10494381513[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

10494381513.zip
Size

2.3MB
MD5

24578745625c1e3b52387e58c8afc0b5
SHA1

1c236b89f04c073f27a5e8b82696c8f2958c2cb7
SHA256

30a2a4a8058a3106e8390f64bc6a68dbae76cadf0bff96f936338b4e1a35dcc8
SHA512

8d820598449c9c38e570e61bcb7180372fe595f64522a250a339e9619d16384a9b6658343cde5b7e6229244172f41ec34418f1067e7ec6c3b8810ec5b95bc647
SSDEEP

49152:BNsVnwYHpqq7LtUJlzme40ENNEkmVnUhE5O89DhXTmzfGY:jaqq7hUJgd3mx5O2VySY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ȫѧϰֲ/.__MACOS__/.__MACOS__/.__MACOS__/._MACOS_/mpclient.dll

Files

10494381513.zip
.zip

Password: infected
611cbd4bd9f0e4ce833caf8967c916ce04f05623f64d59dff35008ada7a71960
.zip
ȫѧϰֲ/.__MACOS__/.__MACOS__/.__MACOS__/._MACOS_/NisSrv.exe
.exe windows x64

b1ac41ecc25022618f74a6d0828a4712

Code Sign

33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9e
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2020, 19:16

Not After

23/09/2021, 19:16

Subject

CN=Microsoft Windows Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:54:f4:58:62:1f:c8:30:88:c1:b1:f8:d6:21:ad:38:58:34:cc:d7:d1:51:fd:20:69:78:21:a4:c8:a8:9f:5d
Signer

Actual PE Digest

f2:54:f4:58:62:1f:c8:30:88:c1:b1:f8:d6:21:ad:38:58:34:cc:d7:d1:51:fd:20:69:78:21:a4:c8:a8:9f:5d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___wargv
_cexit
_initterm
abort
_c_exit
_register_thread_local_exe_atexit_callback
_exit
exit
_initterm_e
_beginthreadex
_get_initial_wide_environment
_initialize_wide_environment
_configure_wide_argv
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_invalid_parameter_noinfo
terminate
_invalid_parameter_noinfo_noreturn
_errno
_seh_filter_exe
_set_app_type

api-ms-win-crt-stdio-l1-1-0

feof
fgetws
fclose
__stdio_common_vsnprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vsprintf_s
__stdio_common_vsnwprintf_s
fputc
__stdio_common_vswprintf_s
_wfopen
_fsopen
__p__commode
_set_fmode
fseek
_wfsopen
_get_stream_buffer_pointers
_fseeki64
fread
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetc
fflush

api-ms-win-crt-heap-l1-1-0

calloc
malloc
_set_new_mode
_calloc_base
free
_malloc_base
_free_base
_callnewh
_recalloc
realloc

api-ms-win-crt-convert-l1-1-0

_i64toa_s
_ui64toa_s
_ui64tow_s
wcstoull
_wcstod_l
wcstoll
wcstod
_i64tow_s
strtof
strtoll
strtod
wcstol
_itow_s
strtol

api-ms-win-crt-string-l1-1-0

isalpha
iswalpha
isdigit
iswdigit
iswxdigit
islower
iswlower
wcsncpy_s
strcspn
iswspace
towlower
towupper
iswupper
strncmp
strnlen
_wcsdup
isupper
__strncnt
wcsnlen
isspace
tolower
wcscmp
strcpy_s
_wcsicmp

api-ms-win-crt-locale-l1-1-0

_lock_locales
_configthreadlocale
localeconv
setlocale
___lc_codepage_func
__pctype_func
_create_locale
___lc_collate_cp_func
___lc_locale_name_func
_unlock_locales
___mb_cur_max_func
_free_locale

api-ms-win-crt-math-l1-1-0

ldexp
ceilf
ceil
log2
pow
powf
frexp

advapi32

OpenServiceW
OpenSCManagerW
CloseServiceHandle
StartServiceW
RegQueryValueExW
EventWriteTransfer
EventUnregister
EventRegister
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegSetKeyValueW
RegOpenCurrentUser
RegGetValueW
RegQueryInfoKeyW
RegCloseKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
ImpersonateLoggedOnUser
RevertToSelf

crypt32

CertGetCertificateChain
CertVerifyCertificateChainPolicy
CryptUnprotectMemory
CryptBinaryToStringW
CertFreeCertificateChain
CertFreeCertificateContext

