MisteriumLauncher[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MisteriumLauncher.zip
Size

2.8MB
MD5

a3fb0b17bcd26bc593a6c5009072d1be
SHA1

17313514aa41641b4050be7e4b79679d75792283
SHA256

c8ed0a93981f84fd0d865046684ec5945f35b83540874fe38e29f9d9c0d3ffee
SHA512

d55bd0c70a29a21cd01f2410989293a0244204b5a0af68129ac7a5adf882cacf1c7ded3dab1fda0d8648ab39d6a5ea69439dbac31acb8a0195cb0daedb829989
SSDEEP

49152:5le4WcMuU7f7GAVRcBDFOo4L98Dl8/Z+XLzcizDfdQHhXwIXZMjkwHICjFl71++M:5leqMuC7GicBD94R8DWoXLzTD1eWkuIh

Score

1^/10

Malware Config

Signatures

Files

MisteriumLauncher.zip
.zip

Password: playmisterium
MisteriumLauncher/Assembly - CSharp - first pass.dll
.dll windows x86

Password: playmisterium

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MisteriumLauncher/Assembly - UnityScript - first pass.dll
.dll windows x86

Password: playmisterium

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MisteriumLauncher/Misterium.exe
.exe windows x86

Password: playmisterium

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:24

Not After

02/12/2021, 21:24

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:e4:d5:16:5c:dc:cf:3d:a3:9b:07:4c:c3:bf:f2:3e:6a:d1:7c:17:fa:57:9b:4e:39:46:61:a2:3f:f2:f4:34
Signer

Actual PE Digest

0e:e4:d5:16:5c:dc:cf:3d:a3:9b:07:4c:c3:bf:f2:3e:6a:d1:7c:17:fa:57:9b:4e:39:46:61:a2:3f:f2:f4:34

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

02/02/2023, 17:54
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MisteriumLauncher/etc/mono/2.0/machine.config
.xml
MisteriumLauncher/etc/mono/config
MisteriumLauncher/lib/Boo.Lang.dll
.dll windows x86

Password: playmisterium

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MisteriumLauncher/lib/UnityDomainLoad.exe
.exe windows x86

Password: playmisterium

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MisteriumLauncher/lib/UnityEngine.dll
.dll windows x86

Password: playmisterium

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 740B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MisteriumLauncher/lib/mscorlib.dll
.dll windows x86

Password: playmisterium

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 804B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MisteriumLauncher/mainData
MisteriumLauncher/script.aps
MisteriumLauncher/unity/mono-1-vc.dll
.dll windows x86

Password: playmisterium

f6105f22420c8c0946068ee7279a0e33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnlockFile
LockFile
SetFileTime
WriteFile
GetFileAttributesW
ReadFile
CreateFileW
FlushFileBuffers
GetTempPathW
GetStdHandle
GetLastError
GetCurrentDirectoryW
MoveFileW
FindClose
SetCurrentDirectoryW
RemoveDirectoryW
CreatePipe
FindNextFileW
GetFileAttributesExW
SetFileAttributesW
SetEvent
ResetEvent
CreateEventW
SystemTimeToFileTime
GetLogicalDriveStringsW
SetEnvironmentVariableW
GetComputerNameW
OutputDebugStringW
GetTimeZoneInformation
GetSystemTime
GlobalAlloc
InterlockedExchange
GlobalFree
GlobalReAlloc
ReleaseSemaphore
CreateSemaphoreW
CreateProcessW
GetProcessTimes
OpenProcess
CreateDirectoryW
TerminateProcess
GetProcessWorkingSetSize
SetProcessWorkingSetSize
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetCurrentProcess
GetCurrentThread
LocalFree
GetVolumeInformationW
WaitForSingleObject
Sleep
CreateMutexW
SleepEx
WaitForMultipleObjectsEx
ExitThread
OpenMutexW
QueueUserAPC
OpenThread
OpenEventW
DuplicateHandle
OpenSemaphoreW
ReleaseMutex
SetUnhandledExceptionFilter
GetThreadContext
VirtualQuery
VirtualFree
VirtualAlloc
GetModuleHandleW
LoadLibraryW
FormatMessageW
GetProcAddress
VirtualProtect
MultiByteToWideChar
SetEndOfFile
SetFilePointer
FindFirstFileW
GetFileSize
GetSystemInfo
GetVersionExW
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
GetFileType
GetCurrentThreadId
DeleteCriticalSection
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
ResumeThread
DeleteFileW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
CopyFileW
InitializeCriticalSection
GetTickCount
WaitForSingleObjectEx
GetExitCodeProcess
InterlockedCompareExchange
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CompareStringW
CompareStringA
HeapSize
SetEnvironmentVariableA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
RaiseException
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
HeapDestroy
HeapCreate
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetStartupInfoA
SetHandleCount
IsDebuggerPresent
GetCPInfo
GetFullPathNameA
GetFullPathNameW
FindNextFileA
GetEnvironmentVariableW
ExpandEnvironmentStringsA
GetWindowsDirectoryA
GetSystemDirectoryW
GetSystemDirectoryA
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
GetCurrentDirectoryA
GetWindowsDirectoryW
GetVersion
ExpandEnvironmentStringsW
GetFileAttributesA
FormatMessageA
GetThreadLocale
CreateEventA
SetThreadPriority
CreateMutexA
GetSystemTimeAsFileTime
CreateSemaphoreA
GetACP
DebugBreak
SetLastError
GetExitCodeThread
SuspendThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetDriveTypeA
FindFirstFileA
ExitProcess
HeapFree
HeapAlloc
SetStdHandle
HeapReAlloc
UnhandledExceptionFilter
GetCommandLineA
WideCharToMultiByte
GetProcessHeap

