36b9b8b3108eaf42061e802091e492fa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

36b9b8b3108eaf42061e802091e492fa_JaffaCakes118
Size

167KB
MD5

36b9b8b3108eaf42061e802091e492fa
SHA1

a8e9e4d39afc3f3724a1b06419b90ec8887bad8b
SHA256

37e1d41e8a7c463e721cc294f2c5413ad750a81be4aa4fa982673c596c91f567
SHA512

7428694b502302b29c6941612ed0d34e7e11fea07fa88f1b03c5e73cf17db425506aa476e03830262551fddb39ed9a4647be08928384c243c5a5ecd45ed22d1e
SSDEEP

3072:2y5AvnlHjGAoVZv9wz8En32gzlIC/VqnCKwqNyu1Nn6XHpdA:2y5APBjGAoVXwR2EI+AwqNzn65dA

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/Cadt.dll	acprotect
static1/unpack001/Unzipper.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Cadt.dll	upx
static1/unpack001/DisView.exe	upx
static1/unpack001/Unzipper.dll	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Cadt.dll
unpack002/out.upx
unpack001/DisView.exe
unpack003/out.upx
unpack001/LZNT1Decompress.dll
unpack001/MalHost-Setup.exe
unpack001/OfficeMalScanner.exe
unpack001/RTFScan.exe
unpack001/Unzipper.dll
unpack004/out.upx

Files

36b9b8b3108eaf42061e802091e492fa_JaffaCakes118
.zip
Cadt.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetCadtVersion
InstrDasm
InstrDecode
MakeMnemonic

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 834B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 139B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DisView.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LZNT1Decompress.dll
.dll windows:6 windows x86 arch:x86

6f1444d26c08091a2457a524c61ff4c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
_initterm
_amsg_exit
malloc
_XcptFilter
memcpy
memset

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange

Exports

Exports

RtlDecompressBuffer

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MalHost-Setup.exe
.exe windows:5 windows x86 arch:x86

5a86c95c2be7df6e234f131fd09277e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripPathA

user32

wsprintfA

kernel32

GetCPInfo
FreeLibrary
LocalFree
UnmapViewOfFile
CloseHandle
WriteFile
GetTempPathA
MapViewOfFile
CreateFileMappingA
GetLastError
GetFileSize
CreateFileA
GetModuleFileNameA
LocalAlloc
GetModuleHandleA
GetProcAddress
LoadLibraryA
SetConsoleTextAttribute
GetStdHandle
GetModuleHandleW
Sleep
ExitProcess
HeapAlloc
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetACP
GetOEMCP
IsValidCodePage
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
RtlUnwind
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OfficeMalScanner.exe
.exe windows:5 windows x86 arch:x86

0036643964b727b62f76d823feaacd59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveExtensionA
PathStripPathA

ole32

StgOpenStorage

shell32

SHFileOperationA

cadt

InstrDecode
InstrDasm
MakeMnemonic

kernel32

IsDebuggerPresent
GetStringTypeW
SetConsoleTextAttribute
GetStdHandle
LocalFree
CreateDirectoryA
GetTempPathA
LocalAlloc
GetProcAddress
LoadLibraryA
WriteFile
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLastError
GetFileSize
CreateFileA
GetCurrentDirectoryA
GetModuleHandleA
GetModuleHandleW
Sleep
ExitProcess
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetModuleFileNameA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
HeapFree
HeapAlloc
RaiseException
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetFilePointer
SetStdHandle
HeapReAlloc
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RTFScan.exe
.exe windows:5 windows x86 arch:x86

66a005b46331bc94804a8556533e373c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripPathA
PathRemoveExtensionA

cadt

MakeMnemonic
InstrDasm
InstrDecode

kernel32

InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
SetConsoleTextAttribute
GetStdHandle
LocalFree
CloseHandle
WriteFile
CreateFileA
LocalAlloc
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetLastError
GetFileSize
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
GetCommandLineA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetModuleFileNameA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
RtlUnwind
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
SetStdHandle
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 32.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Unzipper.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

kunzip_all
kunzip_count_files
kunzip_get_filesize
kunzip_get_modtime
kunzip_get_name
kunzip_get_offset_by_name
kunzip_get_offset_by_number
kunzip_get_version
kunzip_inflate_free
kunzip_inflate_init
kunzip_next
kunzip_print_version

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

kunzip_all
kunzip_count_files
kunzip_get_filesize
kunzip_get_modtime
kunzip_get_name
kunzip_get_offset_by_name
kunzip_get_offset_by_number
kunzip_get_version
kunzip_inflate_free
kunzip_inflate_init
kunzip_next
kunzip_print_version

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 356B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 44KB

UPX1 Size: 16KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 19KB - Virtual size: 18KB

DATA Size: 9KB - Virtual size: 8KB

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 834B

.edata Size: 512B - Virtual size: 139B

.reloc Size: 1024B - Virtual size: 1020B

.rsrc Size: 512B - Virtual size: 512B

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 44KB

UPX1 Size: 25KB - Virtual size: 28KB

UPX2 Size: 512B - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

6f1444d26c08091a2457a524c61ff4c6

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 942B

5a86c95c2be7df6e234f131fd09277e9

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

user32

kernel32

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 10KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 10KB

.reloc Size: 4KB - Virtual size: 3KB

0036643964b727b62f76d823feaacd59

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

ole32

shell32

cadt

kernel32

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 32.0MB

.reloc Size: 37KB - Virtual size: 36KB

66a005b46331bc94804a8556533e373c

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 4KB

CODE
Size: 19KB - Virtual size: 18KB

DATA
Size: 9KB - Virtual size: 8KB

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 834B

.edata
Size: 512B - Virtual size: 139B

.reloc
Size: 1024B - Virtual size: 1020B

.rsrc
Size: 512B - Virtual size: 512B

UPX0
Size: - Virtual size: 44KB

UPX1
Size: 25KB - Virtual size: 28KB

UPX2
Size: 512B - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 942B

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 10KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 10KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 32.0MB

.reloc
Size: 37KB - Virtual size: 36KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 32.0MB

.reloc
Size: 25KB - Virtual size: 25KB

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 896B

.rdata
Size: 1024B - Virtual size: 576B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 400B

.idata
Size: 1024B - Virtual size: 956B

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 356B