ed262fd16d7eb756959c2ed79525ebcae89d1b2921055ed8e9bffcc41f1a6f5b

Sharing

Copy URL Twitter E-mail

General

Target

ed262fd16d7eb756959c2ed79525ebcae89d1b2921055ed8e9bffcc41f1a6f5b
Size

1.1MB
MD5

76e30a449d2374d76dd39aa900aa4188
SHA1

433c001fb5f11650138c5509f677666461697f7a
SHA256

ed262fd16d7eb756959c2ed79525ebcae89d1b2921055ed8e9bffcc41f1a6f5b
SHA512

dc1c1cfb29620389d6ca916c900d19f4eb40f10186bc705f67372784ac6f83b0e3b82ffc717882b942920d93a7821b23754abf1933f0ae77097d8ec228c548e5
SSDEEP

24576:aC6WOL5q0Sy9yZKj3zfrKFKE46n8OPsahf8qC9PkOr/rDQv:aC6xE0SSyZ4zfWEE46nHsObskwjDQv

Score

5^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/cygwin1.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/WinDivert.dll
unpack001/cygwin1.dll
unpack002/out.upx
unpack001/winws.exe

Files

ed262fd16d7eb756959c2ed79525ebcae89d1b2921055ed8e9bffcc41f1a6f5b
.zip
WinDivert.dll
.dll windows:4 windows x64 arch:x64

0b649f8e17494bb31b47f6e959a1769c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

CloseServiceHandle
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegSetValueExW
StartServiceW

kernel32

CloseHandle
CreateEventW
CreateFileW
CreateMutexW
DeviceIoControl
GetLastError
GetModuleFileNameW
GetOverlappedResult
HeapAlloc
HeapCreate
HeapDestroy
ReleaseMutex
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject

Exports

Exports

WinDivertClose
WinDivertGetParam
WinDivertHelperCalcChecksums
WinDivertHelperCompileFilter
WinDivertHelperDecrementTTL
WinDivertHelperEvalFilter
WinDivertHelperFormatFilter
WinDivertHelperFormatIPv4Address
WinDivertHelperFormatIPv6Address
WinDivertHelperHashPacket
WinDivertHelperHtonIPv6Address
WinDivertHelperHtonIpv6Address
WinDivertHelperHtonl
WinDivertHelperHtonll
WinDivertHelperHtons
WinDivertHelperNtohIPv6Address
WinDivertHelperNtohIpv6Address
WinDivertHelperNtohl
WinDivertHelperNtohll
WinDivertHelperNtohs
WinDivertHelperParseIPv4Address
WinDivertHelperParseIPv6Address
WinDivertHelperParsePacket
WinDivertOpen
WinDivertRecv
WinDivertRecvEx
WinDivertSend
WinDivertSendEx
WinDivertSetParam
WinDivertShutdown

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cygwin1.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

