
CreateIconFromResource
SetWindowRgn
CreateWindowExA
SetWindowPos
PostThreadMessageA
UnhookWindowsHookEx
SetWindowsHookExA
GetWindowThreadProcessId
IsWindow
CallNextHookEx
FillRect
GetSysColor
GetDC
TrackMouseEvent
GetParent
InvalidateRect
MoveWindow
GetClassInfoExA
PostQuitMessage
CallWindowProcA
ReleaseCapture
EndPaint
TranslateMessage
DispatchMessageA
ReleaseDC
DrawTextA
DrawIconEx
SendMessageA
BeginPaint
GetWindowDC
GetWindowRect
GetWindowTextA
DefWindowProcA
RegisterClassExA
LoadCursorA
LoadIconA
ShowWindow
WaitForInputIdle
GetMessageA

kernel32

GlobalFree
MulDiv
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SuspendThread
ResumeThread
GetExitCodeThread
TerminateThread
GetCurrentThreadId
GetProcessHeap
ExitProcess
HeapAlloc
GlobalLock
GlobalUnlock
LCMapStringA
GetTickCount
SetFilePointer
ReadFile
CreateFileA
WriteFile
GetModuleFileNameA
IsBadReadPtr
HeapFree
CreateFileMappingA
MapViewOfFile
RtlMoveMemory
lstrcpyn
CreateProcessA
WaitForSingleObject
CloseHandle
LoadLibraryA
GetCurrentDirectoryA
LocalAlloc
RtlFillMemory
LocalFree
LocalSize
GetModuleHandleA
GetProcAddress
FreeLibrary
GlobalAlloc
HeapReAlloc

gdi32

CreateCompatibleDC
SelectObject
SetBkMode
SetTextColor
CreateFontA
BitBlt
DeleteObject
DeleteDC
StretchBlt
GetObjectA
CreateSolidBrush
CreateDCA
GetDeviceCaps
CreateRoundRectRgn
CreateCompatibleBitmap

ole32

CreateStreamOnHGlobal

olepro32

ord251

msvcrt

_ftol
??2@YAPAXI@Z
free
strncpy
realloc
malloc
sprintf
srand
rand
strtod
??3@YAXPAX@Z
modf

shlwapi

PathFileExistsA

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
czytaj.txt
mc.dll
.dll windows:4 windows x86 arch:x86

3978f332df7e85d1052bb202312e9396

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenFileMappingA
MapViewOfFile
CloseHandle
LocalAlloc
LocalFree
lstrcpyn
lstrlenA
RtlMoveMemory
GetModuleHandleA
GetProcAddress
RtlFillMemory
CreateThread
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
SuspendThread
ResumeThread
GetExitCodeThread
TerminateThread
GetCurrentThreadId
VirtualProtect
GetProcessHeap
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
LCMapStringA

wsock32

connect
ioctlsocket
inet_addr
WSACleanup
gethostbyname
WSAStartup

user32

wsprintfA
MessageBoxA
CallWindowProcA

msvcrt

??3@YAXPAX@Z
_adjust_fdiv
_initterm
malloc
free
memmove
modf
_CIfmod
floor
sprintf
strncpy
atoi
_ftol

Exports

Exports

ssend

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mc.exe
.exe windows:4 windows x86 arch:x86

1735dc4b1d46ffa04f24149468c45800

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

dinput8

DirectInput8Create

devil

ilSaveImage
ilGetData
ilInit
ilSetInteger
ilShutDown
ilCopyPixels
ilSetPixels
ilConvertImage
ilOriginFunc
ilTexImage
ilEnable
ilSave
ilGenImages
ilBindImage
ilLoad
ilGetInteger
ilDeleteImages

gdi32

EnumFontFamiliesExA
GetStockObject
DeleteObject
SelectObject
CreateFontIndirectA
GetTextExtentPoint32W
SetBkColor
SetTextColor
DeleteDC
CreateDIBSection
CreateCompatibleDC
SetBkMode
TextOutA
TextOutW
GetTextExtentPoint32A

imm32

ImmIsIME
ImmGetOpenStatus
ImmGetIMEFileNameA
ImmNotifyIME
ImmGetCompositionStringW
ImmGetConversionStatus
ImmGetContext
ImmSetConversionStatus
ImmReleaseContext
ImmAssociateContext
ImmGetCandidateListW

