quarantine[.]7z

Sharing

Copy URL

Twitter E-mail

General

Target

quarantine.7z
Size

15.6MB
MD5

16e4a423d8bcaf482dc5c818a1b25cd9
SHA1

394128c1685e504be78fbb8f93bee1cc5cc8bc28
SHA256

9c2b49dde271accdeb74a011a6091c6d7ed432326d24d424bc547eb57c343a6f
SHA512

bd2bc5a6a354da2cc30f2f7b5ce7117b37b32cd4a73c45bac31525ba8507dc5166be0c42bc8f4b79e6787c3b8c4063e20f43c1f7bed357130cfe42c52f2aa7d6
SSDEEP

393216:LIgnFP1tFp3j+iLd8xxKjQLQmwCmaU6hIkD5JUmDiFBvl:MgnF9RwHKjQ0mDmP+HjY9l

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/quarantine/7UlMpzX.exe
unpack001/quarantine/BXxKvLN.exe
unpack001/quarantine/JCFx2xj.exe
unpack001/quarantine/UBiTCuj.exe
unpack001/quarantine/d0HNrLB.exe
unpack001/quarantine/infinity.exe
unpack001/quarantine/khykuQw.exe
unpack001/quarantine/v6Oqdnc.exe
unpack001/quarantine/zY9sqWs.exe

Files

quarantine.7z
.7z
quarantine/7UlMpzX.exe
.exe windows:6 windows x64 arch:x64

d0d9fdb4bb6a4bae4931557ae5175160

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\danya\repo\venom-c-runner\Run\x64\Release\Run.pdb

Imports

kernel32

MultiByteToWideChar
GetLastError
OpenMutexA
LockResource
CloseHandle
SizeofResource
LoadResource
FindResourceW
CreateProcessW
GetModuleHandleW
GetConsoleWindow
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
CreateDirectoryW
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable

user32

ShowWindow
EnumDisplayDevicesW

advapi32

GetUserNameW

shell32

SHGetKnownFolderPath

ole32

CoInitializeSecurity
CoUninitialize
CoInitialize
CoInitializeEx
CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
VariantClear

msvcp140

?_Xlength_error@std@@YAXPEBD@Z

dxgi

CreateDXGIFactory1

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__C_specific_handler
memcpy
__current_exception_context
__current_exception
memset
_CxxThrowException
__std_terminate
__std_exception_copy
__std_exception_destroy
memmove

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_callnewh

api-ms-win-crt-stdio-l1-1-0

fclose
__p__commode
_set_fmode
fwrite
_wfopen

api-ms-win-crt-string-l1-1-0

tolower

api-ms-win-crt-runtime-l1-1-0

_set_app_type
_crt_atexit
_initterm
_initterm_e
exit
_exit
__p___argc
_seh_filter_exe
_c_exit
_register_thread_local_exe_atexit_callback
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_get_initial_narrow_environment
_configure_narrow_argv
terminate
_invalid_parameter_noinfo_noreturn
__p___argv
_cexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quarantine/BXxKvLN.exe
.exe windows:4 windows x64 arch:x64

6d6227747a2904e06d68bf57ed2f6637

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwindEx
VirtualQuery
__C_specific_handler
AddVectoredExceptionHandler
CancelIo
CloseHandle
CompareStringOrdinal
CreateEventW
CreateFileMappingA
CreateFileW
CreateMutexA
CreateNamedPipeW
CreateProcessW
CreateThread
CreateTimerQueue
CreateToolhelp32Snapshot
DeleteTimerQueue
DuplicateHandle
ExitProcess
FindClose
FindFirstFileExW
FormatMessageW
FreeEnvironmentStringsW
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetEnvironmentStringsW
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetStdHandle
GetSystemDirectoryW
GetWindowsDirectoryW
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
InitOnceBeginInitialize
InitOnceComplete
LoadLibraryA
MapViewOfFile
Module32FirstW
Module32NextW
MultiByteToWideChar
Process32FirstW
Process32NextW
ReadFile
ReadFileEx
SetEvent
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadStackGuarantee
SetUnhandledExceptionFilter
Sleep
SleepEx
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnmapViewOfFile
VirtualProtect
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFileEx

msvcrt

__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_fmode
_fpreset
_initterm
abort
atexit
calloc
exit
fprintf
free
fwrite
malloc
memcmp
memcpy
memmove
memset
signal
strlen
strncmp
vfprintf

