rhadamanthys | LockBitRW[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

LockBitRW.rar
Size

2.6MB
MD5

cff570c34e99218bd2ae7454234082e3
SHA1

7037992c0d898866ee344eb0a8f36b99d3603ea2
SHA256

9ad0324340223dbe0dd10e61f2b497be6013b8840b5fda015e4c7296270d2122
SHA512

22d6ea113e56707450995c5025467def6a91e4efae5f9d1b719cbe5eb9c6d499d693a40e14f4f65a685c98edff45a50fb9b5f4e80c2238bf7fa53308e2226613
SSDEEP

49152:REmempzmEmeJS6+KWxxeEiqTwoGbC8aASHi8nNzFjVUWkEm3Q7iC3uEsTEmu:/eUUeINGokC8FH8NZjveg753Rslu

Score

10^/10

rhadamanthys

Malware Config

Extracted

Family

rhadamanthys

https://195.3.223.126:4287/9d0dc091285eb9fbf2e/o8f3c8oj.8rdif

Signatures

Rhadamanthys family
rhadamanthys

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Debug/decryptor.exe
unpack001/Release/decryptor.exe
unpack001/builder.exe
unpack001/decryptor/decryptor.exe

Files

LockBitRW.rar
.rar
Debug/decryptor.exe
.exe windows:4 windows x86 arch:x86

eca0c30b65294d02a6c6180a6b323b58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
HeapSize
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
InterlockedExchange
RtlUnwind
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
LoadLibraryA
GetCPInfo
GetSystemInfo
GetACP
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
GetLastError
GetCurrentThreadId
SetLastError
TlsAlloc
GetProcAddress
HeapCreate
VirtualQuery
WaitForSingleObject
HeapDestroy
CreateEventW
ExitProcess
WideCharToMultiByte
OutputDebugStringW
CreateFileW
ReadFile
CloseHandle
GetCurrentProcess
MultiByteToWideChar
GetModuleHandleW
InterlockedIncrement
GetModuleFileNameW
lstrlenW
HeapFree
OutputDebugStringA
MulDiv
GetProcessHeap
HeapAlloc
GetOEMCP
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA

user32

GetClassInfoW
FrameRect
CharUpperBuffW
IsIconic
EnableWindow
DrawIcon
DeleteMenu
SetTimer
CreateAcceleratorTableW
GetSystemMenu
DrawMenuBar
SetMenuItemInfoW
GetWindowTextW
GetDCEx
RegisterClassW
GetMenuItemInfoW
SetScrollPos
FillRect
GetSystemMetrics
GetDC
MsgWaitForMultipleObjectsEx
EndMenu
DestroyCursor
IsZoomed
GetCursor
GetScrollPos
DispatchMessageW
DefFrameProcW
DestroyMenu
ReleaseDC
IsDialogMessageW
GetScrollRange
DefMDIChildProcW
GetMenuStringW
PeekMessageW
CopyImage
ShowCaret
LoadIconW
DrawFocusRect
LoadBitmapW
GetDlgCtrlID
LoadStringW
GetClassInfoExW
DestroyIcon
ShowWindow
EndPaint
PostMessageW
CreateWindowExW
BeginPaint
LoadCursorW
GetClientRect
InsertMenuW
CreateIcon
DestroyWindow
KillTimer
GetScrollInfo
CreateMenu

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

gdi32

Pie
AngleArc
Polygon
CreateSolidBrush
RectVisible
CreateICW
CreatePalette
PolyBezierTo
RoundRect
RestoreDC
GetWindowOrgEx
CreateCompatibleBitmap
MoveToEx
GetTextMetricsW
GetStockObject
SetTextColor
SetAbortProc
SetBkMode
StretchBlt
CreateDCW
GetDeviceCaps
SetRectRgn
GetEnhMetaFileHeader

ole32

OleInitialize
CoUninitialize
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
IsEqualGUID
CoInitialize
CoCreateInstance

oleaut32

VariantChangeType
SafeArrayPutElement
VariantCopy
VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SysFreeString
GetErrorInfo
VariantInit
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayGetLBound
SafeArrayAccessData
VariantCopyInd
SysReAllocStringLen
SafeArrayCreate
SafeArrayUnaccessData

