growtopia | JaffaCakes118_cb5fdc692321856edbe53ff55b7be978e5f64f7c50997e188be9856494402f08

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_cb5fdc692321856edbe53ff55b7be978e5f64f7c50997e188be9856494402f08
Size

7.1MB
MD5

17ed51434538650ae9da2512abfe62c7
SHA1

b45d63ef60a2221010fd7d382510635b53d8e395
SHA256

cb5fdc692321856edbe53ff55b7be978e5f64f7c50997e188be9856494402f08
SHA512

d66c45e4eb1dedd1ef95113ea5fe164f820468f450e75a0b680e806f6065f487bac26b63a22cce86dad8fcafa6da028133e9e13e7914f144274303a0dda21558
SSDEEP

196608:x3cTsj2ZGi24YcOUCkxspHQQ9u4mYSCTvrdinWnnX4:x3McrUCkSPCYSciwo

Score

10^/10

growtopia

Malware Config

Signatures

Growtopia family
growtopia

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/03554975945fa8367e351f890dd96ae082efa56d9dd4874340409201a86a8e38
unpack001/2bd44be32a10f7fa23f7a277f6f41865c0d67dcb1b4032d22e172a1757b7d15f
unpack001/58b64582e298888676585cb3fe67f3c1f48b74e7ca56ba96b1b63d9baaa0fa99
unpack001/7dbf54a7d28bc41c266a9277238b7ca8089e0df97b0c917f3424a443185f99c5
unpack001/a4d38ea798a72ff072d12bf33cc4f478768d0014ab48ecb02a0453a2d10ff6d9
unpack001/b0eb1c41e759592f1d79d30a967323814748ecd8b3fa889dc1138fd512ae987e
unpack001/dbf8dbd2a9d41f7f58e02ed7829fc6538cc03403f547b1a6ad8db6428eb0a934
unpack001/e2a33fede9a1d897e504541f61bf7ded193e801dda952657d615f34d6b94cdd3
unpack001/e894cb278095ee0c01d0bd686203f1a23689fadd1f93db41e2867d7e3d65897c

Files

JaffaCakes118_cb5fdc692321856edbe53ff55b7be978e5f64f7c50997e188be9856494402f08
.zip

Password: infected
03554975945fa8367e351f890dd96ae082efa56d9dd4874340409201a86a8e38
.dll windows:6 windows x86 arch:x86

b16206cd7e8800b0d714a59061456f9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
Sleep
GetLastError
CreateThread
DeleteCriticalSection
GetFileSize
SetLastError
CreateFileA
lstrlenA
LoadLibraryA
GetTickCount
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
LeaveCriticalSection
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
CloseHandle
GetSystemInfo
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
lstrcpyA
GetModuleHandleA
ReadProcessMemory
CreatePipe
PeekNamedPipe
GetStartupInfoA
LocalAlloc
lstrlenW
GetPrivateProfileStringA
GlobalFree
WriteConsoleW
EnterCriticalSection
HeapSize
VirtualFree
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
GetFileAttributesA
lstrcatA
SetStdHandle
VirtualQuery
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
InitializeSListHead
GetCurrentProcess
TerminateProcess
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlUnwind
InterlockedFlushSList
RaiseException
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread

advapi32

IsTextUnicode
CryptAcquireContextW
CryptGetHashParam

shell32

SHGetKnownFolderPath

user32

CharUpperA
IsCharAlphaNumericW
GetParent

psapi

GetModuleFileNameExA

wininet

InternetCrackUrlA
HttpEndRequestA
HttpSendRequestExA
InternetWriteFile
HttpAddRequestHeadersA

Exports

Exports

Control
FreeBuffer
Release
Start
Stop

Sections

.text
Size: 766KB - Virtual size: 766KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2bd44be32a10f7fa23f7a277f6f41865c0d67dcb1b4032d22e172a1757b7d15f
.dll windows:6 windows x86 arch:x86

03d3fbeb6c3d06f7324c0c4b5dd93935

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
HeapFree
lstrcmpiA
lstrcpyA
HeapAlloc
HeapCreate
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
CreateThread
CreateFileA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
DecodePointer

advapi32

CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
FreeSid

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
58b64582e298888676585cb3fe67f3c1f48b74e7ca56ba96b1b63d9baaa0fa99
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 407KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7dbf54a7d28bc41c266a9277238b7ca8089e0df97b0c917f3424a443185f99c5
.dll windows:6 windows x86 arch:x86

03d3fbeb6c3d06f7324c0c4b5dd93935

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
HeapFree
lstrcmpiA
lstrcpyA
HeapAlloc
HeapCreate
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
CreateThread
CreateFileA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
DecodePointer

advapi32

CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
FreeSid

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l2
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a4d38ea798a72ff072d12bf33cc4f478768d0014ab48ecb02a0453a2d10ff6d9
.dll windows:6 windows x64 arch:x64