advapi32

GetUserNameW
GetLengthSid
FreeSid
RevertToSelf
SetEntriesInAclW
AllocateAndInitializeSid
GetNamedSecurityInfoW
BuildTrusteeWithSidW
ImpersonateLoggedOnUser
LookupAccountSidW
SetNamedSecurityInfoW
DuplicateToken
CopySid
GetTokenInformation
GetEffectiveRightsFromAclW
OpenThreadToken
OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
GetUserNameA

shell32

SHGetFolderPathW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetPathFromIDListW

ole32

CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysFreeString
SysAllocStringLen
SysStringLen

ws2_32

ntohs
getsockname
shutdown
htons
setsockopt
sendto
WSACleanup
recv
bind
gethostbyaddr
gethostbyname
send
getsockopt
listen
accept
WSAGetLastError
WSASocketW
htonl
inet_addr
ntohl
recvfrom
WSAStartup
connect
gethostname
WSAIoctl
ioctlsocket
getpeername
socket
__WSAFDIsSet
select
getprotobyname
closesocket

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses

winmm

timeBeginPeriod
timeGetDevCaps
timeEndPeriod
timeSetEvent

user32

MessageBoxA

Exports

Exports

GC_free
GC_malloc_uncollectable
SetNativeSigsegvHandlerWin
g_free
g_mem_set_vtable
g_strdup
mono_activate_security_manager
mono_add_internal_call
mono_array_class_get
mono_array_new
mono_array_new_full
mono_assembly_close
mono_assembly_foreach
mono_assembly_get_image
mono_assembly_get_object
mono_assembly_load_from
mono_assembly_load_from_full
mono_assembly_open
mono_assembly_preload_references
mono_class_array_element_size
mono_class_from_mono_type
mono_class_from_name
mono_class_get_byref_type
mono_class_get_field_from_name
mono_class_get_fields
mono_class_get_flags
mono_class_get_image
mono_class_get_interfaces
mono_class_get_method_from_name
mono_class_get_methods
mono_class_get_name
mono_class_get_namespace
mono_class_get_nesting_type
mono_class_get_parent
mono_class_get_properties
mono_class_get_property_from_name
mono_class_get_type
mono_class_instance_size
mono_class_is_enum
mono_class_is_subclass_of
mono_class_is_valuetype
mono_class_vtable
mono_custom_attrs_free
mono_custom_attrs_from_class
mono_custom_attrs_from_field
mono_custom_attrs_from_method
mono_custom_attrs_get_attr
mono_custom_attrs_has_attr
mono_debug_init
mono_debug_open_image_from_memory
mono_domain_assembly_open
mono_domain_get
mono_domain_get_id
mono_domain_set
mono_exception_from_name_msg
mono_field_get_flags
mono_field_get_name
mono_field_get_type
mono_field_get_value
mono_field_set_value
mono_field_static_get_value
mono_gc_collect
mono_gc_disable
mono_gc_max_generation
mono_gchandle_free
mono_gchandle_get_target
mono_gchandle_is_in_domain
mono_gchandle_new
mono_gchandle_new_weakref
mono_get_array_class
mono_get_corlib
mono_get_enum_class
mono_get_exception_class
mono_get_object_class
mono_get_root_domain
mono_get_string_class
mono_image_close
mono_image_get_assembly
mono_image_get_filename
mono_image_get_name
mono_image_open_from_data_full
mono_jit_cleanup
mono_jit_exec
mono_jit_init
mono_method_get_class
mono_method_get_flags
mono_method_get_last_managed
mono_method_get_name
mono_method_get_object
mono_method_signature
mono_object_get_class
mono_object_new
mono_object_new_alloc_specific
mono_object_new_specific
mono_object_unbox
mono_parse_default_optimizations
mono_property_get_get_method
mono_raise_exception
mono_runtime_delegate_invoke
mono_runtime_exec_main
mono_runtime_invoke
mono_runtime_object_init
mono_set_assembly_paths
mono_set_defaults
mono_set_dirs
mono_set_find_plugin_callback
mono_set_unhandled_exception_handler
mono_set_unity_pinvoke_enabled
mono_set_unity_secure_callback
mono_set_unity_secure_enabled
mono_signature_get_param_count
mono_signature_get_params
mono_signature_get_return_type
mono_signature_is_instance
mono_string_new_wrapper
mono_string_to_utf8
mono_thread_attach
mono_thread_current
mono_thread_detach
mono_thread_exit
mono_thread_pop_appdomain_ref
mono_thread_push_appdomain_ref
mono_thread_set_main
mono_type_get_class
mono_type_get_name
mono_type_get_object
mono_type_get_type
mono_value_box
unity_mono_close_output
unity_mono_redirect_output
ves_icall_System_AppDomain_InternalUnload
ves_icall_System_AppDomain_createDomain

