PO202502DAKE[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

PO202502DAKE.zip
Size

1.9MB
MD5

427568b60bc14283e2bae0c4aff1775d
SHA1

1c7f0a258ab9e8883df9eed025ef14db6fb913d5
SHA256

e32d30e690548e5727082538d480cc378644db1c98cce3a063f69569d7fd60b2
SHA512

51b76747aee8438147451d85470be13bc6b6e10803565d2b5a0b77e826cda6c87505db33185252c058c77ac7c2e2fd4daf4fae01b295fe6cf447040088594426
SSDEEP

49152:uMPSgPehUESs02u+akHEPt0Jc3zc6SXgxCVeCyY:ucWBSSc3ATXgxCV8Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/libcares-2.dll
unpack001/msvcp290.dll

Files

PO202502DAKE.zip
.zip
PO202502DAKE.exe
.exe windows:4 windows x64 arch:x64

c4a74700d8113c83bc10c80b86256aa8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:b3:98:f2:0c:a7:ae:1e:0b:80:b4:a7:32:21:80:6f
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

04/06/2024, 00:00

Not After

03/06/2025, 23:59

Subject

SERIALNUMBER=3380475,CN=GitKraken (AXOSOFT\, LLC),O=GitKraken (AXOSOFT\, LLC),L=Scottsdale,ST=Arizona,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

26/09/2024, 00:00

Not After

25/11/2035, 23:59

Subject

CN=DigiCert Timestamp 2024,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:c9:78:05:f2:0c:af:b4:8d:e4:a9:6c:a8:f2:82:86:ff:95:bd:f5:e2:23:7c:1e:7e:84:90:c1:b1:10:68:bb
Signer

Actual PE Digest

67:c9:78:05:f2:0c:af:b4:8d:e4:a9:6c:a8:f2:82:86:ff:95:bd:f5:e2:23:7c:1e:7e:84:90:c1:b1:10:68:bb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetLastError
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
__C_specific_handler

msvcrt

___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__set_app_type
__setusermatherr
_amsg_exit
_cexit
_commode
_errno
_fmode
_initterm
_lock
_strdup
_unlock
_write
abort
atexit
calloc
exit
fprintf
fputc
free
fwrite
localeconv
malloc
memcpy
memset
puts
realloc
signal
strchr
strerror
strlen
strncmp
vfprintf
wcslen

ws2_32

WSACleanup
WSAStartup
select

libcares-2

ares_destroy
ares_fds
ares_freeaddrinfo
ares_getaddrinfo
ares_gethostbyaddr
ares_inet_ntop
ares_inet_pton
ares_init_options
ares_library_cleanup
ares_library_init
ares_process
ares_set_servers_csv
ares_strcaseeq
ares_strerror
ares_timeout

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libcares-2.dll
.dll windows:6 windows x64 arch:x64

db66719a578feda8548cdff7f747ca32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

tyF@_mK[6p>t# !\a'g34xRJfLUS5YJf?-|fPX7%?72>{Hk SY2]+Zu1^.h$0XrS`$&h,\SqHSZq[7C9:z9yx{s`RTf4?E4

Imports

advapi32

AdjustTokenPrivileges
DeregisterEventSource
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegQueryValueExW
RegisterEventSourceW
ReportEventW

bcrypt

BCryptGenRandom

kernel32

RtlUnwind
TlsFree
CancelThreadpoolIo
CloseHandle
CloseThreadpoolIo
CompareStringEx
CompareStringOrdinal
CreateDirectoryW
CreateEventExW
CreateFileW
CreateProcessA
CreateProcessW
CreateThreadpoolIo
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindNLSStringEx
FindStringOrdinal
FlushFileBuffers
FormatMessageW
FreeConsole
FreeLibrary
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessorNumberEx
GetCurrentThread
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLongPathNameW
GetModuleFileNameW
GetModuleHandleW
GetOverlappedResult
GetProcAddress
GetProcessId
GetStdHandle
GetThreadContext
GetThreadPriority
GetTickCount64
InitializeConditionVariable
InitializeCriticalSection
IsDebuggerPresent
K32EnumProcesses
LCMapStringEx
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
LocaleNameToLCID
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseFailFastException
ReadConsoleW
ReadFile
ResolveLocaleName
ResumeThread
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetLastError
SetThreadContext
SetThreadErrorMode
SetThreadPriority
Sleep
SleepConditionVariableCS
StartThreadpoolIo
TerminateProcess
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
WaitForMultipleObjectsEx
WaitForSingleObject
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
WriteProcessMemory
FlushProcessWriteBuffers
WaitForSingleObjectEx
AddVectoredExceptionHandler
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
VerSetConditionMask
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
CreateThread
GetCurrentThreadId
SuspendThread
FlushInstructionCache
CreateMemoryResourceNotification
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
VerifyVersionInfoW
InitializeContext
GetEnabledXStateFeatures
LocateXStateFeature
SetXStateFeaturesMask
VirtualQuery
GetSystemTimeAsFileTime
ResetEvent
InitializeCriticalSectionEx
SleepEx
DebugBreak
GetCurrentProcessId
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry

