290b04980e3126e9009d201669381343_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

290b04980e3126e9009d201669381343_JaffaCakes118
Size

2.3MB
MD5

290b04980e3126e9009d201669381343
SHA1

cd5d66654517efa8851e0c8b5818738f36df4cfb
SHA256

bb00809bc91e6eeda4cbb605c5b464289da9278cdddbcc2772e563d4fa54ed64
SHA512

1d8263b669197370fbd24ac831c944e8e4d41266e9fe5fa2965b2ce712e77d3b0fb08b87f83caea611f16fc3d0241ab05d7b34bb9ac6fa30a212124317ab37b8
SSDEEP

24576:eLvZk6p/jXHJRGEUNHFjeRYHr918i7RB93a7GHtA9jogRZzxpvPefV:akWMHFjXBSi7RB1pNARLzxpvAV

Score

1^/10

Malware Config

Signatures

Files

290b04980e3126e9009d201669381343_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

b23108702da46c9c89513de620cb3f1d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:52:2d:eb:7b:7a:c2:73:94:e5:fe:57:32:39:12:cb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

25/05/2006, 00:00

Not After

03/07/2009, 23:59

Subject

CN=Intervideo\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Head Quarter,O=Intervideo\, Inc.,L=Fremont,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5d:2f:d3:7a:b9:05:17:e8:fe:eb:08:8c:7d:4a:f5:e3:d0:ec:ed:c6
Signer

Actual PE Digest

5d:2f:d3:7a:b9:05:17:e8:fe:eb:08:8c:7d:4a:f5:e3:d0:ec:ed:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdiplus

GdipDisposeImage
GdipCreateBitmapFromFile
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipCreateHBITMAPFromBitmap
GdipGetImageGraphicsContext
GdipCreateBitmapFromFileICM
GdipDeleteGraphics
GdipCreateFromHWNDICM
GdipGetImageWidth
GdipGetImageHeight
GdipBitmapGetPixel
GdipBitmapSetPixel
GdipCreateFromHDC
GdipDeleteBrush
GdipCloneBrush
GdipCreateSolidFill
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipDrawImageRectI
GdipCloneImage
GdipSetStringFormatTrimming
GdipFree
GdipCreateFromHWND
GdipDrawString
GdipMeasureString
GdipDrawImageRect
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipCloneFont
GdipDeleteFont
GdipGetFamily
GdipGetFontStyle
GdipGetFontSize
GdipGetFontUnit
GdipGetFontHeight

kernel32

GetFileTime
GetTimeZoneInformation
SetErrorMode
lstrcmpA
SetLastError
MulDiv
lstrcpynA
GlobalUnlock
_lclose
_lwrite
OpenFile
GlobalLock
Sleep
MultiByteToWideChar
GetPrivateProfileSectionNamesA
GetPrivateProfileIntA
GetPrivateProfileStringA
LoadLibraryA
GetProcAddress
GetLastError
FreeLibrary
GetTickCount
GetCurrentProcessId
GetVersionExA
OpenMutexA
GetEnvironmentVariableA
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
SetEnvironmentVariableA
SetProcessAffinityMask
GetCurrentThreadId
GetSystemDirectoryA
LocalFree
lstrcatA
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
lstrcmpiW
CompareStringW
CompareStringA
GetVersion
InterlockedExchange
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
WinExec
GetModuleHandleA
CreateFileMappingA
GetSystemInfo
OutputDebugStringA
WriteFile
OpenFileMappingA
DeleteFileA
WaitForMultipleObjects
ExitProcess
SetThreadPriority
_lcreat
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
IsDBCSLeadByte
lstrcmpiA
lstrlenA
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
WaitForSingleObject
TerminateThread
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
GetThreadLocale
SetThreadLocale
SetThreadUILanguage
GetLocalTime
GetProcessAffinityMask
ord37
ord35
ord36
GlobalSize
GlobalReAlloc
GlobalAlloc
GlobalFree
CreateSemaphoreA
GetCurrentThread
CreateThread
GetThreadPriority
VirtualAlloc
VirtualLock
VirtualUnlock
ReleaseSemaphore
FormatMessageA
LocalAlloc
DebugBreak
SetThreadContext
SuspendThread
GetThreadContext
ResumeThread
Module32First
Module32Next
IsBadReadPtr
IsBadWritePtr
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
lstrcatW
FlushInstructionCache
GetCurrentProcess
GetSystemPowerStatus
CreateFileW
DeviceIoControl
CreateMutexA
ReleaseMutex
lstrcpyA
CreateFileA
GetFileSize
MapViewOfFile
UnmapViewOfFile
SetEvent
GetDriveTypeA
GetVolumeInformationA
CreateEventA
GetFileAttributesA
CreateProcessA
_lopen