Sections

.text
Size: 778KB - Virtual size: 778KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 719KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MisteriumLauncher/unity/unity default resources

Sharing

General

Malware Config

Signatures

Files

Password: playmisterium

Password: playmisterium

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 2KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 828B

.reloc Size: 512B - Virtual size: 12B

Password: playmisterium

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 15KB - Virtual size: 15KB

.reloc Size: 512B - Virtual size: 12B

Password: playmisterium

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:dfCertificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

0e:e4:d5:16:5c:dc:cf:3d:a3:9b:07:4c:c3:bf:f2:3e:6a:d1:7c:17:fa:57:9b:4e:39:46:61:a2:3f:f2:f4:34Signer

Signature Validations

Verification

02/02/2023, 17:54 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 396KB - Virtual size: 395KB

.rsrc Size: 7KB - Virtual size: 6KB

.reloc Size: 512B - Virtual size: 12B

Password: playmisterium

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 88KB - Virtual size: 84KB

.rsrc Size: 4KB - Virtual size: 1000B

.reloc Size: 4KB - Virtual size: 12B

Password: playmisterium

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 1KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 732B

.reloc Size: 512B - Virtual size: 12B

Password: playmisterium

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

Imports

mscoree

Sections

.text Size: 298KB - Virtual size: 297KB

.rsrc Size: 1024B - Virtual size: 740B

.reloc Size: 512B - Virtual size: 12B

Password: playmisterium

dae02f32a21e03ce65412f6e56942daa

Headers

File Characteristics

.text
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 828B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 15KB - Virtual size: 15KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:03:df:fb:6a:e3:f4:27:ec:b6:a3:00:00:00:00:03:df
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

0e:e4:d5:16:5c:dc:cf:3d:a3:9b:07:4c:c3:bf:f2:3e:6a:d1:7c:17:fa:57:9b:4e:39:46:61:a2:3f:f2:f4:34
Signer

02/02/2023, 17:54
Valid: false

.text
Size: 396KB - Virtual size: 395KB

.rsrc
Size: 7KB - Virtual size: 6KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 88KB - Virtual size: 84KB

.rsrc
Size: 4KB - Virtual size: 1000B

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 732B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 298KB - Virtual size: 297KB

.rsrc
Size: 1024B - Virtual size: 740B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.4MB - Virtual size: 2.4MB

.rsrc
Size: 1024B - Virtual size: 804B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 778KB - Virtual size: 778KB

.rdata
Size: 719KB - Virtual size: 718KB

.data
Size: 9KB - Virtual size: 88KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 47KB - Virtual size: 47KB