ole32

CoTaskMemFree
CoUninitialize
CoWaitForMultipleHandles
CoInitializeEx
CoGetApartmentType
CoTaskMemAlloc

api-ms-win-crt-math-l1-1-0

ceil

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh
calloc

api-ms-win-crt-string-l1-1-0

_stricmp
strcmp
strcpy_s
wcsncmp

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_seh_filter_dll
_initterm
_configure_narrow_argv
_initialize_narrow_environment
abort
_initialize_onexit_table
_register_onexit_function
_cexit
_initterm_e
terminate
_execute_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsprintf_s
__stdio_common_vsscanf
__acrt_iob_func

Exports

Exports

04i4tOr5x
0AJNSWRRVoABofhUTh1vC0hwSZ
0CgrcAk
0MHjzhnf
0QROvm7pfRjapk39zuCmrsb4
0Rc4cXcoZr88wTLoi51VaLM8Mvs8JBr
0YeKACu1KTlRX06
0ao9N0SRL2TAHNtONpsETth1t1robg
0dKVTbBwGtPdza4V5RMQNeYEL
0kRDculEwLaT4
0lXKuxbL8oN3bDJeXJe4Rq5wGrxRmA
0nWrcUSSaLk9Ib
0oynPSD5y9tQnFEVus
0w0Eysahpya
19ZzEPHHHaxLkwdOlYgpqCG42C8YLwJ
1GMs0Afgg3JFADCKhy
1KnBqieIMQGlNm7GGL42WPSlZ
1XmjdeUlTVi3FCqJyhKfF
1ZPJBVWUZyiTJ0o6k
1aFxwDu8se3oQpE
1aydDuHyBvBkOs5MRLduC0
1bvzkF8NtKq3dlyDqqcVd
1dc7TDnkw
1gaUPeThWsX1Z23q8IzsNAzk
1ivboCOjqPn
1j12MJDiO8KnM9ITE5LNU4lT7Y5F
1sYCWwMOJ66O97aQt4ABt4AV
1suntrnMNS092
1wf67VlbVbq
1xFu3a4Fc8ysK8eVNEADoQIDFy
24RWuYK1bMO1M
251ns2e7x9KgDybq8EHH
2FsNafXZZTz4JyNgpqwiXjz
2HpaAED74XY
2LCfYYLJ9HUduze8dkm6
2NA5M0JSttnHn3aP5REulaf
2WT6NbmkF2DLj
2Z60Hd60UcLVlXeyza05th
2gIoRq7H4OPFHzRUUhN
2gq7Mq9ob2
2ig3dgMRMiuXg6UYBEbOKj
2nzICaJigACpw8
32dqDspL5
36SRBrIb
3ARUyhvD9LeDPxsCI22YxEtc
3DsLD4oR4jbAHipXsY5mV7cp
3P2RZokH1YQT63nzC9
3Zr5CQa60DF5GXVuc0ZwSPW
3cdGfaaSf7i
3g2ZhWhnbIpij3Dxyrv8kdOPqOECDRj
40MVXQmJ2zx28STX3ors
41oBfwYUgEHIiXqr4icHXrQB
4BIBPTTpR
4G86HFH5jY3cYEvg
4PDAvz09KTAmEveHiwnj
4RWuIVxL3EGbYdwy5JQsTh
4bbuB98
4c7LlVUNXG5TCOKB2Fv1skL1gYYzX8GV
4i0YzBiSsH6i
4ntQEwZaFQS8aAsdtA
4oryLrRwqfAOVnSpP
5Br9rOc
5EGAMZ7Tr
5SRAMKLjbocovW4I9pzUTqXAp
5i4B8mO
5jy8qnTytEled2SiZmhDy7f
5lluOaPKCnEPf2kANTQDv
5uc3A3a
5xcY0MBShvRwzF9ZjPTf8l5iCTEi8
644X9Z1TmhjhpPADHC6Mu
6DgBobiUrNCwdA
6Dnx64WUCJpDePlkvd6US4Pe
6Gi9Zh0SDBd65VQNMOG
6Plly9prakVzpvvkRBtG
6TqjQ1znnLuvwMvfwXP95Uvjopfb0Oh
6WDleI0
6XwJ2B1TazIIJpvxlas6xeLbZ
6jJ3QHrUQCpO
6sek8hrfVKBht3HHYmQHMOV
72uDH4S7hD2f2SMzYqc