user32

SetTimer
KillTimer
GetFocus
GetDesktopWindow
IsWindowVisible
GetLastActivePopup
GetParent
SetForegroundWindow
LoadIconA
AdjustWindowRect
FindWindowA
InvalidateRect
IsWindow
ShowWindow
GetDC
ClientToScreen
GetClientRect
GetWindowRect
SetWindowRgn
IsZoomed
IsIconic
PostMessageA
SendMessageA
IntersectRect
SetRectEmpty
SetRect
ChangeDisplaySettingsA
GetSystemMetrics
PtInRect
GetWindowPlacement
InflateRect
EnumDisplaySettingsA
ReleaseDC
MessageBoxA
FillRect
SetCursor
CopyRect
ScreenToClient
SetCapture
SetParent
SetFocus
AdjustWindowRectEx
ReleaseCapture
CreateWindowExA
DefWindowProcA
RegisterClassA
GetWindowLongA
GetSysColor
GetCursorPos
GetWindowDC
WindowFromDC
LoadImageA
LoadCursorFromFileA
DestroyCursor
GetWindowRgn
GetClassLongA
SetClassLongA
GetCapture
SubtractRect
IsWindowEnabled
MonitorFromWindow
GetMonitorInfoA
RegisterWindowMessageA
UnregisterClassA
IsRectEmpty
TranslateAcceleratorA
LoadAcceleratorsA
DestroyAcceleratorTable
EnableWindow
CallNextHookEx
GetKeyState
ToUnicode
GetKeyboardState
ShowCursor
UnhookWindowsHookEx
SetWindowsHookExA
SystemParametersInfoA
SetWindowLongA
LoadCursorA
OffsetRect
ShowScrollBar
UpdateWindow
CharUpperW
CharUpperA
CharLowerW
CharLowerA
EqualRect
CharNextA

gdi32

GetClipBox
GetDCOrgEx
CreateDCA
DeleteDC
ExtEscape
CreateSolidBrush
GetStockObject
SelectClipRgn
SelectObject
LineTo
SetViewportOrgEx
MoveToEx
CreateRectRgnIndirect
CombineRgn
OffsetRgn
Rectangle
SetROP2
GetObjectA
GetTextExtentPoint32A
CreateRectRgn
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetPixel
DeleteObject
GetDeviceCaps
RealizePalette
StretchBlt
SelectPalette
GetDIBits
CreateHalftonePalette
GetDIBColorTable
CreatePalette
FrameRgn
GetRgnBox
GetCurrentObject
CreateFontIndirectA

advapi32

GetTokenInformation
RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegCreateKeyA
OpenServiceA
CloseServiceHandle
OpenProcessToken
SetSecurityDescriptorDacl
EqualSid
CreateServiceA
StartServiceA
QueryServiceStatus
AllocateAndInitializeSid
OpenSCManagerA
FreeSid
RegOpenKeyA
SetEntriesInAclA
InitializeSecurityDescriptor
RegEnumKeyA

shell32

Shell_NotifyIconA
ShellExecuteA

ole32

CoCreateFreeThreadedMarshaler
CoSetProxyBlanket
OleRun
StringFromGUID2
CoTaskMemRealloc
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