kernel32

LeaveCriticalSection
EnterCriticalSection
Sleep
GetSystemInfo
InitializeCriticalSection
SetFileAttributesA
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
DeleteFileA
RtlUnwind
RaiseException
GetFileAttributesA
HeapFree
GetSystemTimeAsFileTime
CreateDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetProcAddress
HeapAlloc
TlsAlloc
SetLastError
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapReAlloc
ExitProcess
TerminateProcess
HeapSize
SetUnhandledExceptionFilter
HeapDestroy
HeapValidate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
WriteFile
FlushFileBuffers
ReadFile
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
WaitForSingleObject
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
VirtualQuery
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateFileA
VirtualProtect
GetExitCodeProcess
CreateProcessA
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
GlobalAlloc
GlobalFree
ReleaseSemaphore
GetSystemDirectoryA
GlobalLock
GlobalUnlock
FreeLibrary
WinExec
OutputDebugStringA
GetFileSize
CreateFileMappingA
MapViewOfFile
DeleteCriticalSection
SetEvent
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
UnmapViewOfFile
CloseHandle
GetCurrentProcess
ReadProcessMemory
GetLastError
IsBadReadPtr
GetProcessHeap
HeapCreate

oleaut32

VariantInit
VariantClear
SysAllocString

shell32

SHGetSpecialFolderPathA

speedtreert

?SetFrondWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetNumLeafRockingGroups@CSpeedTreeRT@@QAEXI@Z
?SetTreeSize@CSpeedTreeRT@@QAEXMM@Z
?Compute@CSpeedTreeRT@@QAE_NPBMI_N@Z
?GetBoundingBox@CSpeedTreeRT@@QBEXPAM@Z
?SetLeafRockingState@CSpeedTreeRT@@QAEX_N@Z
?SetDropToBillboard@CSpeedTreeRT@@SAX_N@Z
?GetBranchMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetFrondMaterial@CSpeedTreeRT@@QBEPBMXZ
?GetLeafMaterial@CSpeedTreeRT@@QBEPBMXZ
?SetLodLimits@CSpeedTreeRT@@QAEXMM@Z
??0STextures@CSpeedTreeRT@@QAE@XZ
?GetTextures@CSpeedTreeRT@@QBEXAAUSTextures@1@@Z
??0SGeometry@CSpeedTreeRT@@QAE@XZ
?GetCollisionObject@CSpeedTreeRT@@QAEXIAAW4ECollisionObjectType@1@PAM1@Z
?GetCollisionObjectCount@CSpeedTreeRT@@QAEIXZ
?SetLeafWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetTreePosition@CSpeedTreeRT@@QAEXMMM@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBD@Z
?SetLodLevel@CSpeedTreeRT@@QAEXM@Z
?GetNumLeafLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumFrondLodLevels@CSpeedTreeRT@@QBEGXZ
?GetNumBranchLodLevels@CSpeedTreeRT@@QBEGXZ
?GetGeometry@CSpeedTreeRT@@QAEXAAUSGeometry@1@KFFF@Z
??1CSpeedTreeRT@@QAE@XZ
??3CSpeedTreeRT@@SAXPAX@Z
??1SGeometry@CSpeedTreeRT@@QAE@XZ
??1STextures@CSpeedTreeRT@@QAE@XZ
?SetCamera@CSpeedTreeRT@@SAXPBM0@Z
?SetLightAttributes@CSpeedTreeRT@@SAXIPBM@Z
?SetLightState@CSpeedTreeRT@@SAXI_N@Z
?SetNumWindMatrices@CSpeedTreeRT@@SAXI@Z
?SetWindStrength@CSpeedTreeRT@@QAEMMMM@Z
?SetTime@CSpeedTreeRT@@SAXM@Z
?SetBranchWindMethod@CSpeedTreeRT@@QAEXW4EWindMethod@1@@Z
?SetFrondLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetLeafLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?SetBranchLightingMethod@CSpeedTreeRT@@QAEXW4ELightingMethod@1@@Z
?GetCurrentError@CSpeedTreeRT@@SAPBDXZ
?MakeInstance@CSpeedTreeRT@@QAEPAV1@XZ
??2CSpeedTreeRT@@SAPAXI@Z
?GetTreePosition@CSpeedTreeRT@@QBEPBMXZ
?ComputeLodLevel@CSpeedTreeRT@@QAEXXZ
??0CSpeedTreeRT@@QAE@XZ
?SetLocalMatrices@CSpeedTreeRT@@QAEXII@Z
?SetTextureFlip@CSpeedTreeRT@@SAX_N@Z
?LoadTree@CSpeedTreeRT@@QAE_NPBEI@Z

