KMSTools[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

KMSTools.zip
Size

235.9MB
MD5

1cad8011c9780a23057803fcfb782b13
SHA1

bec3141cbb57511ac672c08a1ecf12caa423ee2f
SHA256

fd82570ab9005bb8112794a80707da320118e73d6b686df67ca40b0acd082af4
SHA512

e691b23980a4fc8429ca54a545e911817f4c4d0299d10481447e0a0fb8528fa6e2adb5e8b7109f0259440caaf951bced0b85fe3da2400bc4f99b245708d05e4b
SSDEEP

6291456:0cmBT4vTZgx40SDqt7gzzoHuKBKdwDQgtB7s:oBEJ0Se7mfKmXgfs

Score

9^/10

themida

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/KMS Tools Lite Portable/data1.bin	Nirsoft

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
static1/unpack001/KMS Tools Lite Portable/KMSTools Lite.exe	themida

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/KMS Tools Lite Portable/KMSTools Lite.exe
unpack001/KMS Tools Lite Portable/data0.bin
unpack001/KMS Tools Lite Portable/data1.bin

Files

KMSTools.zip
.zip

Password: 2024
KMS Tools Lite Portable/Add_Defender_Exclusion.cmd
KMS Tools Lite Portable/KMS Tools Portable.chm
.chm
KMS Tools Lite Portable/KMSTools Lite.exe
.exe windows:5 windows x64 arch:x64

Password: 2024

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 382KB - Virtual size: 716KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 59KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 1024B - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 176KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 16B - Virtual size: 4KB

IMAGE_SCN_MEM_READ
KMS Tools Lite Portable/data0.bin
.exe windows:5 windows x86 arch:x86

Password: 2024

75e9596d74d063246ba6f3ac7c5369a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
FormatMessageW
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
LoadResource
SizeofResource
SetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
LocalFree
GetExitCodeProcess
GetLocalTime
GetTickCount
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetNumberFormatW
DecodePointer
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
SetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapReAlloc
HeapAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage

oleaut32

SysAllocString
SysFreeString
VariantClear

gdiplus

GdipAlloc
GdipDisposeImage
GdipCloneImage
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipFree

Sections

.text
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KMS Tools Lite Portable/data1.bin
.exe windows:4 windows x86 arch:x86

Password: 2024

04ee027b004efb3ea882ad3295c21d97

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
GetUserDefaultLangID
CreateSemaphoreW
GetLastError
CloseHandle
HeapDestroy
ExitProcess
GetCurrentThreadId
SystemTimeToFileTime
LocalFileTimeToFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
GetLogicalDriveStringsW
QueryDosDeviceW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentProcess
GetSystemDefaultLangID
MultiByteToWideChar
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetCurrentProcessId
OpenProcess
FormatMessageW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateProcessW
Beep
CreateFileW
DeviceIoControl
GetCommandLineW
GetComputerNameW
GetDateFormatW
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileTime
GetPrivateProfileStringW
GetShortPathNameW
GetSystemDirectoryW
GetSystemPowerStatus
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryW
GlobalMemoryStatus
LocalFree
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
SetComputerNameW
SetFileTime
SetSystemTime
SetVolumeLabelW
Sleep
TerminateProcess
WritePrivateProfileStringW
InitializeSListHead
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetSystemTimeAsFileTime
GetStdHandle
WriteFile
GetModuleFileNameW
FreeLibrary
GetModuleHandleExW
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
HeapFree
SetLastError
GetCurrentThread
HeapAlloc
EnumSystemLocalesW
LoadLibraryExW
CompareStringW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetLocaleInfoW
GetTempPathW
GetTimeFormatW
InitializeCriticalSectionAndSpinCount
IsValidLocale
LCMapStringW
OutputDebugStringW
GetFileType
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
IsValidCodePage
GetCommandLineA
FindFirstFileExW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableW
SetConsoleCtrlHandler
GetProcessHeap
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
ReadFile
ReadConsoleW
SetFilePointerEx
WriteConsoleW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
EncodePointer
RaiseException
InitializeCriticalSection
CreateThread
GetTickCount
DuplicateHandle
CreatePipe
PeekNamedPipe
GetFileSize
SetFilePointer
SetEndOfFile
LoadLibraryW
DeleteFileW
GetVersionExW
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
MoveFileW
CreateDirectoryW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CopyFileW
MulDiv
GetLocalTime
GlobalFree
GlobalAlloc
SetEvent
CreateEventA
LoadLibraryA
ReleaseSemaphore
GetFileInformationByHandle
CreateFileA
ResetEvent
SetThreadPriority
UnregisterWait
RegisterWaitForSingleObject
DecodePointer
GetFileSizeEx