oleaut32

UnRegisterTypeLi
CreateErrorInfo
SysFreeString
SysAllocString
VariantInit
VariantClear
SysAllocStringLen
VarBstrCmp
SysStringLen
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
SysAllocStringByteLen
SysStringByteLen
GetErrorInfo
VariantChangeType
SetErrorInfo

d3d9

Direct3DCreate9

mfc80

ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord5203
ord4185
ord6275
ord5073
ord1908
ord5152
ord4244
ord1401
ord3946
ord1617
ord1620
ord5912
ord6724
ord1551
ord1670
ord1671
ord2020
ord4580
ord4890
ord4735
ord4212
ord5182
ord605
ord3641
ord762
ord578
ord876
ord3934
ord304
ord1084
ord1185
ord1187
ord1191
ord6754
ord3210
ord1934
ord3204
ord3302
ord1280
ord4125
ord2367
ord2372
ord1903
ord572
ord3195
ord4261
ord2991
ord5214
ord1402
ord5915
ord6725
ord620
ord1063
ord266
ord2322
ord1916
ord3997
ord2272
ord781
ord709
ord501
ord3401
ord1425
ord6090
ord1728
ord1554
ord1395
ord5403
ord2468
ord2902
ord310
ord3761
ord4115
ord784
ord911
ord2271
ord1489
ord299
ord6703
ord6118
ord1482
ord265
ord631
ord5529
ord2280
ord386
ord3086
ord2451
ord300
ord314
ord4104
ord4035
ord865
ord5833
ord4085
ord5563
ord297
ord589
ord2176
ord330
ord1308
ord1486
ord6065
ord6282
ord5613
ord3337
ord2131
ord2410
ord3683
ord566
ord3333
ord4481
ord2838
ord5566
ord5213
ord5230
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord757
ord4568
ord3830
ord1054
ord1049
ord2248
ord1917
ord1161
ord1160
ord1071
ord3552
ord718
ord736
ord4720
ord5211
ord4213
ord4190
ord4844
ord4867
ord4617
ord4797
ord5070
ord5072
ord5071
ord6747
ord5895
ord6236
ord2657
ord2164
ord3312
ord1588
ord1646
ord516
ord1793
ord1794
ord5969
ord4564
ord3667
ord4736
ord3229
ord4237
ord1570
ord2091
ord4099
ord1484
ord1933
ord6266
ord1397
ord657
ord3171
ord4234
ord1547
ord2089
ord4098
ord1483
ord1931
ord591
ord1880
ord1873
ord3317
ord4240
ord1591
ord2095
ord741
ord4353
ord760
ord3684
ord6007
ord5717
ord6006
ord5715
ord747
ord559
ord3174
ord5491
ord3255
ord1181
ord5320
ord6286
ord3230
ord2958
ord4238
ord2092
ord658
ord3879
ord3328
ord2987
ord754
ord3883
ord5868
ord5448
ord5446
ord2867
ord3875
ord3850
ord5331
ord6297
ord5873
ord745
ord755
ord4081
ord783
ord564
ord557
ord744
ord1452
ord6310
ord555
ord907
ord4108
ord4109
ord6174
ord6173
ord3605
ord4888
ord4692
ord1153
ord2375
ord2394
ord2368
ord3888
ord3889
ord684
ord3169
ord2942
ord2647
ord1325
ord2287
ord2438
ord5616
ord4973
ord4976
ord1404
ord1411
ord2656
ord2655
ord2659
ord2661
ord5654
ord5804
ord5806
ord3927
ord3778
ord3780
ord4754
ord6723
ord3908
ord2566
ord1614
ord2719
ord452
ord4118
ord3161
ord563
ord347
ord602
ord1279
ord5637
ord2264
ord6255
ord2594
ord3286
ord427
ord1123
ord3023
ord5431
ord870
ord4067
ord5644
ord2288
ord2751
ord3989
ord6017
ord1968
ord567
ord758
ord313
ord1198
ord5420
ord3691
ord384
ord629
ord5089
ord6288
ord1009
ord5639
ord2263
ord380
ord5493
ord2703
ord2702
ord3201
ord2086
ord587
ord6119
ord326
ord3163
ord2075
ord3164
ord4232
ord1545
ord531
ord723
ord5437
ord1003
ord2274
ord5445
ord6283
ord5647
ord5640
ord5642
ord6037
ord5731
ord5727
ord502
ord3287
ord5641
ord2654
ord1587
ord731
ord2234
ord3307
ord2899
ord3397
ord6752
ord4394
ord3389
ord556
ord5097
ord5346
ord908
ord262
ord6172
ord6178
ord3696
ord3348
ord5985
ord5588
ord5523
ord1110
ord5710
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4262
ord3182
ord354
ord764
ord581
ord1209
ord1177
ord1175
ord1201
ord1120
ord1167
ord371
ord1098
ord1208
ord1206
ord1092
ord1037
ord315
ord765
ord1230
ord3609

