4dfb4ec968f3a450bd19d59d17fe3f11

FileName: 1011712_4dfb4ec968f3a450bd19d59d17fe3f11.exe
Size : 1011712
Md5 : 4dfb4ec968f3a450bd19d59d17fe3f11
PEiD : [['Microsoft Visual C# / Basic .NET'], ['.NET executable']]
Virus Total Result:
McAfee -> Artemis!4DFB4EC968F3
TheHacker -> Trojan/Kryptik.ct
K7AntiVirus -> Riskware
NOD32 -> a variant of MSIL/Kryptik.CT
Symantec -> Trojan.Gen
Norman -> W32/Troj_Generic.BVTYK
Avast -> Win32:Downloader-OJZ [Trj]
Kaspersky -> Trojan-Dropper.MSIL.Agent.aems
Emsisoft -> Win32.Downloader.OJZ!IK
Comodo -> UnclassifiedMalware
DrWeb -> Trojan.Siggen.65133
VIPRE -> Trojan.Win32.Generic!BT
AntiVir -> TR/Dldr.Agent.1011712.1
TrendMicro -> TROJ_GEN.R47C8EN
Antiy-AVL -> Trojan/win32.agent.gen
GData -> Win32:Downloader-OJZ
PCTools -> Trojan.Gen
Ikarus -> Win32.Downloader.OJZ
Fortinet -> W32/Agent.D35C!tr
AVG -> Generic28.AEVD
Panda -> Trj/CI.A

FileInfo:
----------DOS_HEADER----------

[IMAGE_DOS_HEADER]
0x0 0x0 e_magic: 0x5A4D
0x2 0x2 e_cblp: 0x90
0x4 0x4 e_cp: 0x3
0x6 0x6 e_crlc: 0x0
0x8 0x8 e_cparhdr: 0x4
0xA 0xA e_minalloc: 0x0
0xC 0xC e_maxalloc: 0xFFFF
0xE 0xE e_ss: 0x0
0x10 0x10 e_sp: 0xB8
0x12 0x12 e_csum: 0x0
0x14 0x14 e_ip: 0x0
0x16 0x16 e_cs: 0x0
0x18 0x18 e_lfarlc: 0x40
0x1A 0x1A e_ovno: 0x0
0x1C 0x1C e_res:
0x24 0x24 e_oemid: 0x0
0x26 0x26 e_oeminfo: 0x0
0x28 0x28 e_res2:
0x3C 0x3C e_lfanew: 0x80

----------NT_HEADERS----------

[IMAGE_NT_HEADERS]
0x80 0x0 Signature: 0x4550

----------FILE_HEADER----------

[IMAGE_FILE_HEADER]
0x84 0x0 Machine: 0x14C
0x86 0x2 NumberOfSections: 0x3
0x88 0x4 TimeDateStamp: 0x4FAA9653 [Wed May 09 16:07:47 2012 UTC]
0x8C 0x8 PointerToSymbolTable: 0x0
0x90 0xC NumberOfSymbols: 0x0
0x94 0x10 SizeOfOptionalHeader: 0xE0
0x96 0x12 Characteristics: 0x102
Flags: IMAGE_FILE_32BIT_MACHINE, IMAGE_FILE_EXECUTABLE_IMAGE

----------OPTIONAL_HEADER----------

[IMAGE_OPTIONAL_HEADER]
0x98 0x0 Magic: 0x10B
0x9A 0x2 MajorLinkerVersion: 0x8
0x9B 0x3 MinorLinkerVersion: 0x0
0x9C 0x4 SizeOfCode: 0xD3000
0xA0 0x8 SizeOfInitializedData: 0x23000
0xA4 0xC SizeOfUninitializedData: 0x0
0xA8 0x10 AddressOfEntryPoint: 0xD480E
0xAC 0x14 BaseOfCode: 0x2000
0xB0 0x18 BaseOfData: 0xD6000
0xB4 0x1C ImageBase: 0x400000
0xB8 0x20 SectionAlignment: 0x2000
0xBC 0x24 FileAlignment: 0x1000
0xC0 0x28 MajorOperatingSystemVersion: 0x4
0xC2 0x2A MinorOperatingSystemVersion: 0x0
0xC4 0x2C MajorImageVersion: 0x0
0xC6 0x2E MinorImageVersion: 0x0
0xC8 0x30 MajorSubsystemVersion: 0x4
0xCA 0x32 MinorSubsystemVersion: 0x0
0xCC 0x34 Reserved1: 0x0
0xD0 0x38 SizeOfImage: 0xFA000
0xD4 0x3C SizeOfHeaders: 0x1000
0xD8 0x40 CheckSum: 0xDD33A
0xDC 0x44 Subsystem: 0x2
0xDE 0x46 DllCharacteristics: 0x8540
0xE0 0x48 SizeOfStackReserve: 0x100000
0xE4 0x4C SizeOfStackCommit: 0x1000
0xE8 0x50 SizeOfHeapReserve: 0x100000
0xEC 0x54 SizeOfHeapCommit: 0x1000
0xF0 0x58 LoaderFlags: 0x0
0xF4 0x5C NumberOfRvaAndSizes: 0x10
DllCharacteristics: IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE, IMAGE_DLL_CHARACTERISTICS_TERMINAL_SERVER_AWARE, IMAGE_DLL_CHARACTERISTICS_NX_COMPAT, IMAGE_DLL_CHARACTERISTICS_NO_SEH