user32

ReleaseCapture
PostQuitMessage
GetAsyncKeyState
ScreenToClient
GetCursorPos
SystemParametersInfoA
SetWindowPos
MessageBoxA
LoadStringA
GetSystemMetrics
GetCapture
ChangeDisplaySettingsA
ShowWindow
SetCapture
ClientToScreen
SetCursorPos
LoadImageA
DestroyCursor
SetCursor
ShowCursor
GetKeyState
FindWindowA
UnregisterClassA
RegisterClassExA
UpdateWindow
GetKeyboardLayout
GetKeyboardLayoutNameA
OpenClipboard
GetClipboardData
CloseClipboard
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
CreateWindowExA
SetWindowLongA
LoadCursorA
LoadIconA
RegisterClassA
SetRect
GetMenu
AdjustWindowRectEx
MoveWindow
GetClientRect
GetWindowRect
IsWindow
DestroyWindow
InvalidateRect
GetWindowLongA
DefWindowProcA
CharPrevExA
CharNextExA
GetDC
ReleaseDC

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

winmm

timeEndPeriod
timeBeginPeriod
timeGetTime
timeGetDevCaps

ws2_32

select
__WSAFDIsSet
bind
recvfrom
sendto
WSACleanup
WSAStartup
WSAGetLastError
gethostbyname
socket
ioctlsocket
htons
inet_addr
connect
recv
send
closesocket

d3d8

Direct3DCreate8

granny2

_GrannyGetMaterialTextureByType@8
_GrannyNewWorldPose@4
_GrannyGetSourceSkeleton@4
_GrannyFreeWorldPose@4
_GrannyInstantiateModel@4
_GrannyFreeModelInstance@4
_GrannyFindBoneByName@12
_GrannyGetWorldPose4x4@8
_GrannySetLogCallback@4
_GrannyFreeMeshBinding@4
_GrannyNewMeshBinding@12
_GrannySetModelClock@8
_GrannyUpdateModelMatrix@16
_GrannyFreeLocalPose@4
_GrannyGetWorldPoseComposite4x4@8
_GrannyGetWorldPoseComposite4x4Array@4
_GrannyFreeCompletedModelControls@4
_GrannySampleModelAnimationsAccelerated@20
_GrannyGetMeshBindingToBoneIndices@4
_GrannyNewLocalPose@4
_GrannyFreeFile@4
_GrannyFreeFileSection@8
_GrannyGetFileInfo@4
_GrannyReadEntireFileFromMemory@8
_GrannyControlIsComplete@4
_GrannySetControlEaseInCurve@28
_GrannyFreeControlOnceUnused@4
_GrannySetControlLoopCount@8
_GrannySetControlSpeed@8
_GrannyPlayControlledAnimation@12
_GrannyFreeControlIfComplete@4
_GrannyCompleteControlAt@8
_GrannySetControlEaseOut@8
_GrannySetControlEaseOutCurve@28
_GrannySetControlEaseIn@8
_GrannySetControlRawLocalClock@8
_GrannyGetControlLocalDuration@4
_GrannyGetControlRawLocalClock@4
_GrannyGetControlLoopCount@4
_GrannyGetControlSpeed@4
_GrannyFreeControl@4
_GrannyGetMeshIndexCount@4
_GrannyGetTotalTypeSize@4
_GrannyGetMeshVertexCount@4
_GrannyMeshIsRigid@4
GrannyPNT332VertexType
_GrannyCopyMeshIndices@12
_GrannyCopyMeshVertices@12
_GrannyDeformVertices@24
_GrannyGetMeshVertices@4
_GrannyGetMeshTriangleGroups@4
_GrannyGetMeshTriangleGroupCount@4
_GrannyFreeMeshDeformer@4
_GrannyNewMeshDeformer@12
_GrannyGetMeshVertexType@4