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winspool.drv

EnumPrintersW
ord203
OpenPrinterW
ClosePrinter
DocumentPropertiesW

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Debug/decryptor.ilk
Debug/decryptor.pdb
Release/R3ADM3.txt
Release/decryptor.exe
.exe windows:4 windows x86 arch:x86

eca0c30b65294d02a6c6180a6b323b58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
HeapSize
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
InterlockedExchange
RtlUnwind
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
LoadLibraryA
GetCPInfo
GetSystemInfo
GetACP
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
GetLastError
GetCurrentThreadId
SetLastError
TlsAlloc
GetProcAddress
HeapCreate
VirtualQuery
WaitForSingleObject
HeapDestroy
CreateEventW
ExitProcess
WideCharToMultiByte
OutputDebugStringW
CreateFileW
ReadFile
CloseHandle
GetCurrentProcess
MultiByteToWideChar
GetModuleHandleW
InterlockedIncrement
GetModuleFileNameW
lstrlenW
HeapFree
OutputDebugStringA
MulDiv
GetProcessHeap
HeapAlloc
GetOEMCP
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA

user32

GetClassInfoW
FrameRect
CharUpperBuffW
IsIconic
EnableWindow
DrawIcon
DeleteMenu
SetTimer
CreateAcceleratorTableW
GetSystemMenu
DrawMenuBar
SetMenuItemInfoW
GetWindowTextW
GetDCEx
RegisterClassW
GetMenuItemInfoW
SetScrollPos
FillRect
GetSystemMetrics
GetDC
MsgWaitForMultipleObjectsEx
EndMenu
DestroyCursor
IsZoomed
GetCursor
GetScrollPos
DispatchMessageW
DefFrameProcW
DestroyMenu
ReleaseDC
IsDialogMessageW
GetScrollRange
DefMDIChildProcW
GetMenuStringW
PeekMessageW
CopyImage
ShowCaret
LoadIconW
DrawFocusRect
LoadBitmapW
GetDlgCtrlID
LoadStringW
GetClassInfoExW
DestroyIcon
ShowWindow
EndPaint
PostMessageW
CreateWindowExW
BeginPaint
LoadCursorW
GetClientRect
InsertMenuW
CreateIcon
DestroyWindow
KillTimer
GetScrollInfo
CreateMenu

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

gdi32

Pie
AngleArc
Polygon
CreateSolidBrush
RectVisible
CreateICW
CreatePalette
PolyBezierTo
RoundRect
RestoreDC
GetWindowOrgEx
CreateCompatibleBitmap
MoveToEx
GetTextMetricsW
GetStockObject
SetTextColor
SetAbortProc
SetBkMode
StretchBlt
CreateDCW
GetDeviceCaps
SetRectRgn
GetEnhMetaFileHeader

ole32

OleInitialize
CoUninitialize
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
IsEqualGUID
CoInitialize
CoCreateInstance

oleaut32

VariantChangeType
SafeArrayPutElement
VariantCopy
VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SysFreeString
GetErrorInfo
VariantInit
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayGetLBound
SafeArrayAccessData
VariantCopyInd
SysReAllocStringLen
SafeArrayCreate
SafeArrayUnaccessData

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winspool.drv

EnumPrintersW
ord203
OpenPrinterW
ClosePrinter
DocumentPropertiesW

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Release/decryptor.iobj
Release/decryptor.ipdb
Release/decryptor.pdb
builder.exe
.exe windows:4 windows x86 arch:x86

eca0c30b65294d02a6c6180a6b323b58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
HeapSize
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
InterlockedExchange
RtlUnwind
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
LoadLibraryA
GetCPInfo
GetSystemInfo
GetACP
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
GetLastError
GetCurrentThreadId
SetLastError
TlsAlloc
GetProcAddress
HeapCreate
VirtualQuery
WaitForSingleObject
HeapDestroy
CreateEventW
ExitProcess
WideCharToMultiByte
OutputDebugStringW
CreateFileW
ReadFile
CloseHandle
GetCurrentProcess
MultiByteToWideChar
GetModuleHandleW
InterlockedIncrement
GetModuleFileNameW
lstrlenW
HeapFree
OutputDebugStringA
MulDiv
GetProcessHeap
HeapAlloc
GetOEMCP
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA

user32

GetClassInfoW
FrameRect
CharUpperBuffW
IsIconic
EnableWindow
DrawIcon
DeleteMenu
SetTimer
CreateAcceleratorTableW
GetSystemMenu
DrawMenuBar
SetMenuItemInfoW
GetWindowTextW
GetDCEx
RegisterClassW
GetMenuItemInfoW
SetScrollPos
FillRect
GetSystemMetrics
GetDC
MsgWaitForMultipleObjectsEx
EndMenu
DestroyCursor
IsZoomed
GetCursor
GetScrollPos
DispatchMessageW
DefFrameProcW
DestroyMenu
ReleaseDC
IsDialogMessageW
GetScrollRange
DefMDIChildProcW
GetMenuStringW
PeekMessageW
CopyImage
ShowCaret
LoadIconW
DrawFocusRect
LoadBitmapW
GetDlgCtrlID
LoadStringW
GetClassInfoExW
DestroyIcon
ShowWindow
EndPaint
PostMessageW
CreateWindowExW
BeginPaint
LoadCursorW
GetClientRect
InsertMenuW
CreateIcon
DestroyWindow
KillTimer
GetScrollInfo
CreateMenu

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

gdi32

Pie
AngleArc
Polygon
CreateSolidBrush
RectVisible
CreateICW
CreatePalette
PolyBezierTo
RoundRect
RestoreDC
GetWindowOrgEx
CreateCompatibleBitmap
MoveToEx
GetTextMetricsW
GetStockObject
SetTextColor
SetAbortProc
SetBkMode
StretchBlt
CreateDCW
GetDeviceCaps
SetRectRgn
GetEnhMetaFileHeader

ole32

OleInitialize
CoUninitialize
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
IsEqualGUID
CoInitialize
CoCreateInstance

oleaut32

VariantChangeType
SafeArrayPutElement
VariantCopy
VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SysFreeString
GetErrorInfo
VariantInit
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayGetLBound
SafeArrayAccessData
VariantCopyInd
SysReAllocStringLen
SafeArrayCreate
SafeArrayUnaccessData

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winspool.drv

EnumPrintersW
ord203
OpenPrinterW
ClosePrinter
DocumentPropertiesW

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
builder/builder.vcxproj
.xml
builder/builder.vcxproj.filters
builder/builder.vcxproj.user
decryptor/decryptor.exe
.exe windows:4 windows x86 arch:x86

eca0c30b65294d02a6c6180a6b323b58

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
HeapSize
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
InterlockedExchange
RtlUnwind
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
LoadLibraryA
GetCPInfo
GetSystemInfo
GetACP
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
GetLastError
GetCurrentThreadId
SetLastError
TlsAlloc
GetProcAddress
HeapCreate
VirtualQuery
WaitForSingleObject
HeapDestroy
CreateEventW
ExitProcess
WideCharToMultiByte
OutputDebugStringW
CreateFileW
ReadFile
CloseHandle
GetCurrentProcess
MultiByteToWideChar
GetModuleHandleW
InterlockedIncrement
GetModuleFileNameW
lstrlenW
HeapFree
OutputDebugStringA
MulDiv
GetProcessHeap
HeapAlloc
GetOEMCP
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA

user32

GetClassInfoW
FrameRect
CharUpperBuffW
IsIconic
EnableWindow
DrawIcon
DeleteMenu
SetTimer
CreateAcceleratorTableW
GetSystemMenu
DrawMenuBar
SetMenuItemInfoW
GetWindowTextW
GetDCEx
RegisterClassW
GetMenuItemInfoW
SetScrollPos
FillRect
GetSystemMetrics
GetDC
MsgWaitForMultipleObjectsEx
EndMenu
DestroyCursor
IsZoomed
GetCursor
GetScrollPos
DispatchMessageW
DefFrameProcW
DestroyMenu
ReleaseDC
IsDialogMessageW
GetScrollRange
DefMDIChildProcW
GetMenuStringW
PeekMessageW
CopyImage
ShowCaret
LoadIconW
DrawFocusRect
LoadBitmapW
GetDlgCtrlID
LoadStringW
GetClassInfoExW
DestroyIcon
ShowWindow
EndPaint
PostMessageW
CreateWindowExW
BeginPaint
LoadCursorW
GetClientRect
InsertMenuW
CreateIcon
DestroyWindow
KillTimer
GetScrollInfo
CreateMenu