----------PE Sections----------

[IMAGE_SECTION_HEADER]
0x178 0x0 Name: .text
0x180 0x8 Misc: 0xD2814
0x180 0x8 Misc_PhysicalAddress: 0xD2814
0x180 0x8 Misc_VirtualSize: 0xD2814
0x184 0xC VirtualAddress: 0x2000
0x188 0x10 SizeOfRawData: 0xD3000
0x18C 0x14 PointerToRawData: 0x1000
0x190 0x18 PointerToRelocations: 0x0
0x194 0x1C PointerToLinenumbers: 0x0
0x198 0x20 NumberOfRelocations: 0x0
0x19A 0x22 NumberOfLinenumbers: 0x0
0x19C 0x24 Characteristics: 0x60000020
Flags: IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Entropy: 7.703001 (Min=0.0, Max=8.0)
MD5 hash: 775ae7e5bfa78bf28cd9540ac375d8ad
SHA-1 hash: 1cae13f65073468463c4e8ab6ac36b5ce06d08ef
SHA-256 hash: d20b41bcdf3d1ed4bb76bf7e05b671cd5a7e29cb26c28748022eddb4966c9ef1
SHA-512 hash: c32dffc327d26c47bcb249e63a4d61dbdf2fb2f1021bb162755d6e7d8b53bf577ee11c1611c750bf44dd97c681f189617fbec09b2e3df6b109f02919e904628f

[IMAGE_SECTION_HEADER]
0x1A0 0x0 Name: .rsrc
0x1A8 0x8 Misc: 0x219F4
0x1A8 0x8 Misc_PhysicalAddress: 0x219F4
0x1A8 0x8 Misc_VirtualSize: 0x219F4
0x1AC 0xC VirtualAddress: 0xD6000
0x1B0 0x10 SizeOfRawData: 0x22000
0x1B4 0x14 PointerToRawData: 0xD4000
0x1B8 0x18 PointerToRelocations: 0x0
0x1BC 0x1C PointerToLinenumbers: 0x0
0x1C0 0x20 NumberOfRelocations: 0x0
0x1C2 0x22 NumberOfLinenumbers: 0x0
0x1C4 0x24 Characteristics: 0x40000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
Entropy: 5.250707 (Min=0.0, Max=8.0)
MD5 hash: 203dd02957914b3b1d83b699e4da0c82
SHA-1 hash: f812a1c3d03ef7ceac7ad98938e6e53e33bb736f
SHA-256 hash: 20556c94197ca38e414518274323bacc6fc59a207598db5a2bf33b21b69d3bdc
SHA-512 hash: 0d17d7dbf333bd6188f874da36dcb0a9b2586aafe0df751c9cbdfc03028867228ce07e1d919921873915d4d22b406892be65980c4c19b31f27dc81321d16f9dd