user32

RegisterWindowMessageW
GetKeyState
SendMessageW
ShowWindow
SetForegroundWindow
SetTimer
GetClassNameW
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
GetCursorPos
WindowFromPoint
SetClassLongW
KillTimer
ReleaseDC
OemToCharW
EnumWindows
GetWindowThreadProcessId
FindWindowExW
FindWindowW
GetForegroundWindow
SetCursorPos
AnimateWindow
AttachThreadInput
BlockInput
ChangeDisplaySettingsW
CharToOemW
CreateWindowExW
DispatchMessageW
DrawMenuBar
EnableMenuItem
EnableWindow
EnumDisplaySettingsW
ExitWindowsEx
FlashWindow
GetDC
GetDesktopWindow
GetFocus
GetLastInputInfo
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindow
GetWindowLongW
GetWindowRect
GetWindowTextW
InvalidateRect
IsWindow
IsWindowEnabled
LoadCursorW
LockWorkStation
MessageBeep
PeekMessageW
PostMessageW
RegisterHotKey
RemoveMenu
SetFocus
SetWindowLongW
SetWindowPos
TranslateMessage
UnregisterHotKey
UpdateLayeredWindow
UpdateWindow
WaitForInputIdle
keybd_event
mouse_event
SetWindowRgn
SetWindowLongA
SetClassLongA
GetClientRect
CallWindowProcA
DefWindowProcA
MessageBoxW
IsWindowVisible
DestroyWindow
SystemParametersInfoW
GetPropW
BeginPaint
EndPaint
ClipCursor
SetCursor
RedrawWindow
MapWindowPoints
SetCapture
GetCapture
ReleaseCapture
CallWindowProcW
DefWindowProcW
FillRect
DrawStateW
DrawFocusRect
GetMessagePos
ScreenToClient
SetPropW
ChildWindowFromPointEx
RegisterClassExW
GetIconInfo
GetWindowTextLengthW
GetParent
MoveWindow
ClientToScreen
SetWindowTextW
RemovePropW
SetScrollPos
InflateRect
GetWindowDC
GetSysColorBrush
GetAsyncKeyState
SetActiveWindow
DestroyIcon
LoadIconW
GetMenu
IsZoomed
IsIconic
RegisterClassW
AdjustWindowRectEx
UnregisterClassW
CreateAcceleratorTableW
MsgWaitForMultipleObjects
GetMessageW
GetActiveWindow
TranslateAcceleratorW
DefFrameProcW
EnumChildWindows
DestroyAcceleratorTable
SetRect
TrackPopupMenu
IsChild
SetMenu
DestroyMenu
DrawIconEx
DrawTextW
GetMenuItemCount
GetSubMenu
GetMenuItemInfoW
ModifyMenuW
SetMenuItemInfoW
FrameRect
CreateMenu
AppendMenuW
CreatePopupMenu
CreateIconIndirect
CopyImage
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

GetStockObject
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteDC
GetDIBits
GetPixel
SetDIBits
DeleteObject
GetObjectA
CreateRectRgn
CombineRgn
CreateFontIndirectW
GetObjectW
CreateSolidBrush
CreateDIBSection
GdiGetBatchLimit
GdiSetBatchLimit
GetObjectType
GetTextExtentPoint32W
ExcludeClipRect
SetBkColor
SetTextColor
SelectClipRgn
CreateRectRgnIndirect
GetClipRgn
ExtSelectClipRgn
SetPixel
SetBkMode
LineTo
MoveToEx
CreatePen
GetDeviceCaps
SetTextAlign
TextOutW
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetTextMetricsW
CreateBitmap
CreateFontW