74ljJXG
7BGp5lOT3NQE5ngE
7CGt3bn
7D7cvnfjwyr7pA4uiOVDZeZ58POftS
7TN0XkxREBcjumjeFqhYj9Bl
7WzbAl9w5j5KPWYYfYW1xXahTJ
7btmG18E
7h2yugpIT8OOKEn4caD7p
7hdvgSySOCMPOpweFBcu
7vxt0hPGuearnd68
85sGUjmnTfm30LtM9tTwQ
8H11r4UCCdY3KVnK56g58vJVV9
8X8RetUlGYbDx
8Z4Vxy8tVK3f1sa2nttACQixlYlB
8fDGl4LcCzk4vqIU1YM3Beh9ubUs
8gIMiLF0FTCHS
8nR7pxs2pXmkimhJQNa4eyon
90Ors2DJ75t
93jdtONsmZauc3LzGGhfrFWiy
9KwcCk1BA6voPtDYZKZ6KW
9SeeYdXrzrlpUFsZ
9jzCHsDGavFtRjY0U1HkSOrbm5uHScPI
9tPvL8eqpNLIVoMkyxyUjJ
9tnxSzckLI9YQIBvWrt7TAt4
9wP2tefqVes
9wUPqngI1MBSEqpgJilJr6cdl
9x4M6m5hI5MBi5TxtET6UJrheNUXg
A5avv0n3tkOIDA
A6GdUhRcR
A9nD6BtXUnxsnrXKU
ABPZMmve
AChwI7Ca6FhKnB
ADtYIacHIoBbfK9r7TiH9nCiUCo4Vzs
AOUKZ9FGqxacLe6oHdKsjNssoqgxp4Z8
AQ9AVS0tJV
AUOdBcgbjhiwTUJ8KKtqz
AUgwE2Qp0TH2SMzXRaPNCrAo3NZ
AY1gG0piTSfd5xQmw4cH9XIQ
AZz2Q8B9uDCmNmTYucFc
Ad9d9XcSWpDQvJnZlBt
ApVwkE921EbXQVt6FyQzH7OctnboA
AuBxoEihWq4IyyNbbCMrQD
B6QglUoD7xLo7MUXDS83GUbRDVYo
B6wEZvh
B8a3ski1iyMa9IM
B8nRcU2
B9RkKtB6All7hhy1vp6nobXlmRV
BIoq6UZ6fbYcHpuGfSNJIl5ZUb
BJbjAD7WXMh6kZxfGjyUDzsV0Xl9bafk
BQdnkR1cEF
BUU5mugszX
BgUSShvr3mRP5
BiCV2WhaLiACi7
CNLN5Q8eekLjGW9NLANifNvwgLtUQ
CT5Tp3FA1sX51jMyyb4Vwa
CUwORw8nN
CVYZPcs6bC0GjJ5UxcfY1Jmi
CWXLWiS7pv6ZG5oo8QMBA
CaIQsKtbxDHUZThMObbWg
Cd6swzq
Ci0Fso5
ClaDabDXPpHeY1W
Cppv8i1lw9gmt
Cs0998i
CshewHN7hoDvS3k2i7DX60N
CyGHl9yQIOGqvsTXD8AJ6TxOiVp
CycbQ2UewKRdQ
D1b5xmewdlUjkrMWtP6Ak41vG
D4ApjsNtuJCmZn
DIwi5In5TvsxQL5kY1n25B8KT5RGbTMQ
DJT0ymS4bue6lfYIBR6IiV5PPB2a
DNyjCBiGpaa5fc3
DXiAQyNSd
DbLJnpVC2
DgRCGL1v8l6z5
DkJhSfM3wIhKeuTSWeJqxq3RQ
DkPb5Q0aUwos
DlPkwGRdlN3AAqGqsmqXcJp7
DlV88MRrK4yxpBR9n95iHe
DpPc4pGtGPPgDCe1nldd
DpY7g9OvZaXIiITboscVTjQ4MZDzCTl
DqUeH8K5JRXP2nK0OFJPNjFbiQae
DtfQHyGvVnp8UhpkDU4d
DvybncJ9pMjpbDEDZM3joO
DwguxcPigKaJ8xRxSCi3n9zSuPwt2UbN
E3UU0IfjlYXmso09MK
E7MuBT7E2joWAXIqlPkMc7j8
E8rBo6fR2rzrAdO
EDzAwKkY
EIpKQUUDhhOLSgNu
ENJ1YrxjrAoQRLUaV
ETkAUgbMDLZBEXpb7RpuJ0NrIge
EXbtPzCX3wLAtPoQKsfa0ntX6hx
EYGTNnHP1jLOnx6bfKKldzBzuoX
EiUtz9t
ElluFgH9q6kLiO
EmRbTijWr2Mg1pvZMkB76afiJ4hDw
ErVfq5r38DjyAgJH4tsOutkwiWX
EsBbtT28y64wvjOT0SHUVgMV28dtni
EvWj4sk333PcMNve2FZnctGJERJR
EvhAuGYDd7gmQD7CDClQrGLeR5W
ExmW9p1iPheB52zQDi05KkZqUW9i
F0eok6f6HYg9tIRYVDHtnc06lceL8
F5GLByq7ptbkspIGI