[IMAGE_SECTION_HEADER]
0x1C8 0x0 Name: .reloc
0x1D0 0x8 Misc: 0xC
0x1D0 0x8 Misc_PhysicalAddress: 0xC
0x1D0 0x8 Misc_VirtualSize: 0xC
0x1D4 0xC VirtualAddress: 0xF8000
0x1D8 0x10 SizeOfRawData: 0x1000
0x1DC 0x14 PointerToRawData: 0xF6000
0x1E0 0x18 PointerToRelocations: 0x0
0x1E4 0x1C PointerToLinenumbers: 0x0
0x1E8 0x20 NumberOfRelocations: 0x0
0x1EA 0x22 NumberOfLinenumbers: 0x0
0x1EC 0x24 Characteristics: 0x42000040
Flags: IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
Entropy: 0.016408 (Min=0.0, Max=8.0)
MD5 hash: 68ad6fdf19549bb7fb726eb5a09ae3a9
SHA-1 hash: 95c12ec00000b87d08e137ac100d2f7ca6e8d233
SHA-256 hash: bd4cc74f3047ebbdc5a52ac613f137cf1bf821b7fc0fd5f23eb97044ddef9ec1
SHA-512 hash: 3396db0a9c306a7415539ea3223fcef3ea6c5d525994e3d59f9f8d67a5c0eaf353f96550d0698ba29507cdb21b51ca37397d354cd2f4ac8ae020f31c83880b8d

----------Directories----------

[IMAGE_DIRECTORY_ENTRY_EXPORT]
0xF8 0x0 VirtualAddress: 0x0
0xFC 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IMPORT]
0x100 0x0 VirtualAddress: 0xD47C0
0x104 0x4 Size: 0x4B
[IMAGE_DIRECTORY_ENTRY_RESOURCE]
0x108 0x0 VirtualAddress: 0xD6000
0x10C 0x4 Size: 0x219F4
[IMAGE_DIRECTORY_ENTRY_EXCEPTION]
0x110 0x0 VirtualAddress: 0x0
0x114 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_SECURITY]
0x118 0x0 VirtualAddress: 0x0
0x11C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BASERELOC]
0x120 0x0 VirtualAddress: 0xF8000
0x124 0x4 Size: 0xC
[IMAGE_DIRECTORY_ENTRY_DEBUG]
0x128 0x0 VirtualAddress: 0x0
0x12C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COPYRIGHT]
0x130 0x0 VirtualAddress: 0x0
0x134 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_GLOBALPTR]
0x138 0x0 VirtualAddress: 0x0
0x13C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_TLS]
0x140 0x0 VirtualAddress: 0x0
0x144 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG]
0x148 0x0 VirtualAddress: 0x0
0x14C 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT]
0x150 0x0 VirtualAddress: 0x0
0x154 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_IAT]
0x158 0x0 VirtualAddress: 0x2000
0x15C 0x4 Size: 0x8
[IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT]
0x160 0x0 VirtualAddress: 0x0
0x164 0x4 Size: 0x0
[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR]
0x168 0x0 VirtualAddress: 0x2008
0x16C 0x4 Size: 0x48
[IMAGE_DIRECTORY_ENTRY_RESERVED]
0x170 0x0 VirtualAddress: 0x0
0x174 0x4 Size: 0x0

----------Version Information----------

[VS_VERSIONINFO]
0xF573C 0x0 Length: 0x2B8
0xF573E 0x2 ValueLength: 0x34
0xF5740 0x4 Type: 0x0

[VS_FIXEDFILEINFO]
0xF5764 0x0 Signature: 0xFEEF04BD
0xF5768 0x4 StrucVersion: 0x10000
0xF576C 0x8 FileVersionMS: 0x10000
0xF5770 0xC FileVersionLS: 0x0
0xF5774 0x10 ProductVersionMS: 0x10000
0xF5778 0x14 ProductVersionLS: 0x0
0xF577C 0x18 FileFlagsMask: 0x3F
0xF5780 0x1C FileFlags: 0x0
0xF5784 0x20 FileOS: 0x4
0xF5788 0x24 FileType: 0x1
0xF578C 0x28 FileSubtype: 0x0
0xF5790 0x2C FileDateMS: 0x0
0xF5794 0x30 FileDateLS: 0x0

[VarFileInfo]
0xF5798 0x0 Length: 0x44
0xF579A 0x2 ValueLength: 0x0
0xF579C 0x4 Type: 0x1

[Var]
0xF57B8 0x0 Length: 0x24
0xF57BA 0x2 ValueLength: 0x4
0xF57BC 0x4 Type: 0x0
Translation: 0x0000 0x04b0

[StringFileInfo]
0xF57DC 0x0 Length: 0x218
0xF57DE 0x2 ValueLength: 0x0
0xF57E0 0x4 Type: 0x1

[StringTable]
0xF5800 0x0 Length: 0x1F4
0xF5802 0x2 ValueLength: 0x0
0xF5804 0x4 Type: 0x1
LangID: 000004b0