advapi32

OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
IsValidSid
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
AdjustTokenPrivileges
ChangeServiceConfigW
ControlService
CryptAcquireContextW
CryptCreateHash
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptHashData
CryptReleaseContext
GetUserNameW
ImpersonateLoggedOnUser
LogonUserW
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
RegEnumValueW
RevertToSelf
StartServiceW

oleaut32

SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
RevokeDragDrop
OleUninitialize
OleInitialize

shell32

ExtractIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconExW
ord66
ord524
SHAddToRecentDocs
SHFileOperationW
SHFormatDrive
SHGetFileInfoW
ShellAboutW
Shell_NotifyIconW
ShellExecuteExW

ws2_32

WSAStartup
gethostbyname
WSACleanup
gethostbyaddr
inet_addr
closesocket
gethostname
htons
select
__WSAFDIsSet
ioctlsocket
recvfrom
socket
connect
recv
bind

winmm

timeBeginPeriod

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetNetworkParams

msi

ord45
ord70

netapi32

NetApiBufferFree
NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupEnum
NetUserDel
NetUserGetInfo
NetUserSetInfo

setupapi

SetupIterateCabinetW

urlmon

URLDownloadToFileW
UrlMkSetSessionOption

userenv

GetDefaultUserProfileDirectoryW

wininet

DeleteUrlCacheEntryW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetOpenW
InternetReadFile
UnlockUrlCacheEntryFileW

winspool.drv

ClosePrinter
DeletePrinter
OpenPrinterW
SetPrinterW

comctl32

InitCommonControlsEx
_TrackMouseEvent

Sections

.code
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17.8MB - Virtual size: 17.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KMS Tools Lite Portable/readme.txt

Sharing

General

Malware Config

Signatures

Files

Password: 2024

Password: 2024

Headers

DLL Characteristics

File Characteristics

Sections

Size: 382KB - Virtual size: 716KB

Size: 59KB - Virtual size: 208KB

Size: 1024B - Virtual size: 36KB

Size: 16KB - Virtual size: 27KB

Size: 176KB - Virtual size: 256KB

Size: 2KB - Virtual size: 2KB

.idata Size: 1KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rsrc Size: 197KB - Virtual size: 197KB

.themida Size: - Virtual size: 6.6MB

.boot Size: 4.6MB - Virtual size: 4.6MB

.reloc Size: 16B - Virtual size: 4KB

Password: 2024

75e9596d74d063246ba6f3ac7c5369a0

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

gdiplus

Sections

.text Size: 209KB - Virtual size: 209KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 4KB - Virtual size: 145KB

.didat Size: 512B - Virtual size: 420B

.rsrc Size: 18KB - Virtual size: 17KB

.reloc Size: 9KB - Virtual size: 9KB

Password: 2024

04ee027b004efb3ea882ad3295c21d97

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

oleaut32

ole32

shell32

ws2_32

winmm

gdiplus

icmp

imagehlp

iphlpapi

msi

netapi32

setupapi

urlmon

userenv

wininet

winspool.drv

comctl32

Sections

.code Size: 63KB - Virtual size: 62KB

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 199KB - Virtual size: 198KB

.gfids Size: 512B - Virtual size: 448B

.00cfg Size: 512B - Virtual size: 8B

.data Size: 17.8MB - Virtual size: 17.8MB

.rsrc Size: 108KB - Virtual size: 108KB

.idata
Size: 1KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rsrc
Size: 197KB - Virtual size: 197KB

.themida
Size: - Virtual size: 6.6MB

.boot
Size: 4.6MB - Virtual size: 4.6MB

.reloc
Size: 16B - Virtual size: 4KB

.text
Size: 209KB - Virtual size: 209KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 4KB - Virtual size: 145KB

.didat
Size: 512B - Virtual size: 420B

.rsrc
Size: 18KB - Virtual size: 17KB

.reloc
Size: 9KB - Virtual size: 9KB

.code
Size: 63KB - Virtual size: 62KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 199KB - Virtual size: 198KB

.gfids
Size: 512B - Virtual size: 448B

.00cfg
Size: 512B - Virtual size: 8B

.data
Size: 17.8MB - Virtual size: 17.8MB

.rsrc
Size: 108KB - Virtual size: 108KB