F6tTjQdiJmWlB1uAvI1SOHB3ANN78L
FC5IegePO6O5qdg
FJwKRhATy
FMqqcAfDmoN7KFA60X
FMvfN1d6BWu91Qb7EpZu
FUMt2hYheoLceXr6wu7BE78R5toWx7
FWKrI4VrkV2lRayBBOhT
Fa74fnfoYkhgJkxe6eK6ptewSPPGZId
FdGLsOFfxqPyu1z
Fid03ZsI4ed1RvcIr4YG
Fs2LhsXgo362zY2K0CqprtzYZnZIJCU
Fxj9LgAhNu12gq0g
Fz08tlrMsFrkws9iUKy
GFsZfBYxoGwV8AZcqXTj
GIy3LJCDs
GMVfneJIOI8TkwzZBv3uOC8ckbPMU4
GPvxnhM0g7ZIeVHEH5WK5QOHNffU
GVHQGIjzr
GbrDvXr48KdwyE8oi1c5PCUxV8Z
Gk2NsSdvYFi9pTQmVUw9qb8JD
Go6w9gBMqXh5HvsT
Gqv1VHKZC5TXN1
GrBsOw2KdZ3eTUbQ
GxrTWpfxaydXeAiuxa1PSDfyhgOvQo
H3jnBDExYJt4ZAu
HHfPjg8S2LTQ9iauF1krcahVQhuZTJ
HJI3VPGeIUqaYF73rpm8yRvuSP94
HNJLq4q
HT5qAphPwYFCbSKf2gGhmlNMHQKDBtJ
HXsmFa65AlYqAeb334aY
HYwerD9QtR
Hl2cMg0ulPWl3QwZEid
Hmwu0Bzj7pwhiYl96bq1psi0
Hvj8ojsQbgt
Hzf67lUi1
I0boXRc1R
I3Cw9uSj
I8Z4PI61CcKTSlrgCo7SFnk3T
IFq8OOGtzk1BMtvuofPY5janla
ISIkzUCfI6Ze
ISRwxtX4SaNXabYYYjj3TMihL1nKa
IUEWn9S2p7p2QQ2bh9r2d67Ar6DLI
IWlIfYNNIUmyXazR4Me0UEcR
IdELtSKw2PWIiya3s2D
IdtWoEM1O6qgfyB3
IfC0Bbqr40a
IhW5XQT14J9EODGAJLDY1zIMcR
Im4uz9raSVsOdTAwtddNPB7ydv
IqvXUHkOheh2Ceu74M4K5
JQBi2h5uJBSAUEfZN9wCDLXm
JWCCnGm255NVTus8u62YRfj87
JXLgVaAFXi
JZQKy3GahL
JgSNFcf6erY8R3
JjKUMrwC0YI8v1h7lo3u8MUuy
Jm0RsBJR
JuY8rmAOcNAOFQi5C3G
K0v3lBiManP3r8ugOdARnc8naGNi
K6BvOlxlKbjtb0Tbf6T0fRF3lZ
K7csjPDB4WrL8Y1IQonrZenphv
K9ppotRMu2p
KC6AWZOcoVHZaUByEvBzfmO91
KHnGzLl5WvPrY8oJabZI4
KJ7Qeewui
KKeUyjPSr8c1fkJl8ZGx8JJm5oXrr
KOxc7azJTar
KbRwF6N75zbTro
Kzk8HzZ3EIrh
L3G66ChqMfhOQBOqA1mb
LDa4n30UHPLWQcA2ddJIM8ctTYSj
LNGeqX8RjwB3Zb7YRGk18MslGnSnnsj
LNO8nisSEGxpa3xL
LSRs99bCEnXFaxYzs7PLhhgJX
LbGalTfK2NWEJLirRf8m5
LlWzkWxH5gZ0YuH9eXp
Lw8SurrRwDPlrCeYsVp4Aye0x
M54IcaNMVwc7bQfoWucYRyjSH56z7
M8Ke0xl
MbmNzPDQ
Md1uiTIKwlxMXkVhn
Mj3SKyYYKFjXeKkxly3qzOPxWCCeZvJ
Mytp7mwoDXggiieK6r5mj
N8mLP4kdIU3
NB5Iyu8YT71k3H8VcHKsH5ah3v
NF3Gai7IrgFIDr6aAzwNlTHlHH
NF5qLLXKycRsYIiCczGnsj2SYc7fM
NFNubJPk
NHenwv8FQT905YRP0fJFBlOVkSB
NILeZWG7sP
NPdyrLQxiJtoFcdNmhf7l08OLxM
NRP6GgcDlSORUWoqS4IlGa
NRTsZFJ9SRmazd9MpCzhjuA5Iqjq
NVH3TZiYgN
NXXr01ZsNLQo5abp
NYM6yr33tOeocDJIEl1YcxJ
NcALs4UMUwJjfJOmJmcI5VuGooC
NenQz7Qb9kDtqmVYmpqeFGQS
Njbai3uRYGz3mF
NrRvxZ1ydBSv8j9tf
Nsa7PYaXz6orISv
NxAFxIRTm
Nxo7Z7lPtF5fEFRUT3al16kd9Ev9rVMz
OFhi3JpCqlFur9A3Zz
OJoy2GgqI
OKOpVrCyXJsc
OQirb5jEA2x
OXoZddHmV9WS63G