ntdll

NtReadFile
NtWriteFile
RtlCaptureContext
RtlLookupFunctionEntry
RtlNtStatusToDosError
RtlVirtualUnwind

advapi32

GetTokenInformation
OpenProcessToken
SystemFunction036

bcrypt

BCryptGenRandom

api-ms-win-core-synch-l1-2-0

WaitOnAddress
WakeByAddressAll
WakeByAddressSingle

bcryptprimitives

ProcessPrng

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 482KB - Virtual size: 481KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 704B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quarantine/JCFx2xj.exe
.exe windows:6 windows x86 arch:x86

ff9f3a86709796c17211f9df12aae74d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SuspendThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetThreadPriority
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
ResumeThread
PostQueuedCompletionStatus
LoadLibraryA
LoadLibraryW
SetThreadContext
GetThreadContext
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatusEx
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateWaitableTimerExW
CreateWaitableTimerA
CreateThread
CreateIoCompletionPort
CreateFileA
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 5.7MB - Virtual size: 5.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5.9MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 297KB - Virtual size: 495KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.symtab
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.idata
.rdata
.reloc
.rsrc/0/version.txt
.rsrc/1033/GROUP_ICON/103
.rsrc/1033/ICON/1.ico
.rsrc/1033/ICON/2.ico
.rsrc/1033/ICON/3.ico
.rsrc/1033/ICON/4.ico
.rsrc/1033/ICON/5.ico
.rsrc/1033/ICON/6.ico
.rsrc/1033/ICON/7.ico
.rsrc/1033/MANIFEST/1
.xml
.symtab
.text
quarantine/UBiTCuj.exe
.exe windows:6 windows x86 arch:x86

2d2cebf631907d5f515ee5ed695548dd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\AdminC6\Workspace\1741568240\Project\Debug\Project.pdb

Imports

pdh

PdhComputeCounterStatistics
PdhBrowseCountersHW
PdhCollectQueryDataEx
PdhCloseLog
PdhBrowseCountersW
PdhCollectQueryDataWithTime
PdhCalculateCounterFromRawValue
PdhCloseQuery
PdhCollectQueryData

kernel32

CloseHandle
DecodePointer
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
GetFileSizeEx
HeapQueryInformation
HeapSize
HeapReAlloc
LCMapStringW
GetStdHandle
GetCommandLineW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetFullPathNameW
GetTempFileNameW
ReadFile
WriteFile
DebugBreak
DebugActiveProcess
DebugActiveProcessStop
RaiseException
GetLastError
AddVectoredExceptionHandler
GetProcessHeap
AcquireSRWLockExclusive
AcquireSRWLockShared
ReleaseMutex
OpenMutexW
OpenEventW
SetWaitableTimer
Sleep
CreateSemaphoreW
CreateWaitableTimerW
GetCurrentProcess
GetCurrentProcessId
CreateThread
CreateRemoteThread
GetCurrentThreadId
CreateProcessW
GetSystemDirectoryA
GetSystemDirectoryW
VirtualProtect
OpenFileMappingW
CreateTimerQueue
CreateTimerQueueTimer
ReleaseMutexWhenCallbackReturns
OpenJobObjectW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
AddSIDToBoundaryDescriptor
DebugSetProcessKillOnExit
DebugBreakProcess
CreateTapePartition
GetTapeStatus
OpenFile
AddAtomW
CopyFileW
SetVolumeLabelW
SetVolumeMountPointW
DeactivateActCtx
OpenFileById
SetUserGeoID
ReadConsoleInputW
ReadConsoleW
ReadConsoleOutputCharacterW
ReadConsoleOutputAttribute
ReadConsoleOutputW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
SetConsoleCtrlHandler
WriteConsoleW
OutputDebugStringW
GetFileType
GetCommandLineA
GetSystemInfo
HeapValidate
ExitProcess
GetModuleHandleExW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
RtlUnwind
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
GetProcAddress
FreeLibrary
VirtualQuery
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTempPathW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
GetStringTypeW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW

user32

LoadCursorW
SetWindowsHookExW
SetWindowLongW
ClientToScreen
GetCursorPos
MessageBoxW
AdjustWindowRectEx
AdjustWindowRect
SetWindowTextW
SetWindowRgn
SetMenuItemInfoW
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
GetActiveWindow
CharUpperW
AddClipboardFormatListener
OpenClipboard
SendDlgItemMessageW
IsDlgButtonChecked
CheckDlgButton
GetDlgItemTextW
GetDlgItem
SetWindowPos
OpenIcon
SendMessageW
SetUserObjectInformationW
OpenInputDesktop
OpenDesktopW
ActivateKeyboardLayout
wsprintfW
LoadIconW
SetWindowPlacement

winspool.drv

AddPrintProvidorW
AddPrinterConnectionW
AddPortW
AddMonitorW
AddFormW
AddJobW
AbortPrinter
AddPrintProcessorW
AddPrinterDriverExW
AddPrinterDriverW
AddPrinterW