LegalCopyright:
Assembly Version: 1.0.0.0
InternalName: WinDefender.exe
FileVersion: 1.0.0.0
Comments: vshost32-clr2
ProductName: 1.0.0.0
ProductVersion: 1.0.0.0
FileDescription:
OriginalFilename: WinDefender.exe

----------Imported symbols----------

[IMAGE_IMPORT_DESCRIPTOR]
0xD37C0 0x0 OriginalFirstThunk: 0xD47E8
0xD37C0 0x0 Characteristics: 0xD47E8
0xD37C4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD37C8 0x8 ForwarderChain: 0x0
0xD37CC 0xC Name: 0xD47FE
0xD37D0 0x10 FirstThunk: 0x2000

mscoree.dll._CorExeMain Hint[0]

----------Resource directory----------

[IMAGE_RESOURCE_DIRECTORY]
0xD4000 0x0 Characteristics: 0x0
0xD4004 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD4008 0x8 MajorVersion: 0x4
0xD400A 0xA MinorVersion: 0x0
0xD400C 0xC NumberOfNamedEntries: 0x0
0xD400E 0xE NumberOfIdEntries: 0x3
Id: [0x3] (RT_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4010 0x0 Name: 0x3
0xD4014 0x4 OffsetToData: 0x80000028
[IMAGE_RESOURCE_DIRECTORY]
0xD4028 0x0 Characteristics: 0x0
0xD402C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD4030 0x8 MajorVersion: 0x4
0xD4032 0xA MinorVersion: 0x0
0xD4034 0xC NumberOfNamedEntries: 0x0
0xD4036 0xE NumberOfIdEntries: 0x5
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4038 0x0 Name: 0x1
0xD403C 0x4 OffsetToData: 0x80000090
[IMAGE_RESOURCE_DIRECTORY]
0xD4090 0x0 Characteristics: 0x0
0xD4094 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD4098 0x8 MajorVersion: 0x4
0xD409A 0xA MinorVersion: 0x0
0xD409C 0xC NumberOfNamedEntries: 0x0
0xD409E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD40A0 0x0 Name: 0x0
0xD40A4 0x4 OffsetToData: 0x138
[IMAGE_RESOURCE_DATA_ENTRY]
0xD4138 0x0 OffsetToData: 0xD61A8
0xD413C 0x4 Size: 0x10828
0xD4140 0x8 CodePage: 0x4E4
0xD4144 0xC Reserved: 0x0
Id: [0x2]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4040 0x0 Name: 0x2
0xD4044 0x4 OffsetToData: 0x800000A8
[IMAGE_RESOURCE_DIRECTORY]
0xD40A8 0x0 Characteristics: 0x0
0xD40AC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD40B0 0x8 MajorVersion: 0x4
0xD40B2 0xA MinorVersion: 0x0
0xD40B4 0xC NumberOfNamedEntries: 0x0
0xD40B6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD40B8 0x0 Name: 0x0
0xD40BC 0x4 OffsetToData: 0x148
[IMAGE_RESOURCE_DATA_ENTRY]
0xD4148 0x0 OffsetToData: 0xE69D0
0xD414C 0x4 Size: 0x94A8
0xD4150 0x8 CodePage: 0x4E4
0xD4154 0xC Reserved: 0x0
Id: [0x3]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4048 0x0 Name: 0x3
0xD404C 0x4 OffsetToData: 0x800000C0
[IMAGE_RESOURCE_DIRECTORY]
0xD40C0 0x0 Characteristics: 0x0
0xD40C4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD40C8 0x8 MajorVersion: 0x4
0xD40CA 0xA MinorVersion: 0x0
0xD40CC 0xC NumberOfNamedEntries: 0x0
0xD40CE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD40D0 0x0 Name: 0x0
0xD40D4 0x4 OffsetToData: 0x158
[IMAGE_RESOURCE_DATA_ENTRY]
0xD4158 0x0 OffsetToData: 0xEFE78
0xD415C 0x4 Size: 0x4228
0xD4160 0x8 CodePage: 0x4E4
0xD4164 0xC Reserved: 0x0
Id: [0x4]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4050 0x0 Name: 0x4
0xD4054 0x4 OffsetToData: 0x800000D8
[IMAGE_RESOURCE_DIRECTORY]
0xD40D8 0x0 Characteristics: 0x0
0xD40DC 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD40E0 0x8 MajorVersion: 0x4
0xD40E2 0xA MinorVersion: 0x0
0xD40E4 0xC NumberOfNamedEntries: 0x0
0xD40E6 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD40E8 0x0 Name: 0x0
0xD40EC 0x4 OffsetToData: 0x168
[IMAGE_RESOURCE_DATA_ENTRY]
0xD4168 0x0 OffsetToData: 0xF40A0
0xD416C 0x4 Size: 0x25A8
0xD4170 0x8 CodePage: 0x4E4
0xD4174 0xC Reserved: 0x0
Id: [0x5]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4058 0x0 Name: 0x5
0xD405C 0x4 OffsetToData: 0x800000F0
[IMAGE_RESOURCE_DIRECTORY]
0xD40F0 0x0 Characteristics: 0x0
0xD40F4 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD40F8 0x8 MajorVersion: 0x4
0xD40FA 0xA MinorVersion: 0x0
0xD40FC 0xC NumberOfNamedEntries: 0x0
0xD40FE 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4100 0x0 Name: 0x0
0xD4104 0x4 OffsetToData: 0x178
[IMAGE_RESOURCE_DATA_ENTRY]
0xD4178 0x0 OffsetToData: 0xF6648
0xD417C 0x4 Size: 0x10A8
0xD4180 0x8 CodePage: 0x4E4
0xD4184 0xC Reserved: 0x0