GetCommandLineA@0
GetCommandLineW@0
_Exit
__argc
__argv
__assert
__assert_func
__assertfail
__b64_ntop
__b64_pton
__bsd_qsort_r
__check_rhosts_file
__chk_fail
__cpuset_alloc
__cpuset_free
__ctype_ptr__
__cxa_atexit
__cxa_finalize
__cygwin_user_data
__dn_comp
__dn_expand
__dn_skipname
__eprintf
__errno
__fbufsize
__flbf
__fpclassifyd
__fpclassifyf
__fpending
__fpurge
__freadable
__freading
__fsetlocking
__fwritable
__fwriting
__getpagesize
__getreent
__gets_chk
__gnu_basename
__infinity
__isinfd
__isinff
__isnand
__isnanf
__locale_ctype_ptr
__locale_ctype_ptr_l
__locale_mb_cur_max
__main
__mb_cur_max
__memcpy_chk
__memmove_chk
__mempcpy
__mempcpy_chk
__memset_chk
__opendir_with_d_ino
__progname
__rcmd_errstr
__res_close
__res_init
__res_mkquery
__res_nclose
__res_ninit
__res_nmkquery
__res_nquery
__res_nquerydomain
__res_nsearch
__res_nsend
__res_query
__res_querydomain
__res_search
__res_send
__res_state
__sched_getaffinity_sys
__signbitd
__signbitf
__signgam
__snprintf_chk
__sprintf_chk
__srget
__srget_r
__stack_chk_fail
__stack_chk_fail_local
__stack_chk_guard
__stpcpy_chk
__stpncpy_chk
__strcat_chk
__strcpy_chk
__strncat_chk
__strncpy_chk
__swbuf
__swbuf_r
__vsnprintf_chk
__vsprintf_chk
__wrap__ZdaPv
__wrap__ZdaPvRKSt9nothrow_t
__wrap__ZdlPv
__wrap__ZdlPvRKSt9nothrow_t
__wrap__Znam
__wrap__ZnamRKSt9nothrow_t
__wrap__Znwm
__wrap__ZnwmRKSt9nothrow_t
__xdrrec_getrec
__xdrrec_setnonblock
__xpg_sigpause
__xpg_strerror_r
_alloca
_check_for_executable
_ctype_
_daylight
_dll_crt0
_exit
_fe_dfl_env
_fe_nomask_env
_feinitialise
_fscanf_r
_get_osfhandle
_impure_ptr
_longjmp
_pipe
_pthread_cleanup_pop
_pthread_cleanup_push
_setjmp
_setmode
_sys_errlist
_sys_nerr
_timezone
_tzname
a64l
abort
abs
accept
accept4
access
acl
acl_add_perm
acl_calc_mask
acl_check
acl_clear_perms
acl_cmp
acl_copy_entry
acl_copy_ext
acl_copy_int
acl_create_entry
acl_delete_def_file
acl_delete_entry
acl_delete_perm
acl_dup
acl_entries
acl_equiv_mode
acl_error
acl_extended_fd
acl_extended_file
acl_extended_file_nofollow
acl_free
acl_from_mode
acl_from_text
acl_get_entry
acl_get_fd
acl_get_file
acl_get_perm
acl_get_permset
acl_get_qualifier
acl_get_tag_type
acl_init
acl_set_fd
acl_set_file
acl_set_permset
acl_set_qualifier
acl_set_tag_type
acl_size
acl_to_any_text
acl_to_text
acl_valid
aclcheck
aclfrommode
aclfrompbits
aclfromtext
aclsort
acltomode
acltopbits
acltotext
acos
acosf
acosh
acoshf
acoshl
acosl
aio_cancel
aio_error
aio_fsync
aio_read
aio_return
aio_suspend
aio_write
alarm
aligned_alloc
alphasort
arc4random
arc4random_addrandom
arc4random_buf
arc4random_stir
arc4random_uniform
argz_add
argz_add_sep
argz_append
argz_count
argz_create
argz_create_sep
argz_delete
argz_extract
argz_insert
argz_next
argz_replace
argz_stringify
asctime
asctime_r
asin
asinf
asinh
asinhf
asinhl
asinl
asnprintf
asprintf
at_quick_exit
atan
atan2
atan2f
atan2l
atanf
atanh
atanhf
atanhl
atanl
atexit
atof
atoff
atoi
atol
atoll
basename
bcmp
bcopy
bind
bindresvport
bindresvport_sa
bsearch
btowc
bzero
cabs
cabsf
cabsl
cacos
cacosf
cacosh
cacoshf
cacoshl
cacosl
call_once
calloc
canonicalize_file_name
carg
cargf
cargl
casin
casinf
casinh
casinhf
casinhl
casinl
catan
catanf
catanh
catanhf
catanhl
catanl
catclose
catgets
catopen
cbrt
cbrtf
cbrtl
ccos
ccosf
ccosh
ccoshf
ccoshl
ccosl
ceil
ceilf
ceill
cexp
cexpf
cexpl
cfgetispeed
cfgetospeed
cfmakeraw
cfsetispeed
cfsetospeed
cfsetspeed
chdir
chmod
chown
chroot
cimag
cimagf
cimagl
clearenv
clearerr
clearerr_unlocked
clock
clock_getcpuclockid
clock_getres
clock_gettime
clock_nanosleep
clock_setres
clock_settime
clog
clog10
clog10f
clog10l
clogf
clogl
close
closedir
closelog
cnd_broadcast
cnd_destroy
cnd_init
cnd_signal
cnd_timedwait
cnd_wait
confstr
conj
conjf
conjl
connect
copysign
copysignf
copysignl
cos
cosf
cosh
coshf
coshl
cosl
cpow
cpowf
cpowl
cproj
cprojf
cprojl
creal
crealf
creall
creat
csin
csinf
csinh
csinhf
csinhl
csinl
csqrt
csqrtf
csqrtl
ctan
ctanf
ctanh
ctanhf
ctanhl
ctanl
ctermid
ctime
ctime_r
cuserid
cwait
cygwin_attach_handle_to_fd
cygwin_conv_path
cygwin_conv_path_list
cygwin_create_path
cygwin_detach_dll
cygwin_dll_init
cygwin_internal
cygwin_logon_user
cygwin_posix_path_list_p
cygwin_set_impersonation_token
cygwin_split_path
cygwin_stackdump
cygwin_umount
cygwin_winpid_to_pid
daemon
dbm_clearerr
dbm_close
dbm_delete
dbm_dirfno
dbm_error
dbm_fetch
dbm_firstkey
dbm_nextkey
dbm_open
dbm_store
difftime
dirfd
dirname
div
dladdr
dlclose
dlerror
dlfork
dll_crt0__FP11per_process
dll_dllcrt0
dll_entry
dlopen
dlsym
dn_comp
dn_expand
dn_skipname
dprintf
drand48
drem
dremf
dreml
dup
dup2
dup3
duplocale
eaccess
ecvt
ecvtbuf
ecvtf
endgrent
endhostent
endmntent
endprotoent
endpwent
endservent
endusershell
endutent
endutxent
environ
envz_add
envz_entry
envz_get
envz_merge
envz_remove
envz_strip
erand48
erf
erfc
erfcf
erfcl
erff
erfl
err
error
error_at_line
error_message_count
error_one_per_line
error_print_progname
errx
euidaccess
execl
execle
execlp
execv
execve
execvp
execvpe
exit
exp
exp10
exp10f
exp10l
exp2
exp2f
exp2l
expf
expl
explicit_bzero
expm1
expm1f
expm1l
fabs
fabsf
fabsl
faccessat
facl
fchdir
fchmod
fchmodat
fchown
fchownat
fclose
fcloseall
fcntl
fcvt
fcvtbuf
fcvtf
fdatasync
fdim

