This is about … .
Windows PE
.rsrc section usually contains such resources as icons, pictires etc. However, some malicious programs (as well as legitimate ones) can store a driver or other code there which gets extracted and executed by the main progam flow.
- On Windows systems some functions have a suffix
AorW. These indicate that this function accepting ASCII or wide character string as an argument respectively. - On Windows systems some functions have a suffix
Exor evenExEx. These indicate that Windows has released a new version of a function which is not compatible with older ones, since older ones must be supported.