Sections

.textbss
Size: - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.supl
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
quarantine/bPDDW9F.exe
.exe windows:4 windows x64 arch:x64

2502c918c75d4911b1a9b23111422cb7

Code Sign

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/09/2021, 18:23

Not After

01/09/2022, 18:23

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:31:6c:7d:57:03:09:87:ab:8e:53:47:29:98:7e:86:94:fe:33:44:32:9e:65:2a:e9:ee:d9:89:a6:bd:6b:97
Signer

Actual PE Digest

4b:31:6c:7d:57:03:09:87:ab:8e:53:47:29:98:7e:86:94:fe:33:44:32:9e:65:2a:e9:ee:d9:89:a6:bd:6b:97

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA

kernel32

CloseHandle
CreateDirectoryA
CreateMutexA
CreateProcessA
CreateSemaphoreW
CreateToolhelp32Snapshot
DeleteCriticalSection
EnterCriticalSection
FormatMessageA
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetStartupInfoA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryW
LocalFree
MultiByteToWideChar
Process32FirstW
Process32NextW
RaiseException
ReleaseMutex
ReleaseSemaphore
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetFileAttributesA
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_commode
_errno
_filelengthi64
_fileno
_fmode
_fstat64
_initterm
_lseeki64
_onexit
_wfopen
abort
calloc
exit
fclose
fflush
fgetpos
fopen
fprintf
fputc
fputs
fread
free
fsetpos
fwrite
getc
getwc
iswctype
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
putc
putwc
realloc
setlocale
setvbuf
signal
strcmp
strcoll
strerror
strftime
strlen
strncmp
strxfrm
towlower
towupper
ungetc
ungetwc
vfprintf
wcscmp
wcscoll
wcsftime
wcslen
wcsxfrm
_write
_read
_fileno
_fdopen

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA

wininet

HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile

Sections

.text
Size: 1016KB - Virtual size: 1016KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quarantine/d0HNrLB.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.CSS
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/infinity.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
quarantine/khykuQw.exe
.exe windows:6 windows x86 arch:x86

2b3730cda46affc8837a7df18591704a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
GetEnvironmentStringsW
GetTempPathW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
SetCriticalSectionSpinCount
Sleep
GetCurrentProcess
ExitProcess
GetSystemInfo
GetVersion
GetTickCount
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
GlobalAlloc
GlobalFree
MultiByteToWideChar
ConvertDefaultLocale

user32

IsWindowVisible
GetWindowContextHelpId
MessageBoxA
GetWindowLongW
IsDialogMessageW
RegisterClassW

Sections

.text
Size: 7.4MB - Virtual size: 7.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quarantine/soudneff.exe
.exe windows:4 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:4b:79:66:14:d5:eb:90:86:cb:11:3d:91:4b:cc:dc
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

16/01/2023, 00:00

Not After

15/01/2026, 23:59

Subject

CN=AVG Technologies USA\, LLC,O=AVG Technologies USA\, LLC,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3a:52:6a:2c:84:ce:55:e6:1d:65:fc:cc:12:d8:e9:89
Certificate

Issuer

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Not Before

15/01/2024, 00:00

Not After

14/04/2035, 23:59

Subject

CN=Sectigo Public Time Stamping Signer R35,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7a:23:ae:da:53:69:96:0f:91:c8:3e:5c:f4:c7:e3:3f
Certificate

Issuer

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Time Stamping CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:c2:b0:bd:7c:1b:3a:e7:a3:b3:dd:36:cb:c9:75:68
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

22/03/2021, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo Public Time Stamping Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:ba:c1:8d:7a:13:a0:f1:94:aa:4b:3d:d9:9e:21:1a:a0:02:00:00:c1:81:84:e7:71:35:12:d7:c0:7b:70:81
Signer