Sections

UPX0
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 961KB - Virtual size: 964KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

/4
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 161KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/38
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
discord.bat
discord_youtube.bat
list-discord.txt
list-general.txt
quic_initial_www_google_com.bin
service_discord.bat
.bat .vbs
service_discord_youtube.bat
.bat .vbs
service_remove.bat
tls_clienthello_www_google_com.bin
winws.exe
.exe windows:4 windows x64 arch:x64

255c40683a25f28abd8a51314c080715

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

Imports

cygwin1

__cxa_atexit
__errno
__getreent
__locale_ctype_ptr
__main
__stack_chk_fail
__stack_chk_guard
_dll_crt0
_impure_ptr
atoi
calloc
chdir
close
cygwin_detach_dll
cygwin_internal
dirname
dll_dllcrt0
dup
exit
fclose
fflush
fgets
fopen
fork
fprintf
fputc
fread
free
fseek
fwrite
getopt_long_only
getpid
getsockopt
inet_ntop
inet_pton
localtime_r
malloc
memcmp
memcpy
memmem
memmove
memset
open
openlog
optarg
posix_memalign
printf
putchar
puts
random
realloc
setsid
setsockopt
signal
snprintf
srandom
sscanf
stat
strcasecmp
strchr
strcmp
strdup
strerror
strlen
strncasecmp
strncat
strncpy
syslog
time
tolower
toupper
usleep
vfprintf
vsnprintf