818152acf9b9745a10910998c6f4cf34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
ExitProcess
HeapFree
lstrcmpiA
lstrcpyA
HeapAlloc
HeapCreate
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
CreateThread
CreateFileA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW

advapi32

CheckTokenMembership
AllocateAndInitializeSid
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
FreeSid

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l2
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
b0eb1c41e759592f1d79d30a967323814748ecd8b3fa889dc1138fd512ae987e
.dll windows:6 windows x86 arch:x86

67a77ba84b8460ec4304d7949f19feac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
Sleep
GetLastError
CreateThread
DeleteCriticalSection
GetFileSize
SetLastError
CreateFileA
lstrlenA
LoadLibraryA
GetTickCount
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
LeaveCriticalSection
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
CloseHandle
GetSystemInfo
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
lstrcpyA
GetModuleHandleA
ReadProcessMemory
CreatePipe
PeekNamedPipe
GetStartupInfoA
LocalAlloc
lstrlenW
GetPrivateProfileStringA
GlobalFree
WriteConsoleW
EnterCriticalSection
HeapSize
VirtualFree
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapFree
lstrcatA
GetFileAttributesExW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetACP
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
InitializeSListHead
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlUnwind
InterlockedFlushSList
RaiseException
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
VirtualQuery

advapi32

IsTextUnicode
CryptAcquireContextW
CryptGetHashParam

user32

GetParent
CharUpperA

psapi

GetProcessImageFileNameA

wininet

InternetCrackUrlA

Exports

Exports

Control
FreeBuffer
Release
Start
Stop

Sections

.text
Size: 769KB - Virtual size: 769KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dbf8dbd2a9d41f7f58e02ed7829fc6538cc03403f547b1a6ad8db6428eb0a934
.dll windows:6 windows x64 arch:x64

a706d6d347954c53e0f12dc6f6aaf47d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
Sleep
GetLastError
CreateThread
DeleteCriticalSection
GetFileSize
SetLastError
CreateFileA
lstrlenA
LoadLibraryA
GetTickCount
AreFileApisANSI
ReadFile
TryEnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
MultiByteToWideChar
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
EnterCriticalSection
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
DeleteFileW
CloseHandle
GetSystemInfo
LoadLibraryW
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
LocalFree
LockFileEx
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
lstrcpyA
GetModuleHandleA
ReadProcessMemory
CreatePipe
PeekNamedPipe
GetStartupInfoA
LocalAlloc
lstrlenW
GetPrivateProfileStringA
GlobalFree
WriteConsoleW
GetProcessHeap
HeapSize
VirtualFree
HeapAlloc
HeapReAlloc
HeapFree
HeapCreate
GetFileAttributesA
lstrcatA
SetStdHandle
RtlUnwind
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
InitializeSListHead
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
LoadLibraryExW
GetCurrentProcess
TerminateProcess
ExitThread
FreeLibraryAndExitThread

advapi32

IsTextUnicode
CryptAcquireContextW
CryptGetHashParam

shell32

SHGetKnownFolderPath

user32

IsCharAlphaNumericW
CharUpperA
GetParent

psapi

GetModuleFileNameExA

wininet

InternetCrackUrlA
HttpEndRequestA
HttpSendRequestExA
InternetWriteFile
HttpAddRequestHeadersA

Exports

Exports

Control
FreeBuffer
Release
Start
Stop

Sections

.text
Size: 973KB - Virtual size: 972KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
e2a33fede9a1d897e504541f61bf7ded193e801dda952657d615f34d6b94cdd3
.dll windows:6 windows x86 arch:x86

808d83d867a86e4f963a97415bed67af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
Sleep
HeapCreate
CreateThread
lstrcmpiA
lstrcpyA
LocalFree
LocalAlloc
GetModuleHandleA
GetWindowsDirectoryA
DeviceIoControl
GetLastError
CloseHandle
ExitProcess
CreateFileA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetConsoleCP
GetConsoleMode
DeleteFileW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileW
SetFilePointerEx
WriteConsoleW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
ReadConsoleW
DecodePointer

advapi32

OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
StartServiceA

shell32

ord680

Exports

Exports

Control
FreeBuffer
Release
Start

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l2
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
e894cb278095ee0c01d0bd686203f1a23689fadd1f93db41e2867d7e3d65897c
.dll windows:6 windows x86 arch:x86