OZOo8xVqvkpK7v5dWcJqo98c
Ol3GPaCk
On2GSd2M4WKpV6TbLuCZk6kgBOYOV
OyAMW5j
P8RxChCN
P91XdYb0nPh75WXxvH
PBO4pPyBdq3i2Gkps0j3S7bGoZ7
PBaK1aWPu
PDp8ElfGEFibtUE
PFxZKl2OB2TciUgYb5oh
PKqyHS9oMw6d8Y2B8hIJ5rRvBMGFwXT
PNQOYDo6eDQBsmMzL6RnygpA
PRhnGfhajMSqVdCNaORR1QXqWfhKD
PXSyRDxVpBmbu
PbxMppqsuy2v1MhBbu31wbd
PpX0batUu1R
Pq9A2YYpY2112RdcC6qIa7J0YTtAHaD
Q7HssqbCLhOC9Ow5EQn6
QEzUjwSrZBoSuPBBnzow7
QLAcyCgPBQ
QTfbQm34J
QdmaxSUt
Qi1za1SewMNJtx8KWA2tVCib
Qk6k3fuHfcdljmnYJpanT3W2na5u
QrTdACFqQZeELYKTyn1YvnFi
Qtg6nYJGWbBwah8Px0t5fik6o
Qtgcu88Nd6
QyY8DBVzt
Qz3gK2k1B4
R0liyiaB9rYKQfS98tVUxc8cg
RKkxlPz3C2uDzMrxAkYBCgtGYRCYkt4
RKxLYjSuatW82v4zIvUE0jpC4i1MW4K
RXSgV86fHxQg6oX9nZprq
RXpwYfkWDiDd3mgDDCPFCQFoTnk
Rjxpj6MPsi1r
Rk6I2DnKHTolX3e3o4JI
Rknt3vR1O9fmUK0cFoVnwE
Rl9Dm6Rk9gPZum6HoHHH0ifxJZ
RnpajsWgTWsqvb3
RudtmrmlnNpZO38
RwbmAfGR0HBX3SRSMtmeeyz3
RxTPWXAZejwKke6apgKAYCJ5
RzHmh8GczBkOu0CvQQa
S0x8nP1SGRqSSo55G827
S4Eva4yNdo9ishI
S4mDqRpv139RAD3YSuU55CoEk6
S75sxTgzGIySRs4MBrr3d8j
S7VNTaEjcARy3P5tNwcdOpWTEAS7Q
SDTfZVtL
SDqalDa
SHIFPluLnzCoR4tRGUP8NreF8kPkYpT
SNMNH6DBWSCrV3cOBjv6PPS7wuV0tNA
SNOzMhj5gDb
SO7JgHPWRY4qVjVUfoGougO
SVN3wF0nQdfhQf7JGhkk78
SWXVtYW93cr
SZs5kcW9R
ScPlCymkpFrdBXTq7aW7BWhsUmOVC2S
ScqNHxv
SezlW8XUecMdVFzZ0m
SfJxFdI0T0HKuW5RJN3SE8jdubB
Shm5Vj0JpFdHqMep34xa
SqLy076NOUnYSjVWeEBT
Srhqro55k5lH3vLi1TFU
T6SkzVGIMR
T7PA2ArkbDGc8xF1Mh
TCnLqBhHsHbrqQq
TO8mlYyb
TP4uCx9cHdq97UTq6zLIaNx6G
TS5wkedN1kmG61ldM0ggD
TZHh4jFuYjmckyn0bS1AAr6xbpCEKxJw
Teg9fZRN2JFfAp
TlqpjlulewG7NH
TnvOQjUfcjd4
U7yB88ioW8UdFx9d46CLFJT0Votd
UBugD2YRLIilUooQl3
UIL2RvNf7BSJ
ULlf3o2
URyyqV8TI76
UXAQbvLAGzJatf1RxNcuOIV
UXIvy46PjxIgi
UalHwN4kaG3fMCeJ4BbyeSEmxy8wo
UguHokUKtTK
UndovVADLD0
UsFpWcv0r9YD8bz6ekAd6IbAAb1N4
V3sLXB4JcuThHUonRyzYiT
V5Hlemw3v52BSOV0WTDc
V6Hn6p8X5A9hteVe1YF
VJCd7rwoSmi6i6c5
VMJcDIEp
VOe2WRmiogcdOIo1Dl3oshpAGjS8Dz
VP9TMmHrTuyQfvgl76UvT7sz80L
VR3TyWw24RE8JzT5
VR8rtQr5KsVG2QrOrkgF
VWGsOvzdcbtmTQgot0hqSRrGEiub6yj
VbvuVDiKysbMO8DC9VkhKZjOY7n
VfNScz17y873DKCGZncp2hOovi
VgccukdG3hXRksB1JdudaQ
Vmx24E3gKel37T1PcfCctNfOu
VvJX5ckIlwKt5Cgwy0Uk
VziMZHcQPbQOrLrWUqTrNxB0Z
WCsoyPHqJrhMMKwx7a3Hy2JFSGNWOSa
WEYWLRwHeBDhIZMP2vYCybquCN
WHavknshGqsgTsGdEd
WMMoQvKPnyOtWMNH
WMxz6KaYoe37hV8N5h