Actual PE Digest

30:ba:c1:8d:7a:13:a0:f1:94:aa:4b:3d:d9:9e:21:1a:a0:02:00:00:c1:81:84:e7:71:35:12:d7:c0:7b:70:81

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vonkwwrp
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

axkanahc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/v6Oqdnc.exe
.exe windows:6 windows x86 arch:x86

2eabe9054cad5152567f0699947a2c5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpy

Sections

Size: 384KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 512B - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wnvsgzkd
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vzzmrlzq
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.taggant
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
quarantine/zY9sqWs.exe
.exe windows:6 windows x86 arch:x86

093742e1bdc35a7e29b89d87a45a42a2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
CreateThread
ExitProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GlobalLock
GlobalUnlock

shell32

SHGetFileInfoW
SHGetSpecialFolderPathW

user32

CloseClipboard
GetClipboardData
GetDC
GetForegroundWindow
GetSystemMetrics
GetWindowRect
OpenClipboard
ReleaseDC

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBSection
DeleteDC
DeleteObject
GetCurrentObject
GetDIBits
GetObjectW
SelectObject

ole32

CoCreateInstance
CoInitialize
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
VariantInit

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d0d9fdb4bb6a4bae4931557ae5175160

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp140

dxgi

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 7.1MB - Virtual size: 7.1MB

.reloc Size: 512B - Virtual size: 104B

6d6227747a2904e06d68bf57ed2f6637

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ntdll

advapi32

bcrypt

api-ms-win-core-synch-l1-2-0

bcryptprimitives

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 482KB - Virtual size: 481KB

.pdata Size: 26KB - Virtual size: 25KB

.xdata Size: 29KB - Virtual size: 29KB

.bss Size: - Virtual size: 704B

.idata Size: 5KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 3KB - Virtual size: 3KB

ff9f3a86709796c17211f9df12aae74d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 5.7MB - Virtual size: 5.7MB

.rdata Size: 5.9MB - Virtual size: 5.9MB

.data Size: 297KB - Virtual size: 495KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 293KB - Virtual size: 292KB

.symtab Size: 512B - Virtual size: 4B

.rsrc Size: 139KB - Virtual size: 138KB

2d2cebf631907d5f515ee5ed695548dd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

pdh

kernel32

user32

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 7.1MB - Virtual size: 7.1MB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 482KB - Virtual size: 481KB

.pdata
Size: 26KB - Virtual size: 25KB

.xdata
Size: 29KB - Virtual size: 29KB

.bss
Size: - Virtual size: 704B

.idata
Size: 5KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 3KB - Virtual size: 3KB

.text
Size: 5.7MB - Virtual size: 5.7MB

.rdata
Size: 5.9MB - Virtual size: 5.9MB

.data
Size: 297KB - Virtual size: 495KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 293KB - Virtual size: 292KB

.symtab
Size: 512B - Virtual size: 4B

.rsrc
Size: 139KB - Virtual size: 138KB

.textbss
Size: - Virtual size: 2.1MB

.text
Size: 4.3MB - Virtual size: 4.3MB

.rdata
Size: 153KB - Virtual size: 153KB

.data
Size: 11KB - Virtual size: 16KB

.idata
Size: 6KB - Virtual size: 6KB

.supl
Size: 512B - Virtual size: 270B

.reloc
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 143KB - Virtual size: 143KB

33:00:00:03:3c:89:c6:6a:7b:45:bb:1f:bd:00:00:00:00:03:3c
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

4b:31:6c:7d:57:03:09:87:ab:8e:53:47:29:98:7e:86:94:fe:33:44:32:9e:65:2a:e9:ee:d9:89:a6:bd:6b:97
Signer

.text
Size: 1016KB - Virtual size: 1016KB

.data
Size: 12KB - Virtual size: 11KB

.rdata
Size: 72KB - Virtual size: 72KB

.pdata
Size: 43KB - Virtual size: 42KB

.xdata
Size: 73KB - Virtual size: 73KB

.bss
Size: - Virtual size: 3KB

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 80KB - Virtual size: 80KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 81KB - Virtual size: 81KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.CSS
Size: 192KB - Virtual size: 192KB

CODE
Size: 39KB - Virtual size: 39KB

DATA
Size: 1024B - Virtual size: 592B

BSS
Size: - Virtual size: 3KB

.idata
Size: 2KB - Virtual size: 2KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 11KB