kernel32

GetSystemInfo
UnmapViewOfFile
GetSystemPreferredUILanguages
GetThreadPreferredUILanguages
GetVersionExW
GetModuleHandleA
QueryProcessCycleTime
GetLongPathNameW
GetProcessId
DuplicateHandle
CreateMutexW
LoadLibraryExA
DelayLoadFailureHook
OpenProcess
QueryFullProcessImageNameW
QueryUnbiasedInterruptTime
GlobalFree
VerifyVersionInfoW
GetUserPreferredUILanguages
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
SetLastError
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
FormatMessageW
GetLastError
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CloseHandle
HeapAlloc
GetProcAddress
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
CreateThreadpoolTimer
MultiByteToWideChar
CloseThreadpool
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
CreateThreadpool
SetThreadpoolThreadMaximum
CreateThreadpoolWork
SubmitThreadpoolWork
StartThreadpoolIo
SystemTimeToFileTime
RaiseException
FreeLibrary
LoadLibraryExW
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
SizeofResource
LoadResource
FindResourceExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
HeapSetInformation
CreateEventW
SetEvent
TerminateProcess
GetCurrentProcess
SwitchToFiber
ConvertFiberToThread
IsThreadAFiber
ConvertThreadToFiber
CreateFiberEx
DeleteFiber
WideCharToMultiByte
GetSystemTimeAsFileTime
CreateFileW
SetErrorMode
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageA
Sleep
SwitchToThread
InitializeSRWLock
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
SleepConditionVariableSRW
RtlPcToFileHeader
GetStringTypeW
ReleaseSRWLockShared
AcquireSRWLockShared
LocalFree
InitOnceComplete
CreateDirectoryW
GetFileInformationByHandleEx
FindFirstFileExW
FindNextFileW
DeviceIoControl
FindClose
GetFileAttributesW
GetFileAttributesExW
SetFileInformationByHandle
MoveFileExW
CopyFileW
InitOnceBeginInitialize
EncodePointer
DecodePointer
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
ResetEvent
InitializeSListHead
RtlUnwindEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetProcessTimes
CreateThreadpoolIo
WaitForThreadpoolIoCallbacks
CancelThreadpoolIo
CancelIoEx
CloseThreadpoolIo
GetSystemDirectoryW
GetSystemTime
InitializeCriticalSectionEx
CreateFileMappingW
MapViewOfFile
GetFileSizeEx
ExpandEnvironmentStringsW

ole32

CoUninitialize
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx

oleaut32

VarUI4FromStr

user32

UnregisterClassA
CharNextW

bcrypt

BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptGetProperty
BCryptOpenAlgorithmProvider

normaliz

IdnToAscii

ws2_32

htonl
ntohs
htons
inet_ntop

ntdll

RtlIpv4StringToAddressExW
RtlIpv6StringToAddressExW
VerSetConditionMask

winhttp

WinHttpSetCredentials
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryAuthSchemes
WinHttpWriteData
WinHttpReceiveResponse
WinHttpOpen
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpSetStatusCallback
WinHttpSetTimeouts
WinHttpSetOption
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpConnect

mpclient

MpConfigGetValueAlloc
MpHandleClose
MpConfigClose
MpNotificationRegister
MpManagerOpen
MpFreeMemory
MpConfigUninitialize
MpUtilsExportFunctions
MpConfigInitialize
MpClientUtilExportFunctions
MpConfigOpen

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-utility-l1-1-0

rand_s

shell32

SHGetKnownFolderPath

iphlpapi

GetAdaptersAddresses

netapi32

NetApiBufferFree
NetGetJoinInformation

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 296KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ȫѧϰֲ/.__MACOS__/.__MACOS__/.__MACOS__/._MACOS_/mpc.vbs
.vbs
ȫѧϰֲ/.__MACOS__/.__MACOS__/.__MACOS__/._MACOS_/mpclient.dll
.dll windows x64

226f212fbd387a85e62b6b9643a59251

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AddVectoredExceptionHandler
CloseHandle
CreateEventA
CreateFileA
CreateIoCompletionPort
CreateThread
CreateWaitableTimerExW
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitProcess
FreeEnvironmentStringsW
GetConsoleMode
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetLastError
GetProcAddress
GetProcessAffinityMask
GetQueuedCompletionStatusEx
GetStdHandle
GetSystemDirectoryA
GetSystemInfo
GetSystemTimeAsFileTime
GetThreadContext
GetTickCount
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
PostQueuedCompletionStatus
QueryPerformanceCounter
ResumeThread
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetConsoleCtrlHandler
SetErrorMode
SetEvent
SetProcessPriorityBoost
SetThreadContext
SetUnhandledExceptionFilter
SetWaitableTimer
Sleep
SuspendThread
SwitchToThread
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WriteConsoleW
WriteFile

msvcrt

__iob_func
_amsg_exit
_beginthread
_errno
_initterm
_lock
_unlock
abort
calloc
fprintf
free
fwrite
malloc
realloc
signal
strlen
strncmp
vfprintf