WPmfWu5U66T
WPr7Wrak7Cv
WSgQYNfegLKpSn05G6bVMtGSqRqh5Sd
WTEzEPZ8lgJwVmY7QrNv
WUgzD1t
WYqYefYt19NEATTFC6bvnwK
WhYSAk2v5HdX
Wylz65T9VXzkObeEuRm2
X7GLZNCYQnHphGrIW1XkF5VVojR
X9Md6ZAxLxTao5UahUdqAgTdGquPeya
XOQZOJi
XP3VqEQPdQss
XR3ET7q7GZDo7TmJLrln0jfllf4zAluH
XRA6hG0f4eLNt3t3UamkM0Z
XTq55oKZCUAAdasvarGERk9ToEBxaYe
XW3OGIPs7UTrTXhicC15GSDG
XXLzgEOo0hCky27k04eRjF7KrubN
XbLGHhugdZ6YujpfMl1GC
XeMwXYAJVB
XedYVE8j4683nrIqRelo7d
XinV2LR
Xkt4msL
Xo4ZtaB
Xqu6lzd1gjfWbUyWKz
XtC9MKBo
XuSUfzzmIl0zxbpP5HwWmPrhae
XwXt2t3dFnUq
XxRIjwW9EJ
XxjWRAqlNK4lZ
Xz08AhgzTJpUmylCwkcIRHR00Ho
Y3V4aAYwn5SCPaJYMQ
Y83YfRVjz2M
YAh7U40rm
YIf6dd2dayKzWbs40LbTnyx8A
YNrLAXwLEGiHc5SDqu
YRMnnhZbe
YWdjApiYPYykKcjHBzkooqCfOzE3G
YnRcDpB6sDS8OpE9UYJ7tEH
YzoeCtGWqCH0JXlFC0gZYCiXejnJP
Z0j0LnWyQ7DO9R
ZIdC9GvmEQbaDMvssvUVfCspA6O
ZNBed3cKPchfOI3xFklRytk
Zi8sFMHTkcgR19sxmbsG745nTTj5aV
ZiISEylGuNjPO27tyxeC7J5yxSuFt
ZiSbTDFdH1ofcQflwBP2TvDi
ZjWpClaiM8ER7A06c4r
ZwAyEGpo2uA3jfXL
Zxx6gRWfpNZjBBp1jLFMZAjjkexiDaz
a5l06Dy5R8jQVmm0h7582MFZ69
aIy6vfYz1zrLQJuCuZxArQfZkAWvA10G
aLibp8AHrqn8yVjgWtf4DyZVhAd8dn5
aMtGeqPaXkH
aNNU4R1EQhu3KRXRC221J3k
aO8nMSTDlSdEFKvEI8GaovQ
abZP14kzsqDSrIGyMBy1R9k
ajO0WTodXRC8PWc
akU9rg22uUz0DqQNJyD
ap3eWpe3Fv7vR2I8aU6LyT8A2
aqDumPSAu0E8PcNMMjl4imY
arDRthYFfENyoiLO2d
ares_array_at
ares_array_at_const
ares_array_claim_at
ares_array_create
ares_array_destroy
ares_array_finish
ares_array_first
ares_array_first_const
ares_array_insert_at
ares_array_insert_first
ares_array_insert_last
ares_array_insertdata_at
ares_array_insertdata_first
ares_array_insertdata_last
ares_array_last
ares_array_last_const
ares_array_len
ares_array_remove_at
ares_array_remove_first
ares_array_remove_last
ares_array_set_size
ares_array_sort
ares_buf_append
ares_buf_append_be16
ares_buf_append_be32
ares_buf_append_byte
ares_buf_append_finish
ares_buf_append_num_dec
ares_buf_append_num_hex
ares_buf_append_start
ares_buf_append_str
ares_buf_begins_with
ares_buf_consume
ares_buf_consume_charset
ares_buf_consume_line
ares_buf_consume_nonwhitespace
ares_buf_consume_until_charset
ares_buf_consume_until_seq
ares_buf_consume_whitespace
ares_buf_create
ares_buf_create_const
ares_buf_destroy
ares_buf_fetch_be16