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

gdi32

Pie
AngleArc
Polygon
CreateSolidBrush
RectVisible
CreateICW
CreatePalette
PolyBezierTo
RoundRect
RestoreDC
GetWindowOrgEx
CreateCompatibleBitmap
MoveToEx
GetTextMetricsW
GetStockObject
SetTextColor
SetAbortProc
SetBkMode
StretchBlt
CreateDCW
GetDeviceCaps
SetRectRgn
GetEnhMetaFileHeader

ole32

OleInitialize
CoUninitialize
OleUninitialize
CoTaskMemFree
CoTaskMemAlloc
IsEqualGUID
CoInitialize
CoCreateInstance

oleaut32

VariantChangeType
SafeArrayPutElement
VariantCopy
VariantClear
SafeArrayGetElement
SafeArrayGetUBound
SysFreeString
GetErrorInfo
VariantInit
SafeArrayPtrOfIndex
SysAllocStringLen
SafeArrayGetLBound
SafeArrayAccessData
VariantCopyInd
SysReAllocStringLen
SafeArrayCreate
SafeArrayUnaccessData

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

winspool.drv

EnumPrintersW
ord203
OpenPrinterW
ClosePrinter
DocumentPropertiesW

Sections

.text
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 324KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
decryptor/decryptor.ilk
decryptor/decryptor.pdb
locker/Debug/locker.Build.CppClean.log
locker/Debug/locker.log
locker/Debug/vc142.idb
locker/Debug/vc142.pdb
locker/GetApi.h
locker/MetaRandom2.h
locker/MetaString.h
locker/Release/locker.Build.CppClean.log
locker/Release/locker.log
locker/Release/vc140.pdb
locker/antihook/antihooks.h
locker/api.h
locker/chacha20/chacha.c
locker/chacha20/chacha.h
locker/chacha20/ecrypt-config.h
locker/chacha20/ecrypt-machine.h
locker/chacha20/ecrypt-portable.h
locker/chacha20/ecrypt-sync.h
locker/common.h
locker/filesystem.h
locker/global_parameters.h
locker/hash.h
locker/locker.h
locker/locker.vcxproj
.xml
locker/locker.vcxproj.filters
locker/locker.vcxproj.user
locker/logs.h
locker/memory.h
locker/network_scanner.h
locker/ntdll.h
locker/process_killer.h
locker/queue.h
locker/threadpool.h

Sharing

General

Malware Config

Extracted

Signatures

Files

eca0c30b65294d02a6c6180a6b323b58

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

oleaut32

version

winspool.drv

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 324KB - Virtual size: 322KB

.data Size: 4KB - Virtual size: 5KB

eca0c30b65294d02a6c6180a6b323b58

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

oleaut32

version

winspool.drv

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 324KB - Virtual size: 322KB

.data Size: 4KB - Virtual size: 5KB

eca0c30b65294d02a6c6180a6b323b58

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

oleaut32

version

winspool.drv

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 324KB - Virtual size: 322KB

.data Size: 4KB - Virtual size: 5KB

eca0c30b65294d02a6c6180a6b323b58

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

oleaut32

version

winspool.drv

Sections

.text Size: 124KB - Virtual size: 120KB

.rdata Size: 324KB - Virtual size: 322KB

.data Size: 4KB - Virtual size: 5KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 324KB - Virtual size: 322KB

.data
Size: 4KB - Virtual size: 5KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 324KB - Virtual size: 322KB

.data
Size: 4KB - Virtual size: 5KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 324KB - Virtual size: 322KB

.data
Size: 4KB - Virtual size: 5KB

.text
Size: 124KB - Virtual size: 120KB

.rdata
Size: 324KB - Virtual size: 322KB

.data
Size: 4KB - Virtual size: 5KB