msvcr80

_unlock
_encode_pointer
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_malloc_crt
_encoded_null
_initterm
?terminate@@YAXXZ
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
fwrite
_vsnprintf
strrchr
_spawnl
wcslen
_mbscmp
_mbsnbcat
srand
_i64toa
_mbsnbcpy
strtoul
_stat64i32
strtok
atof
_atoi64
_mbsrchr
sscanf
memcpy
strtok_s
_CIsin
_initterm_e
strchr
fclose
fseek
_hypot
toupper
rand
fread
fopen
printf
vsprintf_s
modf
memmove
_strupr_s
isalnum
_snprintf
_strnicmp
_stricmp
iswdigit
strncpy_s
_splitpath_s
wcsncmp
isdigit
_wcslwr_s
_strlwr_s
_wtoi
strncmp
_wcsicmp
calloc
wcscpy_s
_recalloc
_resetstkoflw
strcat_s
wcsncpy_s
strcpy_s
malloc
_mbsnbcpy_s
_beginthreadex
strtol
strncpy
memcpy_s
free
strstr
memset
atoi
_purecall
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
sprintf
atol
__CxxFrameHandler3
_time64
_CIsqrt
_itoa
_HUGE
wcstol
swscanf
_snwprintf
vswprintf_s
strpbrk
wcspbrk
_CIacos
_CIcos

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsA

msvcp80

??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?_Myptr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?_Myptr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@IBEPB_WXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

winmm

timeGetTime

ddraw

DirectDrawCreate

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 912KB - Virtual size: 909KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1012KB - Virtual size: 1009KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b23108702da46c9c89513de620cb3f1d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

11:52:2d:eb:7b:7a:c2:73:94:e5:fe:57:32:39:12:cbCertificate

Extended Key Usages

Key Usages

5d:2f:d3:7a:b9:05:17:e8:fe:eb:08:8c:7d:4a:f5:e3:d0:ec:ed:c6Signer

Headers

File Characteristics

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

d3d9

mfc80

msvcr80

comctl32

shlwapi

msvcp80

winmm

ddraw

Exports

Exports

Sections

.text Size: 912KB - Virtual size: 909KB

.rdata Size: 192KB - Virtual size: 188KB

.data Size: 96KB - Virtual size: 122KB

.rsrc Size: 1012KB - Virtual size: 1009KB

.reloc Size: 88KB - Virtual size: 85KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

11:52:2d:eb:7b:7a:c2:73:94:e5:fe:57:32:39:12:cb
Certificate

5d:2f:d3:7a:b9:05:17:e8:fe:eb:08:8c:7d:4a:f5:e3:d0:ec:ed:c6
Signer

.text
Size: 912KB - Virtual size: 909KB

.rdata
Size: 192KB - Virtual size: 188KB

.data
Size: 96KB - Virtual size: 122KB

.rsrc
Size: 1012KB - Virtual size: 1009KB

.reloc
Size: 88KB - Virtual size: 85KB