24154a7924eddc01158fdcdbfca3568a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalUnlock
SetPriorityClass
GetCurrentProcess
GetExitCodeThread
SetThreadIdealProcessor
ExitProcess
InitializeCriticalSectionEx
MultiByteToWideChar
RaiseException
DecodePointer
DeleteCriticalSection
WideCharToMultiByte
DeleteFileA
GetPrivateProfileStringA
LoadLibraryW
GetTempPathA
CopyFileA
GetFileAttributesA
GetTempFileNameA
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
GetDiskFreeSpaceW
LockFile
LeaveCriticalSection
InitializeCriticalSection
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
CreateFileW
GetFileAttributesW
UnmapViewOfFile
HeapValidate
HeapSize
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileW
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
LocalFree
LockFileEx
GetFileSize
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
GlobalAlloc
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
FlushFileBuffers
CreateEventA
FreeLibrary
GetVersionExA
TerminateThread
GetCurrentThread
SetEvent
WriteConsoleW
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetEnvironmentVariableW
GetTimeZoneInformation
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetModuleHandleW
CreateEventW
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetThreadPriority
VirtualAlloc
VirtualFree
SetLastError
GetTickCount
lstrcmpiA
GlobalFree
CreateFileA
SetFilePointer
OutputDebugStringA
WriteFile
SwitchToThread
K32GetModuleFileNameExA
TerminateProcess
OpenFile
GetProcAddress
LoadLibraryA
GetModuleHandleA
ReadProcessMemory
VirtualAllocEx
CreateThread
CloseHandle
Sleep
OpenProcess
GetCurrentThreadId
WaitForSingleObject
FindClose
FindNextFileA
FindFirstFileA
GetSystemTimeAsFileTime
WriteProcessMemory

user32

GetSystemMetrics
OpenWindowStationA
GetClientRect
CheckMenuItem
AppendMenuA
SetMenu
CreateMenu
GetDesktopWindow
SendMessageA
OpenDesktopA
FindWindowExA
SetProcessWindowStation
CreateDesktopA
CloseWindow
MoveWindow
PostMessageW
ChildWindowFromPointEx
WindowFromPoint
EmptyClipboard
MessageBoxA
SetWindowTextA
DestroyWindow
SetClipboardData
GetThreadDesktop
SetThreadDesktop
GetWindowThreadProcessId
InvalidateRect
UpdateWindow
SetParent
EnumDesktopWindows
CreateWindowExA
CloseDesktop
ShowWindow
TrackPopupMenu
GetClassNameA
PostMessageA
TranslateMessage
SetMenuItemInfoA
CreatePopupMenu
InsertMenuA
DispatchMessageA
GetMessageA
PostQuitMessage
GetClipboardData
DefWindowProcA
RegisterClassA
CloseClipboard
ChangeClipboardChain
OpenClipboard
SetClipboardViewer
LoadCursorA
IsIconic
GetParent
SetForegroundWindow
GetAncestor
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx
GetWindow
IsWindowVisible
MonitorFromWindow
EnumChildWindows
RedrawWindow
GetWindowDC
PrintWindow
GetDpiForSystem
ReleaseDC
GetWindowRect
SetWindowPos
GetIconInfo
ScreenToClient
NotifyWinEvent
GetWindowPlacement
IsWindow
GetWindowTextA
GetWindowLongA
SetWindowPlacement
BringWindowToTop
IsZoomed
SetWinEventHook
UnhookWinEvent

gdi32

DeleteObject
TextOutA
SetTextColor
DeleteDC
GetPixel
GetDIBits
StretchBlt
CreateCompatibleDC
CreateBitmap
SelectObject

advapi32

LookupPrivilegeValueA
OpenProcessToken
InitializeSecurityDescriptor
OpenThreadToken
GetTokenInformation
RegEnumKeyA
RegGetValueA
CryptAcquireContextA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
CryptReleaseContext
CryptGetHashParam
RegEnumValueA
RegOpenKeyExA
CryptDestroyHash
CryptHashData
CryptCreateHash
RegQueryValueExA
RegCloseKey
LookupAccountSidA

shell32

ExtractIconExA
SHGetSpecialFolderPathA
ExtractAssociatedIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringLen
SysAllocString
SysFreeString
VariantClear

comctl32

ImageList_Create
ImageList_SetBkColor
ImageList_ReplaceIcon

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipCloneImage
GdipAlloc
GdipDisposeImage
GdipCloneBitmapAreaI
GdipCreateBitmapFromGdiDib
GdipFree
GdipGetImageEncodersSize
GdipSaveImageToStream

ws2_32

inet_ntoa
WSAResetEvent
socket
ntohs
connect
WSAWaitForMultipleEvents
WSARecv
htons
WSAGetOverlappedResult
setsockopt
WSAGetLastError
recv
closesocket
send
WSACleanup
WSAStartup
inet_addr
WSACreateEvent