imagehlp

EnumerateLoadedModules
GetTimestampForLoadedLibrary
StackWalk

mss32

_AIL_file_type@8
_AIL_file_read@8
_AIL_set_file_callbacks@16
_AIL_close_3D_listener@4
_AIL_close_3D_provider@4
_AIL_set_3D_orientation@28
_AIL_set_3D_position@16
_AIL_set_3D_velocity@20
_AIL_open_3D_listener@4
_AIL_open_3D_provider@4
_AIL_enumerate_3D_providers@12
_AIL_open_digital_driver@16
_AIL_open_stream@12
_AIL_close_digital_driver@4
_AIL_shutdown@0
_AIL_startup@0
_AIL_set_redist_directory@4
_AIL_release_3D_sample_handle@4
_AIL_allocate_3D_sample_handle@4
_AIL_auto_update_3D_position@8
_AIL_last_error@0
_AIL_set_3D_sample_file@8
_AIL_3D_sample_status@4
_AIL_mem_free_lock@4
_AIL_set_3D_sample_loop_count@8
_AIL_stop_3D_sample@4
_AIL_resume_3D_sample@4
_AIL_end_3D_sample@4
_AIL_3D_sample_volume@4
_AIL_set_3D_sample_volume@8
_AIL_set_sample_volume_pan@12
_AIL_sample_volume_pan@12
_AIL_end_sample@4
_AIL_resume_sample@4
_AIL_stop_sample@4
_AIL_set_sample_loop_count@8
_AIL_start_sample@4
_AIL_sample_status@4
_AIL_init_sample@4
_AIL_set_sample_file@12
_AIL_allocate_sample_handle@4
_AIL_release_sample_handle@4
_AIL_set_stream_volume_levels@12
_AIL_stream_volume_levels@12
_AIL_pause_stream@8
_AIL_set_stream_loop_count@8
_AIL_start_stream@4
_AIL_decompress_ASI@24
_AIL_WAV_info@8
_AIL_start_3D_sample@4
_AIL_decompress_ADPCM@12
_AIL_close_stream@4
_AIL_stream_status@4

ole32

OleInitialize
CoGetClassObject
OleSetContainedObject
OleUninitialize

python22

Py_SetProgramName
PyImport_AddModule
PyModule_GetDict
PyImport_ImportModule
PyDict_SetItemString
PyRun_String
Py_Initialize
PyErr_Fetch
PyNumber_Check
PyObject_GetAttr
PyObject_GetAttrString
PyErr_Clear
PyCallable_Check
PyObject_CallObject
PyErr_Print
PyString_Type
PyString_AsString
PyFloat_AsDouble
_Py_NoneStruct
PyErr_BadArgument
PyList_New
PyString_FromString
PyList_Append
PyTuple_Type
PyInt_AsLong
PyString_InternFromString
Py_Finalize
PyExc_RuntimeError
PyErr_SetString
PyTuple_GetItem
PyDict_Type
PyType_IsSubtype
PyDict_GetItemString
PyLong_AsLong
PyTuple_Size
Py_InitModule4
PyModule_AddIntConstant
Py_BuildValue

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 225KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 117KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pseudo
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
mc.txt

Sharing

General

Malware Config

Signatures

Files

d125cbfd58b5d667bfdda48f6d313795

Headers

File Characteristics

Imports

user32

kernel32

gdi32

ole32

olepro32

msvcrt

shlwapi

Sections

.text Size: 56KB - Virtual size: 52KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 344KB - Virtual size: 343KB

.rsrc Size: 8KB - Virtual size: 4KB

3978f332df7e85d1052bb202312e9396

Headers

File Characteristics

Imports

kernel32

wsock32

user32

msvcrt

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 48KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 1KB

1735dc4b1d46ffa04f24149468c45800

Headers

File Characteristics

Imports

advapi32

dinput8

devil

gdi32

imm32

kernel32

oleaut32

shell32

speedtreert

user32

version

winmm

ws2_32

d3d8

granny2

imagehlp

mss32

ole32

python22

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 225KB - Virtual size: 228KB

Size: 117KB - Virtual size: 380KB

Size: 2KB - Virtual size: 4KB

.rsrc Size: 39KB - Virtual size: 40KB

.idata Size: 12KB - Virtual size: 16KB

.pseudo Size: 73KB - Virtual size: 76KB

.text
Size: 56KB - Virtual size: 52KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 344KB - Virtual size: 343KB

.rsrc
Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 48KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 225KB - Virtual size: 228KB

.rsrc
Size: 39KB - Virtual size: 40KB

.idata
Size: 12KB - Virtual size: 16KB

.pseudo
Size: 73KB - Virtual size: 76KB