Exports

Exports

MpClientUtilExportFunctions
MpConfigClose
MpConfigGetValueAlloc
MpConfigInitialize
MpConfigOpen
MpConfigUninitialize
MpFreeMemory
MpHandleClose
MpManagerOpen
MpNotificationRegister
MpUtilsExportFunctions
OnProcessAttach
Test
_cgo_dummy_export

Sections

.text
Size: 612KB - Virtual size: 612KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1001KB - Virtual size: 1001KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 652B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 361KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 594KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 739KB - Virtual size: 738KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/106
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ȫѧϰֲ/.__MACOS__/ȫѧϰֲ.docx
.docx office2007
ȫѧϰֲ/ȫѧϰֲ.docx.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

Password: infected

b1ac41ecc25022618f74a6d0828a4712

Code Sign

33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9eCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f2:54:f4:58:62:1f:c8:30:88:c1:b1:f8:d6:21:ad:38:58:34:cc:d7:d1:51:fd:20:69:78:21:a4:c8:a8:9f:5dSigner

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

advapi32

crypt32

kernel32

ole32

oleaut32

user32

bcrypt

normaliz

ws2_32

ntdll

winhttp

mpclient

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

shell32

iphlpapi

netapi32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 296KB - Virtual size: 292KB

.data Size: 40KB - Virtual size: 100KB

.pdata Size: 80KB - Virtual size: 79KB

.didat Size: 4KB - Virtual size: 24B

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 12KB - Virtual size: 11KB

226f212fbd387a85e62b6b9643a59251

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 612KB - Virtual size: 612KB

.data Size: 95KB - Virtual size: 95KB

.rdata Size: 1001KB - Virtual size: 1001KB

.pdata Size: 1024B - Virtual size: 876B

.xdata Size: 1024B - Virtual size: 652B

.bss Size: - Virtual size: 361KB

.edata Size: 512B - Virtual size: 436B

.idata Size: 3KB - Virtual size: 2KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 12KB - Virtual size: 11KB

/4 Size: 1024B - Virtual size: 544B

/19 Size: 594KB - Virtual size: 594KB

/31 Size: 4KB - Virtual size: 3KB

/45 Size: 228KB - Virtual size: 228KB

/57 Size: 68KB - Virtual size: 67KB

/70 Size: 512B - Virtual size: 340B

/81 Size: 739KB - Virtual size: 738KB

/92 Size: 216KB - Virtual size: 216KB

/106 Size: 512B - Virtual size: 48B

33:00:00:02:9e:05:ca:b1:2e:ac:93:cf:b6:00:00:00:00:02:9e
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f2:54:f4:58:62:1f:c8:30:88:c1:b1:f8:d6:21:ad:38:58:34:cc:d7:d1:51:fd:20:69:78:21:a4:c8:a8:9f:5d
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 296KB - Virtual size: 292KB

.data
Size: 40KB - Virtual size: 100KB

.pdata
Size: 80KB - Virtual size: 79KB

.didat
Size: 4KB - Virtual size: 24B

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 612KB - Virtual size: 612KB

.data
Size: 95KB - Virtual size: 95KB

.rdata
Size: 1001KB - Virtual size: 1001KB

.pdata
Size: 1024B - Virtual size: 876B

.xdata
Size: 1024B - Virtual size: 652B

.bss
Size: - Virtual size: 361KB

.edata
Size: 512B - Virtual size: 436B

.idata
Size: 3KB - Virtual size: 2KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 12KB - Virtual size: 11KB

/4
Size: 1024B - Virtual size: 544B

/19
Size: 594KB - Virtual size: 594KB

/31
Size: 4KB - Virtual size: 3KB

/45
Size: 228KB - Virtual size: 228KB

/57
Size: 68KB - Virtual size: 67KB

/70
Size: 512B - Virtual size: 340B

/81
Size: 739KB - Virtual size: 738KB

/92
Size: 216KB - Virtual size: 216KB

/106
Size: 512B - Virtual size: 48B