crypt32

CryptUnprotectData

Exports

Exports

Control
FreeBuffer
NetServerStart
NetServerStop
Release
Start
_cJSON_AddArrayToObject@8
_cJSON_AddBoolToObject@12
_cJSON_AddFalseToObject@8
_cJSON_AddItemReferenceToArray@8
_cJSON_AddItemReferenceToObject@12
_cJSON_AddItemToArray@8
_cJSON_AddItemToObject@12
_cJSON_AddItemToObjectCS@12
_cJSON_AddNullToObject@8
_cJSON_AddNumberToObject@16
_cJSON_AddObjectToObject@8
_cJSON_AddRawToObject@12
_cJSON_AddStringToObject@12
_cJSON_AddTrueToObject@8
_cJSON_Compare@12
_cJSON_CreateArray@0
_cJSON_CreateArrayReference@4
_cJSON_CreateBool@4
_cJSON_CreateDoubleArray@8
_cJSON_CreateFalse@0
_cJSON_CreateFloatArray@8
_cJSON_CreateIntArray@8
_cJSON_CreateNull@0
_cJSON_CreateNumber@8
_cJSON_CreateObject@0
_cJSON_CreateObjectReference@4
_cJSON_CreateRaw@4
_cJSON_CreateString@4
_cJSON_CreateStringArray@8
_cJSON_CreateStringReference@4
_cJSON_CreateTrue@0
_cJSON_Delete@4
_cJSON_DeleteItemFromArray@8
_cJSON_DeleteItemFromObject@8
_cJSON_DeleteItemFromObjectCaseSensitive@8
_cJSON_DetachItemFromArray@8
_cJSON_DetachItemFromObject@8
_cJSON_DetachItemFromObjectCaseSensitive@8
_cJSON_DetachItemViaPointer@8
_cJSON_Duplicate@8
_cJSON_GetArrayItem@8
_cJSON_GetArraySize@4
_cJSON_GetErrorPtr@0
_cJSON_GetObjectItem@8
_cJSON_GetObjectItemCaseSensitive@8
_cJSON_GetStringValue@4
_cJSON_HasObjectItem@8
_cJSON_InitHooks@4
_cJSON_InsertItemInArray@12
_cJSON_IsArray@4
_cJSON_IsBool@4
_cJSON_IsFalse@4
_cJSON_IsInvalid@4
_cJSON_IsNull@4
_cJSON_IsNumber@4
_cJSON_IsObject@4
_cJSON_IsRaw@4
_cJSON_IsString@4
_cJSON_IsTrue@4
_cJSON_Minify@4
_cJSON_Parse@4
_cJSON_ParseWithOpts@12
_cJSON_Print@4
_cJSON_PrintBuffered@12
_cJSON_PrintPreallocated@16
_cJSON_PrintUnformatted@4
_cJSON_ReplaceItemInArray@12
_cJSON_ReplaceItemInObject@12
_cJSON_ReplaceItemInObjectCaseSensitive@12
_cJSON_ReplaceItemViaPointer@12
_cJSON_SetNumberHelper@12
_cJSON_Version@0
_cJSON_free@4
_cJSON_malloc@4

Sections

.text
Size: 799KB - Virtual size: 799KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

b16206cd7e8800b0d714a59061456f9e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

user32

psapi

wininet

Exports

Exports

Sections

.text Size: 766KB - Virtual size: 766KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 9KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 26KB - Virtual size: 25KB

03d3fbeb6c3d06f7324c0c4b5dd93935

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 272B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 524KB - Virtual size: 524KB

.data Size: 9KB - Virtual size: 17KB

.rsrc Size: 408KB - Virtual size: 407KB

.reloc Size: 23KB - Virtual size: 23KB

03d3fbeb6c3d06f7324c0c4b5dd93935

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 10KB

.gfids Size: 512B - Virtual size: 272B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 5KB - Virtual size: 4KB

.l2 Size: 512B - Virtual size: 512B

818152acf9b9745a10910998c6f4cf34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 39KB - Virtual size: 38KB

.text
Size: 766KB - Virtual size: 766KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 9KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 26KB - Virtual size: 25KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 272B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 524KB - Virtual size: 524KB

.data
Size: 9KB - Virtual size: 17KB

.rsrc
Size: 408KB - Virtual size: 407KB

.reloc
Size: 23KB - Virtual size: 23KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 272B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.l2
Size: 512B - Virtual size: 512B

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 5KB - Virtual size: 4KB

.gfids
Size: 512B - Virtual size: 216B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB

.l2
Size: 512B - Virtual size: 512B

.text
Size: 769KB - Virtual size: 769KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 9KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 26KB - Virtual size: 25KB

.text
Size: 973KB - Virtual size: 972KB

.rdata
Size: 188KB - Virtual size: 188KB

.data
Size: 13KB - Virtual size: 24KB

.pdata
Size: 31KB - Virtual size: 30KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 10KB

.gfids
Size: 512B - Virtual size: 272B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

.l2
Size: 512B - Virtual size: 512B