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceCtrlDispatcherA

kernel32

CancelIoEx
CloseHandle
CreateEventW
CreateMutexA
FormatMessageA
GetLastError
GetModuleHandleA
GetOverlappedResult
GetTickCount
LocalFree
ReleaseMutex
SetLastError
WaitForSingleObject
WideCharToMultiByte

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString

wlanapi

WlanCloseHandle
WlanEnumInterfaces
WlanFreeMemory
WlanOpenHandle
WlanQueryInterface

windivert

WinDivertClose
WinDivertOpen
WinDivertRecvEx
WinDivertSend

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 268B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b649f8e17494bb31b47f6e959a1769c

Headers

File Characteristics

Imports

advapi32

kernel32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.data Size: 512B - Virtual size: 32B

.rdata Size: 9KB - Virtual size: 8KB

.pdata Size: 1024B - Virtual size: 840B

.xdata Size: 1024B - Virtual size: 800B

.bss Size: - Virtual size: 16B

.edata Size: 1KB - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 240B

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 2.1MB

UPX1 Size: 961KB - Virtual size: 964KB

.rsrc Size: 36KB - Virtual size: 40KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

/4 Size: 14KB - Virtual size: 13KB

.data Size: 274KB - Virtual size: 273KB

.rdata Size: 400KB - Virtual size: 399KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 69KB - Virtual size: 68KB

.xdata Size: 69KB - Virtual size: 68KB

.bss Size: - Virtual size: 161KB

.edata Size: 35KB - Virtual size: 35KB

.reloc Size: 22KB - Virtual size: 22KB

/19 Size: 49KB - Virtual size: 48KB

.idata Size: 15KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

/38 Size: 512B - Virtual size: 20B

255c40683a25f28abd8a51314c080715

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

cygwin1

advapi32

kernel32

ole32

oleaut32

wlanapi

windivert

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 2KB - Virtual size: 2KB

.rdata Size: 85KB - Virtual size: 84KB

.buildid Size: 512B - Virtual size: 53B

.pdata Size: 4KB - Virtual size: 3KB

.xdata Size: 4KB - Virtual size: 3KB

.bss Size: - Virtual size: 23KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 268B

.text
Size: 30KB - Virtual size: 30KB

.data
Size: 512B - Virtual size: 32B

.rdata
Size: 9KB - Virtual size: 8KB

.pdata
Size: 1024B - Virtual size: 840B

.xdata
Size: 1024B - Virtual size: 800B

.bss
Size: - Virtual size: 16B

.edata
Size: 1KB - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 240B

UPX0
Size: - Virtual size: 2.1MB

UPX1
Size: 961KB - Virtual size: 964KB

.rsrc
Size: 36KB - Virtual size: 40KB

.text
Size: 1.9MB - Virtual size: 1.9MB

/4
Size: 14KB - Virtual size: 13KB

.data
Size: 274KB - Virtual size: 273KB

.rdata
Size: 400KB - Virtual size: 399KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 69KB - Virtual size: 68KB

.xdata
Size: 69KB - Virtual size: 68KB

.bss
Size: - Virtual size: 161KB

.edata
Size: 35KB - Virtual size: 35KB

.reloc
Size: 22KB - Virtual size: 22KB

/19
Size: 49KB - Virtual size: 48KB

.idata
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

/38
Size: 512B - Virtual size: 20B

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 2KB - Virtual size: 2KB

.rdata
Size: 85KB - Virtual size: 84KB

.buildid
Size: 512B - Virtual size: 53B

.pdata
Size: 4KB - Virtual size: 3KB

.xdata
Size: 4KB - Virtual size: 3KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 268B