Id: [0xE] (RT_GROUP_ICON)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4018 0x0 Name: 0xE
0xD401C 0x4 OffsetToData: 0x80000060
[IMAGE_RESOURCE_DIRECTORY]
0xD4060 0x0 Characteristics: 0x0
0xD4064 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD4068 0x8 MajorVersion: 0x4
0xD406A 0xA MinorVersion: 0x0
0xD406C 0xC NumberOfNamedEntries: 0x0
0xD406E 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4070 0x0 Name: 0x1
0xD4074 0x4 OffsetToData: 0x80000108
[IMAGE_RESOURCE_DIRECTORY]
0xD4108 0x0 Characteristics: 0x0
0xD410C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD4110 0x8 MajorVersion: 0x4
0xD4112 0xA MinorVersion: 0x0
0xD4114 0xC NumberOfNamedEntries: 0x0
0xD4116 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4118 0x0 Name: 0x0
0xD411C 0x4 OffsetToData: 0x188
[IMAGE_RESOURCE_DATA_ENTRY]
0xD4188 0x0 OffsetToData: 0xF76F0
0xD418C 0x4 Size: 0x4C
0xD4190 0x8 CodePage: 0x4E4
0xD4194 0xC Reserved: 0x0

Id: [0x10] (RT_VERSION)
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4020 0x0 Name: 0x10
0xD4024 0x4 OffsetToData: 0x80000078
[IMAGE_RESOURCE_DIRECTORY]
0xD4078 0x0 Characteristics: 0x0
0xD407C 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD4080 0x8 MajorVersion: 0x4
0xD4082 0xA MinorVersion: 0x0
0xD4084 0xC NumberOfNamedEntries: 0x0
0xD4086 0xE NumberOfIdEntries: 0x1
Id: [0x1]
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4088 0x0 Name: 0x1
0xD408C 0x4 OffsetToData: 0x80000120
[IMAGE_RESOURCE_DIRECTORY]
0xD4120 0x0 Characteristics: 0x0
0xD4124 0x4 TimeDateStamp: 0x0 [Thu Jan 01 00:00:00 1970 UTC]
0xD4128 0x8 MajorVersion: 0x4
0xD412A 0xA MinorVersion: 0x0
0xD412C 0xC NumberOfNamedEntries: 0x0
0xD412E 0xE NumberOfIdEntries: 0x1
[IMAGE_RESOURCE_DIRECTORY_ENTRY]
0xD4130 0x0 Name: 0x0
0xD4134 0x4 OffsetToData: 0x198
[IMAGE_RESOURCE_DATA_ENTRY]
0xD4198 0x0 OffsetToData: 0xF773C
0xD419C 0x4 Size: 0x2B8
0xD41A0 0x8 CodePage: 0x4E4
0xD41A4 0xC Reserved: 0x0


----------Base relocations----------

[IMAGE_BASE_RELOCATION]
0xF6000 0x0 VirtualAddress: 0xD4000
0xF6004 0x4 SizeOfBlock: 0xC
000D4810h HIGHLOW
000D4000h ABSOLUTE