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcp290.dll
.dll windows:6 windows x64 arch:x64

dd0e5d4c5858c97ad85d397edd59c16a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

A\7y]XN@coZl$*^'vWxLo]L>`w?td2Z&12ys-](Wj$^GSlw5}yH\O%z_nNhXz>yiRM;aO*I^D}~3=qu_bC_.+"Fg6Jl~V"

Imports

advapi32

AdjustTokenPrivileges
DeregisterEventSource
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW

bcrypt

BCryptGenRandom

kernel32

TlsFree
TlsSetValue
CancelThreadpoolIo
CloseHandle
CloseThreadpoolIo
CloseThreadpoolWait
CloseThreadpoolWork
CompareStringEx
CompareStringOrdinal
CreateDirectoryW
CreateEventExW
CreateFileW
CreatePipe
CreateProcessW
CreateThread
CreateThreadpoolIo
CreateThreadpoolWait
CreateThreadpoolWork
DeleteCriticalSection
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExpandEnvironmentStringsW
FindClose
FindFirstFileExW
FindNLSStringEx
FindStringOrdinal
FlushFileBuffers
FormatMessageW
FreeLibrary
GetCPInfoExW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumberEx
GetCurrentThread
GetEnvironmentVariableW
GetExitCodeProcess
GetFileAttributesExW
GetFileInformationByHandleEx
GetFileType
GetFullPathNameW
GetLastError
GetLocaleInfoEx
GetLongPathNameW
GetModuleFileNameW
GetOverlappedResult
GetProcAddress
GetProcessId
GetStdHandle
GetThreadPriority
GetTickCount64
InitializeConditionVariable
InitializeCriticalSection
IsDebuggerPresent
IsWow64Process
K32EnumProcessModulesEx
K32EnumProcesses
K32GetModuleBaseNameW
K32GetModuleFileNameExW
K32GetModuleInformation
LCMapStringEx
LeaveCriticalSection
LoadLibraryExW
LocalAlloc
LocalFree
LocaleNameToLCID
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseFailFastException
ReadConsoleW
ReadFile
ResolveLocaleName
ResumeThread
SetEvent
SetFileAttributesW
SetFileInformationByHandle
SetFilePointerEx
SetLastError
SetThreadErrorMode
SetThreadPriority
SetThreadpoolWait
Sleep
SleepConditionVariableCS
StartThreadpoolIo
SubmitThreadpoolWork
VirtualAlloc
VirtualFree
WaitForMultipleObjectsEx
WaitForSingleObject
WaitForThreadpoolWaitCallbacks
WakeConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
FlushProcessWriteBuffers
WaitForSingleObjectEx
AddVectoredExceptionHandler
GetModuleHandleW
RtlVirtualUnwind
RtlCaptureContext
RtlRestoreContext
VerSetConditionMask
FlsAlloc
FlsGetValue
FlsSetValue
CreateEventW
SwitchToThread
GetCurrentThreadId
SuspendThread
GetThreadContext
SetThreadContext
CreateMemoryResourceNotification
QueryInformationJobObject
GetModuleHandleExW
GetProcessAffinityMask
VerifyVersionInfoW
InitializeContext
GetEnabledXStateFeatures
LocateXStateFeature
SetXStateFeaturesMask
VirtualQuery
GetSystemTimeAsFileTime
ResetEvent
InitializeCriticalSectionEx
SleepEx
DebugBreak
GlobalMemoryStatusEx
GetSystemInfo
GetLogicalProcessorInformation
GetLogicalProcessorInformationEx
GetLargePageMinimum
VirtualUnlock
VirtualAllocExNuma
IsProcessInJob
GetNumaHighestNodeNumber
GetProcessGroupAffinity
K32GetProcessMemoryInfo
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
RtlUnwindEx
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry

ole32

CoWaitForMultipleHandles
CoInitializeEx
CoUninitialize
CoGetApartmentType

api-ms-win-crt-math-l1-1-0

ceil

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc
calloc

api-ms-win-crt-string-l1-1-0

strcmp
strcpy_s
wcsncmp
_stricmp

api-ms-win-crt-convert-l1-1-0

strtoull

api-ms-win-crt-runtime-l1-1-0

abort
_seh_filter_dll
_configure_narrow_argv
_initterm_e
_initialize_narrow_environment
_initialize_onexit_table
_crt_atexit
_initterm
_cexit
terminate
_register_onexit_function
_execute_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
__stdio_common_vsprintf_s
__acrt_iob_func
__stdio_common_vfprintf

Exports

Exports

BidenHarris
DonaldTrump
JoeDust

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 588KB - Virtual size: 588KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nasrallah_x86.dll
vcruntime210.dll

Sharing

General

Malware Config

Signatures

Files

c4a74700d8113c83bc10c80b86256aa8

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

04:b3:98:f2:0c:a7:ae:1e:0b:80:b4:a7:32:21:80:6fCertificate

Extended Key Usages

Key Usages

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

67:c9:78:05:f2:0c:af:b4:8d:e4:a9:6c:a8:f2:82:86:ff:95:bd:f5:e2:23:7c:1e:7e:84:90:c1:b1:10:68:bbSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

ws2_32

libcares-2

Sections

.text Size: 32KB - Virtual size: 32KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 5KB - Virtual size: 5KB

.pdata Size: 1KB - Virtual size: 1KB

.xdata Size: 1KB - Virtual size: 1KB

.bss Size: - Virtual size: 2KB

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 96B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 136B

db66719a578feda8548cdff7f747ca32

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

bcrypt

kernel32

ole32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 630KB - Virtual size: 630KB

.data Size: 6KB - Virtual size: 290KB

.pdata Size: 79KB - Virtual size: 78KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

dd0e5d4c5858c97ad85d397edd59c16a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

bcrypt

kernel32

ole32

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

04:b3:98:f2:0c:a7:ae:1e:0b:80:b4:a7:32:21:80:6f
Certificate

0b:ae:66:bc:5a:ba:7f:95:87:c6:f9:e9:04:e3:33:04
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

67:c9:78:05:f2:0c:af:b4:8d:e4:a9:6c:a8:f2:82:86:ff:95:bd:f5:e2:23:7c:1e:7e:84:90:c1:b1:10:68:bb
Signer

.text
Size: 32KB - Virtual size: 32KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 5KB - Virtual size: 5KB

.pdata
Size: 1KB - Virtual size: 1KB

.xdata
Size: 1KB - Virtual size: 1KB

.bss
Size: - Virtual size: 2KB

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 96B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 136B

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 630KB - Virtual size: 630KB

.data
Size: 6KB - Virtual size: 290KB

.pdata
Size: 79KB - Virtual size: 78KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 588KB - Virtual size: 588KB

.data
Size: 6KB - Virtual size: 313KB

.pdata
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB